[Leaf-user] Re.. Port forwarding problem....!

2002-03-06 Thread barwals 

Hello Joe,
Thanks for the reply. You are right but I have tried with "0/0_www" also. It is not 
working. 
As you can see from my ipchains ruleset that I'm getting packet at 111.222.333.444
-
5 300 ACCEPT tcp -- 0xFF 0x00 eth0
0.0.0.0/0 111.222.333.444 * -> 80
---
5 packet and 300 bytes are there. 

And yes I have checked it from outside of my network but still not working. 
Thanks.

Sudhir Barwal




"Upnet Joe" wrote:



EXTERN_TCP_PORT0="0/0 www 111.222.333.444" I think this wrong not really
sure 

EXTERN_TCP_PORTS="0/0_ssh 0/0_smtp 0/0_www 0/0_domain 0/0_https 0/0_pop-3
0/0_spop3" this is mine and it is working.

How did you try to access your internal web server 
since you are firewall and MASQ your public connection you can't access your
port-fw connection via public address (eth0) from internal Client..
only way you can access by your internal ip-address 10.24.33.129 or dns name
map to that address

ask someone to access 111.222.333.444 from out side your network... it
should work

Upnet Joe

- Original Message -
From: "barwals" 
To: 
Sent: Tuesday, March 05, 2002 6:20 AM
Subject: [Leaf-user] Port forwarding problem!


Hi,

I 'm running the Dachstein LEAF firewall. I'm not able to forwarding the
external traffice which is coming to my valid IPaddr (eth0) to my internal
web server which is a windows 2000 server. I have allready gone through all
the related mailing list archive but could not solve the problem and hence
I'm writing to this list. The error I'm getting in my browser is "Connection
faild" "Connection timed out".

My configuration is as follows.

EXTERN_IP=111.222.333.444
EXTERN_IF =eth0
INTERNAL_IP=10.24.33.224
INTERNAL_IF =eth1
INT_NET = 10.0.0.0/8
IPFWDING_KERNEL= FILTER_ON
IPALWAYSDEFRAG_KERNEL = YES
CONFIG_HOSTNAME = YES
CONFIG_HOSTSFILE = YES
CONFIG_DNS = NO
IPFILTER_SWITCH = firewall
SNMP_BLOCK = YES
EXTERN_DHCP = NO
EXTERN_DHCP = NO
EXTERN_TCP_PORT0="0/0 www 111.222.333.444"
INTERN_SERVERS="tcp_111.222.333.444_www_10.24.33.150_www"

My IPCHAINS RULES looks like they are accepting the connection at
111.222.333.444. But could not find the solution. Could anybody help me in
that regard.


Regards .
Thanks.



Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com

 Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from 
http://www.planetm.co.in


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] How to open telnet for DMZ network?

2002-03-06 Thread Chutima S. 

Currently I use Dachsteinv-v1.0.2-1680 as my firewall.  It's seem verygood.  But now I 
want to telnet to it while I'm at DMZ's machine.  I found that inetd.conf comment out 
for telnetd and /usr/sbin/in.telnetd is missing.  How could I set it up?  

Thank you so much.
Chutima S.   :)Þiû¬z¹šŠX§‚X¬´·š~ë®X¬¶Ë(º·~Šàzw­†Ûi³ÿåŠËl²‹«qç讧zßåŠËlþX¬¶)ߣù^iû¬z

Re: [Leaf-user] How to open telnet for DMZ network?

2002-03-06 Thread Charles Baker 


--- "Chutima S." <[EMAIL PROTECTED]> wrote:
> Currently I use Dachsteinv-v1.0.2-1680 as my
> firewall.  It's seem verygood.  But now I want to
> telnet to it while I'm at DMZ's machine.  I found
> that inetd.conf comment out for telnetd and
> /usr/sbin/in.telnetd is missing.  How could I set it
> up?  
> 
> Thank you so much.
> Chutima S.   

