Re: [Leaf-user] RE: Bering from CD
Luis.F.Correia wrote: ... Even if I don't get around my bugs, I'll publish the results. ... That was my intention in the initial mail, thanks :) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] two-diskettes system
Hi, people. I have a box with two floppy-drives (/dev/fd0xxx and /dev/fd1xxx). I have no free CDROM, no HDD, no ZIP or anything else, only two floppies. The questions: is there any civilized way to organize the lrp-system which would boot from one diskette, take some *.lrp from its and others from the second one? Civilized means that I want to be able to make backups and any system configuratins change in usual simple manner. Besides I dont want to spend time rewriting lrp-managing scripts. The way when one has to change diskettes manually does not fit, I have to be able manage my lrp-box remotely. I use the Bering (beta4) at the moment. I need some free space badly. (there're no unused modules, no unnecessary software, it's impossible to free space on the boot diskette). Thanks. Regards. -- --- Maxim Belchikov, ISP network administrator --- -- Verslo tinklas, Ltd (formerly EUnetas, Ltd) --- Jogailos 8-16, Vilnius, Lithuania -- phone: +370-2-791200, mobile: +370-87-14 858 --- --- fax: +370-2-222627 -- --- email: [EMAIL PROTECTED] -- ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Serial question
This would be the case, but if I remember correctly, the default kernel that is used, is not one of the small kernels. Not only that, but, the kernel should not matter as long as you are loading the serial in /etc/modules. One thing you might try, if there is a continued problem, try loading the serial module before any network modules. That way, the serial device should take precedence. HTH Joey -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of HENRY PSENICKA Sent: Tuesday, March 26, 2002 6:19 PM To: [EMAIL PROTECTED] Subject:RE: [Leaf-user] Serial question Kory... I went through the same thing about a week ago. Assuming that you are using the floppy-disk version of Dachstein rather than Dachstein-CD, the problem exists because the Dachstein-small kernel on the floppy doesn't have serial support rolled into it. Download one of the available Dachstein-normal kernels from Charles' web site and that should take care of it. I used WINIMAGE to transfer this to my floppy disk image, then renamed it linux. Also refer to Charles' serial how-to for additional details if you are still stuck. Good Luck! FROM: Kory KrofftDATE: 03/26/2002 15:44:59SUBJECT: [Leaf-user] Serial question I know I am forgetting something but I can't get my new Dachstein install working with the serial port. I decided to replace my beta version with a new DS boot image. Everything works but I can't get my serial port to terminal working. It worked with my old disk but not now. I loaded serial.o in /lib/modules I setup the getty line in /etc/inittab (uncommented and set T0:ttyS0 115200... added ttyS0 to securetty ran insmod serial added serial to the list of modules in /etc/modules Now T0 keeps respawning and will not work. What have I missed? The system is a pentium 200 with two intel eepro100 cards. Is there a way to check the irq assigned to the NICs? Thank you, Kory Krofft ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] bering iptables modules included?
