Re: Re: [Leaf-user] Please Please Help me...!
Hi, Thanks to you all for reply. But sorry for not replying early since I was out on vacation. Dear Ray here are the answers of your Q's: Q1: Is the Web server on the Win2K server (or workstation) configured correctly? (Can you access it from the LAN, using its actual LAN IP address?) Passing the test I mentioned in parentheses does not prove that the Win2K server is configured correctly -- it may still not respond to off-LAN requests, and for that you'll need Win2K or server-app help, not LEAF help -- but failing it does prove it is not. Ans: yes I have checked it up and the win2k webserver is working fine from LAN. If I put that server on internet then also I'm able to access it from Cyber Cafe (other route...i.e. not my LAN). So I hope that webserver is configured properly. Q2: This was asked before, but I didn't see an answer: are you testing the availability of the Web server using an off-LAN browser? Trying to loop back through the router from on-LAN commonly doesn't work. Ans: Yes, I have checke it from other route. As joe mentioned to check it from outside of my MASQ m/c. I have checked it from other route as you can see from the IP address 203.163.160.2. Q3: The entries for external address appear muddled. I assume that this 111.222.333.444 nonsense is an attempt to keep secret your public IP address. But later, you report an entry for 203.163.160.2, which I'm guessing is the real address. (It's ping'able but does not respond on port 80.) Might you be obscuring a setting error with this effort at secrecy? Ans: Yes you are right 203.163.160.2 is a real IP address of proxyy server from where I have tried to acceess my Dachstein floppy firewall's external IP address. Yes the IP address 111.222.333.444 is a fake IP address. Since I do not permanently make on the IP firewall m/c I have changed that. Q4: With respect to your actual posting, I do not understand the meaning of: When I see in weblet through brouser I'm seeing thi8s. but no byte(packet) in Chain port forward policy. What is this? And what does the second line mean? (Anyway, don't tell us what *you* see -- quote it completely so *we* can see it.) Ans: As you might be knowing that weblet is module through which you can see IPChain rules, Log's etc.(Through LAN Only).So I was trying to say that when I hit the extern IP of LEAF it shows me that It is accepting packets in input chians but in forward rules of ipchains (MASQ) it is not showing anything there. Dear Joe, Thanks. HaHa..!!! I have checked that also but not working. Will Charls reply. Thanks. Sudhir Ray Olszewski wrote: At 04:54 PM 3/9/02 +0530, barwals wrote: Hi everybody, Please Please help me! I'm trying to do it since last One month but could not then only I have sent a mail to this mailing list. As a general matter, it is unclear at this point whether you have a LEAF problem or a Win2K problem or a Web-server-application (IIS? or what server app?) problem. To pin this down, first check the logs on the LEAF router to see if they report any DENY'd packets to 111.222.333.444:80 (or whatever real IP address this conceals) or from 10.24.33.150:80. If they do not, consider running a sniffer on the LAN while you try to make an external connection to the Web server, and see where the traffic fails to complete. I looked through this and your prior post (as well as the responses to it) and, if the older report you posted remains valid (specifically the ipchains ruleset you list there), I don't see a problem on the LEAF system. This leads me to ask these questions: 1. Is the Web server on the Win2K server (or workstation) configured correctly? (Can you access it from the LAN, using its actual LAN IP address?) Passing the test I mentioned in parentheses does not prove that the Win2K server is configured correctly -- it may still not respond to off-LAN requests, and for that you'll need Win2K or server-app help, not LEAF help -- but failing it does prove it is not. 2. This was asked before, but I didn't see an answer: are you testing the availability of the Web server using an off-LAN browser? Trying to loop back through the router from on-LAN commonly doesn't work. 3. The entries for external address appear muddled. I assume that this 111.222.333.444 nonsense is an attempt to keep secret your public IP address. But later, you report an entry for 203.163.160.2, which I'm guessing is the real address. (It's ping'able but does not respond on port 80.) Might you be obscuring a setting error with this effort at secrecy? 4. With respect to your actual posting, I do not understand the meaning of: When I see in weblet through brouser I'm seeing thi8s. but no byte(packet) in Chain port forward policy. What is this? And what does the second line mean? (Anyway, don't tell us what *you* see -- quote it completely so *we* can see it.) I 'm running the Dachstein LEAF firewall. I'm not able to forwarding the external traffice which is coming to my
Re: Re: [Leaf-user] Please Please Help me...!
My configuration is as follows. EXTERN_IP=111.222.333.444 EXTERN_IF =eth0 INTERNAL_IP=10.24.33.224 INTERNAL_IF =eth1 INT_NET = 10.0.0.0/8 IPFWDING_KERNEL= FILTER_ON IPALWAYSDEFRAG_KERNEL = YES CONFIG_HOSTNAME = YES CONFIG_HOSTSFILE = YES CONFIG_DNS = NO IPFILTER_SWITCH = firewall SNMP_BLOCK = YES EXTERN_DHCP = NO EXTERN_DHCP = NO EXTERN_TCP_PORT0=0/0 www 111.222.333.444 INTERN_SERVERS=tcp_111.222.333.444_www_10.24.33.150_www My IPCHAINS RULES looks like they are accepting the connection at 111.222.333.444. But could not find the solution. Could anybody help me in that regard. When I see in weblet through brouser I'm seeing this. but no byte(packet) in Chain port forward policy. :: Masqueraded Connections :: IP masquerading entries prot expire source destination ports tcp 0:58.64 10.24.33.150 203.163.160.2 80 2678 (80) Will Charls reply. You won't see any port-80 packets going through the forward ipchain. Inbound port 80 requests will either be answered by the local weblet server, or sent via port-forwarding rules to your internal web-server. If you're running weblet on port 80, it's probably getting all the port 80 requests, as I don't think inetd can differentiate services by IP address...if inetd is listening on port 80 for weblet, it's listening on *ALL* interfaces. Try disabling webet (or moving it to a different port), and see if your external port-forward begins to work. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] ipsec with x509 certs - no RSA public key known for peer
I am close to getting Bering and Dachstein working together to provide an IPSec gateway using x.509 certificates. I am getting errors in the auth.log file (attached inline) that say no RSA public key known for DN of my win2k client What do I do to solve this? I have attached both the log and the instructions I used to get to this point. Thanks. I am really close, I can feel it. --- Chad Carr [EMAIL PROTECTED] --- ==Contents of auth.log== Feb 3 09:14:12 wlanfw Pluto[1901]: Starting Pluto (FreeS/WAN Version 1.91) Feb 3 09:14:12 wlanfw Pluto[1901]: including X.509 patch (Version 0.9.3) Feb 3 09:14:12 wlanfw Pluto[1901]: Changing to directory '/etc/ipsec.d/cacerts' Feb 3 09:14:12 wlanfw Pluto[1901]: loaded cacert file 'RootCA.der' (1182 bytes) Feb 3 09:14:12 wlanfw Pluto[1901]: Changing to directory '/etc/ipsec.d/crls' Feb 3 09:14:12 wlanfw Pluto[1901]: loaded crl file 'crl.pem' (698 bytes) Feb 3 09:14:12 wlanfw Pluto[1901]: loaded my X.509 cert file '/etc/x509cert.der' (1220 bytes) Feb 3 09:14:15 wlanfw Pluto[1901]: added connection description w2k-road-warriors Feb 3 09:14:15 wlanfw Pluto[1901]: listening for IKE messages Feb 3 09:14:15 wlanfw Pluto[1901]: adding interface ipsec0/eth0 192.168.3.1 Feb 3 09:14:15 wlanfw Pluto[1901]: loading secrets from /etc/ipsec.secrets Feb 3 09:15:58 wlanfw Pluto[1901]: packet from 192.168.3.10:500: ignoring Vendor ID payload Feb 3 09:15:58 wlanfw Pluto[1901]: w2k-road-warriors #1: responding to Main Mode from unknown peer 192.168.3.10 Feb 3 09:15:59 wlanfw Pluto[1901]: w2k-road-warriors #1: Peer ID is ID_DER_ASN1_DN: 'C=US, ST=California, L=Orange, O=Win2000 Client, CN=Chad Carr, [EMAIL PROTECTED]' Feb 3 09:15:59 wlanfw Pluto[1901]: w2k-road-warriors #1: Certificate is invalid Feb 3 09:15:59 wlanfw Pluto[1901]: w2k-road-warriors #1: Invalid X.509 certificate Feb 3 09:15:59 wlanfw Pluto[1901]: w2k-road-warriors #1: deleting connection w2k-road-warriors instance with peer 192.168.3.10 Feb 3 09:15:59 wlanfw Pluto[1901]: w2k-road-warriors #1: no RSA public key known for 'C=US, ST=California, L=Orange, O=Win2000 Client, CN=Chad Carr, [EMAIL PROTECTED]' Feb 3 09:17:21 wlanfw Pluto[1901]: w2k-road-warriors #2: Peer ID is ID_DER_ASN1_DN: 'C=US, ST=California, L=Orange, O=Win2000 Client, CN=Chad Carr, [EMAIL PROTECTED]' Feb 3 09:17:21 wlanfw Pluto[1901]: w2k-road-warriors #2: Certificate is invalid Feb 3 09:17:21 wlanfw Pluto[1901]: w2k-road-warriors #2: Invalid X.509 certificate Feb 3 09:17:21 wlanfw Pluto[1901]: w2k-road-warriors #2: no RSA public key known for 'C=US, ST=California, L=Orange, O=Win2000 Client, CN=Chad Carr, [EMAIL PROTECTED]' ==Instructions== SECTION 4 - TURNING BERING INTO A CERTIFICATE AUTHORITY (BROKEN) Using x.509 certificates - this doesn't quite work yet. I will get this document up to date when it works. The outcome of this whole process: root certificate authority certificate in /etc/ipsec.d/cacerts/RootCA.der root CA certificate revocation list in /etc/ipsec.d/crls/crl.pem binary gateway certificate in /etc/x509cert.der ? ascii private key for gateway in /etc/ipsec.secrets ? ascii gateway certificate in /etc/ipsec.d ? ascii private key for gateway in /etc/ipsec.d/private ? But we must start at the beginning, which is getting openssl onto your system. I did this by doing apt-get install openssl on Debian Woody and then waiting for it to install properly, but if you use Red Hat or one of the other distibutions out there, use your way instead. I recommend going with the package way whenever possible. You will have to adjust the paths below to correspond to where your distibution puts things. If you have to install from source, so be it, but there are other better documents for you to learn that from. Try http://www.bayour.com/LDAPv3-HOWTO.html#3.1.OpenSSL|outline. If that doesn't work, search for openssl howto on www.yahoo.com and see where life takes you. We want our certificates to be longer than the default 1024 bits, and we want them to last longer than the default 365 days, so we go into the /etc/ssl/openssl.conf file and change default_bits to 2048 and default_days to 3650. Do all of the rest of the operations in your ~scrathc directory. 1) Create a new Trusted Root CA on your compact flash a) generate root certificate i) /usr/lib/ssl/misc/CA.sh -newca (choose a good passphrase) ii) openssl x509 -in demoCA/cacert.pem -outform der -out \ /mnt/cf/etc/ipsec.d/cacerts/RootCA.der b) generate a certificate revocation list openssl ca -gencrl -out /mnt/cf/etc/ipsec.d/crls/crl.pem 2) Create and sign
[Leaf-user] List Manager filters
Subject was: Sudo in Cgi At 2002-03-17 18:56 -0800, Matt Schalit wrote: Mike Noyes sent mail to Phillip and me off the list explaining how he's doing some behind the scenes moderating of leaf-user to filter out html posts and whatever else is on his list of no-nos. It was news to me, but it's not meant to censor or prevent people from posting. Rather it's just another helpful attempt on his part to keep things workable around here. I'm not sure about your .bat file or what else is discouraged. Everyone, I'm filtering our leaf-user list on header Content-Type. The only two types that post without getting flagged for administrative action are: text/plain, and multipart/signed. Note: this means that posts with attachments will not reach our leaf-user list. I'm sending this message to people who have their messages held. Please configure your email client [1] to send text/plain messages to this list. If you are unwilling to do this, you can submit a support request using the LEAF Tracker [2]. [1] http://www.expita.com/nomime.html [2] https://sourceforge.net/tracker/?group_id=13751atid=213751 If you have any questions about this policy, please send them to [EMAIL PROTECTED]. Most people are able to configure their email client in a couple of minutes, and resend their post. The few that run into problems I try to help to the best of my ability. This change increased my list manager workload. However, I believe it avoids the periodic please don't post with html threads, and other problems. Also, I think this makes our digest easier to read (I need to verify this). Is this change to draconian? -- Mike Noyes [EMAIL PROTECTED] http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] List Manager filters
* Mike Noyes ([EMAIL PROTECTED]) wrote: Everyone, I'm filtering our leaf-user list on header Content-Type. The only two types that post without getting flagged for administrative action are: text/plain, and multipart/signed. Note: this means that posts with attachments will not reach our leaf-user list. It seems fine to deny text/html since it can muddle people with normal MUAs and no web browser installed, but what is the problem with attachments? Isn't it more convenient to read attachments if you feel like it than to have to wade through a long inline attachments that _might_ have some salient text at the end? I don't know. I'm just asking. --- Chad Carr [EMAIL PROTECTED] --- ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] List Manager filters
Mike Noyes [EMAIL PROTECTED] on 03/18/2002 09:09:41 AM To: [EMAIL PROTECTED] cc:(bcc: Phillip Watts/austin/Nlynx) Subject: [Leaf-user] List Manager filters Is this change to draconian? Works for me. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] List Manager filters
Plain text attachments might be fine. I personally prefer a long inline attachments myself, but that's a matter of taste. In any case, there are other types of attachment, such as MS Word .doc files, that create both potential security problems (for Windows users) and inconvenience (for Linux users). Attachments can include executables of many forms. Allowing text/html, BTW, also raises security issues, not just onscreen unreadability for those of us with non-HTML'ized MUAs. Overall, I like Mike's approach. I only wish the bounce message could be configured to explain the problem automatically, instead of requiring Mike to send a personal followup. At 07:20 AM 3/18/02 -0800, Chad Carr wrote: * Mike Noyes ([EMAIL PROTECTED]) wrote: Everyone, I'm filtering our leaf-user list on header Content-Type. The only two types that post without getting flagged for administrative action are: text/plain, and multipart/signed. Note: this means that posts with attachments will not reach our leaf-user list. It seems fine to deny text/html since it can muddle people with normal MUAs and no web browser installed, but what is the problem with attachments? Isn't it more convenient to read attachments if you feel like it than to have to wade through a long inline attachments that _might_ have some salient text at the end? I don't know. I'm just asking. -- Never tell me the odds!--- Ray Olszewski-- Han Solo Palo Alto, CA[EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] List Manager filters
Is this change to draconian? I don't think this is draconian, but you can probably save yourself some list admin work. I suggest some additions to the auto-responder e-mail: 1) Indicate that attachments (other than a GPG signature) are not allowed, and instead should be included in-line with the main e-mail body. This would also be a good place to mention any length limits currently in place. 2) Add a details section indicating the two Content-types allowed (and any other specifics not already mentioned)...while there should be a clear and basic description of list filtering for the average HTML e-mail user, we should also provide clear details for those users who can understand and use them. Suggested form of alternate auto-response below...please modify for exact list behavior (ie are html e-mails rejected, dropped, or queued for administrator examination? What about messages with attachments?). I think with a bit more detail in the bouce message, you can lighten your administrative load substantially... NOTE: I removed the part about creating a SF support request. The mail list works the way we as a group decide it should...there should't be an SF support request just because someone can't post with their favorite HTML stationary, add GIF smiley's, or whatever... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) Maybe something like: This list rejects HTML e-mails, and does not allow attachments. Please configure your email client [1] to send text/plain messages to this list. [1] http://www.expita.com/nomime.html Instead of attachments, you should include any diagnostic information as in-line text in the main message body. Please note the maximum size for any message is ??? bytes. Details: Only messages with a Content-type: of text/plain and multipart/signed are automatically posted to the list. Other content-types are: which one?...maybe more than one? - Queued for administrator inspection - Sent to the bit-bucket - ??? more filtering details here, re attachments, spam filtering, etc If you have any questions about this policy, please send them to [EMAIL PROTECTED]. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] List Manager filters