You really don't want to use telnet. It's very
insecure. Use ssh instead. You can get ssh for
dachstein here:

http://lrp.steinkuehler.net/files/diskimages/dachstein-CD/CD-Contents/


=
[EMAIL PROTECTED]
Hacking is a "Good Thing!"
See http://www.tuxedo.org/~esr/faqs/hacker-howto.html

__
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] blocking users from accessing IRC server

2002-03-06 Thread Simon Bolduc 

well you may want to block Ident (113) - though it should already be 
blocked.  I know some servers require an Ident daemon to be running (like 
dalnet).  But blocking 6000 - 8000 is a good start.  You could also create a 
list of hosts that you want to autodeny traffic from (just based on IRC 
server IPs).  Just so you know there are Java clients available - so even if 
you do this you won't necessarily stop the chatting - just the downloading.

S


>From: "GREGOR" <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: [Leaf-user] blocking users from accessing IRC server
>Date: Wed, 06 Mar 2002 08:01:03 GMT
>
>may be this is an OT question, but I'm trying to block my users from
>accessing IRC servers.
>Are there any more ports that I should block other than 6000 to 8000?
>
>thank you.
>
>regards,
>Gregor
>
>
>WATCHOUT! 3RD INTERNATIONAL SEMINAR ON SUSTAINABLE ENVIRONTMENTAL
>ARCHITECTURE + DIGITAL ARCHITECTURE, 9-10 MARCH 2002, YOGYAKARTA
>http://senvar.virtue.nu or http://senvar.uajy.web.id
>NATIONAL DESIGN COMPETITION
>http://senvar.uajy.web.id/lombadesain
>
>___
>Leaf-user mailing list
>[EMAIL PROTECTED]
>https://lists.sourceforge.net/lists/listinfo/leaf-user




_
Send and receive Hotmail on your mobile device: http://mobile.msn.com


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] blocking users from accessing IRC server

2002-03-06 Thread Jack Coates 

Also remember that the port something runs on is a matter of convention,
not requirement. If you really want to block things, do a default deny
outbound and then open up services and locations that are approved. At
my work there is no outbound access for any endusers; everything has to
go through a squid farm in the DMZ.

Jack

On Wed, 6 Mar 2002, Simon Bolduc wrote:

> well you may want to block Ident (113) - though it should already be
> blocked.  I know some servers require an Ident daemon to be running (like
> dalnet).  But blocking 6000 - 8000 is a good start.  You could also create a
> list of hosts that you want to autodeny traffic from (just based on IRC
> server IPs).  Just so you know there are Java clients available - so even if
> you do this you won't necessarily stop the chatting - just the downloading.
>
> S
>
>
> >From: "GREGOR" <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: [Leaf-user] blocking users from accessing IRC server
> >Date: Wed, 06 Mar 2002 08:01:03 GMT
> >
> >may be this is an OT question, but I'm trying to block my users from
> >accessing IRC servers.
> >Are there any more ports that I should block other than 6000 to 8000?
> >
> >thank you.
> >
> >regards,
> >Gregor
> >
> >
> >WATCHOUT! 3RD INTERNATIONAL SEMINAR ON SUSTAINABLE ENVIRONTMENTAL
> >ARCHITECTURE + DIGITAL ARCHITECTURE, 9-10 MARCH 2002, YOGYAKARTA
> >http://senvar.virtue.nu or http://senvar.uajy.web.id
> >NATIONAL DESIGN COMPETITION
> >http://senvar.uajy.web.id/lombadesain
> >
> >___
> >Leaf-user mailing list
> >[EMAIL PROTECTED]
> >https://lists.sourceforge.net/lists/listinfo/leaf-user
>
>
>
>
> _
> Send and receive Hotmail on your mobile device: http://mobile.msn.com
>
>
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
>

-- 
Jack Coates
Monkeynoodle: A Scientific Venture...


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] How to open telnet for DMZ network?

2002-03-06 Thread Steven Peck 

And here is the link on how to install ssh v2
http://www.leaf-project.org/devel/jnilo/openssh.html


--- "Chutima S." <[EMAIL PROTECTED]> wrote:
> Currently I use Dachsteinv-v1.0.2-1680 as my
> firewall.  It's seem verygood.  But now I want to
> telnet to it while I'm at DMZ's machine.  I found
> that inetd.conf comment out for telnetd and /usr/sbin/in.telnetd is 
> missing.  How could I set it up?
> 
> Thank you so much.
> Chutima S.   