Hi, I wonder what modules are included in the iptables in bering and what modules can be added to the iptables. I also wonder if it is possible to just replace an iptables version Just with a new version with possibly some new modules. In other words would making an iptables.lrp be possible, or is integration with the kernel to big a problem and will you have to recompile the kernel to change something in iptables? Kim ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Using LEAF with one static public IP address
Hi, I'm going to be switching my home network from ISDN to ADSL in the next few weeks, and I want to set up a LEAF firewall in preparation. I currently have a linux box as my gateway, running iptables. That box has the fixed public IP address that my ISP provided. I also run a few services on that machine, such as qmail, dns, www, sshd. I'm going to buying an ADSL router, which will have an ethernet port on the back, and I'm thinking of connecting that to my LEAF firewall, which forwards traffic on to my internal network, including the linux box on which I want to continue to run services. My questions are these (and I realise they're not all totally specific to LEAF, but I know you guys know your networking ;-) - Will my adsl router get my public ip address (presumably) - if so, should the router then have an internal address on it's private facing port - if, so, then presumably the LEAF external port is in the same network - in the above setup, can I plug the internal eth from the router into the LEAF NIC, with the right sort of cable - Does my internal LEAF port then use another internal network, which presumably is the same as my internal machines - Do I then need to specifically nat all incoming requests to my particular internal server (www, smtp etc) - If so, does that mean I shouldn't use dhcp on the internal network, so I can hard code the internal IP address of my server And finally, does all this sound like the best way of doing this? My home server is not really used by a large number of people - mainly for home email and me logging in via ssh and imaps. It's pretty secure at the moment with iptables on it, but I'd like to run LEAF, partly for even better security, and partly to get used to LEAF even more. Many thanks, Dave ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] two-diskettes system
I have a box with two floppy-drives (/dev/fd0xxx and /dev/fd1xxx). I have no free CDROM, no HDD, no ZIP or anything else, only two floppies. The questions: is there any civilized way to organize the lrp-system which would boot from one diskette, take some *.lrp from its and others from the second one? It is a standard feature of most LEAF distro: Dachstein, Bering and probably Oxygen all support a dual floppy setup. In fact it is the way I am running Bering on my router. The setup is easy: put the main Bering disk in the floppy that will be the default boot device (fd0), and put all the packages that do not fit on this main floppy on a second floppy, preferably with the same format (1680K formatted floppy in the case of Bering). Then modify the PKGPATH statement in the syslinux.cfg file of your main floppy to replace it by: PKGPATH=/dev/fd01680,/dev/fd1u1680 put in the LRP= list all the packages name you want to load. That is all. The packages will be backep up of the disk they come from unless you want to change that with through the backup menu. Everything can be managed remotly (generally through ssh). Check: leaf.sourceforge.net/devel/jnilo/leaffw04.html#AEN376 Jacques -- Profitez de l'offre spéciale Tiscali Liberty Surf ! 50% de temps en plus pendant 3 mois sur tous les forfaits Internet. http://register.libertysurf.fr/subscribe_fr/signup.php3 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] bering iptables modules included?
I wonder what modules are included in the iptables in bering and what modules can be added to the iptables. All modules provided in the latest iptables program are available in Bering. Since Bering in using the 2.4.18 the patch'o matic stuff is not activated: this kernel already includes those. I also wonder if it is possible to just replace an iptables version Just with a new version with possibly some new modules. In other words would making an iptables.lrp be possible, or is integration with the kernel to big a problem and will you have to recompile the kernel to change something in Whatever has to be put in userland can be compiled separatly an could be package separatly as well. I did not package separatly since iptable is a the core of Bering. The iptable userland stuff is therefore provided in root.lrp The kernel part of netfilter/iptable can only be provided by patching the kernel :-) Jacques -- Profitez de l'offre spéciale Tiscali Liberty Surf ! 50% de temps en plus pendant 3 mois sur tous les forfaits Internet. http://register.libertysurf.fr/subscribe_fr/signup.php3 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Re: Re: Bering with SSH and TinyDNS
