[Leaf-user] dhclient and dnscache
Hi, I recently setup a Dachstein floppy firewall/gateway for someone using ATT cable, (no problems, thanks to the archives). Currently I have (2) remaining questions: 1] The machine being used is a Compaq P133, (and old but really really solid machine), with a built in network card. Without the relase mechanism built into dhclient that is currently included with Dachstein, is there a non-Windows way I can release the dhcp lease? 2] I want to automatically update the external servers that dnscache, (DJB version), quries externally from the dhclient lease information when the client lease is renewed. It is possible that the DNS servers provied by ATT might change, and since I won't be able to monitor this firewall on a regular basis, I'd like dnscache to automatically get this info. There dosen't seem to be any mechanism to do this currently, but perhaps someone can enlighten me. Thanks, Will ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] can't access internal www server
Howdy. I am using Eigerstein2Beta. I have recently tried to add/change a couple of features First, I have a www server running on my internal network. I can only access it from inside my network if I run it on a high port (e.g. 8080), but not port 80. A related problem (I think it's related) is that I can't ssh from one machine to another on my internal network unless I run sshd on a different, higher port. Second, I installed sshd on my lrp machine. When I try to connect to the lrp box (ssh [EMAIL PROTECTED]) I get this message: ssh_exchange_identification: Connection closed by remote host. Any ideas.? Thanks. = - Mr Lauren Commons DISCLAIMER: The opinions expressed ARE in fact those of my employer. __ Do You Yahoo!? Yahoo! Greetings - send holiday greetings for Easter, Passover http://greetings.yahoo.com/ ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] ssh/sftp through dachstein firewall
I set up portforwarding to point ssh to my fileserver, in the hopes that i would be able to secure-ftp into it, but it doesn't seem to like the portforwarding. svi network ipfilter list portfw says that port 22 is pointed to the apropriate internal machine, and i can ssh/sftp into it from the internal network, just not from the external network. i'm using dach. 1.02 floppy... any thoughts? thanks in advance -david ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] dhclient and dnscache
\Will Clements\ wrote: Hi, I recently setup a Dachstein floppy firewall/gateway for 1] The machine being used is a Compaq P133, (and old Don't know. Maybe. 2] I want to automatically update the external servers People have described some sort of exit script that you can cusomize that gets run just before dhclient finishes and exits. It's part of the dhclient package. Check it's files and search the archives for dhclient, exit, and/or exit hooks. I don't run it but thought I'd throw it out there until someone else replies. Good Luck, Matthew Thanks, Will ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] ssh/sftp through dachstein firewall
David Goodrich wrote: I set up portforwarding to point ssh to my fileserver, in the hopes that i would be able to secure-ftp into it, but it doesn't seem to like the portforwarding. svi network ipfilter list portfw says that port 22 is pointed to the apropriate internal machine, and i can ssh/sftp into it from the internal network, just not from the external network. i'm using dach. 1.02 floppy... any thoughts? thanks in advance -david Is your ssh client truely on a the external network? Do you have any relevant messages appear in any one of you syslogs? Have you read the newish Dachstein Port Forwading FAQ? Look for it on the LEAF site. You mentioned that the port was forwarded as listed in the ipfilter output, but is the port open in the first place so that traffic can get in to be forwarded? Good Luck, Matthew ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] ssh/sftp through dachstein firewall