You really don't want to use telnet. It's very
insecure. Use ssh instead. You can get ssh for
dachstein here:

http://lrp.steinkuehler.net/files/diskimages/dachstein-CD/CD-Contents/


=
[EMAIL PROTECTED]
Hacking is a "Good Thing!"
See http://www.tuxedo.org/~esr/faqs/hacker-howto.html

__
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Re.. Port forwarding problem....!

2002-03-06 Thread guitarlynn 


> And yes I have checked it from outside of my network but still not
> working. Thanks.

 Sudhir,

Have you uncommented "ip_masq_portfw" in /etc/modules (or added
it to the DF floppy, if your using this). You won't port forward w/o
the module being loaded .. you can check with "lsmod".

As the others have mentioned. You will not be able to access the 
port forwarded service(s) from your internet ip address while 
behind the firewall. Someone not behind the firewall will have to 
check it for you. 

:-)
-- 

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] How to open telnet for DMZ network?

2002-03-06 Thread M Lu 

If you are running the floppy version, you may either need second floppy to
hold the new ssh package, or you can look for an older version of ssh,
Kong's ssh.lrp, which can fit into your existing floppy.

Anyway, if possible, I think you should go with the CD version of Dachstein.
You will have it boot much much faster and besides, no worry about the
limited space on the floppy whenever you want to add other packages.

-Original Message-
--__--__--
Message: 12
From: "Steven Peck" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: RE: [Leaf-user] How to open telnet for DMZ network?
Date: Wed, 6 Mar 2002 07:53:06 -0800
And here is the link on how to install ssh v2
http://www.leaf-project.org/devel/jnilo/openssh.html

--- "Chutima S." <[EMAIL PROTECTED]> wrote:
> Currently I use Dachsteinv-v1.0.2-1680 as my
> firewall. It's seem verygood. But now I want to
> telnet to it while I'm at DMZ's machine. I found
> that inetd.conf comment out for telnetd and /usr/sbin/in.telnetd is
> missing. How could I set it up?
>
> Thank you so much.
> Chutima S.
You really don't want to use telnet. It's very
insecure. Use ssh instead. You can get ssh for
dachstein here:
http://lrp.steinkuehler.net/files/diskimages/dachstein-CD/CD-Contents/


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] How to open telnet for DMZ network?

2002-03-06 Thread Jeff Newmiller 

On Wed, 6 Mar 2002, M Lu wrote:

> If you are running the floppy version, you may either need second floppy to
> hold the new ssh package, or you can look for an older version of ssh,
> Kong's ssh.lrp, which can fit into your existing floppy.

This older version has weaknesses that can allow a cracker to gain root
access if it is open from the outside (or from the DMZ, if the DMZ server 
is compromised).  If you use this version, you should limit yourself to
accessing the router from the internal network, not the DMZ.

http://ciac.llnl.gov/ciac/bulletins/m-017.shtml

---
Jeff NewmillerThe .   .  Go Live...
DCN:<[EMAIL PROTECTED]>Basics: ##.#.   ##.#.  Live Go...
  Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/BatteriesO.O#.   #.O#.  with
/Software/Embedded Controllers)   .OO#.   .OO#.  rocks...2k
---


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] How to open telnet for DMZ network?

2002-03-06 Thread Richard Doyle 

I'm using telnet over a zebedee tunnel--much smaller than ssh.

-Richard

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of M Lu
> Sent: Wednesday, March 06, 2002 8:25 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: RE: [Leaf-user] How to open telnet for DMZ network?
>
>
> If you are running the floppy version, you may either need
> second floppy to
> hold the new ssh package, or you can look for an older version of ssh,
> Kong's ssh.lrp, which can fit into your existing floppy.
>
> Anyway, if possible, I think you should go with the CD
> version of Dachstein.
> You will have it boot much much faster and besides, no worry about the
> limited space on the floppy whenever you want to add other packages.
>
> -Original Message-
> --__--__--
> Message: 12
> From: "Steven Peck" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: RE: [Leaf-user] How to open telnet for DMZ network?
> Date: Wed, 6 Mar 2002 07:53:06 -0800
> And here is the link on how to install ssh v2
> http://www.leaf-project.org/devel/jnilo/openssh.html
>
> --- "Chutima S." <[EMAIL PROTECTED]> wrote:
> > Currently I use Dachsteinv-v1.0.2-1680 as my
> > firewall. It's seem verygood. But now I want to
> > telnet to it while I'm at DMZ's machine. I found
> > that inetd.conf comment out for telnetd and /usr/sbin/in.telnetd is
> > missing. How could I set it up?
> >
> > Thank you so much.
> > Chutima S.
> You really don't want to use telnet. It's very
> insecure. Use ssh instead. You can get ssh for
> dachstein here:
> http://lrp.steinkuehler.net/files/diskimages/dachstein-CD/CD-Contents/
>
>
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
>