Hi Matthew- I have a Win2k server inside my local lan that handles my internal dns and forwarding to bering (dnscache) for external addresses. My resolv.conf is: Nameserver 127.0.0.1 If I had to put tinydns on I could take off weblet and just check the logs manually. I did forget that some have to use ppp/pppoe so that will add more packages. I usually make a copy of this disk without pump, weblet and some modules that I no longer need and add ppp for if, more like when with comcast, the cable goes out. John ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] DachsteinCD security questions
I've just succeeded in setting up my first Linux-based VPN using DachsteinCD. I greatly appreciate the high quality of the Dachstein package and the (passive) help I got from browsing archives of this list. At this point, I have two security-related questions: 1. How can I apply a password to the root login that takes you to lrcfg at bootup? Without password protection, anyone with access to the console could get into the configuration data. 2. If I use telnet to access my remote firewalls only through the VPN, do I create a security problem? Should I use ssh for this instead of vanilla telnet? Thanks for your help, both future and past. Dale Mirenda ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] rdate, udp and Bering
Hi, I noticed that rdate from Bering does not seem to accept the -u switch for time requests using UDP. I suspect many of the RFC868 rdate servers are only accepting UDP requests because under RedHat7.2 I needed the -u switch to get a response for most of the servers tried. It appears that the Bering rdate version is from Busybox and so is there a way to get UDP queries from it? Thanks, Stephen ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Serial question
Glad it's working for you Kory! I'm not positive ( Charles could confirm this) but it seems likely that the Dachsteinn-small kernal was substituted somewhere during the evolution of the Dachstein floppy-disk distro as a space-saving measure. Prior to last week, I haven't tried to use the serial console since originally configuring EigerStein over a year ago. so I can't pinpoint where or when the change occurred. - Original Message - From: Kory Krofft To: HENRY PSENICKA Sent: Tuesday, March 26, 2002 9:01 PM Subject: Re: [Leaf-user] Serial question Thanks Henry, That did it. I had set it up before using the loadable modules. I don't know why I had to do it this way now. Kory HENRY PSENICKA wrote: Kory... I went through the same thing about a week ago. Assuming that you are using the floppy-disk version of Dachstein rather than Dachstein-CD, the problem exists because the Dachstein-small kernel on the floppy doesn't have serial support rolled into it. Download one of the available Dachstein-normal kernels from Charles' web site and that should take care of it. I used WINIMAGE to transfer this to my floppy disk image, then renamed it linux. Also refer to Charles' serial how-to for additional details if you are still stuck. Good Luck! FROM: Kory KrofftDATE: 03/26/2002 15:44:59SUBJECT: [Leaf-user] Serial question I know I am forgetting something but I can't get my new Dachstein install working with the serial port. I decided to replace my beta version with a new DS boot image. Everything works but I can't get my serial port to terminal working. It worked with my old disk but not now. I loaded serial.o in /lib/modules I setup the getty line in /etc/inittab (uncommented and set T0:ttyS0 115200... added ttyS0 to securetty ran insmod serial added serial to the list of modules in /etc/modules Now T0 keeps respawning and will not work. What have I missed? The system is a pentium 200 with two intel eepro100 cards. Is there a way to check the irq assigned to the NICs? Thank you, Kory Krofft ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] DachsteinCD security questions
Dale, At the Dachstein command prompt: firewall#passwd Enter new password: Re-Enter new password: That should take care of that... As far as telnet goes... If you have all telnet ports closed to the outside world and are only using telnet through the VPN tunnel then you shouldn't pose a security risk to any of the machines behind the firewall. Congrats! On the first time set-up! Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dale Mirenda Sent: Wednesday, March 27, 2002 4:05 PM To: [EMAIL PROTECTED] Subject: [Leaf-user] DachsteinCD security questions I've just succeeded in setting up my first Linux-based VPN using DachsteinCD. I greatly appreciate the high quality of the Dachstein package and the (passive) help I got from browsing archives of this list. At this point, I have two security-related questions: 1. How can I apply a password to the root login that takes you to lrcfg at bootup? Without password protection, anyone with access to the console could get into the configuration data. 2. If I use telnet to access my remote firewalls only through the VPN, do I create a security problem? Should I use ssh for this instead of vanilla telnet? Thanks for your help, both future and past. Dale Mirenda ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] two-diskettes system
