Re: [Leaf-user] Local.lrp + Udhcp.lrp??

[jmassey]

Lynn,

One other thing. What makes one Dachstein specific?

Jason Massey




guitarlynn <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
04/12/2002 05:58 PM

 
To: [EMAIL PROTECTED]
cc: 
Subject:Re: [Leaf-user] Local.lrp + Udhcp.lrp??


On Friday 12 April 2002 15:44, Mike Noyes wrote:

> Joey,
> That link is incorrect. Lynn moved his files into cvs per my request.
> Other developers will begin this process shortly.
>
> http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/devel/guitarlynn/
>
> Ewald has a udhcpd.lrp version too. see
> http://leaf.sourceforge.net/pub/packages-list.txt

You can access my Dachstein-based 1680K floppy image from my
devel page at:

http://leaf.sourceforge.net/devel/guitarlynn

I link the latest cvs version from there. The complete udhcp.lrp package
is there too, one is Dachstein-specific and another is generic LEAF.
Most of the NIC modules and local.lrp have been stripped from the 
floppy image for space constraints, so you may need to download
specific NIC modules for your card(s) from the link to Charles' site
on the page.

Ewald's udhcp package does not include both the client and server
last I checked, so I may have the only complete version available 
for now.

local.lrp is for future use with user-space applications and is not 
currently used. A few people do use it to back up the /root directory
instead of backing up the root.lrp package for a couple of things like
ssh keys and the like... these are user mods that are not built in to 
any packages at this time.

I hope this helps!
-- 

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user




___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Local.lrp + Udhcp.lrp??

[jmassey]

Lynn,

Yes it does help! 
I see that I have the udhcpd.lrp version WITHOUT the client. ARGHG!!!
So tired. Must sleep. :-)

Anyway, thank you very much for the info. Which version has both? The 
linking on cvs is a little confusing.

Thanks again,

Jason Massey

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] long delayed ssh messages

[Greg Morgan]

I have one other _speculation_ based on all the other urls explaining
what "Network Error:...".  The reason the University could "get a
message" through your firewall is that your session did not or the
server did not cleanly disconnect you the other night.  Finally either
the sys admin or the sshd daemon on the University computer disconnected
you.  Hence the "Network Error: Connection Reset By Peer".

Greg

Mike Sussman wrote:
> 
> Thanks, Greg, for the comments, but I still wonder how the University's
> computer managed to get a message to my computer through my
> Dachstein firewall.  (My original ssh session worked fine.  It was only
> 18 hours later that I got the "Connection reset by peer" message.)
> If the University can get to my computer, who else can?  And how
> do I stop it?
> 
> On Friday 12 April 2002 08:56 pm, you wrote:
> > ummm...a little more research points to a problem on the university
> > site.
> > http://support.pinehurst.net/netscape/network_error.html
> > "Why do I get "Network Error: Connection Reset By Peer?"
> > ---
> >-
> >
> >
> > Question:
> > When I try to download something from a particular site, I receive a
> > message that the connection was reset by peer. How do I resolve this?
> >
> > Answer:
> >
> > A connection reset by peer message means that the site you are connected
> > to has reset the connection. This is usually caused by a high amount of
> > traffic on the site, but may be caused by a server error as well. You
> > will need to contact the site administrator or webmaster and inform them
> > of this error message if it persists.
> >
> > Usually waiting a short amount of time and trying to access that site
> > again is all it takes to get through to it.
> >
> > Greg Morgan wrote:
> > > Mike Sussman <[EMAIL PROTECTED]> wrote:
> > > 
> > >
> > > > I have observed a strange message and I hope one of you can shed some
> > > > light on it.
> > > >
> > > > Last night I logged into my university shell account using ssh.  I did
> > > > some work and logged out.  This afternoon (maybe 18 hours later) I
> > > > received the following message:
> > > >   "Read from remote host euler.math.pitt.edu: Connection reset by peer"
> > > > The message appears to be saying that euler.math.pitt.edu sent me a
> > > > message this afternoon and that my computer recognized it as related to
> > > > last night's ssh session.  If that interpretation is true, HOW DID THE
> > > > MESSAGE GET THROUGH THE DACHSTEIN FIREWALL?  I have no ports opened.
> > >
> > > Sometimes *nix systems keep track of your last logon and report it back
> > > to you but this may not be the case here.
> > >
> > > Second I think this is the university's ssh daemon talking to you and
> > > nothing is coming through your firwall.  I think your connection worked
> > > 18 hours ago and now you are having problems.
> > >
> > > I searched google and came across this message.  It hints that you may
> > > have a configuration problem, or the University may be having a
> > > problem.  The url is here and a copy of the message. I'd replace putty
> > > with your ssh client and Redhat with the university's ssh server when
> > > you read the message.
> > > http://www.tek-tips.com/gviewthread.cfm/lev2/3/lev3/20/pid/54/qid/197750
> > >
> > > "dpjc (Visitor) Mar 8, 2002
> > > I tried to  use PuTTY to make a ssh connection to a redhat 7.2 server
> > > running sshd daemon.( by installing openssh-server2.9p2). But instead of
> > > getting connected,it keep give me this error: "Network error: connection
> > > reset by peer"
> > >
> > > I have been looking for the solution for almost a day through numerous
> > > sites without still can't find the solution.
> > >
> > > Is anybody out there can help?
> > >
> > > ifincham (IS/IT--Manageme) Mar 8, 2002
> > > Hi,
> > >
> > > First suspect would be the RH 7.2 firewall. Did you allow port 22 (ssh)
> > > through ? Unless you know you disabled that or configured it already
> > > then 'lokkit' is often one of the reasons people can't connect to a
> > > RH7.x machine out of the box. You can admin lokkit  via :
> > >
> > > # /usr/sbin/lokkit
> > >
> > > ... simplest is to set you lan interface as trusted. Then restart the
> > > network :
> > >
> > > # /etc/rc.d/init.d/network restart
> > >
> > > Otherwise, see the openssh chapter of the RH Customisation guide -->
> > > http://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/custom-guide/open
> > >ssh.html
> > >
> > > When you have the basics working see also -->
> > > http://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/ref-guide/s1-ssh-
> > >requiring.html
> > >
> > > Hope this helps
> > >
> > >
> > > aixmurderer (IS/IT--Manageme) Mar 8, 2002
> > > For a client I have taken to SecureNetterm as my preferred ssh client,
> > > found it pretty robust with lots of extras built-in. One nice feature is
> > > the ability to generate private and public keys, doing away with the
> 