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] multiple ip's

2002-03-06 Thread guitarlynn 

On Monday 04 March 2002 19:58, Matt Schalit wrote:

> But would you please fix the Oxygen section to refer to
>   apkg -s sshd
> for safe backing up of packages (with space checking).
> That's the way we do it on the Ox.  Maybe leave out the
> apkg -c stuff or put it last.  It's messy and not used.
> People don't do full backups either.  That's not really
> necessary.  Mostly is just apkg -s etc, or apkg -s .


GL) The "apkg" stuff is now updated. Thx


> acfg is the package configuration program.
> acfg -i gets you the GUI menu version where you can choose
> the package you want to configure, like sshd, and it will
> walk you through all the sshd configuration files.
> acfg -e sshd is the command line equivalent that doesn't use
> the GUI menus.
>
> acfg -h gets you usage:
> =
> # acfg
> usage: acfg -e  edit package configuration files
> acfg -a   edit ALL package configuration files
> acfg -h   this help
> acfg -i   interactive use
> acfg -l   list packages with configuration available
> =

GL) Done!!!


>  * # kernel 2.2.20 w/ipchains
> He uses 2.2.19 as the most recent, or 2.4.6.
> He does not include ipchains by default on the
> base diskette.

GL) Really?? My floppy (stock) loads kernel 2.2.20


>  * # editor "e3" in vi-mode
> Run these commands:
>echo EDITOR=e3vi >> /etc/profile
>echo export EDITOR >> /etc/profile
>apkg -s etc
>. /etc/profile
> Also note that elvis.lrp is available, which has a much
> better vi implementation!


GL) OK, vi-mode is default on my disk. To be honest, I prefer ae-mode
so I know I didn't change it to vi-mode. I'll make a note for elvis.lrp.



>  * # Firewall/Filtering is not on the stock (default) image.
> You might note that ipchains isn't on the default image either
> and that David has always recommended starting with two diskettes
> at first.  The base and a package disk of your choice or your own
> creation.  

GL) I put in David's recommendation.


> Sorry about these long posts.
> Matt

GL) No problem, I appreciate the suggestions!
-- 

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] forwarding Protocal 47(gre) on Eigerstein LRP

2002-03-06 Thread Matt Schalit 

Charles Steinkuehler wrote:

 > from the man page
 > 
>   UsePrivilegedPort
>   Specifies whether to use a privileged port for outgoing connec­
>   tions.  The argument must be ``yes'' or ``no''.  The default is
>   ``no''. 
 ^^

   So if the default is no, Scott, and ssh defaults to using unprivileged
ports, then I don't see the need to open low ports for ssh.  I think the
user, in the special case where they decide to set this to yes, would then
want to modify their firewall.  But I guess this is nitpicking.

Regards,
Matt



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] blocking users from accessing IRC server

2002-03-06 Thread Matt Schalit 

Jack Coates wrote:
> Also remember that the port something runs on is a matter of convention,
> not requirement. If you really want to block things, do a default deny
> outbound and then open up services and locations that are approved. At
> my work there is no outbound access for any endusers; everything has to
> go through a squid farm in the DMZ.
> 
> Jack


Isn't squid a little aenemic when it comes to services it
supports?  I remeber http and ftp protocols and having to
looks for "socksifried" client apps that might work with
NEC socks5.

Matt



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] forwarding Protocal 47(gre) on Eigerstein LRP

2002-03-06 Thread Charles Steinkuehler 

 > from the man page
 > 
>   UsePrivilegedPort
>   Specifies whether to use a privileged port for outgoing connec­
>   tions.  The argument must be ``yes'' or ``no''.  The default is
>   ``no''.
 ^^

   So if the default is no, Scott, and ssh defaults to using unprivileged
ports, then I don't see the need to open low ports for ssh.  I think the
user, in the special case where they decide to set this to yes, would then
want to modify their firewall.  But I guess this is nitpicking.



