[Leaf-user] Re: MAC address Spoofing to ISP- ATT/RoadRunner
Brian: This may help: My cable is ATT which was MediaOne/RoadRunner. (Note: Before trying this method, RESET the cable modem, not just turn it off and try your current setup again). That said, ATT (LA/S Calif) allows you to have 3ea MAC addresses on file. After trying to solve the spoofing problem, I just registered the LRP address (eth0) with my ISP. (this also allows a quick return to your orginal setup) eth1 now goes to the Win98 box. If your ISP doesn't allow several MAC's on file, you could still just register the LRP NIC in place of the Win98. Ivory --- [EMAIL PROTECTED] wrote: Send Leaf-user mailing list submissions to [EMAIL PROTECTED] To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/leaf-user or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of Leaf-user digest... Today's Topics: 1. DHCP Connectivity problem continued (Henning, Brian) --__--__-- Message: 1 From: Henning, Brian [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Date: Thu, 14 Feb 2002 14:25:36 -0600 Subject: [Leaf-user] DHCP Connectivity problem continued Hello again- I am still having a problem connecting to, road runner, my isp's dhcp server. Any more advice would be appreciated. I will explain what I have done so far. I am using the Dachstein floppy on a Pentium one. I verified the mac address with my isp, so it should be correct. The ethernet works because I am currently using the cabe for a win98 router ( using sygate ). when i use that as my router this is what my isp releases. DHCP Server ip: 24.31.3.23 default gateway: 66.41.136.1 subnet mask: 255.255.248.0 Ip it assigned my windows router: 66.41.137.97 When i test my Linux router I first release the ip from the win98 machine. Then i move the ethernet cable from the win98 box to the Linux router box. I power down the cable modem and the linux router box. I wait for a minute and start them both up again. Things i have tried --- I tried to spoof the mac address to the same number as on the win98 box but i am not sure if i did it correctly. here is what i did to the /etc/dhclient.conf send dhcp-client-identifier 00:40:54:31:7c:7c; #I am not sure if this is correct or not. i tried setting the default gateway eth0_DEFAULT_GW=66.41.136.1 Hardware - 3c509B - irq: 10 memory io address: 300 Boot ROM: disable Transever type: auto network driver optimize: server max modem speed: 9600 baud pnp: disable Full duplex: disable Results of Commands --- ip addr show 1: lo LOOPBACK, UP mtu 3924 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope global lo 2: eth0 BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:60:97:79:7B:7C brd ff:ff:ff:ff:ff:ff ip route show #returns nothing inetstat -nr #returns nothing Errors -- DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4 DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 5 DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 14 DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 11 DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 19 DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7 No DHCPOFFER recieved no working Leases in persistant database. I assume that my machine is trying to connect to port 67 of my isp and is sending the mac address to my isp to confirm that it is registered with them. Should there be 6 DHCPDISCOVER's when the router works? Another option I could try a different nic. i have a Ark 10/100 Base-T PCI Network Adapter Realtek Chipset Will that work? i have two pci slots along with my 2 isa slots. attatched i have a copy of my network.conf file below. This is all the information about my problem. I want to thank all who have given me input. Brian ### # Extended firewall configruation scripts # By Charles Steinkuehler # Version 1.3.2 # September 29, 2001 ### # Brief instructions for this file ### # # VERBOSE=(YES/NO) Default: Yes # Be verbose about settings. # # MAX_LOOP=(int)Default: 10 # Maximum number of incrementable entries to search for. # IE: If you create a DNS7=, and MAX_LOOP=7, it will not be reached. # (DNS0 - DNS7 == 8 entires) # Setting this value too high will decrease the speed of the
Re: [Leaf-user] Bering and DOC2000
