[Leaf-user] snort logging to mysql database (repost forgot subject)
Hi all, Sorry about the repost (forgot about the subject line) Just installed the snort IDS package and it seems to be working. (Seems to be because I don't know anything about writing the preprocessors or filter rules yet). What I would like to do next is log to a mysql Database. And I was wondering if anyone already made a mysql.lrp. I know this is going to take quite some diskspace, but I am hoping That my 64 MB ramdisk will cope. Thanks in advance Kim - This mail sent through Tiscali Webmail (http://webmail.tiscali.be) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] RE: How do I set up 4) within network.conf???
1) #EXTERN_TCP_PORT4=0/0 1723 192.168.1.24/32#Microsoftp PPTP
2) #EXTERN_PROTO0=47 0/0 192.168.1.24/32 #GRE
3) #INTERN_SERVER2=tcp ${EXTERN_IP} 1723 ${INTERN_PPTP_SERVER} 1723
I would put 4) in /etc/ipchains.input
I'm not using this right now. But when I tested this I put
all four lines in /etc/ipchains.input and everything worked
flawlessly.
Sergio
-Mensaje original-
De: Boyd Kelly [mailto:[EMAIL PROTECTED]]
Enviado el: Monday, March 11, 2002 20:17
Para: Sergio Morilla
Asunto: FW: How do I set up 4) within network.conf???
Hello,
I have the same question. Did you find the answer?
Thanks,
Boyd
1)ipchains -A input -s 0/0 -d $IP_EXT/32 1723 -p tcp -l
-j ACCEPT
2)ipchains -A input -s 0/0 -d $IP_EXT/32 -p 47 -j ACCEPT
3)ipmasqadm portfw -a -P tcp -L $IP_EXT 1723 -R $PPTP_HOST 1723.
4)ipfwd --masq $PPTP_HOST 47
I understand that 1), 2) and 3) are under control.
But...
How do I set up 4) within network.conf???
-æºÇ«¨¥x%ËKy§î±êåËl²«qç讧zØm¶?þX¬¶Ë(º·
~àzwþX¬¶ÏåËbú?æºÇ«
SV: [Leaf-user] PPTP performance.
Hi I reduced the tcp-mss in one iptable rule, see URL, this helpt not dropping the TCP packets. http://lists.freeswan.org/pipermail/users/2002-January/006782.html Paul -Ursprungligt meddelande- Från: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Skickat: den 11 mars 2002 12:41 Till: [EMAIL PROTECTED] Ämne: [Leaf-user] PPTP performance. Hello! I'm trying to set up a PPTP connection between two LEAF:s, it's as a backup for an existing direct router connection between two offices. The PPTP connection established between the LEAF:s and ping shows ok, but when doing high traffic the timeouts are BIG. If I try to do the same PPTP over our existing WAN it's work perfect. Could it bee a MTU, MRU problem which results in fragmented packets? Ping packets size way under the MTU works, but packet near MTU are dropped or times out. Please help!!! (I can't do IPSec) /Paul ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] email processing suggestions (was: no subject)
I hit the send button too fast. I was trying to think of a catch subject line. JamesS At 09:57 PM 3/11/02 -0600, JamesSturdevant wrote: I want to put together a LEAF system for a small nonprofit office. The system is a 486DX-100, 16MB memory with ppp and a network card, booting from a floppy. I have that much running now using Bering. I want to add an email service to this machine with a 500MB disk for storage. I will be making pakages for fetchmail and procmail to retrieve the email from the ISP, but I need suggestions for smtp and pop3 services. What programs would be best to use given the space issues of typical LEAF systems? JamesS ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] (no subject)
On Mon, 11 Mar 2002 21:57:36 -0600 JamesSturdevant [EMAIL PROTECTED] wrote: I want to add an email service to this machine with a 500MB disk for storage. I will be making pakages for fetchmail and procmail to retrieve the email from the ISP, but I need suggestions for smtp and pop3 services. What programs would be best to use given the space issues of typical LEAF systems? Bering has packages for both fetchmail and qmail (a very secure and small smtp server) at http://leaf.sf.net/devel/jnilo. It also seems he has included the pop3d daemon, so it is one-stop shopping! (Beware: I haven't used the package myself, only seen it on this page. I am just pointing you in A direction, not necessarily the CORRECT direction) For qmail instructions, see Jacques Nilo's user manual, http://cr.yp.to, and http://www.lifewithqmail.org -- --- Chad Carr [EMAIL PROTECTED] --- ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] email processing suggestions (was: no subject)