The default used to be "yes".  The problems caused, and the fact that almost
no one in their right mind even thinks about using rhosts authentication
these days, apparently caused the default to get set to "no".

Try Koon's ssh-1 for an example of an ssh that opens connections on a low
port by default.  The newer OpenSSH doesn't have this behavior...

You're probalby not seeing much of the old behavior "in the wild" as it
were, due to the nasty CRC-32 bug in ssh, that's been making everyone update
to the latest version, but I've personally hit the "low port" problem many
times, prior to getting everything running recent versions of OpenSSH.

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] Help needed on activating packages

2002-03-06 Thread Jan Linders 

Hi there.

Can someone please tell me if there is a limit on the length of
the record : default linux .(etc)   in the syslinux.cfg file.
And if so, what I can do to solve this ?

I'm trying to load several packages which i added after "LRP=".
All packages before position 253 are loaded ok. The rest fails
by cutting off on the first package name beyond position 253.

Ex.   ...weblet,junkbust,libz,lncurses,top,sshd

loads upto lncurses and gives an error on loading top, telling me it's
trying
to load "to" and the rest is ignored

Thanks in advance.


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] transparent firewall & Bering

2002-03-06 Thread Larry Platzek 

The problem a friend has is needing a firewall but does not want to change
current setup on his boxes except  inserting  a firewall between
cable modem & a Netgear MR314 cable/DSL Wireless router.
There is a maxium of 8 computers in his network.
I have made Bering Beta-4 ping the internet by name & number.
If I connect to the wired internal side of the MR314 I can ping
the machines by there DHCPD assigned addresses 192.168.0.XXX and
also still reach the internet.

I would prefer to use Bering but other solution ok.
Any pointers of what to do or read?

Thank You in advance!


Larry Platzek  [EMAIL PROTECTED]




___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Help needed on activating packages

2002-03-06 Thread guitarlynn 

On Wednesday 06 March 2002 15:32, Jan Linders wrote:
> Hi there.
>
> Can someone please tell me if there is a limit on the length of
> the record : default linux .(etc)   in the syslinux.cfg file.
> And if so, what I can do to solve this ?
>
> I'm trying to load several packages which i added after "LRP=".
> All packages before position 253 are loaded ok. The rest fails
> by cutting off on the first package name beyond position 253.

You've hit the single line character limit on the DOS filesystem,
as you've already guessed. You don't say what version and system
you are running, but I'm assuming it's not Oxygen since apkg takes
care of that for you. If your running any other floppy system, you are
probably out of luck. 

You can avoid this problem with the Dachstein CDrom version by 
using the "lrpkg.cfg" file that is the "LRP=." line in
"syslinux.cfg". The format is the same and you can save it on your
config floppy. In testing, I have successfully run 26 packages with
DCD, so this may be the route you want to take.

Charles makes some good notes on using this option and other 
useful things, that is my suggestion.

I hope this helps,
-- 

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Help needed on activating packages

2002-03-06 Thread Victor McAllister 


Jan Linders wrote:

> Hi there.
>
> Can someone please tell me if there is a limit on the length of
> the record : default linux .(etc)   in the syslinux.cfg file.
> And if so, what I can do to solve this ?
>
> I'm trying to load several packages which i added after "LRP=".
> All packages before position 253 are loaded ok. The rest fails
> by cutting off on the first package name beyond position 253.
>
> Ex.   ...weblet,junkbust,libz,lncurses,top,sshd
>
> loads upto lncurses and gives an error on loading top, telling me it's
> trying
> to load "to" and the rest is ignored
>
> Thanks in advance.

syslinux.cfg has a limited length.  Switch to Dachstein which allows you
to list the programs to load in lrpkg.cfg on the floppy.  lrpkg.cfg allows
unlimited loading of programs at boot.  lrpkg.cfg is just a line of text
with the name of each file separated by commas.

e.g.

etc,local,modules,ramlog,dhcpd,dnscache,weblet,libz,sshd

Victor McAllister



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Problem with 3c59x.o on Dachstein disk

2002-03-06 Thread Stephen Lee 

Hi,

Maybe I'm missing something here but don't you want to load the 3c90x
module?

