Re: [Leaf-user] Re: NFS mounting through Firewall

[Nicolas Riendeau]

Lonnie Cumberland wrote:
> Hello All,
> 
> while looking around on the net I came across this NFS via SSH that
> you might be interested in taking a look at.
> 
> http://www.math.ualberta.ca/imaging/snfs/
> 
> Cheers,
> Lonnie
> 
> 
>>Would NFS tunneled through SSH be acceptable?
>>
>>dbc.
>>

Hi Lonnie!

It does appear (at least at first sight) to be a very good solution (at least
security-wise) to the problem...

I'm no ipchains guru but if I go the rules & the general idea right they are actually
running ipchains on the server on which NFS runs so that they effectively shield
these ports from the outside world so in essence even from PCs on the same network
NFS wouldn't appear to run on that PC and the (entire?) NFS traffic would be tunneled
through a single ssh connection (and somebody who would eavesdrop on the traffic
wouldn't actually be able to tell that this is/was NFS traffic unless (s)he actually
decrypts the thing).

Nice...

Just MHO...

Have a nice day!

Nick

PS: Please keep us posted... BTW, if you do decide to go that way please let us know 
whether
the thing really work/is really as good as it seems to be on paper (ok, actually on the
screen (-; ).




___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question

[David Douthitt]

On 1/31/02 at 9:42 PM, malik menzong <[EMAIL PROTECTED]> wrote:

> One more question that keeps bugging is the following. I
> made an 1.68 image that is self contained and a 1.44 ima
> as well. Everytime I boot from the cd and I make a change
> if I tried to back up the changes on the 1440 image it
> complains. so I do backup the change on the 1.68 ima. they
> do update fine. but when I am trying to boot from the cd
> and the 1.68 image (the one containing the changes) is in
> it the floppy disk drive, it give me an error and requires
> that I mount instead the 1.440 floppy which has no back
> up.

I'm not sure I followed all that, but there are some things to
remember:

Oxygen is not set up to use 1.44 floppies by default anywhere.  By
this I mean when you do a backup it uses 1.68M floppies (or tries to);
the configurations (*.cfg files) all assume 1.68M floppies; etc.  If
you want to back up to 1.44M floppies I tend to do:

mount /dev/fd0u1440 /mnt/floppy
cd /tmp
apkg -c 
cp .lrp /mnt/floppy
umount /mnt/floppy

...crude (somewhat), but it works.

/dev/backup is supposed to eventually be used in this capacity - so
that 1.44M floppies or 1.68M floppies could be used for default backup
disks by apkg and bpkg.

Secondly, when you boot from floppy you can control what formats the
disks are in that are requested - look at oxygen.cfg and other *.cfg
files for what you want.  oxygen.cfg is the default for floppy boots,
and cdrom.cfg is the default for CDROM boots.

Thirdly, when the CDROM boots, your configurations are fixed since
they are on CDROM - if you need a 1.68M floppy, that's what you need.

Fourthly, you need to format the 1.68M floppies for use beforehand -
using a 1.44M floppy off the shelf doesn't work.  The CDROM should
come with syslinux.lrp and fdformat.lrp just for this purpose.

It would also help to know what the error messages or warnings are -
you didn't say - more details, please.
--
David Douthitt
UNIX Systems Administrator
HP-UX, Unixware, Linux
[EMAIL PROTECTED]

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Internal Network

[Jack Coates]

Keep your champagne, just send me the configuration files you modified
so I can put them into the QoS HOWTO :-)

Congratulations
Jack

On Fri, 1 Feb 2002, Reginald R. Richardson wrote:

> Jack...Jack..
>
> U should see me man...I'm jumping for joy, my family thinks i'm going CRAZYIt's 
>workingit's work
>
> this is the key to it
> http://lists.samba.org/pipermail/netfilter/2000-November/006089.html
> i did this on box3, and now that the default route is off...i can BROWSE the net 
>from WS 192.168.10.3 but i can't ping, which is understandable, cause i didn't 
>include any rule for icmp as yet...
>
> Yeppie...yeppie...
>
> Time for some CHAMPAGINE..
> do u care for some???
>
>
> On Wed, 30 Jan 2002 06:25:52 -0800 (PST), Jack Coates wrote:
> >I don't know for sure; I quit trying when it became clear that this
> >is
> >impossible to do with one box, so I don't remember the syntax.
> >Looking
> >at http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO-11.html, it looks
> >like the rule you want is possible, just copy the example and use 80
> >instead of 25. If you've already done that and you're sure the rest
> >of
> >your rules are okay, I don't know.
> >
> >Here's a question for you though -- can you establish a TCP
> >connection
> >along the test path _without_ HTTP, e.g. bypassing the port 80 rule?
> >What happens if you ping from the test workstation, is it
> >successful? If
> >neither is possible, then you might look at whether BOX1 can even
> >route
> >anything to 192.168.10.0 at all. Linux 2.2 kernels are supposed to
> >handle this sort of local routing themselves, but...
> >
> >For that matter, there are also some default settings in Dachstein
> >which
> >prevent having RFC1918 addressing on both sides, not sure what you
> >change to fix that. Sorry if you already have.
> >
> >Good luck!
> >Jack
> >
> >On Tue, 29 Jan 2002, Reginald R. Richardson wrote:
> >
> >> Jack, what u say makes lots of sense to me, i do have it set that
> >>all HTTP traffic be sent to box1 via eth2(box3)
> >>
> >> Well, with my limited amount of linux experience, i need some help
> >>on the commands of getting done what u suggested and that is:
> >>
> >> "the rule should be to send all traffic with a DESTINATION port of
> >>80 to BOX1, but route SOURCE 80 normally"
> >>
> >> Below is my ip ru listing, with the fwmark of 2 for HTTP (port
> >>80), which is then routed to 192.168.1.6(box1) via dev eth2 (box3)
> >>
> >> All i need is a simple how-to, one the command line for my
> >> ip route for the TABLE "Cable"
> >> as u can see below it's only just routing all traffic to
> >>192.168.1.6 via dev eth2
> >>
> >> thnks
> >>
> >> ip ru ls
> >> 0:  from all lookup local
> >> 32764:  from all fwmark    1 lookup adsl
> >> 32765:  from all fwmark    2 lookup cable
> >> 32766:  from all lookup main
> >> 32767:  from all lookup default
> >>
> >> # ip ro ls table cable
> >> default via 192.168.1.6 dev eth2
> >>
> >> # ipchains
> >> Chain input (policy ACCEPT: 100740 packets, 8739050 bytes):
> >> prot opt    tosa tosx  ifname   mark  outsize source destination
> >>ports
> >> tcp  -- 0xFF 0x00  * 0x2    192.168.10.0/24  0.0.0.0/0    *
> >>->   80
> >> udp  -- 0xFF 0x00  * 0x2    192.168.10.0/24  0.0.0.0/0    
> >>*->   80
> >> Chain forward (policy ACCEPT: 75921 packets, 6589166 bytes):
> >> Chain output (policy ACCEPT: 95403 packets, 8331173 bytes):
> >>
> >>
> >>
> >> On Tue, 29 Jan 2002 07:11:07 -0800 (PST), Jack Coates wrote:
> >> >Looking at the timestamps, I have BOX3-eth1 and BOX3-eth2
> >>backwards.
> >> >BOX3 is doing something wrong with the return traffic, and my
> >>guess
> >> >is
> >> >that its policy routing rule says to send ALL HTTP-related
> >>traffic to
> >> >BOX1. If so, the rule should be to send all traffic with a
> >> >DESTINATION
> >> >port of 80 to BOX1, but route SOURCE 80 normally.
> >> >
> >> >Hope that helps,
> >> >Jack
> >> >
> >> >On Mon, 28 Jan 2002, Jack Coates wrote:
> >> >
> >> >> Well, here's what I've got so far -- I didn't get any sleep last
> >> >>night
> >> >> and need to go fix that, but here's a few questions and
> >> >>assumptions:
> >> >>
> >> >> SYN 192.168.10.3:2727 -> eth1[BOX3]eth2 -> eth1[BOX1]ppp0
> >> >> NAT:62.234.0.234.61706 -> www.monkeynoodle.org:80
> >> >>
> >> >> packet goes into BOX3
> >> >> 06:34:16.517303 192.168.10.3.2727 > 66.1.155.123.80: S
> >> >> 1254467949:1254467949(0) win 16384  
> >>(DF)
> >> >> packet comes out of BOX3
> >> >> 06:34:16.517089 192.168.10.3.2727 > 66.1.155.123.80: S
> >> >> 1254467949:1254467949(0) win 16384  
> >>(DF)
> >> >> packet goes into BOX1 and gets NAT'd
> >> >> ASSUMPTION -- BOX1's clock is 15 seconds fast.
> >> >> packet comes out of BOX1
> >> >> 06:34:31.223667 62.234.0.234.61706 > 66.1.155.123.80: S
> >> >> 1254467949:1254467949(0) win 16384  
> >>(DF)
> >> >>
> >> >> 2/10ths of a second later...
> >> >> 192.168.10.3:2727 <- eth1[BOX3]eth2 <- eth1[BOX1]ppp0
> >> >> NAT:62.234.0.234.61706 <- www.monkeynoodle.o

[Leaf-user] fdimage for linux floppy images

[guitarlynn]

I wrote a script to write a floppy disk image to a disk in Linux
for people who may find it useful. It could be stripped out and
used for a linux self-installer for LEAF images as well in a 
tarball. It can be found at:

http://leaf.sourceforge.net/devel/guitarlynn

Comments/suggestions are appreciated!
-- 

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] DCD, ipsec, gateways & road warriors ???