At 09:57 PM 3/11/02 -0600, JamesSturdevant wrote: I want to put together a LEAF system for a small nonprofit office. The system is a 486DX-100, 16MB memory with ppp and a network card, booting from a floppy. I have that much running now using Bering. I want to add an email service to this machine with a 500MB disk for storage. I will be making pakages for fetchmail and procmail to retrieve the email from the ISP, but I need suggestions for smtp and pop3 services. What programs would be best to use given the space issues of typical LEAF systems? James: qmail and vmailmgr could be your friends. Check http://leaf.sourceforge.net/devel/jnilo Jacques -- Profitez de l'offre spéciale Tiscali Liberty Surf ! 50% de temps en plus pendant 3 mois sur tous les forfaits Internet. http://register.libertysurf.fr/subscribe_fr/signup.php3 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Bering compact flash image with serial console support
Hi Chad! The kernel for Bering-b4 is 2.4.16. You can compile it in any linux box, including RedHat. For the binaries, you must compile them on a 2.0 glibc system, or use the compatible RPM's from RedHat. On the Oxygen Devel CD you have all of the necessary instructions. Hope this help -Original Message- From: Chad Carr [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 12, 2002 4:31 PM To: [EMAIL PROTECTED] Subject: [Leaf-user] Bering compact flash image with serial console support I am attempting to create a Bering image with the following qualities: 1) boots from 4 MB compact flash connected to ide controller on Soekris net4501 (www.soekris.com) 2) supports the National Semiconductor ethernet devices on the Soekris net4501 3) has console on serial port 4) has ipsec support My question is this: in order to accomplish 3 and 4, I had to compile a new kernel. I did this by acquiring the bering-beta4 config file, applying the freeswan patches to a 2.4.17 source tree, and making the kernel and modules on a Debian Woody box. Is this allowed? Do I have to compile my kernel and modules on a Slink box as well as the binaries? The kernel boots fine with serial support and all, ipsec and natsemi modules seems to work fine, but eventually, I get a kernel panic. When I try to ping machines connected to either interface, I get nothing but transmit timeouts and it seems to accelerate the process. the output of ifconfig for that interface shows: TX packets:3 errors:9 dropped:0 overruns:3 carrier:3 Collisions:0 I have also posted to the soekris-tech list, but I do have a sneaking suspicion that I have taken a short cut that has gotten me into hot water. -- --- Chad Carr [EMAIL PROTECTED] --- ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Bering compact flash image with serial console support
See below. At 08:30 AM 3/12/02 -0800, Chad Carr wrote: I am attempting to create a Bering image with the following qualities: 1) boots from 4 MB compact flash connected to ide controller on Soekris net4501 (www.soekris.com) 2) supports the National Semiconductor ethernet devices on the Soekris net4501 3) has console on serial port 4) has ipsec support My question is this: in order to accomplish 3 and 4, I had to compile a new kernel. I did this by acquiring the bering-beta4 config file, applying the freeswan patches to a 2.4.17 source tree, and making the kernel and modules on a Debian Woody box. Is this allowed? Do I have to compile my kernel and modules on a Slink box as well as the binaries? Yes, this is allowed, assuming this means 'making the kernel and modules on a Debian Woody box. You typically need Slink for apps so they will link dynamically (at runtime) against glibc-2.0.x instead of the current glibc-2.1.x (there are other solutions for this, but using Slink is an easy one). The kernel has to run before libraries are available, though, so it can't use dynamic linking, and it statically links (at compile time) whatever library code it needs. The kernel boots fine with serial support and all, ipsec and natsemi modules seems to work fine, but eventually, I get a kernel panic. When I try to ping machines connected to either interface, I get nothing but transmit timeouts and it seems to accelerate the process. the output of ifconfig for that interface shows: TX packets:3 errors:9 dropped:0 overruns:3 carrier:3 Collisions:0 I have also posted to the soekris-tech list, but I do have a sneaking suspicion that I have taken a short cut that has gotten me into hot water. That may well be, but you've told us so little about the details that I do not even know where to begin asking questions. I trust you've posted a more complete report about the actual failures to the soekris-tech list, where you might get the sort of specific, technical feedback you probably need to move forward. Whatever your problem, it is not just based on your not using Slink. (It might be from using Woody, though. At least for a while, bugfixes weren't getting into Woody promptly, and you may not be upgrading your Woody box often enough to get the ones that are made. I use Sid here, not Woody, apt-update/upgrade early and often, and my last upgrade included a new gcc. Just a thought.) -- Never tell me the odds!--- Ray Olszewski-- Han Solo Palo Alto, CA[EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] AOL vpn restricted??