Since I see you are using MTD, would you be able to make your image available to others? If you need space to host it, I'll find someplace to put it. For some reason it seems like I'm pushing the envelope of Leaf by wanting to use PCMCIA Wireless Cards and a DOC2000 ;) Thanks! --Patrick On Fri, 8 Feb 2002, Bao C. Ha wrote: Hi guys, I have been able to bring the Jacques Nilo's Bering Leaf distribution up on a Disck-On-Chip (DOC2000) based system. I am using the Beta 2 since there seems to be problems with modify the Beta 3 floppy image. Following is the summary of changes to make it happens. (1) The DOC2000 has one partition. It is used as an ext3 filesystem. The content of the floppy image is put on the DOC's partition. (2) Grub. I am using grub to boot up from DOC. Following is the /boot/grub/menu.lst file. default 0 timeout 5 title=Linux with video card and keyboard kernel (dc0,0)/linux ramdisk_size=1536 init=/linuxrc \ root=/dev/ram0 boot=/dev/nftla1,ext3 LRP=root,etc,local,\ modules,pump,keyboard,shorwall,dnscache,weblet,dhcpd,ppp,\ pppoe,log,libz,sshd,sshkey,ssh,sftp initrd (dc0,0)/initrd.lrp Notes: - The kernel command is all on one line. - There is no PKGPATH. That will hang the DOC2000. Mtd devices can't be mounted at multiple points at the same time. (3) Loading required modules at boot time. The /boot/etc/modules is changed to load the following modules: (the order is very important to detect nftl on DOC2000) mtdcore docecc doc2000 docprobe nftl mtdchar mtdblock jbd ext3 There is probably no need to load mtdchar and mtdblock. Both the jbd and ext3 modules can be replaced by another fs module, like ext2, if ext2 file system is to be used for the DOC2000. These modules are also downloaded into the /boot/lib/modules directory (4) Add the following to the /var/lib/lrpkg/root.dev.mk file to create the /dev/nftla devices. #DOC nftl makedevs nftla b 93 0 0 8 s null 21 makedevs nftlb b 93 16 0 8 s null 21 That is all! Thanks. Bao ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] problems with IPIP protocol (94) and SecuRemote
Hi, I'm trying to use CheckPoint SecuRemote from Windows box through LRP box. I'm using NAT at LRP host. Authorisation (which uses UDP) are working well, but after that IP packets (with protocol field set to 94) are being silently dropped at LRP box. Digging through mail archives I've found only two suggestions: first one, that watch out IPIP, not all firewalls like that, and another one which suggest a problem with CheckPoint FW-1 protocol. I've added ipip.o to the LRP box, but it doesnt resolve the problem. I've also added straight rules which allowing ip proto=94 to pass/forward through LRP - unfortunatelly with the same result. Thanks in advance for any help, Marcin ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Bering and DOC2000
At 2002-02-16 08:21 -0500, Patrick Nixon wrote: Since I see you are using MTD, would you be able to make your image available to others? If you need space to host it, I'll find someplace to put it. Patrick, The LEAF Bering release has mtd modules. http://leaf.sourceforge.net/devel/jnilo/leaffw.html http://leaf.sourceforge.net/devel/jnilo/bering/latest/modules/drivers/mtd/ For some reason it seems like I'm pushing the envelope of Leaf by wanting to use PCMCIA Wireless Cards and a DOC2000 ;) Yes. We're working to make this easier. -- Mike Noyes [EMAIL PROTECTED] http://sourceforge.net/users/mhnoyes/ http://leaf.sourceforge.net/content.php?menu=1000page_id=4 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Bering and DOC2000
Are there any special procedures for me to boot off the DOC? rdev it and that's it? --Pat On Sat, 16 Feb 2002, Mike Noyes wrote: At 2002-02-16 08:21 -0500, Patrick Nixon wrote: Since I see you are using MTD, would you be able to make your image available to others? If you need space to host it, I'll find someplace to put it. Patrick, The LEAF Bering release has mtd modules. http://leaf.sourceforge.net/devel/jnilo/leaffw.html http://leaf.sourceforge.net/devel/jnilo/bering/latest/modules/drivers/mtd/ For some reason it seems like I'm pushing the envelope of Leaf by wanting to use PCMCIA Wireless Cards and a DOC2000 ;) Yes. We're working to make this easier. -- Mike Noyes [EMAIL PROTECTED] http://sourceforge.net/users/mhnoyes/ http://leaf.sourceforge.net/content.php?menu=1000page_id=4 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Bering and DOC2000