At 2002-03-18 07:51 -0800, Ray Olszewski wrote: Plain text attachments might be fine. I personally prefer a long inline attachments myself, but that's a matter of taste. In any case, there are other types of attachment, such as MS Word .doc files, that create both potential security problems (for Windows users) and inconvenience (for Linux users). Attachments can include executables of many forms. Ray, I couldn't have said this any better. Thanks. Overall, I like Mike's approach. I only wish the bounce message could be configured to explain the problem automatically, instead of requiring Mike to send a personal followup. I do too, but it doesn't look like that feature was added to Mailman 2.1. [Mailman-Users] RELEASED Mailman 2.1 beta 1 http://www.mail-archive.com/mailman-users%40python.org/msg08437.html This new feature is going to be really nice: ~ There is a new per-user option that can be used to avoid receipt of ~ extra copies, when a member of the list is also explicitly CC'd. -- Mike Noyes [EMAIL PROTECTED] http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] List Manager filters
At 2002-03-18 09:50 -0600, Charles Steinkuehler wrote: Is this change to draconian? I don't think this is draconian, but you can probably save yourself some list admin work. I suggest some additions to the auto-responder e-mail: Charles, Unfortunately, there is nothing auto about the response. good suggestions snipped NOTE: I removed the part about creating a SF support request. The mail list works the way we as a group decide it should...there should't be an SF support request just because someone can't post with their favorite HTML stationary, add GIF smiley's, or whatever... I added the SF support request option to cover people who have employers that attach mime/html footers to all outgoing mail. I probably could have expressed this better. Maybe something like: Note: I don't think we need to specify the maximum post size (64Kb). Very few text/plain messages will exceed this size. Revised edition below: Please configure your email client [1] to send text/plain messages to this list. Instead of attachments, you should include any diagnostic information as in-line text in the main message body. [1] http://www.expita.com/nomime.html Details: Only messages with a Content-type: of text/plain and multipart/signed are automatically posted to the list. All other content-types are held for administrative action. Alternate Support: If your employer attaches a footer to all outgoing mail that isn't text/plain, you may submit a support request using the LEAF Tracker [2]. [2] https://sourceforge.net/tracker/?group_id=13751atid=213751 If you have any questions about this policy, please send them to [EMAIL PROTECTED]. -- Mike Noyes [EMAIL PROTECTED] http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] List Manager filters
[...] good suggestions snipped NOTE: I removed the part about creating a SF support request. The mail list works the way we as a group decide it should...there should't be an SF support request just because someone can't post with their favorite HTML stationary, add GIF smiley's, or whatever... I added the SF support request option to cover people who have employers that attach mime/html footers to all outgoing mail. I probably could have expressed this better. [...] Alternate Support: If your employer attaches a footer to all outgoing mail that isn't text/plain, you may submit a support request using the LEAF Tracker [2]. Please forgive my usual absent mindedness ... but what actually happens when someone submits a support request? Who sees it and acts on it? Have we gotten any, and have they been handled well? I'm not trying to criticise whoever handles these things ... I'm more inclined to empathize with any difficulties he or she faces. But the strength of the list is that *many* knowledgeable people see the questions, so even if an occasional wrong response gets posted, the correct one is also likely to be provided. If the support requests reach a smaller audience of troubleshooters, the chances of either a mistake or no response at all go up. Neither is a good thing. -- Never tell me the odds!--- Ray Olszewski-- Han Solo Palo Alto, CA[EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] List Manager filters
At 2002-03-18 10:56 -0800, Ray Olszewski wrote: Alternate Support: If your employer attaches a footer to all outgoing mail that isn't text/plain, you may submit a support request using the LEAF Tracker [2]. Please forgive my usual absent mindedness ... but what actually happens when someone submits a support request? Who sees it and acts on it? Have we gotten any, and have they been handled well? Ray, I had the SF tracker setup to forward new SF tracker support requests to the leaf-devel list. You may have noticed ocasional posts from [EMAIL PROTECTED] These were forwards to the leaf-devel list on new tracker submissions. I just changed this to forward to our leaf-user list for support requests, and post on every change to the request. New SF support requests are auto assigned depending on the category selected. Our project summary indicates: * Bugs (1 open / 10 total) * Support Requests (5 open / 14 total) * Patches (26 open / 33 total) * Feature Requests (1 open / 8 total) The backlog in our Patches will be corrected once I get our packages tree setup in CVS. I try to monitor all of our SF trackers periodically. Note: I'm not doing a very good job with this. :-( I'm not trying to criticise whoever handles these things ... I'm more inclined to empathize with any difficulties he or she faces. But the strength of the list is that *many* knowledgeable people see the questions, so even if an occasional wrong response gets posted, the correct one is also likely to be provided. If the support requests reach a smaller audience of troubleshooters, the chances of either a mistake or no response at all go up. Neither is a good thing. Agreed. Do you have an alternate solution for companies that add incompatible footers to outgoing mail? -- Mike Noyes [EMAIL PROTECTED] http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] [ leaf-Support Requests-512515 ] Buggy Alcatel adsl modem's dhcp server
Support Requests item #512515, was opened at 2002-02-03 15:01 You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=512515group_id=13751 Category: Release/Branch: Dachstein Group: None Status: Open Resolution: None Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: Buggy Alcatel adsl modem's dhcp server Initial Comment: Hello, I'm trying to get my dachstein router working in combination with my Alcatel Speedtouch ADSL modem. It has an option for DHCP spoofing, so theorethically al I need to do is setup DHCP on my external interface and that's it. Sadly, alcatel has made a buggy DHCP server- implementation on their modems which has the feature of only giving the last 3 bytes of the ip-adress instead of the subnet mask. The current dhclient doesn't really like this... Could anyone provide a patched dhclient package which resolves this issue or a modified dhcpclient-script that hardcodes the subnetmask to 255.255.255.255 (i think that should also do the trick). I already found a patched version of client.c which someone else wrote for pathing his RedHat install, maybe it's useful for adressing this problem under LRP Thanks in advance, Thijs *** client.c.orig Sun Aug 5 12:14:21 2001 --- client.c Sun Aug 5 12:22:12 2001 *** *** 469,476 memcpy(p-sin_addr.s_addr,DhcpOptions.val [subnetMask],4); if ( ioctl(dhcpSocket,SIOCSIFNETMASK,ifr) == -1 ) /* setting netmask */ { ! syslog(LOG_ERR,dhcpConfig: ioctl SIOCSIFNETMASK: % m ); ! return -1; } memcpy(p-sin_addr.s_addr,DhcpOptions.val [broadcastAddr],4); if ( ioctl(dhcpSocket,SIOCSIFBRDADDR,ifr) == -1 ) /* setting broadcast address */ --- 469,480 memcpy(p-sin_addr.s_addr,DhcpOptions.val [subnetMask],4); if ( ioctl(dhcpSocket,SIOCSIFNETMASK,ifr) == -1 ) /* setting netmask */ { ! p-sin_addr.s_addr = 0x; /* try 255.255.255.255 */ ! if ( ioctl(dhcpSocket,SIOCSIFNETMASK,ifr) == -1 ) ! { ! syslog(LOG_ERR,dhcpConfig: ioctl SIOCSIFNETMASK: % m ); ! return -1; ! } } memcpy(p-sin_addr.s_addr,DhcpOptions.val [broadcastAddr],4); if ( ioctl(dhcpSocket,SIOCSIFBRDADDR,ifr) == -1 ) /* setting broadcast address */ -- You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=512515group_id=13751 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] List Manager filters