We have a user trying to use our VPN (ipsec) thru a dialup AOL account and it dont work. Does anyone know for sure if AOL filters ipsec, protocol 50 51, udp port 500 ?? Empirically, I'm gonna say yes. Which means I had the same problems as you - using AOL v6, I could not complete an IPSec connection to my Cisco Pix firewall. Dial with a normal (i.e., non-AOL) ISP (a standard PPP connection) ... IPSec connects just fine. I believe Comcast was talking about doing the same - filtering out IPSec connections, even thoise initiated by their customers - since they seem to think that you should pay more for a business style connection, if you wish to work from home .. or even make *any* kind of IPSec connection, work-related or not. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Bering compact flash image with serial console support
I am attempting to create a Bering image with the following qualities: 1) boots from 4 MB compact flash connected to ide controller on Soekris net4501 (www.soekris.com) 2) supports the National Semiconductor ethernet devices on the Soekris net4501 3) has console on serial port 4) has ipsec support My question is this: in order to accomplish 3 and 4, I had to compile a new kernel. I did this by acquiring the bering-beta4 config file, applying the freeswan patches to a 2.4.17 source tree, and making the kernel and modules on a Debian Woody box. Is this allowed? Do I have to compile my kernel and modules on a Slink box as well as the binaries? Partly yes. The ipsec patched kernel must be compiled with Debian Woody (or better). You cannot compile a 2.4.X kernel with slink. But the ipsec programs (in pluto dir from what I remember out of my head must be compiled in debian slink since they are going to be linked against glibc 2.0). I did a try very quickly a couple of days ago and run into header problems and __bzero undefined stuff that I did not investigate further. I am planning to work on an ipsec version of Bering in the weeks to come. I did not have the time yet and will probably need some help from Charles who our ipsec gourou :-) The kernel boots fine with serial support and all, ipsec and natsemi modules seems to work fine, but eventually, I get a kernel panic. When I try to ping machines connected to either interface, I get nothing but transmit timeouts and it seems to accelerate the process. the output of ifconfig for that interface shows: TX packets:3 errors:9 dropped:0 overruns:3 carrier:3 Collisions:0 I have only one advice to make at this stage: first have bering working with everything but ipsec. then move on to try to include ipsec. If you succeed I'll be definitively interested. Are you using the latest 1.96 version of the freeswan code ? Jacques -- Profitez de l'offre spéciale Tiscali Liberty Surf ! 50% de temps en plus pendant 3 mois sur tous les forfaits Internet. http://register.libertysurf.fr/subscribe_fr/signup.php3 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Bering compact flash image with serial console support
I am attempting to create a Bering image with the following qualities: 1) boots from 4 MB compact flash connected to ide controller on Soekris net4501 (www.soekris.com) 2) supports the National Semiconductor ethernet devices on the Soekris net4501 3) has console on serial port 4) has ipsec support My question is this: in order to accomplish 3 and 4, I had to compile a new kernel. I did this by acquiring the bering-beta4 config file, applying the freeswan patches to a 2.4.17 source tree, and making the kernel and modules on a Debian Woody box. Is this allowed? Do I have to compile my kernel and modules on a Slink box as well as the binaries? JN: Partly yes. The ipsec patched kernel must be compiled with Debian Woody (or better). You cannot compile a 2.4.X kernel with slink. But the ipsec programs (in pluto dir from what I remember out of my head must be compiled in debian slink since they are going to be linked against glibc 2.0). I did a try very quickly a couple of days ago and run into header problems and __bzero undefined stuff that I did not investigate further. I am planning to work on an ipsec version of Bering in the weeks to come. I did not have the time yet and will probably need some help from Charles who our ipsec gourou :-) The kernel boots fine with serial support and all, ipsec and natsemi modules seems to work fine, but eventually, I get a kernel panic. When I try to ping machines connected to either interface, I get nothing but transmit timeouts and it seems to accelerate the process. the output of ifconfig for that interface shows: TX packets:3 errors:9 dropped:0 overruns:3 carrier:3 Collisions:0 I have only one advice to make at this stage: first have bering working with everything but ipsec. then move on to try to include ipsec. If you succeed I'll be definitively interested. Are you using the latest 1.96 version of the freeswan code ? Jacques -- Profitez de l'offre spéciale Tiscali Liberty Surf ! 50% de temps en plus pendant 3 mois sur tous les forfaits Internet. http://register.libertysurf.fr/subscribe_fr/signup.php3 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Reconfigure of IP addresses for Dachstein Firewall
Ian Ross wrote:
Is it possible to change the static range of IP addresses within the
Dachstein disk firewall to match up with our existing range of ip addresses?