Stephen

On Tue, 2002-03-05 at 10:56, Simon Bolduc wrote:
> I'm not sure whether the 905c's are supported by this driver - I do know 
> that 905c's are quite different from 905b's - and did require different 
> drivers when I was using certain dists.  Have you uncommented the pci-scan 
> module?
> 
> S
> 
> 
> >From: "Boyd Kelly" <[EMAIL PROTECTED]>
> >To: "Charles Steinkuehler" <[EMAIL PROTECTED]>
> >CC: <[EMAIL PROTECTED]>
> >Subject: [Leaf-user] Problem with 3c59x.o on Dachstein disk
> >Date: Tue, 5 Mar 2002 10:18:31 -0800
> >
> >Hi,
> >
> >I have a 3c905C card.  When I try to insmod 3c59x, i get error:
> >
> >Unresolved symbol acpi_wake, acpi_set_pwr_state, pci_drv_unregister, 
> >pci_drv_register.
> >
> >Tried to download a copy dated dec 1 from 
> >devel/cstein/files/kernels/Dachstein-small/modules/net with same result.
> >
> >Any other possibilities?
> >
> >Thanks
> >
> >Boyd
> 



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Problem with 3c59x.o on Dachstein disk

2002-03-06 Thread Jeff Newmiller 

On 6 Mar 2002, Stephen Lee wrote:

> Hi,
> 
> Maybe I'm missing something here but don't you want to load the 3c90x
> module?

That is one option.  Newer (than what I don't know exactly) versions of
3c59x are supposed to support the 3C905C NIC, but I haven't used any of
them personally.  3c59x is Becker's, and 3c905c is 3Com's.

http://www.scyld.com/network/vortex.html

> 
> On Tue, 2002-03-05 at 10:56, Simon Bolduc wrote:
> > I'm not sure whether the 905c's are supported by this driver - I do know 
> > that 905c's are quite different from 905b's - and did require different 
> > drivers when I was using certain dists.  Have you uncommented the pci-scan 
> > module?
> > 
> > S
> > 
> > 
> > >From: "Boyd Kelly" <[EMAIL PROTECTED]>
> > >To: "Charles Steinkuehler" <[EMAIL PROTECTED]>
> > >CC: <[EMAIL PROTECTED]>
> > >Subject: [Leaf-user] Problem with 3c59x.o on Dachstein disk
> > >Date: Tue, 5 Mar 2002 10:18:31 -0800
> > >
> > >Hi,
> > >
> > >I have a 3c905C card.  When I try to insmod 3c59x, i get error:
> > >
> > >Unresolved symbol acpi_wake, acpi_set_pwr_state, pci_drv_unregister, 
> > >pci_drv_register.
> > >
> > >Tried to download a copy dated dec 1 from 
> > >devel/cstein/files/kernels/Dachstein-small/modules/net with same result.
> > >
> > >Any other possibilities?
> > >
> > >Thanks
> > >
> > >Boyd
> > 
> 
> 
> 
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> 

---
Jeff NewmillerThe .   .  Go Live...
DCN:<[EMAIL PROTECTED]>Basics: ##.#.   ##.#.  Live Go...
  Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/BatteriesO.O#.   #.O#.  with
/Software/Embedded Controllers)   .OO#.   .OO#.  rocks...2k
---


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Problem with 3c59x.o on Dachstein disk

2002-03-06 Thread Simon Bolduc 

Nah - the 59x module supports the 90x series of cards - altho I have had 
problems with it and 905c's previously...