yes. 64.x.x.x -david - Original Message - From: rwtech.com [EMAIL PROTECTED] To: David Goodrich [EMAIL PROTECTED] Sent: Friday, March 29, 2002 4:02 PM Subject: Re: [Leaf-user] ssh/sftp through dachstein firewall do both dachstein boxes have external (real)ips? brett --- David Goodrich [EMAIL PROTECTED] wrote: i did a bit more testing. the first external box i was testing on is also behind a dachstein firewall, but a /different/ dachstein firewall. I ssh'ing into my server from one of the lab computers, and didn't have any problem. is this some weird dachstein-dachstein interaction? -david - Original Message - From: rwtech.com [EMAIL PROTECTED] To: David Goodrich [EMAIL PROTECTED] Sent: Friday, March 29, 2002 3:49 PM Subject: Re: [Leaf-user] ssh/sftp through dachstein firewall that is odd, i can both ssh and stfp into my machine from the outside. i always thought if one works so would the other. sorry, i have nothing helpful at this point. brett --- David Goodrich [EMAIL PROTECTED] wrote: yes, i did. and it turns out i can ssh into it, just not sftp. both ssh and sftp work on the internal network. -david - Original Message - From: rwtech.com [EMAIL PROTECTED] To: David Goodrich [EMAIL PROTECTED] Sent: Friday, March 29, 2002 2:00 PM Subject: Re: [Leaf-user] ssh/sftp through dachstein firewall hi, did you open tcp port 22 on the firewall? --- David Goodrich [EMAIL PROTECTED] wrote: I set up portforwarding to point ssh to my fileserver, in the hopes that i would be able to secure-ftp into it, but it doesn't seem to like the portforwarding. svi network ipfilter list portfw says that port 22 is pointed to the apropriate internal machine, and i can ssh/sftp into it from the internal network, just not from the external network. i'm using dach. 1.02 floppy... any thoughts? thanks in advance -david ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user __ Do You Yahoo!? Yahoo! Greetings - send holiday greetings for Easter, Passover http://greetings.yahoo.com/ __ Do You Yahoo!? Yahoo! Greetings - send holiday greetings for Easter, Passover http://greetings.yahoo.com/ __ Do You Yahoo!? Yahoo! Greetings - send holiday greetings for Easter, Passover http://greetings.yahoo.com/ ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Celeron/Pentium vs Duron/Athlon
Michael E.T. Parker [EMAIL PROTECTED] wrote: Thanks for all the replies to '.. speed and workload'. I have another question. Is there a significant performance penalty when using a Celeron or Duron processor vs an Athlon or Pentium. Not just in speed but in in the ability to process. This is a really broad question. It all depends on what you want to do. I read a performance review on www.tomshardware.com. I don't recall the link but the data is almost a year old. It influenced how I look at hardware now. Tom showed how at around 800 mhz to 1000 mhz all the processors were about the same in the video game arena and office applications. An 800 mhz processor bottle necked at the same point the 1000 mhz did. They choke on graphics through put. His conclusion was to spend your money on the best graphics card you can get and that you only need an 800mhz processor. At these speeds it is really hard to see the difference anymore. For example my 500mhz k62 adm Samba server is fast enough. I have a 300amhz celeron on the shelf that would serve up files equally well. More memory on a file server for caching helps than cpu speed. Tom's Hardware has made other comparisons. He has found Duron and Athlon's out perform Intel chips. I get the picture that the food chain looks like celeron, pentium, duron, athlon...this is a genralization. The other problem when looking at speed is that Intel use this a marketing tool. AMD chips perform better at lower speeds suggesting that the ability to process is held by AMD chips. Closer home to LEAF, I'd worry more about bus speeds. Remember a 486 is good enough for LEAF. But a pentium, etc perform better because the system runs at a 66mhz bus speed. When I got my first 166mhz pentium, I realized that multimedia began to work because the bus speed could support video and sound. Likewise, your through put for network performance will be better on a celeron/pentium/duron/atlon than a 486 because of the improved bus speed. I hope this helps. I shot broad because you had a broad question. If you hang out on http://www.tomshardware.com or similar sites you'll get a feel for these issues. As you read a hardware site you may get a better answer for the specific ideas you are looking for. LOL to me it is all junk anymore. Especially when I purchased a mainboard and 1000mhz processor for $99US several months ago. Greg Morgan ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] ssh firewall