[Michael D. Schleif]

Charles Steinkuehler wrote:
> 
> > So, we blew away that wins server and put samba (nmb-207.lrp) on each
> > gateway.  It's taken some tweaking and reading man smb.conf
> > .
> >
> > Still, windoze functionality is severely lacking across the wan!
> >
> > Do the samba servers need to communicate with each other?  If so, the
> > DCD gateways cannot ping each other, because they are concurrent with
> > the gateway itself -- although, from anywhere else on the remote
> > network, we can ping the opposite gateway by private address.
> 
> This is a routing issue.  The VPN connects the two private IP LAN's.
> Default traffic sent between the two VPN gateways will use a source IP of
> the primary external interface, so the gateway-gateway packets don't match
> your subnet-subnet tunnel.  You can either build a gateway-gateway tunnel
> for the samba traffic, or possibly send the gateway-gateway traffic through
> the existing subnet-subnet tunnel via advanced routing.

I give up!

How do we accomplish either suggestion in your last sentence?  What do
we need to do?

-- 

Best Regards,

mds
mds resource
888.250.3987

Dare to fix things before they break . . .

Our capacity for understanding is inversely proportional to how much we
think we know.  The more I know, the more I know I don't know . . .

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Web caching

[guitarlynn]

On Thursday 31 January 2002 19:52, John Mullan wrote:
> Is there a module or is it even necessary to have some sort of web
> caching on LRP?

Is there a module, no. 

Is it necessary, no. 

Is a "package" available if someone wants a web-proxy for LEAF, yes
David D. has a "squid" package available in the package download area
of the LEAF site.

http://leaf.sourceforge.net/content.php?menu=12&page_id=14 

-- 

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Web caching

[Ray Olszewski]

At 08:52 PM 1/31/02 -0500, John Mullan wrote:
>
>Is there a module or is it even necessary to have some sort of web
>caching on LRP?

No, it is not necessary. Proxy servers are not well suited to devices like
LEAF routers, due to the small filesystem space they typically have. 

If you really want one, and have a suitable system to run it, I think there
was a thread on the list recently about a squid.lrp package.


--
"Never tell me the odds!"---
Ray Olszewski-- Han Solo
Palo Alto, CA[EMAIL PROTECTED]



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] Kudos

[Bob Palm]

After 2 years of running Matterhorn, I just upgraded to Dachstein.

WOW!  What an incredible improvement.  I got it up and running (including
converting all 3 of my Win clients to dhcp, making backup floppies and
storing all the modified .lrp files on my linux server) in less than an
hour!

What a wonderful piece of work.  Thank you Charles!

Bob Palm
Peoria, AZ



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] Web caching

[John Mullan]

Is there a module or is it even necessary to have some sort of web
caching on LRP?

*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
John Mullan - Technical Manager
Ontario Lottery and Gaming Corporation
Direct Gaming Distribution Center

Personal: mailto:[EMAIL PROTECTED]
Business: mailto:[EMAIL PROTECTED]
 


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: SSH Keepalive (was: [Leaf-user] (no subject))

[Jeff Newmiller]

On Thu, 31 Jan 2002, Michael McClure wrote:

> I'm running the original Eigerstein and have the sshd.lrp (v1) package on
> it.  When left inactive, the ssh session is disconnected even though
> keepalive=yes in the ssh config.  Does anybody know what the problem is with
> this?  How do I configure it such that my SSH session stays connected during
> long periods of inactivity?

The masquerade timeout ("ipchains -M -L", "ipchains -M -S tcp tcpfin 
udp") is shorter than your ssh ProtocolKeepAlives interval (see ssh man
page).

---
Jeff NewmillerThe .   .  Go Live...
DCN:<[EMAIL PROTECTED]>Basics: ##.#.   ##.#.  Live Go...
  Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/BatteriesO.O#.   #.O#.  with
/Software/Embedded Controllers)   .OO#.   .OO#.  rocks...2k
---


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Internal Network

[Reginald R. Richardson]

Jack...Jack..

U should see me man...I'm jumping for joy, my family thinks i'm going CRAZYIt's 
workingit's work

this is the key to it
http://lists.samba.org/pipermail/netfilter/2000-November/006089.html
i did this on box3, and now that the default route is off...i can BROWSE the net from 
WS 192.168.10.3 but i can't ping, which is understandable, cause i didn't include any 
rule for icmp as yet...

Yeppie...yeppie...

Time for some CHAMPAGINE..
do u care for some???


On Wed, 30 Jan 2002 06:25:52 -0800 (PST), Jack Coates wrote:
>I don't know for sure; I quit trying when it became clear that this
>is
>impossible to do with one box, so I don't remember the syntax.
>Looking
>at http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO-11.html, it looks
>like the rule you want is possible, just copy the example and use 80
>instead of 25. If you've already done that and you're sure the rest
>of
>your rules are okay, I don't know.
>
>Here's a question for you though -- can you establish a TCP
>connection
>along the test path _without_ HTTP, e.g. bypassing the port 80 rule?
>What happens if you ping from the test workstation, is it
>successful? If
>neither is possible, then you might look at whether BOX1 can even
>route
>anything to 192.168.10.0 at all. Linux 2.2 kernels are supposed to
>handle this sort of local routing themselves, but...
>
>For that matter, there are also some default settings in Dachstein
>which
>prevent having RFC1918 addressing on both sides, not sure what you
>change to fix that. Sorry if you already have.
>
>Good luck!
>Jack
>
>On Tue, 29 Jan 2002, Reginald R. Richardson wrote:
>
>> Jack, what u say makes lots of sense to me, i do have it set that
>>all HTTP traffic be sent to box1 via eth2(box3)
>>
>> Well, with my limited amount of linux experience, i need some help
>>on the commands of getting done what u suggested and that is:
>>
>> "the rule should be to send all traffic with a DESTINATION port of
>>80 to BOX1, but route SOURCE 80 normally"
>>
>> Below is my ip ru listing, with the fwmark of 2 for HTTP (port
>>80), which is then routed to 192.168.1.6(box1) via dev eth2 (box3)
>>
>> All i need is a simple how-to, one the command line for my
>> ip route for the TABLE "Cable"
>> as u can see below it's only just routing all traffic to
>>192.168.1.6 via dev eth2
>>
>> thnks
>>
>> ip ru ls
>> 0:  from all lookup local
>> 32764:  from all fwmark    1 lookup adsl
>> 32765:  from all fwmark    2 lookup cable
>> 32766:  from all lookup main
>> 32767:  from all lookup default
>>
>> # ip ro ls table cable
>> default via 192.168.1.6 dev eth2
>>
>> # ipchains
>> Chain input (policy ACCEPT: 100740 packets, 8739050 bytes):
>> prot opt    tosa tosx  ifname   mark  outsize source destination
>>ports
>> tcp  -- 0xFF 0x00  * 0x2    192.168.10.0/24  0.0.0.0/0    *
>>->   80
>> udp  -- 0xFF 0x00  * 0x2    192.168.10.0/24  0.0.0.0/0    
>>*->   80
>> Chain forward (policy ACCEPT: 75921 packets, 6589166 bytes):
>> Chain output (policy ACCEPT: 95403 packets, 8331173 bytes):
>>
>>
>>
>> On Tue, 29 Jan 2002 07:11:07 -0800 (PST), Jack Coates wrote:
>> >Looking at the timestamps, I have BOX3-eth1 and BOX3-eth2
>>backwards.
>> >BOX3 is doing something wrong with the return traffic, and my
>>guess
>> >is
>> >that its policy routing rule says to send ALL HTTP-related
>>traffic to
>> >BOX1. If so, the rule should be to send all traffic with a
>> >DESTINATION
>> >port of 80 to BOX1, but route SOURCE 80 normally.
>> >
>> >Hope that helps,
>> >Jack
>> >
>> >On Mon, 28 Jan 2002, Jack Coates wrote:
>> >
>> >> Well, here's what I've got so far -- I didn't get any sleep last
>> >>night
>> >> and need to go fix that, but here's a few questions and
>> >>assumptions:
>> >>
>> >> SYN 192.168.10.3:2727 -> eth1[BOX3]eth2 -> eth1[BOX1]ppp0
>> >> NAT:62.234.0.234.61706 -> www.monkeynoodle.org:80
>> >>
>> >> packet goes into BOX3
>> >> 06:34:16.517303 192.168.10.3.2727 > 66.1.155.123.80: S
>> >> 1254467949:1254467949(0) win 16384  
>>(DF)
>> >> packet comes out of BOX3
>> >> 06:34:16.517089 192.168.10.3.2727 > 66.1.155.123.80: S
>> >> 1254467949:1254467949(0) win 16384  
>>(DF)
>> >> packet goes into BOX1 and gets NAT'd
>> >> ASSUMPTION -- BOX1's clock is 15 seconds fast.
>> >> packet comes out of BOX1
>> >> 06:34:31.223667 62.234.0.234.61706 > 66.1.155.123.80: S
>> >> 1254467949:1254467949(0) win 16384  
>>(DF)
>> >>
>> >> 2/10ths of a second later...
>> >> 192.168.10.3:2727 <- eth1[BOX3]eth2 <- eth1[BOX1]ppp0
>> >> NAT:62.234.0.234.61706 <- www.monkeynoodle.org:80 ACK
>> >>
>> >> packet goes into BOX1 and gets NAT'd
>> >> 06:34:31.443667 66.1.155.123.80 > 62.234.0.234.61706: S
>> >> 3199824407:3199824407(0) ack 1254467950 win 5840 > >> 1412,nop,nop,sackOK> (DF)
>> >> the BOX3-eth2 trace never shows packets coming back from the
>> >>Internet,
>> >> only leaving.
>> >> ASSUMPTION: packet goes into BOX3
>> >> packet comes out of BOX3
>> >> 06:34:16.747496 66.1.155.123.80 > 192.168.10.3.2727: S
>> >> 