S


>From: Stephen Lee <[EMAIL PROTECTED]>
>To: Leaf-user <[EMAIL PROTECTED]>
>Subject: Re: [Leaf-user] Problem with 3c59x.o on Dachstein disk
>Date: 06 Mar 2002 16:44:49 -0800
>
>Hi,
>
>Maybe I'm missing something here but don't you want to load the 3c90x
>module?
>
>Stephen
>
>On Tue, 2002-03-05 at 10:56, Simon Bolduc wrote:
> > I'm not sure whether the 905c's are supported by this driver - I do know
> > that 905c's are quite different from 905b's - and did require different
> > drivers when I was using certain dists.  Have you uncommented the 
>pci-scan
> > module?
> >
> > S
> >
> >
> > >From: "Boyd Kelly" <[EMAIL PROTECTED]>
> > >To: "Charles Steinkuehler" <[EMAIL PROTECTED]>
> > >CC: <[EMAIL PROTECTED]>
> > >Subject: [Leaf-user] Problem with 3c59x.o on Dachstein disk
> > >Date: Tue, 5 Mar 2002 10:18:31 -0800
> > >
> > >Hi,
> > >
> > >I have a 3c905C card.  When I try to insmod 3c59x, i get error:
> > >
> > >Unresolved symbol acpi_wake, acpi_set_pwr_state, pci_drv_unregister,
> > >pci_drv_register.
> > >
> > >Tried to download a copy dated dec 1 from
> > >devel/cstein/files/kernels/Dachstein-small/modules/net with same 
>result.
> > >
> > >Any other possibilities?
> > >
> > >Thanks
> > >
> > >Boyd
> >
>
>
>
>___
>Leaf-user mailing list
>[EMAIL PROTECTED]
>https://lists.sourceforge.net/lists/listinfo/leaf-user




_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] Problem with 3c59x.o on Dachstein disk

2002-03-06 Thread Boyd Kelly 

A quick look at the modules for dachstein, oxygen and lrp 2.9.8 don't
have any 3c90x module available.  I remember finding one somewhere, but
found that the 3c59x works.  Why does 3com have such a confusing
numbering system for their products anyways?  905; 509; 59x?.  

Cheers and have a good one.

BK

-Original Message-
From: Jeff Newmiller [mailto:[EMAIL PROTECTED]] 
Sent: March 6, 2002 5:06 PM
To: Stephen Lee
Cc: Leaf-user
Subject: Re: [Leaf-user] Problem with 3c59x.o on Dachstein disk


On 6 Mar 2002, Stephen Lee wrote:

> Hi,
> 
> Maybe I'm missing something here but don't you want to load the 3c90x 
> module?

That is one option.  Newer (than what I don't know exactly) versions of
3c59x are supposed to support the 3C905C NIC, but I haven't used any of
them personally.  3c59x is Becker's, and 3c905c is 3Com's.

http://www.scyld.com/network/vortex.html

> 
> On Tue, 2002-03-05 at 10:56, Simon Bolduc wrote:
> > I'm not sure whether the 905c's are supported by this driver - I do 
> > know
> > that 905c's are quite different from 905b's - and did require
different 
> > drivers when I was using certain dists.  Have you uncommented the
pci-scan 
> > module?
> > 
> > S
> > 
> > 
> > >From: "Boyd Kelly" <[EMAIL PROTECTED]>
> > >To: "Charles Steinkuehler" <[EMAIL PROTECTED]>
> > >CC: <[EMAIL PROTECTED]>
> > >Subject: [Leaf-user] Problem with 3c59x.o on Dachstein disk
> > >Date: Tue, 5 Mar 2002 10:18:31 -0800
> > >
> > >Hi,
> > >
> > >I have a 3c905C card.  When I try to insmod 3c59x, i get error:
> > >
> > >Unresolved symbol acpi_wake, acpi_set_pwr_state, 
> > >pci_drv_unregister,
> > >pci_drv_register.
> > >
> > >Tried to download a copy dated dec 1 from
> > >devel/cstein/files/kernels/Dachstein-small/modules/net with same
result.
> > >
> > >Any other possibilities?
> > >
> > >Thanks
> > >
> > >Boyd
> > 
> 
> 
> 
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED] 
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> 


---
Jeff NewmillerThe .   .  Go
Live...
DCN:<[EMAIL PROTECTED]>Basics: ##.#.   ##.#.  Live
Go...
  Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/BatteriesO.O#.   #.O#.  with
/Software/Embedded Controllers)   .OO#.   .OO#.
rocks...2k

---


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] YA Wireless question

2002-03-06 Thread Charles Baker 

I was at my uncle's house this past weekend. He has an
Eigerstein LRP box for his adsl connection. On one
port of the hub he uses, he plugged in a Linksys
wireless access point. He is not using dhcp for his
lan. He assigned a static IP of 192.168.1.x to his
wireless client, just like the 192.168.1.x IP's of his
wired clients. This setup is working, but doesn't seem
"right" to me. Am I missing something here? I was
working on something else, so I didn't have the time
to really explore his network config in detail, but
before I go out and buy a WAP and some cards, I would
like to understand this better. I've read several
articles at various and sundry linux sites, including
Linux Journal on wireless and vpn, but don't feel I
really have a handle on this. Can someone point me in
the right direction?