Hi, I run some mailing lists and use demime to strip html and other crap out of incoming submissions, both to the list proper and to the list-request address. It is my understanding that the latest AOL mail program is incapable of sending email that is NOT html. Bill Dudley At 2002-03-18 09:50 -0600, Charles Steinkuehler wrote: Is this change to draconian? I don't think this is draconian, but you can probably save yourself some list admin work. I suggest some additions to the auto-responder e-mail: Charles, Unfortunately, there is nothing auto about the response. good suggestions snipped NOTE: I removed the part about creating a SF support request. The mail list works the way we as a group decide it should...there should't be an SF support request just because someone can't post with their favorite HTML stationary, add GIF smiley's, or whatever... I added the SF support request option to cover people who have employers that attach mime/html footers to all outgoing mail. I probably could have expressed this better. Maybe something like: Note: I don't think we need to specify the maximum post size (64Kb). Very few text/plain messages will exceed this size. Revised edition below: Please configure your email client [1] to send text/plain messages to this list. Instead of attachments, you should include any diagnostic information as in-line text in the main message body. [1] http://www.expita.com/nomime.html Details: Only messages with a Content-type: of text/plain and multipart/signed are automatically posted to the list. All other content-types are held for administrative action. Alternate Support: If your employer attaches a footer to all outgoing mail that isn't text/plain, you may submit a support request using the LEAF Tracker [2]. [2] https://sourceforge.net/tracker/?group_id=13751atid=213751 If you have any questions about this policy, please send them to [EMAIL PROTECTED]. -- Mike Noyes [EMAIL PROTECTED] http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] [ leaf-Support Requests-524646 ] trouble loading module for nic
Support Requests item #524646, was opened at 2002-03-01 18:05 You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=524646group_id=13751 Category: Release/Branch: Dachstein Group: None Status: Open Resolution: None Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: trouble loading module for nic Initial Comment: Hi, I have read all of the docs for my distib of leaf (Dachstein) and am still having some trouble. I downloaded the RTL8139.o module for my nic cards and placed them in /lib/modules and added it to the /etc/modules config file. The docs for this driver say that pci-scan must also be installed, so i did that. I then backed everything up and rebooted. The nic cards are not found or working. Lsmod shows the other modules that have loaded but not the one I added (yes they are in the /lib/modules and the config file). When I try to insmod the module it says 'process busy' Please help!!! Thanks.. Jeff p.s. have learned alot and keep up the good work. -- You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=524646group_id=13751 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] [ leaf-Support Requests-523277 ] IP Port Forwarding on Dachstein
Support Requests item #523277, was opened at 2002-02-26 22:08 You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=523277group_id=13751 Category: Release/Branch: Dachstein Group: None Status: Open Resolution: None Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: IP Port Forwarding on Dachstein Initial Comment: I'm running the Dachstein LRP on a pentium 133 box with 3com and Network Anywhere network cards, and am connected to the internet via DSL. The router works great, but I am now trying to forward port 80 for www over to a Mandrake 8.1 box running Apache (don't be fooled, I'm a Linux newbie). I've determined so far that the ipmasqadm portfw command has to be used instead of the old ipportfw. I'm relatively certain that I've got the usage of that correct, and it seems to think that it is forwarding the appropriate ports and IPs (and I've tried every possible iteration of the command and IPs). I've also done some minor things like move the weblet to port 8000 so it isn't in the way. I've been at this on and off for a few weeks so I can't recall every last thing I've done, but I've looked through the documentation I could find and still don't have it working. Basically when you try to connect to the website from outside it acts like it is opening the page then suddenly jumps to a page not found message, which indicates it is not actually forwarding the port. I'm still not sure exactly how/where to include the port forwarding in the modules so that it does that on startup. If anybody has some advice or some documentation that I haven't found I would really appreciate it! -- You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=523277group_id=13751 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] [ leaf-Support Requests-528127 ] bering /sbin/getty problem
Support Requests item #528127, was opened at 2002-03-10 06:58 You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=528127group_id=13751 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: bering /sbin/getty problem Initial Comment: Hello, I have been playing with the bering LEAF distribution. Its very nice and I like it so far however I am having a little problem I was hoping someone on your end could help me with. I am trying to get the firewall to run on a laptop for power concern reasons and have got the distribution disk working and configured like I want with the modules and packages I think I need. The disk boots and runs fine in several laptops I have tried however the target laptop shows a problem. The boot disk gets all the way through the installation, says finished and then goes into this loop of : cannot execute /sbin/getty add infinitum. Then it says something about respawning to quickly and freezes up on me. I have traced around on another PC to the getty call I think, in INIT. I dunno could you offer some suggestions I am kind of stuck. Thanks ED -- Comment By: Jacques Nilo (jnilo) Date: 2002-03-11 12:00 Message: Logged In: YES user_id=150195 Just an obvious check: are you able to run Dachstein or any other floppy based linux distro on your laptop ? http://www.toms.net/rb/ For example ? -- Comment By: Nobody/Anonymous (nobody) Date: 2002-03-10 18:39 Message: Logged In: NO OK Thanks for the quick reply I really didn't want to bother you, after all the great documentation on your site and the great package and all. I just figured the getty thing might ring a bell. I cant't make a fresh image until I get back to the library, my home computer has a really hard time making the disk images. Even the library was like about one in 6. The disk I have works fine however I have booted up on 3 machines and many several of times played with it, update the modules and packages, no problem. I don't suspect the disk but who knows! Texas Instruments Extensa 605CD CPU 120 MHZ pentium Coprocessor installed System Ram 640kb Extended Ram 7168 KB Shadow RAM 384 KB no Cache RaM no internal drive internal cd rom Bios date 09/11/96 video bios version V1.1.8 R132.10 Chips and Technologies, INC. Phonex Bios version 4.05 System and Video Bios Shadowed UMB upper limit segment address:F226 Again the more exact message from Bering= INIT: Entering runlevel: 2 INIT: cannot exeute /sbin/getty [repeat this many times down the screen] INIT: Id 1 respawning too fast: disabled for 5 minutes INIT: cannot execute :/sbin/getty [repeat several more times] INIT: Id 2 respawning too fast: disabled for 5 minutes INIT: no more processes left in this runlevel Then nothing more Thanks for the HELP! -- Comment By: Jacques Nilo (jnilo) Date: 2002-03-10 09:06 Message: Logged In: YES user_id=150195 If the disk boots OK on several laptop and not on the target laptop it's really sounds like an hardware problem. 