Henning, Brian [EMAIL PROTECTED] wrote: hello- I am using echowall on dachstein LRP. I have a windows 2k pro machine that i can ssh into from the outside. i am also running an http server on my w2k machine. I am port forwarding ssh through my router/firewall. My problem is I am not sure how to tunnel the http to the *outside world*. I am not sure if it is possible. Any thoughts or suggestions? thanks brian Charles gave you the answer to this before, but if you are coming from a windows world it may not make sense. I attached his original post at the end of this message. Here's what I'll presume about you. You are on a windows client at work or somewhere else connecting to your LEAF box. As you described you have a Windows 2000 box with a web page you want to see. There are allot of things to keep straight in ones mind when you start playing with port forwarding and SSH. In short, you are not trying to tunnel the http to the *outside world* but you tell your clients how to tunnel to the service. First off think of your LEAF box as just a patch cord. You have taken a cord and plugged it into a receptacle named 22 available to the rest of the world. The other end of the cord has been plugged into 22 on your W2K box. That's all port forwarding does in LEAF. LEAF is completely out of the picture now. All that is is is a pipe for data to flow over. You have successfully done that as you describe above. Now let's talk about the magic of SSH. SSH is one protocol. It allows a person to setup an encrypted link between two computers. Typically, a telnet like feature is used within the SSH suite to talk to another server and run commands on it. A but there are a few more tricks up SSH's sleeve. SSH allows you to build other pipes within the port 22 pipe. This is normally referred to as tunneling. Within the port 22 pipe you can create multiple tunnels. For example I have both regular SSH and web tunneled to a windows machine. I created these tunnels to try and explain what you'll need to do. If I wanted to ftp through SSH, then you could add this too. Name a protocol and try it. You are really just redirecting a port that the protocol normally uses on your localhost to the desired port on your server. There are several SSH packages for Windows. I'll describe putty. You will need version 0.52. My prior version, 0.51, did not have the features to perform the tasks you're asking for. (And yes I upgraded today to try it out. :) ) A.8.8 How do I pronounce PuTTY? Exactly like the normal word putty. Just like the stuff you put on window frames. (One of the reasons it's called PuTTY is because it makes Windows usable. :-) http://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html Download the executables from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html. You will want plink.exe especially. plink is short for putty link. You will want to setup your private key on the windows client computer that attaches to LEAF. plink.exe takes the SSH part and simplifies building tunnels within the port 22 pipe on a Windows PC. I have a Samba Server on a Linux box that acts like your W2K box. I used a windows PC with putty and plink to connect to it. Here's the command I used where myLEAFipAddress is the address to LEAF performing port forwarding. myuser is the userid on the W2K box. myW2kboxIPorName is the ip or name of your W2k box. You would need to add the name in c:\windows\host file for a server name to work. plink -L 80:myLEAFipAddress:80 myuser@myW2kboxIPorName This establishes the tunnel. I do not have a web server on my windows PC. However, when I use http://localhost/ in the web browser, I see my what my Apache server is providing me. Remember port 80 is the default port used by browsers i.e. http://localhost/ is the same as http://localhost:80/. SSH through plink is creating a tunnel to my local machine or a secure patch cord. plink forwards whatever connects on my local windows box at port 80 to the other server on port 80. You have to just believe this until it makes sense. Also note the localhost is the name for ip address 127.0.0.1. Every networking host has this available to it. Perhaps the -L 80:myLEAFipAddress:80 is confusing because the command is using the same port numbers on both ends of the pipe or tunnel. Let's try this since I am putting off filling out my 1040 tax forms :} plink -L 1040:myLEAFipAddress:80 myuser@myW2kboxIPorName Now use http://localhost:1040/ in the web browser. Once again I see the pages Apache is serving up to me. If you will, plink makes a web server available on your client windows PC. Without plink forwarding the web server over SSH to the windows client, you would receive the typical 404 http error message. Note that SSH is a server process in this configuration. If you need two way communication that is where both ends of the tunnel need to