Regards
Ian Ross
Not sure what you mean - but I assume you are talking about dhcpd.
edit /etc/dhcpd.conf and make appropriate changes
The range of IPs assigned statically should be outside of the range statement.
dhcpd will still assign a static ip inside the range but will print out an error
message.
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.254;
option domain-name private.network;
option domain-name-servers 192.168.1.254;
range 192.168.1.10 192.168.1.100;
host windowsbox {
hardware ethernet 00:00:d0:d6:de:de;
fixed-address 192.168.1.5;
}
)
If what you mean is that your network uses a different set of provate ips:
if you use dnscache:
you will need to change
# cd /etc/dnscache/root/ip
# ls
127.0.0.1 192.168
# touch 172.16.5. or whatever your network is.
Of course you have to make the appropriate changes in network.conf and weblet
for a different set of private ips.
Victor McAllister
___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Re:
Bek Korn wrote: Hello, I have a problem on my dial up server where the computer picks up the phone fine when I'm using hypertermanal but not with a ppp dialup, it says that the password is not correct. I have it set up so it uses the pap-secrets file instead of the regular login file. I dont have a dns server, I hope this will not impair the ppp connection. Thanks Bek Hi Bek, Ok, so you can login using hyperterminal, which implies you are dialing in using Windows and not using AUTOPPP in login.config (ok). The problem is probably with your ppp dialup script in Windows (you should be able to flip a few switches to monitor or log what goes on). It works fine with AUTOPPP, but for text based logins it is probably expects different keywords. You can generate your own script by making a copy of one Windows' scripts, and modifying it to match the router's login process. I am also posting this to the users group for additional comments and insight. Good Luck, - Jon ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] OSPF on LEAF?
Thanks George. I was beginning to feel unloved. ;-) I have been able to find some references to brave souls who have combined LEAF and Zebra through the Zebra mail list so I am following up there. Will let this list know if I learn anything useful. rgds/andy -Original Message- From: George Metz [mailto:[EMAIL PROTECTED]] Sent: 12 March 2002 21:31 To: Andy McLeod Cc: [EMAIL PROTECTED] Subject: Re: [Leaf-user] OSPF on LEAF? On Sat, 9 Mar 2002, Andy McLeod wrote: Does anyone have any experience of using OSPF on leaf (e.g. with gated or zebra) that they would care to share? I am trying to establish a multihomed service at my colo facility and the provider is offering OSPF to manage my connections to his two routers. He then manages outbound with BGP4. I am currently planning to use Bering/Shorewall but (a) don't know how this would fit with OSPF and (b) would love to hear of similar experiences with any LEAF release. Well, since it's been sitting for 3 days without a reply, I'll take a quick stab at it. Frankly, OSPF scares me on Ciscos, and they're at least sorta designed for it. =) I don't know too much about OSPF in general, but if you do, then from what I've been told the Zebra implementation is pretty easy for OSPF. I personally would rather use default route/weighted route methods rather than OSPF unless there's a pressing need to do so - such as the two routers mentioned happen to be in totally different locations topography-wise. Even then, it could be sticky. Not much help at all, I know, but at least a we don't know is better than no comment. -- George Metz Commercial Routing Engineer [EMAIL PROTECTED] We know what deterrence was with 'mutually assured destruction' during the Cold War. But what is deterrence in information warfare? -- Brigadier General Douglas Richardson, USAF, Commander - Space Warfare Center ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] routing more than 1 hop