1/ Retry with a new fresh disk image to see if it fixes the pb 2/ If not send detailed info about the laptop you are trying to use Jacques -- Comment By: Jacques Nilo (jnilo) Date: 2002-03-10 09:06 Message: Logged In: YES user_id=150195 If the disk boots OK on several laptop and not on the target laptop it's really sounds like an hardware problem. 1/ Retry with a new fresh disk image to see if it fixes the pb 2/ If not send detailed info about the laptop you are trying to use Jacques -- You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=528127group_id=13751 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] [ leaf-Support Requests-523277 ] IP Port Forwarding on Dachstein
Support Requests item #523277, was opened at 2002-02-26 22:08 You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=523277group_id=13751 Category: Release/Branch: Dachstein Group: None Status: Open Resolution: None Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: IP Port Forwarding on Dachstein Initial Comment: I'm running the Dachstein LRP on a pentium 133 box with 3com and Network Anywhere network cards, and am connected to the internet via DSL. The router works great, but I am now trying to forward port 80 for www over to a Mandrake 8.1 box running Apache (don't be fooled, I'm a Linux newbie). I've determined so far that the ipmasqadm portfw command has to be used instead of the old ipportfw. I'm relatively certain that I've got the usage of that correct, and it seems to think that it is forwarding the appropriate ports and IPs (and I've tried every possible iteration of the command and IPs). I've also done some minor things like move the weblet to port 8000 so it isn't in the way. I've been at this on and off for a few weeks so I can't recall every last thing I've done, but I've looked through the documentation I could find and still don't have it working. Basically when you try to connect to the website from outside it acts like it is opening the page then suddenly jumps to a page not found message, which indicates it is not actually forwarding the port. I'm still not sure exactly how/where to include the port forwarding in the modules so that it does that on startup. If anybody has some advice or some documentation that I haven't found I would really appreciate it! -- Comment By: Nobody/Anonymous (nobody) Date: 2002-03-18 12:12 Message: Logged In: NO I put my Ipmasq portfw rules in the port forwarding section of the network.conf right under the INTERN_XXX_SERVERS section and remember to open the www tcp port just above in the EXTERN_TCP_PORTS=0/0_www variable. I hope this is right... Newbie also.. if not, hopefully someone will let us both know... Gary -- You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=523277group_id=13751 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] List Manager filters
At 2002-03-18 15:15 -0500, William F. Dudley Jr. wrote: I run some mailing lists and use demime to strip html and other crap out of incoming submissions, both to the list proper and to the list-request address. Bill, Demime and stripmime are only available to list admins. I'm just a lowly list manager. The SF staff takes care of our list admin work. It is my understanding that the latest AOL mail program is incapable of sending email that is NOT html. Instructions for AOL 7.0 users are pending. I'm sure Gerald Boyd would be interested in any information you have on AOL 7.0. http://www.expita.com/nomime.html#aol7 -- Mike Noyes [EMAIL PROTECTED] http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Bering v1.0-rc1 available
Updated with a 2.4.18 linux kernel shorewall 1.2.9. Check: http://leaf.sourceforge.net/article.php?sid=31 Enjoy Jacques Eric http://leaf.sourceforge.net/devel/jnilo ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] [ leaf-Support Requests-524646 ] trouble loading module for nic
Support Requests item #524646, was opened at 2002-03-01 18:05 You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=524646group_id=13751 Category: Release/Branch: Dachstein Group: None Status: Closed Resolution: None Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: trouble loading module for nic Initial Comment: Hi, I have read all of the docs for my distib of leaf (Dachstein) and am still having some trouble. I downloaded the RTL8139.o module for my nic cards and placed them in /lib/modules and added it to the /etc/modules config file. The docs for this driver say that pci-scan must also be installed, so i did that. I then backed everything up and rebooted. The nic cards are not found or working. Lsmod shows the other modules that have loaded but not the one I added (yes they are in the /lib/modules and the config file). When I try to insmod the module it says 'process busy' Please help!!! Thanks.. Jeff p.s. have learned alot and keep up the good work. -- Comment By: Mike Noyes (mhnoyes) Date: 2002-03-18 14:01 Message: Logged In: YES user_id=39521 Please read How DoI make LEAF see my Ethernet cards. http://sourceforge.net/docman/display_doc.php?docid=1418group_id=13751 Should you require further assistance from LEAF project members, please submit a new support request. Thank you, leaf-project.org support -- You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=524646group_id=13751 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] [ leaf-Support Requests-528127 ] bering /sbin/getty problem
Support Requests item #528127, was opened at 2002-03-10 06:58 You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=528127group_id=13751 Category: Release/Branch: Bering Group: None Status: Closed Resolution: None Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: bering /sbin/getty problem Initial Comment: Hello, I have been playing with the bering LEAF distribution. Its very nice and I like it so far however I am having a little problem I was hoping someone on your end could help me with. I am trying to get the firewall to run on a laptop for power concern reasons and have got the distribution disk working and configured like I want with the modules and packages I think I need. The disk boots and runs fine in several laptops I have tried however the target laptop shows a problem. The boot disk gets all the way through the installation, says finished and then goes into this loop of : cannot execute /sbin/getty add infinitum. Then it says something about respawning to quickly and freezes up on me. I have traced around on another PC to the getty call I think, in INIT. I dunno could you offer some suggestions I am kind of stuck. Thanks ED -- Comment By: Mike Noyes (mhnoyes) Date: 2002-03-18 14:10 Message: Logged In: YES user_id=39521 Based on the most recent comment on this support request, it is our understanding that this matter has been addressed. Should you require further assistance from LEAF project members, please submit a new support request. Thank you, leaf-project.org support -- Comment By: Jacques Nilo (jnilo) Date: 2002-03-11 12:00 Message: Logged In: YES user_id=150195 Just an obvious check: are you able to run Dachstein or any other floppy based linux distro on your laptop ? http://www.toms.net/rb/ For example ? -- Comment By: Nobody/Anonymous (nobody) Date: 2002-03-10 18:39 Message: Logged In: NO OK Thanks for the quick reply I really didn't want to bother you, after all the great documentation on your site and the great package and all. I just figured the getty thing might ring a bell. I cant't make a fresh image until I get back to the library, my home computer has a really hard time making the disk images. Even the library was like about one in 6. The disk I have works fine however I have booted up on 3 machines and many several of times played with it, update the modules and packages, no problem. I don't suspect the disk but who knows! Texas Instruments Extensa 605CD CPU 120 MHZ pentium Coprocessor installed System Ram 640kb Extended Ram 7168 KB Shadow RAM 384 KB no Cache RaM no internal drive internal cd rom Bios date 09/11/96 video bios version V1.1.8 R132.10 Chips and Technologies, INC. Phonex Bios version 4.05 System and Video Bios Shadowed UMB upper limit segment address:F226 Again the more exact message from Bering= INIT: Entering runlevel: 2 INIT: cannot exeute /sbin/getty [repeat this many times down the screen] INIT: Id 1 respawning too fast: disabled for 5 minutes INIT: cannot execute :/sbin/getty [repeat several more times] INIT: Id 2 respawning too fast: disabled for 5 minutes INIT: no more processes left in this runlevel Then nothing more Thanks for the HELP! -- Comment By: Jacques Nilo (jnilo) Date: 2002-03-10 09:06 Message: Logged In: YES user_id=150195 If the disk boots OK on several laptop and not on the target laptop it's really sounds like an hardware problem. 