At 2002-02-16 09:37 -0500, Patrick Nixon wrote: Are there any special procedures for me to boot off the DOC? rdev it and that's it? Pat, I don't know the exact procedure you need to follow. You may be the first person to try the mtd support in Bering. I'm sorry I was unable to help you further. Maybe someone else has some information that will help you. On Sat, 16 Feb 2002, Mike Noyes wrote: The LEAF Bering release has mtd modules. http://leaf.sourceforge.net/devel/jnilo/leaffw.html http://leaf.sourceforge.net/devel/jnilo/bering/latest/modules/drivers/mtd/ -- Mike Noyes [EMAIL PROTECTED] http://sourceforge.net/users/mhnoyes/ http://leaf.sourceforge.net/content.php?menu=1000page_id=4 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Bering and DOC2000
Since I see you are using MTD, would you be able to make your image available to others? If you need space to host it, I'll find someplace to put it. I don't have a floppy image. I took the Bering beta 2 image and dump everything on it to my DOC2000. All of the kernel stuff is actually in Jacques's web space, http://leaf.sourceforge.net/devel/jnilo/latest/. But, you can just build your own kernel and use it instead. Jacques has a kernel config file that can be used as a template. I have to build my own, since I could not get the IDE driver to work properly. Plus, Jacques' kernel has not been patched to work with Freeswan. The only tricky part is to rebuild the initrd image: initrd.lrp, to include the mtd device drivers. Let me know and I will send mine. Thanks. Bao ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Bering and DOC2000
Bao C. Ha wrote: you can just build your own kernel and use it instead. Jacques has a kernel config file that can be used as a template. I have to build my own, since I could not get the IDE driver to work properly. So the ide driver is not compiled into the kernel and you couldn't load something like ide.o in initrd.lrp? Ok. The only tricky part is to rebuild the initrd image: initrd.lrp, to include the mtd device drivers. Is there an mtd.o? Is that the only .o module that needs to be loaded specially for the DOC, assuming the ide support is compiled into the kernel? Curious, Matthew ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Bering and DOC2000
you can just build your own kernel and use it instead. Jacques has a kernel config file that can be used as a template. I have to build my own, since I could not get the IDE driver to work properly. So the ide driver is not compiled into the kernel and you couldn't load something like ide.o in initrd.lrp? Since we don't use modprobe, the ide modules: ide-mod.o ide-mod-probe.o, ide-disk.o, ... have to be loaded at the right sequence. I did it and get it to work with my kernel, but not Jacques' one. I did not pursue any further once I got it to work. The only tricky part is to rebuild the initrd image: initrd.lrp, to include the mtd device drivers. Is there an mtd.o? There is no mtd.o, but a collection of mtd drivers: mtd-core.o, docecc.o, doc2000.o, docprobe.o, and nftl.o, to support DOC2000. Is that the only .o module that needs to be loaded specially for the DOC, assuming the ide support is compiled into the kernel? You don't need ide support to be built-in into the kernel. I have been playing with two systems: one with DOC2000 and one with a small IDE disk. On the DOC2000 system, I don't need ide at all. Again, the problem is that we don't use modprobe. The mtd or ide drivers have to be loaded in the right sequence for them to detect the hardware and work properly. Since they are required during bootup, they have to be loaded from the initrd image. Bao ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Re: LEAF 2.4.14 / Shorewall 1.1.18 based distro (alpha version)
Hi Jacques. I appreciate your ongoing efforts to move LEAF to 2.4.x kernel! I have begun to experiment with Bering (b3) to attempt to build a router that can support a wireless pcmcia interface using the orinoco_cs driver. The end product should be strictly routing with firewall ( no NAT), and an IPSEC tunnel securing the wireless interfaces between 2 gateways. I think I am making some progress (slowly!)... here are some of my observations to date: 1. It looks like you may have a bug in the PCMCIA package or in your menu scripts the LRCFG menu provides an option to update wireless settings, but this opens scsi.opts instead of wireless.opts. Since I didn't need a SCSI/PCMCIA interface i tried working around it by replacing scsi.opts with a copy of wireless.opts. 2. I assume that I must manually install hermes.o, orinoco.o and orinoco_cs.o, but it is not clear what location they should be installed in. Please advise? 3. It seems there may be a possible discrepancy in the PCMCIA card services versions. Looking at daemon.log, cardmgr (v3.1.31) starts, but fails because no pcmcia driver in /proc/devices.However, kern.log reports Kernel Card Services 3.1.22 launching, but failing becuase ds: no socket drivers loaded. Any/all suggestions appreciated! Regards, Henry ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Bering and DOC2000