[Leaf-user] how to get dyndns to work with pppoe

[Victor McAllister]

I finally got my friends pppoe system working with dyndns.org free dns
service.
He gave me ssh access so I could play with his configuration from my
house.

He used Jacques Nilo's version of ez-ipupdate called ez-ipupd.lrp
It is smaller and newer - and worked.  He couldn't get ez-ipupdate.lrp
to work for some reason.
The lrp can be downloaded from here
 http://leaf.sourceforge.net/devel/jnilo/packages/
Jacques does not have this package listed in his menu and there is no
help file for it, but it works.
get the package to load by putting it in the list of programs to load
at boot or load it in with lrpkg -i ez-ipud(mount the floppy and
cd /mnt to get this to work)

**
configuring ez-ipupd
**
# ae  /etc/ez-ipupd.conf
you can edit this from the lrcfg menu

service-type=dyndns  if that is what you use
user=username:password  what you setup on dyndns.org
host=hostname.address.net whatever host name you were assigned on
dyndns
interface=ppp0  the interface that has the
external IP in ppp0 NOT eth0

**
changes we made to get automatic updates when isp changes your ip
**

In /etc/ppp/ip-up
towards the end of the script we added svi network ipfilter reload to
fix his port forwards
and svi ez-ipupd start to tell your dns provider that your ip changed
-
# Main Script starts here

run-parts /etc/ppp/ip-up.d
svi network ipfilter reload
svi ez-ipupd start
# last line


ez-ipupd does not continue to run as attested by doing a "ps".  There
is no pid so it apparently runs, contacts the dns service and then
shuts down.  That is why we used the start feature of ez-ipupd

**
backup
**
ppp,  ez-ipupd . . . I don't think you have to backup pppoe but you
can do that for good measure.

*
test
*
to test - unplug your dsl modem but leave your router alone
plug it back in.  The provider will likely issue you a new ip when
your connection goes down and then reconnects.  Have a friend ping or
access your machine by name.

It works.

--
Victor McAllister



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Internal Network

[Reginald R. Richardson]

Pinging from Box1 to WS 192.168.10.3 is no problem, and versa versa.

As long as i have the default gateway on on BOX3, then i can ping from WS 192.168.10.3 
to the internet.

I think what u mentioned previously is perciasly the problem, box3 gets into a LOOP, 
for some reason, and just sends all http packets back to box 1 maybe, but what i find 
strange, is that if on BOX3 i have a default gateway on, then the WS can browse the 
internet without any problem.

thks for the help

On Wed, 30 Jan 2002 06:25:52 -0800 (PST), Jack Coates wrote:
>I don't know for sure; I quit trying when it became clear that this
>is
>impossible to do with one box, so I don't remember the syntax.
>Looking
>at http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO-11.html, it looks
>like the rule you want is possible, just copy the example and use 80
>instead of 25. If you've already done that and you're sure the rest
>of
>your rules are okay, I don't know.
>
>Here's a question for you though -- can you establish a TCP
>connection
>along the test path _without_ HTTP, e.g. bypassing the port 80 rule?
>What happens if you ping from the test workstation, is it
>successful? If
>neither is possible, then you might look at whether BOX1 can even
>route
>anything to 192.168.10.0 at all. Linux 2.2 kernels are supposed to
>handle this sort of local routing themselves, but...
>
>For that matter, there are also some default settings in Dachstein
>which
>prevent having RFC1918 addressing on both sides, not sure what you
>change to fix that. Sorry if you already have.
>
>Good luck!
>Jack
>
>On Tue, 29 Jan 2002, Reginald R. Richardson wrote:
>
>> Jack, what u say makes lots of sense to me, i do have it set that
>>all HTTP traffic be sent to box1 via eth2(box3)
>>
>> Well, with my limited amount of linux experience, i need some help
>>on the commands of getting done what u suggested and that is:
>>
>> "the rule should be to send all traffic with a DESTINATION port of
>>80 to BOX1, but route SOURCE 80 normally"
>>
>> Below is my ip ru listing, with the fwmark of 2 for HTTP (port
>>80), which is then routed to 192.168.1.6(box1) via dev eth2 (box3)
>>
>> All i need is a simple how-to, one the command line for my
>> ip route for the TABLE "Cable"
>> as u can see below it's only just routing all traffic to
>>192.168.1.6 via dev eth2
>>
>> thnks
>>
>> ip ru ls
>> 0:  from all lookup local
>> 32764:  from all fwmark    1 lookup adsl
>> 32765:  from all fwmark    2 lookup cable
>> 32766:  from all lookup main
>> 32767:  from all lookup default
>>
>> # ip ro ls table cable
>> default via 192.168.1.6 dev eth2
>>
>> # ipchains
>> Chain input (policy ACCEPT: 100740 packets, 8739050 bytes):
>> prot opt    tosa tosx  ifname   mark  outsize source destination
>>ports
>> tcp  -- 0xFF 0x00  * 0x2    192.168.10.0/24  0.0.0.0/0    *
>>->   80
>> udp  -- 0xFF 0x00  * 0x2    192.168.10.0/24  0.0.0.0/0    
>>*->   80
>> Chain forward (policy ACCEPT: 75921 packets, 6589166 bytes):
>> Chain output (policy ACCEPT: 95403 packets, 8331173 bytes):
>>
>>
>>
>> On Tue, 29 Jan 2002 07:11:07 -0800 (PST), Jack Coates wrote:
>> >Looking at the timestamps, I have BOX3-eth1 and BOX3-eth2
>>backwards.
>> >BOX3 is doing something wrong with the return traffic, and my
>>guess
>> >is
>> >that its policy routing rule says to send ALL HTTP-related
>>traffic to
>> >BOX1. If so, the rule should be to send all traffic with a
>> >DESTINATION
>> >port of 80 to BOX1, but route SOURCE 80 normally.
>> >
>> >Hope that helps,
>> >Jack
>> >
>> >On Mon, 28 Jan 2002, Jack Coates wrote:
>> >
>> >> Well, here's what I've got so far -- I didn't get any sleep last
>> >>night
>> >> and need to go fix that, but here's a few questions and
>> >>assumptions:
>> >>
>> >> SYN 192.168.10.3:2727 -> eth1[BOX3]eth2 -> eth1[BOX1]ppp0
>> >> NAT:62.234.0.234.61706 -> www.monkeynoodle.org:80
>> >>
>> >> packet goes into BOX3
>> >> 06:34:16.517303 192.168.10.3.2727 > 66.1.155.123.80: S
>> >> 1254467949:1254467949(0) win 16384  
>>(DF)
>> >> packet comes out of BOX3
>> >> 06:34:16.517089 192.168.10.3.2727 > 66.1.155.123.80: S
>> >> 1254467949:1254467949(0) win 16384  
>>(DF)
>> >> packet goes into BOX1 and gets NAT'd
>> >> ASSUMPTION -- BOX1's clock is 15 seconds fast.
>> >> packet comes out of BOX1
>> >> 06:34:31.223667 62.234.0.234.61706 > 66.1.155.123.80: S
>> >> 1254467949:1254467949(0) win 16384  
>>(DF)
>> >>
>> >> 2/10ths of a second later...
>> >> 192.168.10.3:2727 <- eth1[BOX3]eth2 <- eth1[BOX1]ppp0
>> >> NAT:62.234.0.234.61706 <- www.monkeynoodle.org:80 ACK
>> >>
>> >> packet goes into BOX1 and gets NAT'd
>> >> 06:34:31.443667 66.1.155.123.80 > 62.234.0.234.61706: S
>> >> 3199824407:3199824407(0) ack 1254467950 win 5840 > >> 1412,nop,nop,sackOK> (DF)
>> >> the BOX3-eth2 trace never shows packets coming back from the
>> >>Internet,
>> >> only leaving.
>> >> ASSUMPTION: packet goes into BOX3
>> >> packet comes out of BOX3
>> >> 06:34:16.747496 66.1.155.123.80 > 192.168.10.3.2727: S
>> >> 319