Jacques Nilo wrote: [snip] That is all. The packages will be backep up of the disk they come from unless you want to change that with through the backup menu. It doesn't work that way on Oxygen 1.8.0, from my experience. All backups want to go to the first floppy drive, which is a pain as the other fellow mentioned. I should try out 1.8.2 to be sure this is still the case, but it's been bugging me a bit too. Regards, Matthew ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Re: Re: Bering with SSH and TinyDNS
John Stauffer wrote: Hi Matthew- I have a Win2k server inside my local lan that handles my internal dns and forwarding to bering (dnscache) for external addresses. Roger that. My resolv.conf is: Nameserver 127.0.0.1 But in this case, the LEAF box, using that nameserver, queries the dnscache for name resolution. Dnscache will not have name/address pairs for your internal lan, and my guess is that when you sit down at the LEAF and type nslookup 192.168.x.y where x and y are replaced with real IP's on your internal LAN that you don't get an instant response. Am I correct? If the lookup does succeed, it probably is coming from your LEAF /etc/hosts. I'm just curious because using tinydns takes care of that, and I faced the same problem recently. Regards, Matthew If I had to put tinydns on I could take off weblet and just check the logs manually. I did forget that some have to use ppp/pppoe so that will add more packages. I usually make a copy of this disk without pump, weblet and some modules that I no longer need and add ppp for if, more like when with comcast, the cable goes out. John ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] rdate, udp and Bering
Stephen Lee wrote: Hi, I noticed that rdate from Bering does not seem to accept the -u switch for time requests using UDP. I suspect many of the RFC868 rdate servers are only accepting UDP requests because under RedHat7.2 I needed the -u switch to get a response for most of the servers tried. It appears that the Bering rdate version is from Busybox and so is there a way to get UDP queries from it? Thanks, Stephen I think tock.usno.navy.mil still accepts rdate queries. You might try there. As far as your UDP question goes, I'm not sure, but people like to use xntpd for setting the time via the internet because it's the standard service for that sort of thing and is well regarded. rdate is old and a part of busybox I think. Regards, Matthew ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Re: Re: Bering with SSH and TinyDNS
Matthew, I do use the hosts file to resolve the names Bering needs to. I'd rather have the space for sshd and other packages I may need. I haven't used tinydns for any of my setups since I started using lrp with ppp in 1999. John -Original Message- From: Matt Schalit [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 27, 2002 8:08 PM To: John Stauffer Cc: [EMAIL PROTECTED] Subject: Re: [Leaf-user] Re: Re: Bering with SSH and TinyDNS John Stauffer wrote: Hi Matthew- I have a Win2k server inside my local lan that handles my internal dns and forwarding to bering (dnscache) for external addresses. Roger that. My resolv.conf is: Nameserver 127.0.0.1 But in this case, the LEAF box, using that nameserver, queries the dnscache for name resolution. Dnscache will not have name/address pairs for your internal lan, and my guess is that when you sit down at the LEAF and type nslookup 192.168.x.y where x and y are replaced with real IP's on your internal LAN that you don't get an instant response. Am I correct? If the lookup does succeed, it probably is coming from your LEAF /etc/hosts. I'm just curious because using tinydns takes care of that, and I faced the same problem recently. Regards, Matthew If I had to put tinydns on I could take off weblet and just check the logs manually. I did forget that some have to use ppp/pppoe so that will add more packages. I usually make a copy of this disk without pump, weblet and some modules that I no longer need and add ppp for if, more like when with comcast, the cable goes out. John ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Disk Difficulties
Jacques et al, I too had difficulty with needing more space than one diskette would handle and making a ton of coasters was painful too. So I went on to try 850mb hard drives and such... But this seemed a bit wasteful, 2mb of data on a 850mb hard drive. I then found some IDE Disk-On-Modules. They're awesome! I originally purchased two Nagasaki 8mb modules ( http://www.nagasaki.com.tw/DOM.htm purchasable here http://www.bwi.com/scripts/site/site_category.php3/id/188 )and put them into my IDE port on the motherboard. At first I didn't know exactly how to get things going on them but it's really simple. Items needed: 1- LRP system (CPU, MEM, MOBO, etc.) 1- Disk On Module ( duh! ) 1- Windows 98 Boot disk ( not a Startup Disk, just a plain old boot disk ) 1- Syslinux Disk w/ syslinux.com ( for DOS ). http://freshmeat.net/redir/syslinux/10177/url_tgz/syslinux-1.67.tar.gz Step 1) Boot using the Win 98 boot disk fdisk format the DOM Step 2) Reboot Step 3) typelock c:Enter at the command prompt Step 4) Insert syslinux disk and typesyslinux this will take a few seconds and then drop you to a command prompt again. Step 5) Insert your working LRP disk 1 and typecopy *.