1/ Retry with a new fresh disk image to see if it fixes the pb 2/ If not send detailed info about the laptop you are trying to use Jacques -- Comment By: Jacques Nilo (jnilo) Date: 2002-03-10 09:06 Message: Logged In: YES user_id=150195 If the disk boots OK on several laptop and not on the target laptop it's really sounds like an hardware problem. 1/ Retry with a new fresh disk image to see if it fixes the pb 2/ If not send detailed info about the laptop you are trying to use Jacques -- You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=528127group_id=13751 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] [ leaf-Support Requests-523277 ] IP Port Forwarding on Dachstein
On Monday 18 March 2002 17:35, Mike Noyes wrote: Everyone, Does the comment below describe the correct procedure for port forwarding in Dachstein? If so, I'll close the support request. Kind of rightuse this to forward the port: INTERN_SERVERS=tcp_${EXTERN_IP}_www_192.168.1.1_www -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] [ leaf-Support Requests-524646 ] trouble loading module for nic
On Monday 18 March 2002 13:46, [EMAIL PROTECTED] wrote: I have read all of the docs for my distib of leaf (Dachstein) and am still having some trouble. I downloaded the RTL8139.o module for my nic cards and placed them in /lib/modules and added it to the /etc/modules config file. The docs for this driver say that pci-scan must also be installed, so i did that. I then backed everything up and rebooted. The nic cards are not found or working. Lsmod shows the other modules that have loaded but not the one I added (yes they are in the /lib/modules and the config file). When I try to insmod the module it says 'process busy' Please help!!! Try the 8139too.o module instead... the module depends on the card chipset revision. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] List Manager filters
On Monday 18 March 2002 14:15, William F. Dudley Jr. wrote: Hi, I run some mailing lists and use demime to strip html and other crap out of incoming submissions, both to the list proper and to the list-request address. It is my understanding that the latest AOL mail program is incapable of sending email that is NOT html. hehe, you can't connect to AOL with LEAF anyway unless they make their secret authentication method un-secret! Good suggestion though!!! -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] DachStein CD Ipmasq portfw not loading
On Monday 18 March 2002 14:26, Gary Dodge wrote: I have two port forwarding rules, they are in the port forwarding section of the network.conf file, for some reason they will not load from boot, but they work fine if I enter them at the command prompt. I can't find any errors in my log files, are they in the wrong place, how would I track this down?... network.conf does _not_ take literal commands. You must either enter the information with the templated syntax in network.conf or manually add the literal command(s) in /etc/ipfilter.conf. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] udhcp problems
On Monday 18 March 2002 08:29, Joey Officer wrote: Lets see... The other morning I came to work and noticed that the WinNT4 machine had a message saying that it could not obtain a lease automagically, but that everything was temporarily fine, because I still had an IP. I left it for awhile, and then noticed that the same error came up a couple of days in a row. Finally it dropped the lease and I tried to obtain one manually. No luck, I checked a couple of the other boxes, one had already dropped the lease, but the others still had the IPs. They were quite capable of browsing the net so I considered just rebooting the workstation, still no success, only thing left to do at that time was to reboot the LRP box, and sure enough.. it works. It sounds like WinNT won't take the full default lease of 7 or 10 days (I forget which it is). Udhcp won't renew the lease because the lease isn't up after a couple of days. This sounds like an incompatibility with NT. Why don't you manually edit the lease time in /etc/udhcpd.conf to something like 2 or 3 days, restart udhcpc, and see if the problem persists. If it does, I'll try to duplicate it and find the problem, but it sounds like the default lease I put in is too long of a time period for NT. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] ISDN Modem (External) and BERING Beta 4 - No response to LCP requests: Solved
Thanks for your reply Eric, Good to hear that :=) Yes, Yes it is - Even better now that the problem is solved -! You know what it was?? Initialization String!!! It Stump't me Good and Proper!! Here is my Settings Now! /etc/ppp/peers/provider kdebug 1 debug lock noauth defaultroute name username /dev/ttyS1 115200 modem crtscts connect /usr/sbin/chat -v -f /etc/chatscripts/provider /etc/chatscripts/provider TIMEOUT 8 ABORT BUSY ABORT NO CARRIER ABORT VOICE ABORT NO DIALTONE ABORT NO ANSWER ATFC1D2S60=64S70=0S71=1S80=0 OK ATDT phone-number CONNECT '' /etc/options hide-password no-ipx Local_IP:Remote_IP /etc/ppp/chap-secrets username * password It might have been the External broadcast setting as well as I had that set to detect (silly me, not reading through the INSTRUCTIONS) If you use it as a modem, than how is it connected, over an ethernet connection or over a serial line ?? Serial Now the question is, do you really send a LCP ConfReq over the isdn line, with other words, is the LCP leaving your machine correctly and arriveing at your router, and isn't it changed there. ??? I don't know - It was in the logs that i was sending them (they just wern't being recieved at the ISP's end and vica-versa) Sorry if I made some suggestions, you certainly knew. Thats OK But especially the shorewall interface is easily forgotten (happened me at the configuration of a DSL Router with isdn fallback ;) ) Yup , that and initialization strings, very simple, but easily forgotten Thanx Again Eric! Jay ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] [ leaf-Support Requests-523277 ] IP Port Forwarding on Dachstein