[Leaf-user] (no subject)

[Michael McClure]

I'm running the original Eigerstein and have the sshd.lrp (v1) package on
it.  When left inactive, the ssh session is disconnected even though
keepalive=yes in the ssh config.  Does anybody know what the problem is with
this?  How do I configure it such that my SSH session stays connected during
long periods of inactivity?

thanks.
mike.
--
Michael McClure
[EMAIL PROTECTED]


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Ipsec

[Bill Hults]

BH> 50 & 51 tcp are on the accept list with 0 byte counts. 500 udp is also open with 
traffic. Nothing shows up in the logs on either end indicating where the packets are 
going. I'm looking in syslog.
Thanks for your help


>I'm trying to set up 2 Dachstein CD systems to create a VPN. The CD
> version is wonderful by the way.
> All seems well but the networks don't see each other. Running 'ipsec
? look' shows a connection between the 2 firewalls and there are
> appropriate routes set up on each machine but no traffic goes between
> the 2 networks. I can't ping either way or see the web pages set up on
> one machine.
>I also can't do a traceroute from a workstation beyond eth1 on the firewall >even 
>though there is a >route to the other network.
> Does anyone have a suggestion of the next step to diagnose the problems
> or a resource to help track down the problem?

>CS> Verify you are not dropping protocol 50 (or 51) packets at the
>firewalls, and try to figure out where the packets are getting lost.  You
>can generally use the output of "net ipfilter list" to do both, paying
>attention to the byte and packet counts.



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question

[malik menzong]

The good news is that I can ping the world now from the router. Every time I 
think I saved my config. and I reboot it was not actually saved.
The only hurdle I have now is to see the internet from my machine behind the 
firewall. that machine do ping to the etho network card but cant ping after 
that. at boot time I loaded 2 modules: ip_masq_portfw.o and ip_masq_autofw.o 
I thought that will do it but I still can get to internet from behind the 
Fw.

One more question that keeps bugging is the following. I made an 1.68 image 
that is self contained and a 1.44 ima as well. Everytime I boot from the cd 
and I make a change if I tried to back up the changes on the 1440 image it 
complains. so I do backup the change on the 1.68 ima. they do update fine. 
but when I am trying to boot from the cd and the 1.68 image (the one 
containing the changes) is in it the floppy disk drive, it give me an error 
and requires that I mount instead the 1.440 floppy which has no back up. 
Thanks again-

-M

> > Lynn:
> > That is what I was saying. I open the resolv.conf file and wrote 
>something
> > like this:
> > XXX.XXX.XXX # DNS0
> > XXX.XXX.XX # DNS1
> >
> > That is the only thing in that file. From behind the firewall I can ping 
>to
> > both network card address. from the router I can ping to the gateway 
>fine.
> > But if I type:
> > ping cnn.com or ping XXX.XXX.XXX (actually ip address for cnn) it wont
> > resolve it. all packets are lost.
>
>Sounds like you don't have a default gateway specified.
>
>Note that default gateway is different than gateway... the latter can
>apply to any route, but the former means the route destination is 0.0.0.0.
>I don't use Oxygen so I dont know what variables you need to change.
>
>---
>Jeff NewmillerThe .   .  Go Live...
>DCN:<[EMAIL PROTECTED]>Basics: ##.#.   ##.#.  Live Go...
>   Live:   OO#.. Dead: OO#..  Playing
>Research Engineer (Solar/BatteriesO.O#.   #.O#.  with
>/Software/Embedded Controllers)   .OO#.   .OO#.  rocks...2k
>---
>
>
>___
>Leaf-user mailing list
>[EMAIL PROTECTED]
>https://lists.sourceforge.net/lists/listinfo/leaf-user




_
Chat with friends online, try MSN Messenger: http://messenger.msn.com


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] how do I reject a specific IP

[Charles Steinkuehler]

> I'm using the Dachstein version of LRP.  How do I reject a specific IP? 
>  I'm running LaBrea on another machine and notice the same IP 
> portscanning our network.  

Temporary block:
ipchains -I input -j DENY -s 

Permanent block:
Put the above line in /etc/ipchains.input.

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)




___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] How to connect the router with 2 external IPs

[Charles Steinkuehler]

> The ISP technician showed up but just upgraded the TV portion. He told us
to
> call tech-support to get 2 IPs, so I think there is no need to have a new
> cable modem. I did not contact them yet as I am not sure if we can hook up
> both 2 IPs to 2 NICs on the router.
>
> A friend with ADSL told me that you need a hub, the modem goes to the
> uplink-port, then 2 of the other ports of the hub will be the 2 different
> IPs. You could connect 2 computers into those to work.
>
> Suppose that's the same for the cable modem, if I connect them to 2 NICs
in
> the router, would they work and how can I modify the DHCP client.

Normally, you only need one external NIC for this...you simply configure the
router so it responds to both IP's on the same interface.

> Charles, you mentioned something about the public DMZ network. Could you
> explain me a little bit more so I can see if it is worth to have 2 IPs or
> not.

If you have two IP's, you can assign one to your firewall, and one to a
server system.  This is very helpful if you're hosting a lot of services,
but in most cases is not absolutely necessary.  You can port-forward
particular services from the firewall to a server machine as well.

NOTE:  There are a few services that don't like being port-forwarded, but
most of the common ones (web, e-mail) work fine.

NOTE:  You can still port-forward services from your firewall, even if
you've got two IP's.

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)




___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] how do I reject a specific IP

[Todd Pearsall]

If it doesn't already exist, create a file /etc/ipchains.input and add
the following line:

ipchains -I input -j DENY -s 111.111.111.111/32 -i eth0 -l

(obviously replace 111.111.111.111 with the real IP to block)

You'll need to run:
svi network ipfilter reload

To reload the rules.  You can use weblet to review the firewall rules
and you should see this one in place.  Backup etc to save the changes to
disk. 

Support for:
/etc/ipchains.input
/etc/ipchains.forward
/etc/ipchains.output
Is a key new feature Charles S. added to Dachstein.

- Todd


> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED]] On Behalf Of 
> Gabriel Velasquez
> Sent: Thursday, January 31, 2002 1:53 PM
> To: [EMAIL PROTECTED]
> Subject: [Leaf-user] how do I reject a specific IP
> 
> 
> I'm using the Dachstein version of LRP.  How do I reject a 
> specific IP? 
>  I'm running LaBrea on another machine and notice the same IP 
> portscanning our network.  
> 
> Thanks!!
> 
> -Gabriel
> [EMAIL PROTECTED]
> 
> 
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED] 
> https://lists.sourceforge.net/lists/listinfo/l> eaf-user
> 


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Weblet Bandwidth Monitor

[Martin Hejl]

Hi Roger, 

> I have been using the bandwidth monitor in Weblet and find it quit useful.
> The only problem is that it doesn't show ipsec0 for those of us doing VPNs.
> I tried modifying the netmon.html code, but obviously the Java script in
> lrpStat.jar knows nothing of ipsec0. Is there any way to get ipsec0
> included?
Well, I don't know anything about ipsec, but if it shows up in /proc/net/dev
just like eth0 and all the other network devices (and the information gets
updated), there's no reason why it shouldn't work. 

If you're using an unmodified version ov netmon.html (in /var/sh-www/)
simply add the following after the block of definitions for DEV1 (before the
 tag):








 

That should do it (as I said, if ipsec0 behaves like a regular network
interface).