Wow. I got a headache trying to follow all of those routes. Truly complicated stuff. Let's dig in! Site 1: 10.10.1.0 eth0 10.10.1.40/24 eth1 192.168.1.254/24 Destination MaskGatewayDev 0.0.0.0 0.0.0.0 10.10.1.254eth0 (to internet) 10.10.1.0255.255.255.0 10.10.1.40 eth0 (wired interface) 10.10.12.0 255.255.255.0 192.168.1.253 eth1 (wireless to site 2) 10.10.13.0 255.255.255.0 192.168.1.253 eth1 (wireless to site 2) 192.168.1.0 255.255.255.0 192.168.1.254 eth1 (wireless interface) 192.168.2.0 255.255.255.0 192.168.1.253 eth1 (wireless to site 2) As a side note here, you can do some trimming down of routes pretty thoroughly. For example, the 10.10.12.x and 10.10.13.x can be condensed into 10.10.12.0 255.255.254.0 with a gateway of 192.168.1.253. Remember, the router only needs to know how to send to the next hop on the path; the next hop's job is to determine what to do with it. This is the same reasoning behind what Matt said regarding using a 0.0.0.0 gateway. With the subnet your worried about, there should be some hop in there between the site's individual router and that destination net that will examine the destination traffic and send it correctly. Sending stuff straight out the default gateway should work just fine as long as there's something between you and the Internet that can catch the traffic and redirect it (locally). In the one I pointed out, Site 2 is going to be doing all the work to determine where the IPs in those two /24s are going to be going. All Site 1 needs to know is how to get it to site two. If whatever has the 10.10.1.254 IP has routes for public IPs that are NOT destined for the general internet (and any devices it sends to also have those routes) shoving it out default gateway works. Now, you stated that the problem seems to be coming from trying to reach Site 3 from Site 1, yes? Site 1 sends traffic from - for example - 10.10.1.8 to a host on Site 3 at 10.10.13.20. Assuming 10.10.1.40 is Default Gateway for all hosts on 10.10.1.0/24 except for the 254 host. 10.10.1.8 - 10.10.1.40 - 192.168.1.253 - 10.10.12.253 - 192.168.2.253 - 10.10.13.20. Response would be: 10.10.13.20 - 10.10.13.254 - 192.168.2.254 - 10.10.12.254 - 192.168.1.254 - 10.10.1.8 Site 3 appears to be the problem, though without knowing for sure what the firewalling is doing there I can't say that the firewalling or the routing is actually the issue here. Check to make sure IP Forwarding is turned on as was suggested, and if it is, try adding a specific route for 10.10.1.0/24 pointing to 192.168.1.254 on Site 3. There's no real reason why it SHOULD work, but stranger things have happened before. The default routes your using in the later sites should do the job, and indeed do up until Site 3. It's possible that somewhere, somehow something got altered by accident routing wise, but it SHOULD show up in the routing tables (something like a 10.10.13.0 255.255.0.0 would REALLY confuse the routing...) in at least some form. This is an interesting problem (for me, at any rate, probably very frustrating to you) so I'll bang my head on it for a bit and see if I come up with anything interesting. -- George Metz Commercial Routing Engineer [EMAIL PROTECTED] We know what deterrence was with 'mutually assured destruction' during the Cold War. But what is deterrence in information warfare? -- Brigadier General Douglas Richardson, USAF, Commander - Space Warfare Center ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] safe libz for Dachstein?
There is talk around about libz in general having security flaws (Redhat send out an alert and update for theirs). Does anyone know what version of libz.lrp are safe for Dachstein (and other LEAF distributions)? Thanks, Pete Dubler ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] DCD Port forwarding not working
On Tuesday 12 March 2002 10:18, Doug Sampson wrote: I don't know exactly how eth0 is supposed to come up and be configured when running PPPoE, which is what I am assuming you using with this config. If your not running PPPoE, you need to fix the general config before it will work. Am running dhclient on eth0 that is connected 7/24 to cable (Cox). Change the line: # Set EXTERN_IP to DYNAMIC if you need the rules to read the IP from the # interface, but you arn't using DHCP (ie PPPoE and dialup users) #EXTERN_IP=DYNAMIC To read EXTERN_IP=NO I belive the dynamic option is not needed for typical cablemodem connections, but then again, it may not matter since eth0 is listed as the external interface. The original stated problem and fix is likely the error in the port forwarding anyway. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] OSPF on LEAF?