I don't know if JN is reading this thread, but it'd be nice if the above link would go a bit further in the What is Bering description. To say it is basically an enhanced Dachstein doesn't tell the new person what Bering is if they don't know what Dachstein is. I think the answer would want to include something like: I am :-). It takes some time to reach Europe :-) Bering is a miniature Linux OS that lives entirely on a 1.68 MB diskette, and it's purpose is to act as a router/firewall that connects two networks, filtering the content to protect the internal network. Bering is based upon a tried and true router/firewall called Dachstein (version rc2), created by Charles St[ei][ie]nk[ue][eu]l[h]er, sigh. The Bering firewall uses iptables for the firewall rules and Linux kernel 2.4.x as the base OS. Running Bering on an old Pentium with 32 MB of RAM is like using one of those Linksys or DLink router-firewalls, except that Bering is much more powerful, capable, and extensible. I'll buy that description if there is no copyright attach to it. Some news about Bering beta-4 about to be released: the initial loading of modules from boot/lib/modules now works properly ifupdown has been fixed and do not use ifconfig and route anymore (only ip) latest shorewall to be included Should be ready for testing tomorrow I would like to include in the doc two paragraphs about: Booting Bering from an hard disk Booting Bering from DOC Any volunteer ? Next on the list: ipsec Cheers Jacques ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Re: LEAF 2.4.14 / Shorewall 1.1.18 based distro (alpha version)
I have begun to experiment with Bering (b3) to attempt to build a router that can support a wireless pcmcia interface using the orinoco_cs driver. The end product should be strictly routing with firewall ( no NAT), and an IPSEC tunnel securing the wireless interfaces between 2 gateways. Good ! I think I am making some progress (slowly!)... here are some of my observations to date: 1. It looks like you may have a bug in the PCMCIA package or in your menu scripts the LRCFG menu provides an option to update wireless settings, but this opens scsi.opts instead of wireless.opts. Since I didn't need a SCSI/PCMCIA interface i tried working around it by replacing scsi.opts with a copy of wireless.opts. As stated in the doc the pcmcia package is really experimental. The pb you mention can be easily fixed by editing the file /var/lib/lrpkg/pcmcia.conf 2. I assume that I must manually install hermes.o, orinoco.o and orinoco_cs.o, but it is not clear what location they should be installed in. Please advise? In /lib/modules/pcmcia/2.4.16 3. It seems there may be a possible discrepancy in the PCMCIA card services versions. Looking at daemon.log, cardmgr (v3.1.31) starts, but fails because no pcmcia driver in /proc/devices.However, kern.log reports Kernel Card Services 3.1.22 launching, but failing becuase ds: no socket drivers loaded. You need to be sure that pcmcia_core , ds and yenta_socket are loaded. Check your parameter (sorry I do not have my test platform next to me) Jacques ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Bering and DOC2000
Pat, I don't know the exact procedure you need to follow. You may be the first person to try the mtd support in Bering. I'm just going to fire off some thoughts, perhaps not the correct answer :) I thought Charles laid it out pretty well in his hard disk howto and the cdrom howto boot instructions. Even though the directions refer to booting from a different device, the fundamental parts remain true, imo: 0) Need to be able to prove you can access the DOC device from a running LEAF system, thereby defining the modules that needed to be loaded to talk to it. Make note of IRQ's and addresses for comparison later. Using something I recall as Mullenstein (John Mullen did it I think), I have successfully booted and loaded using the M-Systems doc.o However, due to the license of M-systems driver, it can't be redistributed (or at least that's my understanding.) I've even compiled my own version of