I hope that helps.

Martin

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] how do I reject a specific IP

[Gabriel Velasquez]

I'm using the Dachstein version of LRP.  How do I reject a specific IP? 
 I'm running LaBrea on another machine and notice the same IP 
portscanning our network.  

Thanks!!

-Gabriel
[EMAIL PROTECTED]


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] How to search for LRP packages ???

[Michael D. Schleif]

"Michael D. Schleif" wrote:
> 
> What am I missing?
> 
> 
> 
> Let's say, I want to find zebra.lrp -- how do I do that?
> 
> The search facility returns: `No matches found to your query' for both
> announcements and pages.
> 
> If I goto Main Menu | Packages -- it is *not* there, that I can see.
> 
> If I goto Developer Content, then I can click on each name and browse
> each webpage.  Fortunately, Andrew Hoying is first . . .
> 
> Some stuff that originally appeared in the center column can be found in
> the rightmost column Past Articles; but, what happens to them when they
> roll off of that column?
> 
> Is LEAF keeping track of packages?
> 
> Is there some search facility?
> 
> What do you think?

Everybody missed my point, with possible exception of Mike Noyes!

IMHO, we *need* this facility.  It will make all of our tasks so much
easier.

I will be pleased to participate in development of such a search system
-- please, let me know what I can do . . .

-- 

Best Regards,

mds
mds resource
888.250.3987

Dare to fix things before they break . . .

Our capacity for understanding is inversely proportional to how much we
think we know.  The more I know, the more I know I don't know . . .

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

AW: [Leaf-user] multiple web DNS on LRP

[Sandro Minola]

Hi Lonnie, hi all

I'm running Apache behind a LEAF box. It's portforwarded to my private DMZ,
but I know that it works without a DMZ interface too (so it wouldn't change
anything if you add a DMZ interface).
Name-based virtual hosting is working fine, I don't have any problems.

As Lee said, name-based vhosting does not directly work via DNS, it reads
the URL from the browser.

---
Sandro Minola   | LEAF Developer (http://leaf.sourceforge.net)
mailto:[EMAIL PROTECTED] | mailto:[EMAIL PROTECTED]
http://www.minola.ch| http://leaf.sourceforge.net/devel/sminola

-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]Im Auftrag von Lonnie
Cumberland
Gesendet: Donnerstag, 31. Januar 2002 17:59
An: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Betreff: Re: [Leaf-user] multiple web DNS on LRP


Hi There,

No actually I really think that it is an LRP problem because the IP
is being port-forwarded to the actual web server and thus the name
information is being lost.

>From what I can tell about the Virtual hosting, if the Apache web
server resolves and redirects based upon the name then it should work.

My thought now are that maybe I need to install a web servcer onto my
LRP that can support virtual hosts.

cheers and thanks for the help,
Lonnie

> it sounds like you have an apache issue.
> try http://httpd.apache.org/docs/vhosts/index.html for
> help with virtual hosts with apache.
> HTH,
> brett
>
> --- Lonnie Cumberland <[EMAIL PROTECTED]> wrote:
>> Hello All,
>>
>> How are you doing today? Good I hope.
>>
>> I have another small problem that I hope someone
>> might have an answer
>> for.
>>
>> The problem is this. I have 2 (real) DNS names that
>> are pointing to
>> the same (real) IP. I then have my LRP firewall and
>> some servers
>> behind it on a masquerade setup.
>>
>> From what I can find out, with Virtual hosting on my
>> Apache webserver
>> machine, I am supposed to be able to have 2
>> different DNS entries
>> like www.test1.com and www.test2.com point to the
>> same IP, 1.2.3.4
>> and the web server will bring up the correct pages
>> based upon the
>> name that the user was trying to reach.
>>
>> Currently when a user comes to my IP, the LRP
>> port-forwards to my
>> masqd machine web server.
>>
>> How can I handle these 2 DNS entries with my LRP and
>> still only have
>> one IP?
>>
>> All help would be greatly appreciated.
>> Lonnie
>> --
>>  Lonnie Cumberland
>>  OutStep Technologies Incorporated
>>  (313) 832-7366
>>
>>  URL: http://www.outstep.com
>>  EMAIL: [EMAIL PROTECTED]
>>   : [EMAIL PROTECTED]
>>
>>
>>
>>
>> ___
>> Leaf-user mailing list
>> [EMAIL PROTECTED]
>>
> https://lists.sourceforge.net/lists/listinfo/leaf-user
>
>
> __
> Do You Yahoo!?
> Great stuff seeking new owners in Yahoo! Auctions!
> http://auctions.yahoo.com


--
 Lonnie Cumberland
 OutStep Technologies Incorporated
 (313) 832-7366

 URL: http://www.outstep.com
 EMAIL: [EMAIL PROTECTED]
  : [EMAIL PROTECTED]




___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] multiple web DNS on LRP

[Lonnie Cumberland]

Thanks Lee for taking the time to explain this to me.

It clears up a lot of my confusion about the basic process.

Sorry if it was off-topic but I had originally thought that it had to
do with the LRP port-forwrding process.

Thanks again,
Lonnie





___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] How to connect the router with 2 external IPs

[Binh Do]

I did not ask for another but the package includes 2 IPs and in my case the
bill is the same. Somebody said that the cap would be the same so maybe no
advantage in throughput. But I think I may take advantage of the port
number. For example, assume you have a mail and a Web server on one internal
DMZ. The mail server could be accessed via Web broswer. With one IP, you
cannot access both with port 80, but with 2, you can setup your DNS so that
'www' is 1st IP, 'mail' is 2nd, and if you can portforward correctly, people
can access just via port 80, no need to remember some special port.

In this case, I do not have to buy any more hardware except for an
additional NIC, (and of course more headache -:( )

That's just what I think so do not know if it is true or possible with
Dachstein's router.

Please correct me.

Thank you.

 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 31, 2002 9:38 AM
To: Binh Do
Cc: '[EMAIL PROTECTED]'
Subject: RE: [Leaf-user] How to connect the router with 2 external IPs



Binh:  I would like to correct the notion that the HUB gets IP addresses.
The NICs do.  I don't know from LEAF point of view, but it would be
perfectly acceptable (I believe) that the 2 NICs in the one machine,
connected to the HUB, will each be assigned an IP address.

Our cable ISP will automatically assign 3 IP addresses without a call.
Extra IPs get billed.

Can I ask why you would want two external IP addresses for your router?  If
you just want to share internet you only need one.  If you want each
workstation inside to have an external IP, you could have two router boxes
but I.M.H.O that would just be a waste of hardware.  You could just run a
software firewall on the two workstations.

John




 

Binh Do <[EMAIL PROTECTED]>

Sent by:  To: "'Ray
Olszewski'" <[EMAIL PROTECTED]>, "'[EMAIL PROTECTED]'"
[EMAIL PROTECTED]<[EMAIL PROTECTED]>

eforge.netcc:
"'[EMAIL PROTECTED]'"   
 
<[EMAIL PROTECTED]>
  Subject: RE:
[Leaf-user] How to connect the router with 2 external
01/31/02 12:03 PM  IPs

 

 





Hi,

The ISP technician showed up but just upgraded the TV portion. He told us
to
call tech-support to get 2 IPs, so I think there is no need to have a new
cable modem. I did not contact them yet as I am not sure if we can hook up
both 2 IPs to 2 NICs on the router.

A friend with ADSL told me that you need a hub, the modem goes to the
uplink-port, then 2 of the other ports of the hub will be the 2 different
IPs. You could connect 2 computers into those to work.

Suppose that's the same for the cable modem, if I connect them to 2 NICs in
the router, would they work and how can I modify the DHCP client.

Charles, you mentioned something about the public DMZ network. Could you
explain me a little bit more so I can see if it is worth to have 2 IPs or
not.

- from the network.txt help 
Route packets to a DMZ network.  This is a fairly advanced configuration.
Use
this setup if you have registered a block of public IP addresses, and your
ISP
is willing to route packets for this public space to your LRP box...
-




-Original Message-
From: Ray Olszewski [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 28, 2002 10:41 AM
To: Binh Do; '[EMAIL PROTECTED]'
Subject: Re: [Leaf-user] How to connect the router with 2 external IPs


At 01:03 PM 1/28/02 -0500, Binh Do wrote:
>Our cable ISP is going to give us another IP so we will have two IPs. How
do
>I plug the router physically
>so that I can modify the scripts to control both of them? Besides they are
>dynamic
>IPs and so how can I determine their values?


The questions you ask are unanswerable as posed. You need to tell us:

1. What physical devices is the ISP providing to you to handle the two
addresses? For example, are you getting 2 cable modems, or are you still
using a single cable modem provided by the ISP?