If you do manage to get it working, please post it to the list or send a write up to myself or Mike Noyes and it WILL get posted in the FAQ section. We just don't have people on the list who seem to be using OSPF. -sp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Andy McLeod Sent: Tuesday, March 12, 2002 1:34 PM To: 'George Metz' Cc: [EMAIL PROTECTED] Subject: RE: [Leaf-user] OSPF on LEAF? Thanks George. I was beginning to feel unloved. ;-) I have been able to find some references to brave souls who have combined LEAF and Zebra through the Zebra mail list so I am following up there. Will let this list know if I learn anything useful. rgds/andy -Original Message- From: George Metz [mailto:[EMAIL PROTECTED]] Sent: 12 March 2002 21:31 To: Andy McLeod Cc: [EMAIL PROTECTED] Subject: Re: [Leaf-user] OSPF on LEAF? On Sat, 9 Mar 2002, Andy McLeod wrote: Does anyone have any experience of using OSPF on leaf (e.g. with gated or zebra) that they would care to share? I am trying to establish a multihomed service at my colo facility and the provider is offering OSPF to manage my connections to his two routers. He then manages outbound with BGP4. I am currently planning to use Bering/Shorewall but (a) don't know how this would fit with OSPF and (b) would love to hear of similar experiences with any LEAF release. Well, since it's been sitting for 3 days without a reply, I'll take a quick stab at it. Frankly, OSPF scares me on Ciscos, and they're at least sorta designed for it. =) I don't know too much about OSPF in general, but if you do, then from what I've been told the Zebra implementation is pretty easy for OSPF. I personally would rather use default route/weighted route methods rather than OSPF unless there's a pressing need to do so - such as the two routers mentioned happen to be in totally different locations topography-wise. Even then, it could be sticky. Not much help at all, I know, but at least a we don't know is better than no comment. -- George Metz Commercial Routing Engineer [EMAIL PROTECTED] We know what deterrence was with 'mutually assured destruction' during the Cold War. But what is deterrence in information warfare? -- Brigadier General Douglas Richardson, USAF, Commander - Space Warfare Center ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] DCD Port forwarding not working
I just thought of something else. If there wasn't any entry in the /etc/hosts.allow file for web access (i.e., in.www:ALL; in:8080:ALL), would this stop any incoming traffic from coming in? I am using the default /etc/hosts.deny file (ALL:PARANOID; ALL:ALL in that order). Does this shed any light on my situation? In any case, I've modified the /etc/network.conf file per Lynn's suggestion and will check from work tomorrow. ~Doug Change the line: # Set EXTERN_IP to DYNAMIC if you need the rules to read the IP from the # interface, but you arn't using DHCP (ie PPPoE and dialup users) #EXTERN_IP=DYNAMIC To read EXTERN_IP=NO I belive the dynamic option is not needed for typical cablemodem connections, but then again, it may not matter since eth0 is listed as the external interface. The original stated problem and fix is likely the error in the port forwarding anyway. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] DCD Port forwarding not working
At 09:29 PM 3/12/02 -0800, Doug Sampson wrote: I just thought of something else. If there wasn't any entry in the /etc/hosts.allow file for web access (i.e., in.www:ALL; in:8080:ALL), would this stop any incoming traffic from coming in? I am using the default /etc/hosts.deny file (ALL:PARANOID; ALL:ALL in that order). Does this shed any light on my situation? If I understand the setup right, you are referring here to hosts.allow and hosts.deny on the LEAF router. But the actual Web server runs on a different host, on its port 80, and gets (or is supposed to get, once everythign works) traffic forwarded from port 8080 on the LEAF router's external interface. If I have all of that right, then the entries you describe will have no effect on this problem. Only the port-forwarding code in the kernel is involved on the LEAF router, and that makes no use fo these files, which are used by inetd (and a few other server processes). If I have any of my assumptions wrong, then please clarify appropriately. -- Never tell me the odds!--- Ray Olszewski-- Han Solo Palo Alto, CA[EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] ramdisk_size query for DS 1.0.2
Hello Everyone, I have a need to increase my syslinux.cfg ramdisk_size declaration to a value above 65536. My DS box has 128MB physical ram, and it's currently using 65536, but for database reasons, I'm thinking of jacking this value to 98304. I did some research on the past mail archives and stumbled upon old queries posted by other LEAF users talking about a 2.4 package called initrd.lrp, and setting additional syslinux.cfg parameters like initrd, and syst_size. Going thru the archives, I also came across informative exchanges from our LEAF developers on modelling the use and packaging of initrd (and root.lrp) for future the LRPs. I would like to know if how do I handle/implement this on a DS 2.2.19 environment (if this hasn't been done yet). I really need to raise my ram disk size to above 64M. TIA ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