the kernel. Bering is based off 2.4.x which has MTD support directly in the kernel. Which shouldn't be too big of a problem to test except that my system with the DOC doesn't have a floppy so it's a rather time consuming process to try different sets of files. (I know, poor me ;) I'm relatively new at the whole development, unusual requirements thing, so while I am confident about compiling a kernel and whatnot, getting it t boot properly is shaky ground for me. 1) Need those modules that made the DOC work loaded for the kernel during the bootstraping initrd process (put them in /var/lib/modules?). So the idea is to take the working image from step (0) and burn a new diskette making sure that... 2) syslinux.cfg points to the boot device and the DOC modules get loaded during boot. Isn't that the big picture? If so, I'd like to hear about this fellow's configuration in level (0), and then move on. A big factor with these PC Cards and Compact Flash Cards is that they don't normally get an irq assignment by the PCI bios, or something like that, during POST, the way the other devices do. Johan and a few others are hashing through the details of what it takes to force a mass storage card to the correct IRQ and base address, or at least to reserve those settings for the device to take when it's driver loads. The issue is with the CardBus bridge and the CF bridge, which buffer data to the PCI bus and have to handle recognizing the different PC Cards during hot-swap operations. Maybe CF Cards with True IDE emulation would work easier. The LEAF Bering release has mtd modules. http://leaf.sourceforge.net/devel/jnilo/leaffw.html I don't know if JN is reading this thread, but it'd be nice if the above link would go a bit further in the What is Bering description. To say it is basically an enhanced Dachstein doesn't tell the new person what Bering is if they don't know what Dachstein is. I think the answer would want to include something like: Bering is a miniature Linux OS that lives entirely on a 1.68 MB diskette, and it's purpose is to act as a router/firewall that connects two networks, filtering the content to protect the internal network. Bering is based upon a tried and true router/firewall called Dachstein (version rc2), created by Charles St[ei][ie]nk[ue][eu]l[h]er, sigh. The Bering firewall uses iptables for the firewall rules and Linux kernel 2.4.x as the base OS. Running Bering on an old Pentium with 32 MB of RAM is like using one of those Linksys or DLink router-firewalls, except that Bering is much more powerful, capable, and extensible. If I don't hear from him, I'll suggest that in another thread. Good Luck, Matthew ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] help on LEAF ppp.lrp (2.3.11)
Hello Charles, Reason why I need to have setuid-root on my pppd binary is that a message saying: -pppd: must be root to run -pppd, since it is not setuid-root pops out each time I log my non-root account into my DS box. I've tried the commands you've suggested, but still, the warning message keeps on popping out. I never had this problem before with the old ppp.lrp package (pppd v2.2). Only for some reason, I'm having problems making the old ppp package dial-out into my ISP. But my non-root account/s can definitely dial-in. I really like to use this 2.3.11 pppd roll as it is already capable of dialing out to my ISP. But first, I must figure out (I need help actually) how to fix this problem. and ofcourse my non-root user/s shell is /usr/sbin/pppd TIA - Original Message - From: Charles Steinkuehler [EMAIL PROTECTED] To: Vic Berdin [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, February 15, 2002 10:40 PM Subject: Re: [Leaf-user] help on LEAF ppp.lrp (2.3.11) Can anyone point me out to a link where i can get a linux tool/source that can setuid-rootthe pppd binary that comes with the package? No special tools necessary. The setuid bit is just one of the normal file mode bits used in *nix. You see these modes when you do ls -l. You can set the mode bits with the chmod command. To set the setuid bit on the pppd binary, just: chmod u+s pppd If for some reason you have problems with this, you can run: chmod 4755 pppd to overwrite any existing permissions, and set the setuid bit in the process. You should end up with: -rwsr-xr-x as permissions when listed with ls -l...the s indicates user execute permissions, with setuid. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