2. How are the two dynamic IP addresses actually assigned? Since you say
"cable ISP", I'm guessing DHCP, but we need to know what your ISP has
actually told you about this. (I don't actually know how it is possible to
assign 2 DHCP addresses to the same cable modem line, but perhaps someone
else has seen this implemented.) It probably told you how to connect 2
Windows computers, for example; in summary form, what procedure did it
describe?

3. Which LEAF variant are you using? With what physical and logical
interfaces?

5. What do you mean by "control both of them"? How do you want to use the 2
addresses?


--
"Never tell me the odds!"---
Ray Olszewski-- Han Solo
Palo Alto, CA

Re: [Leaf-user] multiple web DNS on LRP

[Jack Coates]

No, the name is in the payload and therefore never touched by LRP. I run
three websites and three mail servers behind one IP here so I know it
works :-)

On Thu, 31 Jan 2002, Lonnie Cumberland wrote:

> Hi There,
>
> No actually I really think that it is an LRP problem because the IP
> is being port-forwarded to the actual web server and thus the name
> information is being lost.
>
> >From what I can tell about the Virtual hosting, if the Apache web
> server resolves and redirects based upon the name then it should work.
>
> My thought now are that maybe I need to install a web servcer onto my
> LRP that can support virtual hosts.
>
> cheers and thanks for the help,
> Lonnie
>
> > it sounds like you have an apache issue.
> > try http://httpd.apache.org/docs/vhosts/index.html for
> > help with virtual hosts with apache.
> > HTH,
> > brett
> >
> > --- Lonnie Cumberland <[EMAIL PROTECTED]> wrote:
> >> Hello All,
> >>
> >> How are you doing today? Good I hope.
> >>
> >> I have another small problem that I hope someone
> >> might have an answer
> >> for.
> >>
> >> The problem is this. I have 2 (real) DNS names that
> >> are pointing to
> >> the same (real) IP. I then have my LRP firewall and
> >> some servers
> >> behind it on a masquerade setup.
> >>
> >> From what I can find out, with Virtual hosting on my
> >> Apache webserver
> >> machine, I am supposed to be able to have 2
> >> different DNS entries
> >> like www.test1.com and www.test2.com point to the
> >> same IP, 1.2.3.4
> >> and the web server will bring up the correct pages
> >> based upon the
> >> name that the user was trying to reach.
> >>
> >> Currently when a user comes to my IP, the LRP
> >> port-forwards to my
> >> masqd machine web server.
> >>
> >> How can I handle these 2 DNS entries with my LRP and
> >> still only have
> >> one IP?
> >>
> >> All help would be greatly appreciated.
> >> Lonnie
> >> --
> >>  Lonnie Cumberland
> >>  OutStep Technologies Incorporated
> >>  (313) 832-7366
> >>
> >>  URL: http://www.outstep.com
> >>  EMAIL: [EMAIL PROTECTED]
> >>   : [EMAIL PROTECTED]
> >>
> >>
> >>
> >>
> >> ___
> >> Leaf-user mailing list
> >> [EMAIL PROTECTED]
> >>
> > https://lists.sourceforge.net/lists/listinfo/leaf-user
> >
> >
> > __
> > Do You Yahoo!?
> > Great stuff seeking new owners in Yahoo! Auctions!
> > http://auctions.yahoo.com
>
>
>

-- 
Jack Coates
Monkeynoodle: A Scientific Venture...


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] multiple web DNS on LRP

[brett]

do you know that the dns for the domains is correct? 
does the name resolve to the correct ip?  if so, as
far as i know there is nothing to do on the leaf box
but be sure the traffic is being sent back to the web
server.  
another thing to look at is are you allowing tcp port
80?  look in the network.conf section for this, make
sure its not commented out
EXTERN_TCP_PORTS="0/0_www"  also in the quotes any
other seervices you need for tcp

brett

--- Lonnie Cumberland <[EMAIL PROTECTED]> wrote:
> Hi There,
> 
> No actually I really think that it is an LRP problem
> because the IP
> is being port-forwarded to the actual web server and
> thus the name
> information is being lost.
> 
> From what I can tell about the Virtual hosting, if
> the Apache web
> server resolves and redirects based upon the name
> then it should work.
> 
> My thought now are that maybe I need to install a
> web servcer onto my
> LRP that can support virtual hosts.
> 
> cheers and thanks for the help,
> Lonnie
> 
> > it sounds like you have an apache issue.
> > try http://httpd.apache.org/docs/vhosts/index.html
> for
> > help with virtual hosts with apache.
> > HTH,
> > brett
> >
> > --- Lonnie Cumberland <[EMAIL PROTECTED]> wrote:
> >> Hello All,
> >>
> >> How are you doing today? Good I hope.
> >>
> >> I have another small problem that I hope someone
> >> might have an answer
> >> for.
> >>
> >> The problem is this. I have 2 (real) DNS names
> that
> >> are pointing to
> >> the same (real) IP. I then have my LRP firewall
> and
> >> some servers
> >> behind it on a masquerade setup.
> >>
> >> From what I can find out, with Virtual hosting on
> my
> >> Apache webserver
> >> machine, I am supposed to be able to have 2
> >> different DNS entries
> >> like www.test1.com and www.test2.com point to the
> >> same IP, 1.2.3.4
> >> and the web server will bring up the correct
> pages
> >> based upon the
> >> name that the user was trying to reach.
> >>
> >> Currently when a user comes to my IP, the LRP
> >> port-forwards to my
> >> masqd machine web server.
> >>
> >> How can I handle these 2 DNS entries with my LRP
> and
> >> still only have
> >> one IP?
> >>
> >> All help would be greatly appreciated.
> >> Lonnie
> >> --
> >>  Lonnie Cumberland
> >>  OutStep Technologies Incorporated
> >>  (313) 832-7366
> >>
> >>  URL: http://www.outstep.com
> >>  EMAIL: [EMAIL PROTECTED]
> >>   : [EMAIL PROTECTED]
> >>
> >>
> >>
> >>
> >> ___
> >> Leaf-user mailing list
> >> [EMAIL PROTECTED]
> >>
> >
>
https://lists.sourceforge.net/lists/listinfo/leaf-user
> >
> >
> > __
> > Do You Yahoo!?
> > Great stuff seeking new owners in Yahoo! Auctions!
> > http://auctions.yahoo.com
> 
> 
> -- 
>  Lonnie Cumberland
>  OutStep Technologies Incorporated
>  (313) 832-7366
> 
>  URL: http://www.outstep.com
>  EMAIL: [EMAIL PROTECTED]
>   : [EMAIL PROTECTED]
> 
> 
> 
> 
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED]
>
https://lists.sourceforge.net/lists/listinfo/leaf-user


__
Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions! 
http://auctions.yahoo.com

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] FairQ question

[Jack Coates]

On Thu, 31 Jan 2002 [EMAIL PROTECTED] wrote:

> I was cruisin the Monkey Noodle site, and took the advice and added modules
> and set parameters to enable some fair queue functionality.
>
> Question:  While I likely don't need it much (small 4 computer home
> network), how might I know if I have actually improved anything or if I am
> hindering things?
>
> John
>
>
>

Good question :-) Performance is generally subjective, and very tough
to determine when you've got to have multiple tasks going to see if
anything changed. You might try downloading an ISO image while using
SSH, before and after change.

-- 
Jack Coates
Monkeynoodle: A Scientific Venture...


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] How to search for LRP packages ???

[Matt Schalit]

"Michael D. Schleif" wrote:
> 
> What am I missing?
> 
> 
> 
> Let's say, I want to find zebra.lrp -- how do I do that?


Start here:

  http://leaf.sourceforge.net/pub/

Then poke around till you find it.  If it's not there,
then go back to the main LEAF page, and start click on
each Developer in the lower LHS of the screen.  It may
be in their directories somewhere.

I like Mike's idea of using   site:leaf.sourceforge.net
in Google.

Best,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] multiple web DNS on LRP

[Lee]

I'm not sure I understand this so feel free to ignore the rest of this post
:-), however...

I think that you have set Apache up to differentiate between different sites
based on the domain name that is supplied in the HTTP "host headers". This
information is not actually affected by DNS or by what LRP does with DNS. So
I don't think LRP is altering this information or dropping it.

If we accept that the above is true (given that I am not sure that I am
right!) then maybe the problem is that port forwarding destroys host
headers. I'm really not sure - maybe someone else on the list can comment.

I've sent Lonnie directly a long explanation of how I think host headers and
DNS interact and don't interact. As it is perhaps off-topic I have not
posted it to this list but if there's interest from the list I will post it
to the list.