Support Requests item #523277, was opened at 2002-02-27 00:08 You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=523277group_id=13751 Category: Release/Branch: Dachstein Group: None Status: Open Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: IP Port Forwarding on Dachstein Initial Comment: I'm running the Dachstein LRP on a pentium 133 box with 3com and Network Anywhere network cards, and am connected to the internet via DSL. The router works great, but I am now trying to forward port 80 for www over to a Mandrake 8.1 box running Apache (don't be fooled, I'm a Linux newbie). I've determined so far that the ipmasqadm portfw command has to be used instead of the old ipportfw. I'm relatively certain that I've got the usage of that correct, and it seems to think that it is forwarding the appropriate ports and IPs (and I've tried every possible iteration of the command and IPs). I've also done some minor things like move the weblet to port 8000 so it isn't in the way. I've been at this on and off for a few weeks so I can't recall every last thing I've done, but I've looked through the documentation I could find and still don't have it working. Basically when you try to connect to the website from outside it acts like it is opening the page then suddenly jumps to a page not found message, which indicates it is not actually forwarding the port. I'm still not sure exactly how/where to include the port forwarding in the modules so that it does that on startup. If anybody has some advice or some documentation that I haven't found I would really appreciate it! -- Comment By: Lynn Avants (guitarlynn) Date: 2002-03-18 19:16 Message: Logged In: YES user_id=176069 The preferred (less-confusing) way of the actual port forward with Dachstein would be this line: INTERN_SERVERS=tcp_${EXTERN_IP}_80_192.168.1.1_80 You will also need to open the port in the firewall with the line: EXTERN_TCP_PORTS=0/0_www 0/0_80 The module you will need to load is ip_masq_portfw. You may need to download this module from Charles' site in the dachstein-small/modules branch (in the /modules/ip_masq directory if you are using the floppy version. You simply copy this module to a floppy, then copy it from the floppy to the /lib/modules directory of the Dachstein machine (make sure the name is correct after copying it). You will need to save the etc and modules packages then reboot the firewall to have all changes take effect. I hope this helps, ~Guitarlynn Lynn Avants -- Comment By: Nobody/Anonymous (nobody) Date: 2002-03-18 14:12 Message: Logged In: NO I put my Ipmasq portfw rules in the port forwarding section of the network.conf right under the INTERN_XXX_SERVERS section and remember to open the www tcp port just above in the EXTERN_TCP_PORTS=0/0_www variable. I hope this is right... Newbie also.. if not, hopefully someone will let us both know... Gary -- You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=523277group_id=13751 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] [ leaf-Support Requests-523277 ] IP Port Forwarding on Dachstein
Support Requests item #523277, was opened at 2002-02-27 00:08 You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=523277group_id=13751 Category: Release/Branch: Dachstein Group: None Status: Closed Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: IP Port Forwarding on Dachstein Initial Comment: I'm running the Dachstein LRP on a pentium 133 box with 3com and Network Anywhere network cards, and am connected to the internet via DSL. The router works great, but I am now trying to forward port 80 for www over to a Mandrake 8.1 box running Apache (don't be fooled, I'm a Linux newbie). I've determined so far that the ipmasqadm portfw command has to be used instead of the old ipportfw. I'm relatively certain that I've got the usage of that correct, and it seems to think that it is forwarding the appropriate ports and IPs (and I've tried every possible iteration of the command and IPs). I've also done some minor things like move the weblet to port 8000 so it isn't in the way. I've been at this on and off for a few weeks so I can't recall every last thing I've done, but I've looked through the documentation I could find and still don't have it working. Basically when you try to connect to the website from outside it acts like it is opening the page then suddenly jumps to a page not found message, which indicates it is not actually forwarding the port. I'm still not sure exactly how/where to include the port forwarding in the modules so that it does that on startup. If anybody has some advice or some documentation that I haven't found I would really appreciate it! -- Comment By: Lynn Avants (guitarlynn) Date: 2002-03-18 19:16 Message: Logged In: YES user_id=176069 The preferred (less-confusing) way of the actual port forward with Dachstein would be this line: INTERN_SERVERS=tcp_${EXTERN_IP}_80_192.168.1.1_80 You will also need to open the port in the firewall with the line: EXTERN_TCP_PORTS=0/0_www 0/0_80 The module you will need to load is ip_masq_portfw. You may need to download this module from Charles' site in the dachstein-small/modules branch (in the /modules/ip_masq directory if you are using the floppy version. You simply copy this module to a floppy, then copy it from the floppy to the /lib/modules directory of the Dachstein machine (make sure the name is correct after copying it). You will need to save the etc and modules packages then reboot the firewall to have all changes take effect. I hope this helps, ~Guitarlynn Lynn Avants -- Comment By: Nobody/Anonymous (nobody) Date: 2002-03-18 14:12 Message: Logged In: NO I put my Ipmasq portfw rules in the port forwarding section of the network.conf right under the INTERN_XXX_SERVERS section and remember to open the www tcp port just above in the EXTERN_TCP_PORTS=0/0_www variable. I hope this is right... Newbie also.. if not, hopefully someone will let us both know... Gary -- You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=523277group_id=13751 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] [ leaf-Support Requests-512515 ] Buggy Alcatel adsl modem's dhcp server
Support Requests item #512515, was opened at 2002-02-03 17:01 You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=512515group_id=13751 Category: Release/Branch: Dachstein Group: None Status: Open Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: Buggy Alcatel adsl modem's dhcp server Initial Comment: Hello, I'm trying to get my dachstein router working in combination with my Alcatel Speedtouch ADSL modem. It has an option for DHCP spoofing, so theorethically al I need to do is setup DHCP on my external interface and that's it. Sadly, alcatel has made a buggy DHCP server- implementation on their modems which has the feature of only giving the last 3 bytes of the ip-adress instead of the subnet mask. The current dhclient doesn't really like this... Could anyone provide a patched dhclient package which resolves this issue or a modified dhcpclient-script that hardcodes the subnetmask to 255.255.255.255 (i think that should also do the trick). I already found a patched version of client.c which someone else wrote for pathing his RedHat install, maybe it's useful for adressing this problem under LRP Thanks in advance, Thijs *** client.c.orig Sun Aug 5 12:14:21 2001 --- client.c Sun Aug 5 12:22:12 2001 *** *** 469,476 memcpy(p-sin_addr.s_addr,DhcpOptions.val [subnetMask],4); if ( ioctl(dhcpSocket,SIOCSIFNETMASK,ifr) == -1 ) /* setting netmask */ { ! syslog(LOG_ERR,dhcpConfig: ioctl SIOCSIFNETMASK: % m ); ! return -1; } memcpy(p-sin_addr.s_addr,DhcpOptions.val [broadcastAddr],4); if ( ioctl(dhcpSocket,SIOCSIFBRDADDR,ifr) == -1 ) /* setting broadcast address */ --- 469,480 memcpy(p-sin_addr.s_addr,DhcpOptions.val [subnetMask],4); if ( ioctl(dhcpSocket,SIOCSIFNETMASK,ifr) == -1 ) /* setting netmask */ { ! p-sin_addr.s_addr = 0x; /* try 255.255.255.255 */ ! if ( ioctl(dhcpSocket,SIOCSIFNETMASK,ifr) == -1 ) ! { ! syslog(LOG_ERR,dhcpConfig: ioctl SIOCSIFNETMASK: % m ); ! return -1; ! } } memcpy(p-sin_addr.s_addr,DhcpOptions.val [broadcastAddr],4); if ( ioctl(dhcpSocket,SIOCSIFBRDADDR,ifr) == -1 ) /* setting broadcast address */ -- Comment By: Lynn Avants (guitarlynn) Date: 2002-03-18 19:26 Message: Logged In: YES user_id=176069 Well, the source won't help much since it is in C and we shell-script the dhcp scripts with LEAF. You could change the netmask in all instances of ip addr, ip route...,and ip link ., but this would involve going through roughly 300+ lines of code. If you have a static option with the modem, it would be consideably easier. LEAF firewalls all do ip spoofing by default, so you are not gaining anything by using this option with your modem. Is this possible??? -- You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=512515group_id=13751 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] RADIUS attributes
I connected my lrp router to one RAS. I get the Remote IPs and i get connected. But the RAS has been configurated to give RADIUS Attributes as DNS IPs servers, and one route for the routing table. My lrp can not get the RADIUS Attributes. Someone have some idea regards ccntv1 _ MSN Photos es la manera más sencilla de compartir e imprimir sus fotos: http://photos.latam.msn.com/Support/WorldWide.aspx ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Convert Bering 1680 to 1440?