=
[EMAIL PROTECTED]
Hacking is a "Good Thing!"
See http://www.tuxedo.org/~esr/faqs/hacker-howto.html

__
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] Problem with INTERN_SERVERx (Indexed list) Dachstein

2002-03-06 Thread Boyd Kelly 

Hello,

Making good progress on my Dachstein migration, but just had a hiccup
with forwarding.  The uncommented line (well they all would) from below
gives me an error when starting the network:  IP filters: portfw:
Invalid protocol specified.

The INTERN_SERVER section (not indexed) works ok, but I have too many
entries. Those shown below are just some of what I have to do.

As usual any help is very much appreciated. 

Boyd



# Advanced settings: parameters passed directly to portfw and autofw
# Indexed list: ""
#INTERN_SERVER0="-a -P PROTO -L LADDR LPORT -R RADDR RPORT [-p PREF]"
INTERN_SERVER0="-a -P tcp -L 208.x.x.233 110 -R 192.168.1.233 110"
#INTERN_SERVER1="-a -P tcp -L $PUB2_IP 143 -R $PRI2_IP 143"
#INTERN_SERVER2="-a -P tcp -L $PUB2_IP 80 -R $PRI2_IP 80"
#INTERN_SERVER3="-a -P tcp -L $PUB2_IP 443 -R $PRI2_IP 443"
#INTERN_SERVER4="-a -P tcp -L $PUB2_IP 110 -R $PRI2_IP 110"
#INTERN_SERVER5="-a -P tcp -L $PUB2_IP 5800 -R $PRI2_IP 5800"
#INTERN_SERVER6="-a -P tcp -L $PUB2_IP 5900 -R $PRI2_IP 5900"
#INTERN_SERVER7="-a -P tcp -L $PUB2_IP 110 -R $PRI2_IP 110"
#INTERN_SERVER8="-a -P tcp -L $PUB0_IP 53 -R $PRI0_IP 53"
#INTERN_SERVER9="-a -P udp -L $PUB0_IP 53 -R $PRI0_IP 53"

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] blocking users from accessing IRC server

2002-03-06 Thread Jack Coates 

On Wed, 6 Mar 2002, Matt Schalit wrote:

> Jack Coates wrote:
> > Also remember that the port something runs on is a matter of convention,
> > not requirement. If you really want to block things, do a default deny
> > outbound and then open up services and locations that are approved. At
> > my work there is no outbound access for any endusers; everything has to
> > go through a squid farm in the DMZ.
> >
> > Jack
>
>
> Isn't squid a little aenemic when it comes to services it
> supports?  I remeber http and ftp protocols and having to
> looks for "socksifried" client apps that might work with
> NEC socks5.
>
> Matt
>
>

I don't have any problems with it  at home or work -- well, except for
the fact that I can't SSH through it :-) At work I use some pretty wack
stuff like WebEx through it, no issues.


-- 
Jack Coates
Monkeynoodle: A Scientific Venture...


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: Re: [Leaf-user] Re.. Port forwarding problem....!

2002-03-06 Thread barwals 

Yes it uncommented it. A 1 is there. And I have checked that it from outside my 
firewall.
But not working.

Thanks.

Sudhir
"guitarlynn" wrote:




And yes I have checked it from outside of my network but still not
working. Thanks.

Sudhir,

Have you uncommented "ip_masq_portfw" in /etc/modules (or added
it to the DF floppy, if your using this). You won't port forward w/o
the module being loaded .. you can check with "lsmod".

As the others have mentioned. You will not be able to access the 
port forwarded service(s) from your internet ip address while 
behind the firewall. Someone not behind the firewall will have to 
check it for you. 

:-)
-- 

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user



Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com

 Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from 
http://www.planetm.co.in


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user