Lee

- Original Message -
From: "Lonnie Cumberland" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, January 31, 2002 8:58 AM
Subject: Re: [Leaf-user] multiple web DNS on LRP


> Hi There,
>
> No actually I really think that it is an LRP problem because the IP
> is being port-forwarded to the actual web server and thus the name
> information is being lost.
>
> >From what I can tell about the Virtual hosting, if the Apache web
> server resolves and redirects based upon the name then it should work.
>
> My thought now are that maybe I need to install a web servcer onto my
> LRP that can support virtual hosts.
>
> cheers and thanks for the help,
> Lonnie
>
> > it sounds like you have an apache issue.
> > try http://httpd.apache.org/docs/vhosts/index.html for
> > help with virtual hosts with apache.
> > HTH,
> > brett



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] How to connect the router with 2 external IPs

[JMullan]

Binh:  I would like to correct the notion that the HUB gets IP addresses.
The NICs do.  I don't know from LEAF point of view, but it would be
perfectly acceptable (I believe) that the 2 NICs in the one machine,
connected to the HUB, will each be assigned an IP address.

Our cable ISP will automatically assign 3 IP addresses without a call.
Extra IPs get billed.

Can I ask why you would want two external IP addresses for your router?  If
you just want to share internet you only need one.  If you want each
workstation inside to have an external IP, you could have two router boxes
but I.M.H.O that would just be a waste of hardware.  You could just run a
software firewall on the two workstations.

John




   
 
Binh Do <[EMAIL PROTECTED]>
 
Sent by:  To: "'Ray Olszewski'" 
<[EMAIL PROTECTED]>, "'[EMAIL PROTECTED]'"
[EMAIL PROTECTED]<[EMAIL PROTECTED]> 
 
eforge.netcc: 
"'[EMAIL PROTECTED]'"   
   
<[EMAIL PROTECTED]>
  Subject: RE: [Leaf-user] How 
to connect the router with 2 external
01/31/02 12:03 PM  IPs 
 
   
 
   
 




Hi,

The ISP technician showed up but just upgraded the TV portion. He told us
to
call tech-support to get 2 IPs, so I think there is no need to have a new
cable modem. I did not contact them yet as I am not sure if we can hook up
both 2 IPs to 2 NICs on the router.

A friend with ADSL told me that you need a hub, the modem goes to the
uplink-port, then 2 of the other ports of the hub will be the 2 different
IPs. You could connect 2 computers into those to work.

Suppose that's the same for the cable modem, if I connect them to 2 NICs in
the router, would they work and how can I modify the DHCP client.

Charles, you mentioned something about the public DMZ network. Could you
explain me a little bit more so I can see if it is worth to have 2 IPs or
not.

- from the network.txt help 
Route packets to a DMZ network.  This is a fairly advanced configuration.
Use
this setup if you have registered a block of public IP addresses, and your
ISP
is willing to route packets for this public space to your LRP box...
-




-Original Message-
From: Ray Olszewski [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 28, 2002 10:41 AM
To: Binh Do; '[EMAIL PROTECTED]'
Subject: Re: [Leaf-user] How to connect the router with 2 external IPs


At 01:03 PM 1/28/02 -0500, Binh Do wrote:
>Our cable ISP is going to give us another IP so we will have two IPs. How
do
>I plug the router physically
>so that I can modify the scripts to control both of them? Besides they are
>dynamic
>IPs and so how can I determine their values?


The questions you ask are unanswerable as posed. You need to tell us:

1. What physical devices is the ISP providing to you to handle the two
addresses? For example, are you getting 2 cable modems, or are you still
using a single cable modem provided by the ISP?

2. How are the two dynamic IP addresses actually assigned? Since you say
"cable ISP", I'm guessing DHCP, but we need to know what your ISP has
actually told you about this. (I don't actually know how it is possible to
assign 2 DHCP addresses to the same cable modem line, but perhaps someone
else has seen this implemented.) It probably told you how to connect 2
Windows computers, for example; in summary form, what procedure did it
describe?

3. Which LEAF variant are you using? With what physical and logical
interfaces?

5. What do you mean by "control both of them"? How do you want to use the 2
addresses?


--
"Never tell me the odds!"---
Ray Olszewski-- Han Solo
Palo Alto, CA  [EMAIL PROTECTED]


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user





___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question

[Matt Schalit]

malik menzong wrote:
> 
> Lynn:
> That is what I was saying. I open the resolv.conf file and wrote something
> like this:
> XXX.XXX.XXX # DNS0
> XXX.XXX.XX # DNS1


If you put valid statements into Oxygen's resolv.conf, then
you can sit down at the Oxygen terminal and type

   nslookup www.google.com

and it will return the correct address, assuming the network
is up and the default gateway is set correctly on Oxygen.
A valid resolv.conf looks like this:


nameserver 206.13.28.12
nameserver 206.13.31.12
search schalit.net


The search line says that, if I type at the Oxygen prompt:
nslookup ftp
it will automatically append the .schalit.net part of the
search statement and then try to look that up as in
nslookup ftp.schalit.net
So that's the story with /etc/resolv.conf.

Now onto your internal network.  To get your LAN computer
functioning correctly, you need to assign them ip addresses
which are on the same subnet as the internal nic.  Thus the
whole internal network is on the same subnet.  I think you
did this already, something like:

10.1.2.3/24  Internal comp
10.1.2.4/24  Internal comp
10.1.2.5/24  Internal comp
  ... ...
10.1.2.254/24Oxygen fireall

or something like

192.168.1.1/24 Internal comp
192.168.1.2/24 Internal comp
192.168.1.3/24 Internal comp
192.168.1.4/24 Internal comp
   ...   ...
192.168.1.254/24   Oxygen


Next you have to set the Default Gateway on the
LAN computers.  You would set that to 10.1.2.254
if you were following my first example.

Next you have to set the primary and secondary DNS
on the LAN computers.  You set those to be the
same ip addresses as the ones you put in resolv.conf.

So now all your computers have the same dns addresses
listed in their network configs.

Once you do that, you should be able to sit down at
the LAN computers and

ping 10.1.2.254
ping 63.194.213.179<--- that's me :)
ping 216.239.35.100<--- that's www.google.com
ping www.google.com<--- and finally by name.


Does it all work now?


 
> That is the only thing in that file. From behind the firewall I can ping to
> both network card address. from the router I can ping to the gateway fine.
> But if I type:
> ping cnn.com or ping XXX.XXX.XXX (actually ip address for cnn) it wont
> resolve it. all packets are lost.


It that doesn't work on Oxygen, if you can't ping 63.194.213.179, which
is my ipaddress, then Oxygen still needs work to get the default route
setup, I think.  Check that with

 ip addr show
 ip route show
 grep GATEWAY /etc/network.conf

and paste the output into your reply for us to see.


> > > also does ipsec comes in the 1668 self contained floppy image or do I
> > > need to copy it there? (oxygen 1.8.0 with openwall floppy)
> >
> >No, I don't believe it does, but I'm not sure ot this...


Ipsec does not come as part of the 1.8.0 floppy.  It's an add in package,
as Lynn mentioned.

Good Luck,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] multiple web DNS on LRP

[Lonnie Cumberland]

Hi There,

No actually I really think that it is an LRP problem because the IP
is being port-forwarded to the actual web server and thus the name
information is being lost.

>From what I can tell about the Virtual hosting, if the Apache web
server resolves and redirects based upon the name then it should work.

My thought now are that maybe I need to install a web servcer onto my
LRP that can support virtual hosts.

cheers and thanks for the help,
Lonnie

> it sounds like you have an apache issue.
> try http://httpd.apache.org/docs/vhosts/index.html for
> help with virtual hosts with apache.
> HTH,
> brett
>
> --- Lonnie Cumberland <[EMAIL PROTECTED]> wrote:
>> Hello All,
>>
>> How are you doing today? Good I hope.
>>
>> I have another small problem that I hope someone
>> might have an answer
>> for.
>>
>> The problem is this. I have 2 (real) DNS names that
>> are pointing to
>> the same (real) IP. I then have my LRP firewall and
>> some servers
>> behind it on a masquerade setup.
>>
>> From what I can find out, with Virtual hosting on my
>> Apache webserver
>> machine, I am supposed to be able to have 2
>> different DNS entries
>> like www.test1.com and www.test2.com point to the
>> same IP, 1.2.3.4
>> and the web server will bring up the correct pages
>> based upon the
>> name that the user was trying to reach.
>>
>> Currently when a user comes to my IP, the LRP
>> port-forwards to my
>> masqd machine web server.
>>
>> How can I handle these 2 DNS entries with my LRP and
>> still only have
>> one IP?
>>
>> All help would be greatly appreciated.
>> Lonnie
>> --
>>  Lonnie Cumberland
>>  OutStep Technologies Incorporated
>>  (313) 832-7366
>>
>>  URL: http://www.outstep.com
>>  EMAIL: [EMAIL PROTECTED]
>>   : [EMAIL PROTECTED]
>>
>>
>>
>>
>> ___
>> Leaf-user mailing list
>> [EMAIL PROTECTED]
>>
> https://lists.sourceforge.net/lists/listinfo/leaf-user
>
>
> __
> Do You Yahoo!?
> Great stuff seeking new owners in Yahoo! Auctions!
> http://auctions.yahoo.com


-- 
 Lonnie Cumberland
 OutStep Technologies Incorporated
 (313) 832-7366

 URL: http://www.outstep.com
 EMAIL: [EMAIL PROTECTED]
  : [EMAIL PROTECTED]




___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] How to start 2 'named' processes

[Binh Do]

I tried to run 2 instances of DNS 'named' on the router, one for the
internal and one for the external. If I do it manually, like

/usr/sbin/named  
/usr/sbin/named -c another_named.conf

evrything is fine.