First, thanks to all involved in LEAF. I've been using it, in one form or another for a few years now in my small business, and at home. It is great! I've downloaded the 1680 disk image, and it works great. I've deleted a bunch of stuff that I don't think I'll need, so I think what is left will fit it all on a 1440 floppy now. I intend to put all the sshd stuff on a second floppy, and modify the syslinux file appropriately. I've got two floppy drives in the box. My thought is to have all the essential stuff on fd0, and have other stuff on fd1. For some reason, I just have better luck with 1440 floppies. What's the easiest way to get the present contents of my customized 1680 floppy onto a 1440 floppy. Pointers to man pages, howtos, would be great. I've got Windows boxes available, but would prefer to learn to do this on a Linux box. TIA. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Can I stop logging by port?
This is a really basic question, but one that has plagued me for a while. My wife is behind a double NAT setup at school. Her provider givers her an 10.100.x.x IP address, which, of course makes Eigerstein ipchains default rules unhappy. I commented out the rules that apply to blocking 10.100.x.x numbers so she has access. The problem is that her logfiles fill up almost instantly with junk like this: myrouter kernel: Packet log: input DENY eth0 PROTO=2 10.100.80.208:65535 239.255.255.250:65535 L=32 S=0x00 I=7688 F=0x T=1 O=0x0494 (#43) But not just from one IP address. Instead she gets these from practically every 10.100.x.x IP available. Clearly everyone in her provider's subnet is pushing out packet fragments, or somehow their network is leaving packet fragments out there. These are being caught by rule 43, which is a catchall I think. I also admit to not really being sure which freaking rule is rule #43, I mean I look through the config, and I am not really sure how to count them. SO is there any way to stop logging all of these packet fragments? Thanks Morgan ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] [ leaf-Support Requests-523277 ] IP Port Forwarding on Dachstein
Support Requests item #523277, was opened at 2002-02-26 22:08 You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=523277group_id=13751 Category: Release/Branch: Dachstein Group: None Status: Closed Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: IP Port Forwarding on Dachstein Initial Comment: I'm running the Dachstein LRP on a pentium 133 box with 3com and Network Anywhere network cards, and am connected to the internet via DSL. The router works great, but I am now trying to forward port 80 for www over to a Mandrake 8.1 box running Apache (don't be fooled, I'm a Linux newbie). I've determined so far that the ipmasqadm portfw command has to be used instead of the old ipportfw. I'm relatively certain that I've got the usage of that correct, and it seems to think that it is forwarding the appropriate ports and IPs (and I've tried every possible iteration of the command and IPs). I've also done some minor things like move the weblet to port 8000 so it isn't in the way. I've been at this on and off for a few weeks so I can't recall every last thing I've done, but I've looked through the documentation I could find and still don't have it working. Basically when you try to connect to the website from outside it acts like it is opening the page then suddenly jumps to a page not found message, which indicates it is not actually forwarding the port. I'm still not sure exactly how/where to include the port forwarding in the modules so that it does that on startup. If anybody has some advice or some documentation that I haven't found I would really appreciate it! -- Comment By: Nobody/Anonymous (nobody) Date: 2002-03-18 22:06 Message: Logged In: NO your statement that you get a page not found message suggests to me that the portforwarding is working and the server doesn't like the URL it is being asked to respond to. You can confirm that the portforwarding is working by starting from your external (dialup?) ip and telnetting into port 80 and entering something like GET / HTTP1.0 followed by pressing enter twice. A normal browser would include a header line after the GET that told the server what host it thought it was talking to, which could bother Apache if Apache is not configured right. See your Apache documentation for further information. Good luck! -- Comment By: Lynn Avants (guitarlynn) Date: 2002-03-18 17:16 Message: Logged In: YES user_id=176069 The preferred (less-confusing) way of the actual port forward with Dachstein would be this line: INTERN_SERVERS=tcp_${EXTERN_IP}_80_192.168.1.1_80 You will also need to open the port in the firewall with the line: EXTERN_TCP_PORTS=0/0_www 0/0_80 The module you will need to load is ip_masq_portfw. You may need to download this module from Charles' site in the dachstein-small/modules branch (in the /modules/ip_masq directory if you are using the floppy version. You simply copy this module to a floppy, then copy it from the floppy to the /lib/modules directory of the Dachstein machine (make sure the name is correct after copying it). You will need to save the etc and modules packages then reboot the firewall to have all changes take effect. I hope this helps, ~Guitarlynn Lynn Avants -- Comment By: Nobody/Anonymous (nobody) Date: 2002-03-18 12:12 Message: Logged In: NO I put my Ipmasq portfw rules in the port forwarding section of the network.conf right under the INTERN_XXX_SERVERS section and remember to open the www tcp port just above in the EXTERN_TCP_PORTS=0/0_www variable. I hope this is right... Newbie also.. if not, hopefully someone will let us both know... Gary -- You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=523277group_id=13751 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] List Manager filters
guitarlynn [EMAIL PROTECTED] wrote: I run some mailing lists and use demime to strip html and other crap out of incoming submissions, both to /snip/ It is my understanding that the latest AOL mail program is incapable of sending email that is NOT html. hehe, you can't connect to AOL with LEAF anyway unless they make their secret authentication method un-secret! Good suggestion though!!! ~Lynn Avants aka Guitarlynn /de-lurk/ Don't let any of my systems know that, as I've been connecting to AOL through various LRP and LEAF derived firewalls for a LONG time. So long, in fact, that I was part of the original AOL beta when they first permitted access from an ISP other than AOL. I presently connect via the AOL clients for Windows and PocketPC. If, that is, this message makes it through moderation and on to the list :-P /lurk/ -Jim Velasquez ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Convert Bering 1680 to 1440?
James Duberg wrote: First, thanks to all involved in LEAF. I've been using it, in one form or another for a few years now in my small business, and at home. It is great! If it's been good for your work, we have a testimonial page we just started that could use a few contribs. I've downloaded the 1680 disk image, and it works great. I've deleted a bunch of stuff that I don't think I'll need, so I think what is left will fit it all on a 1440 floppy now. I intend to put all the sshd stuff on a second floppy, and modify the syslinux file appropriately. I've got two floppy drives in the box. My thought is to have all the essential stuff on fd0, and have other stuff on fd1. For some reason, I just have better luck with 1440 floppies. What's the easiest way to get the present contents of my customized 1680 floppy onto a 1440 floppy. Pointers to man pages, howtos, would be great. On Windows, you could use WinImage 6 to read in the 1680 diskette and then write it out to a 1440. It sounds like you could use a new floppy drive if it's having troubles with 1680 diskettes. Whatever works. I've got Windows boxes available, but would prefer to learn to do this on a Linux box. On linux there's fdformat to format the disk, mkdosfs puts the filsystem on there, and syslinux -s to make it bootable, then cp the files back to it, including the syslinux.cfg that you'll want to edit to be sure it refers to the correct devices, especially if your mixing 1680 and 1440. That's off the top of my head, as I use WinImage 6, so take it with a grain of salt. Regards, Matthew ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user