* c: it will begin the copy DO NOT overwrite ldlinux.sys or you're toast. Step 6) Insert disk 2 ( assuming you have two ) and do the same command copy *.* Step 7) Insert disk 1 again and hit reset, we will now boot up to your LRP firewall Step 8) Hit q to exit lrcfg and get to the command prompt in your LRP firewall Step 9) Type mount -t msdos /dev/hda1 /mnt Step 10) Type edit /mnt/syslinux.cfg change any reference to /dev/fd0 or /dev/fd0u1680 to /dev/hda1 Ctrl+q to exit y to save. Step 11) Type umount /mnt Step 12) Hit Reset Your new DOM LRP system should boot in about 14 seconds, or at least mine does and I've got about every package under the sun... Steve ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] ssh in Bering
I need help installing sshd in bering . Site info of lrpkg -i libz,sshd,sshkey doesn't work as far as backing up sshd pkg. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] ssh in Bering
On Wednesday 27 March 2002 19:59, Jim Van Eeckhoutte wrote: I need help installing sshd in bering . Site info of lrpkg -i libz,sshd,sshkey doesn't work as far as backing up sshd pkg. lrpkg -i only loads (installs) the package, you will need to backup the package from the lrcfg backup menu to keep your changes on the disk. You will also need to add it to the syslinux.cfg file in the LRP=.. line. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] ssh in Bering
This the problem im having . I cant back it up I get cant move from tmp dir error. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of guitarlynn Sent: Wednesday, March 27, 2002 7:58 PM To: [EMAIL PROTECTED] Subject: Re: [Leaf-user] ssh in Bering On Wednesday 27 March 2002 19:59, Jim Van Eeckhoutte wrote: I need help installing sshd in bering . Site info of lrpkg -i libz,sshd,sshkey doesn't work as far as backing up sshd pkg. lrpkg -i only loads (installs) the package, you will need to backup the package from the lrcfg backup menu to keep your changes on the disk. You will also need to add it to the syslinux.cfg file in the LRP=.. line. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Re: Re: Bering with SSH and TinyDNS
John Stauffer wrote: Matthew, I do use the hosts file to resolve the names Bering needs to. I'd rather have the space for sshd and other packages I may need. I haven't used tinydns for any of my setups since I started using lrp with ppp in 1999. John Ahaa. Ok that's what I figured was going on. When you connect to your LEAF sshd from your internal LAN, the sshd does a reverse lookup on the client's ip address. Does the sshd login delay for 10's of seconds until it does the lookup from /etc/hosts? Or do you have your LEAF nsswitch.conf set to look at hosts first and dns second? I think it's good to hear how others solve that exact delay issue I solved by setting up tinydns. Matt ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Disk Difficulties
Steve Fink wrote: Jacques et al, [snip] I then found some IDE Disk-On-Modules. They're awesome! I originally purchased two Nagasaki 8mb modules ( http://www.nagasaki.com.tw/DOM.htm purchasable here http://www.bwi.com/scripts/site/site_category.php3/id/188 )and put them into my IDE port on the motherboard. At first I didn't know exactly how to get things going on them but it's really simple. Items needed: 1- LRP system (CPU, MEM, MOBO, etc.) 1- Disk On Module ( duh! ) 1- Windows 98 Boot disk ( not a Startup Disk, just a plain old boot disk ) 1- Syslinux Disk w/ syslinux.com ( for DOS ). http://freshmeat.net/redir/syslinux/10177/url_tgz/syslinux-1.67.tar.gz Step 1) Boot using the Win 98 boot disk fdisk format the DOM [snip] Steve Excellent write up Steve. Thanks for posting it. Have you considered making into a LEAF document and submitting it to the project, maybe as a Bering recipe? Mike Noyes and the rest of us really like it when people write these up. It's very on topic these days, even though the info is similar to the method you'd follow for booting from a hard drive. Does anybody think it's redundant? Thanks again, Matt ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] ssh in Bering
Jim Van Eeckhoutte wrote: This the problem im having . I cant back it up I get cant move from tmp dir error. Please post the exact error message, plus a listing of what's in you /tmp directory, plus explain what I get cant move from tmp dir error means. Good Luck, Matt ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Disk Difficulties
Steve: Thanks for your excellent memo on How-to install Bering on a DOM. In fact I was having in mind a new chapter of the Bering user's guide named Booting Bering from alternative medias (apart from CD-Rom for which a specific work is being prepared Luis C. and some other Bering fellows). May I steal your piece for that purpose ? Jacques ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user