But when I tried to modify the named-start-up script /etc/init.d/named, in
the start) portion as

start-stop-daemon --start --quiet  --exec /usr/sbin/named

start-stop-daemon --start --quiet  --exec /usr/sbin/named -- -c
/etc/another_named.conf

only the first one is executed and the second does not. I guess that the
'start-stop-daemon' already checks that one 'named' is running and so stop
there.

Is there anyway to overcome this problem?

Thank you.



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] How to connect the router with 2 external IPs

[Binh Do]

Hi,

The ISP technician showed up but just upgraded the TV portion. He told us to
call tech-support to get 2 IPs, so I think there is no need to have a new
cable modem. I did not contact them yet as I am not sure if we can hook up
both 2 IPs to 2 NICs on the router. 

A friend with ADSL told me that you need a hub, the modem goes to the
uplink-port, then 2 of the other ports of the hub will be the 2 different
IPs. You could connect 2 computers into those to work.

Suppose that's the same for the cable modem, if I connect them to 2 NICs in
the router, would they work and how can I modify the DHCP client. 

Charles, you mentioned something about the public DMZ network. Could you
explain me a little bit more so I can see if it is worth to have 2 IPs or
not.

- from the network.txt help 
Route packets to a DMZ network.  This is a fairly advanced configuration.
Use
this setup if you have registered a block of public IP addresses, and your
ISP
is willing to route packets for this public space to your LRP box...
-




-Original Message-
From: Ray Olszewski [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 28, 2002 10:41 AM
To: Binh Do; '[EMAIL PROTECTED]'
Subject: Re: [Leaf-user] How to connect the router with 2 external IPs


At 01:03 PM 1/28/02 -0500, Binh Do wrote:
>Our cable ISP is going to give us another IP so we will have two IPs. How
do
>I plug the router physically
>so that I can modify the scripts to control both of them? Besides they are
>dynamic
>IPs and so how can I determine their values?


The questions you ask are unanswerable as posed. You need to tell us:

1. What physical devices is the ISP providing to you to handle the two
addresses? For example, are you getting 2 cable modems, or are you still
using a single cable modem provided by the ISP?

2. How are the two dynamic IP addresses actually assigned? Since you say
"cable ISP", I'm guessing DHCP, but we need to know what your ISP has
actually told you about this. (I don't actually know how it is possible to
assign 2 DHCP addresses to the same cable modem line, but perhaps someone
else has seen this implemented.) It probably told you how to connect 2
Windows computers, for example; in summary form, what procedure did it
describe?

3. Which LEAF variant are you using? With what physical and logical
interfaces?

5. What do you mean by "control both of them"? How do you want to use the 2
addresses?


--
"Never tell me the odds!"---
Ray Olszewski-- Han Solo
Palo Alto, CA[EMAIL PROTECTED]


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] multiple web DNS on LRP

[brett]

it sounds like you have an apache issue.  
try http://httpd.apache.org/docs/vhosts/index.html for
help with virtual hosts with apache.
HTH,
brett

--- Lonnie Cumberland <[EMAIL PROTECTED]> wrote:
> Hello All,
> 
> How are you doing today? Good I hope.
> 
> I have another small problem that I hope someone
> might have an answer
> for.
> 
> The problem is this. I have 2 (real) DNS names that
> are pointing to
> the same (real) IP. I then have my LRP firewall and
> some servers
> behind it on a masquerade setup.
> 
> From what I can find out, with Virtual hosting on my
> Apache webserver
> machine, I am supposed to be able to have 2
> different DNS entries
> like www.test1.com and www.test2.com point to the
> same IP, 1.2.3.4
> and the web server will bring up the correct pages
> based upon the
> name that the user was trying to reach.
> 
> Currently when a user comes to my IP, the LRP
> port-forwards to my
> masqd machine web server.
> 
> How can I handle these 2 DNS entries with my LRP and
> still only have
> one IP?
> 
> All help would be greatly appreciated.
> Lonnie
> -- 
>  Lonnie Cumberland
>  OutStep Technologies Incorporated
>  (313) 832-7366
> 
>  URL: http://www.outstep.com
>  EMAIL: [EMAIL PROTECTED]
>   : [EMAIL PROTECTED]
> 
> 
> 
> 
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED]
>
https://lists.sourceforge.net/lists/listinfo/leaf-user


__
Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions! 
http://auctions.yahoo.com

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] multiple web DNS on LRP

[Lonnie Cumberland]

Hello All,

How are you doing today? Good I hope.

I have another small problem that I hope someone might have an answer
for.

The problem is this. I have 2 (real) DNS names that are pointing to
the same (real) IP. I then have my LRP firewall and some servers
behind it on a masquerade setup.

>From what I can find out, with Virtual hosting on my Apache webserver
machine, I am supposed to be able to have 2 different DNS entries
like www.test1.com and www.test2.com point to the same IP, 1.2.3.4
and the web server will bring up the correct pages based upon the
name that the user was trying to reach.

Currently when a user comes to my IP, the LRP port-forwards to my
masqd machine web server.

How can I handle these 2 DNS entries with my LRP and still only have
one IP?

All help would be greatly appreciated.
Lonnie
-- 
 Lonnie Cumberland
 OutStep Technologies Incorporated
 (313) 832-7366

 URL: http://www.outstep.com
 EMAIL: [EMAIL PROTECTED]
  : [EMAIL PROTECTED]




___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] FairQ question

[JMullan]

I was cruisin the Monkey Noodle site, and took the advice and added modules
and set parameters to enable some fair queue functionality.

Question:  While I likely don't need it much (small 4 computer home
network), how might I know if I have actually improved anything or if I am
hindering things?

John




___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] How to search for LRP packages ???

[Mike Noyes]

At 2002-01-30 16:51 -0600, Michael D. Schleif wrote:

>What am I missing?
>
>
>
>Let's say, I want to find zebra.lrp -- how do I do that?
>
>The search facility returns: `No matches found to your query' for both 
>announcements and pages.
>
>If I goto Main Menu | Packages -- it is *not* there, that I can see.
>
>If I goto Developer Content, then I can click on each name and browse each 
>webpage.  Fortunately, Andrew Hoying is first . . .
>
>Some stuff that originally appeared in the center column can be found in 
>the rightmost column Past Articles; but, what happens to them when they 
>roll off of that column?

Michael,
Only the past twenty are listed in the right column, but the others are 
still there. Old articles/news expire after three months, and are removed 
from our site. This was a decision I made to keep our database small.

>Is LEAF keeping track of packages?
>
>Is there some search facility?

This is a problem related to unincorporated content. The phpWebSite search 
only looks through our MySQL database. I believe the problem is addressed 
in the new search module in phpWebSite 0.8.1.

You can search for packages using Google. e.g. zebra

zebra site:leaf.sourceforge.net

>What do you think?

I am addressing this issue. I should have a package repository available in 
the next couple of weeks. Take a look at the test version [1] created by 
David Douthitt.

[1] http://leaf.sourceforge.net/pub/oxygen/repository/

The repository will be committed to cvs in bin/packages [2], and exported 
daily to pub/packages [3].

[2] http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/bin/
[3] http://leaf.sourceforge.net/pub/packages/

Eventually, I'd like to see David's scripts converted into a phpWebSite 
module. This will allow for better searching, and automatic indexing. If 
you would like to create this new module, please look at the current 
scripts above. Then, take a look at the phpWebSite module documentation.

http://sourceforge.net/docman/display_doc.php?docid=8200&group_id=33782

--
Mike Noyes <[EMAIL PROTECTED]>
http://sourceforge.net/users/mhnoyes/
http://leaf.sourceforge.net/content.php?menu=1000&page_id=4


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user