Re: [Leaf-user] Packages (.lrp) list updated

[Mike Noyes]

On Fri, 2002-04-12 at 19:40, Victor McAllister wrote:
> > > I've added a slightly easier to read HTML version, with links to the package
> > > files, available here:
> > > http://leaf.sourceforge.net/pub/packages-list.html
> 
> The table loads and displays with ie but not Netscape 4.79.  Mozilla 1.0 will be
> out shortly - maybe that will display it.

Everyone,
Thanks for letting me know there was a problem with the html version. I
tided it up, and it now validates as xhtml 1.0 strict. Let me know if
you see any other problems.


-- 
Mike Noyes <[EMAIL PROTECTED]>
http://sourceforge.net/users/mhnoyes/
http://leaf-project.org/


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Changes for new Dachstein release

[Greg Morgan]

Mike Noyes assured me that my message would not bounce.  So I am
including the whole checkdisk weblet script.  

I added one more thing to search for and that is floppy drives. 
Ideally, I don't think you'd want to leave your media mounted. (crack
could be run on the shadow password file because the msdos packages are
mounted world readable.  Yeah Yeah, if your firewall is compromised.) In
a normal start of DCD your floppy(s) or CD-ROM media are not left
mounted. That's why I thought it was relevant to only search for
/dev/ram* at first.  However, the web page message of checkdisk sounds
like its talking about checking your floppies for room to back up
packages.  If you have a floppy that meets the weblet error message
criteria, then the web page will display an error.  The check of
floppies may be useful then.

This solution still seems lame because it doesn't take care of all the
other media types.  However, the solution probably takes care of most of
the problems.

Test with a floppy at 98% full and cdrom mounted:

Fri Apr 12 19:59:55 UTC 2002

myrouter Disk Status: error 



Details:

Filesystem   1k-blocks  Used Available Use% Mounted on
/dev/ram012155  3367  8788  28% /
/dev/ram1 404944  4005   1% /var/log
/dev/hda 19368 19368 0 100% /mnt/cdrom
/dev/fd0  1424  140222  98% /mnt/floppy

Test with a floppy that has more available space mounted:

Fri Apr 12 20:19:22 UTC 2002

myrouter Disk Status: ok 



Details:

Filesystem   1k-blocks  Used Available Use% Mounted on
/dev/ram012155  3368  8787  28% /
/dev/ram1 404944  4005   1% /var/log
/dev/hda 19368 19368 0 100% /mnt/cdrom
/dev/fd0  1424   805   619  57% /mnt/floppy

Test with /dev/ram1 at 100 percent capacity:

Fri Apr 12 20:24:38 UTC 2002

myrouter Disk Status: error 



Details:

Filesystem   1k-blocks  Used Available Use% Mounted on
/dev/ram012155  3368  8787  28% /
/dev/ram1 4049  4049 0 100% /var/log
/dev/hda 19368 19368 0 100% /mnt/cdrom
/dev/fd0  1424   805   619  57% /mnt/floppy

The new code with a few more comments:

#!/bin/sh

. /etc/weblet.conf

func=$1

setwarn() {
case $level in
warn|error) 
;;
*)
level=warn
bkg='BGCOLOR="#33"'
;;
esac
}

seterror() {
level=error
bkg='BGCOLOR="#ff"'
}

OIFS=$IFS
IFS='
'
level=ok
bkg='BGCOLOR="#33ff33"'

for line in `df | grep /dev/` ; do
   # Look at the greped line returned from df.
   # Error reporting is only concerned about shortage of space 
   # on both floppy drives and ram drives.
   # All other mounted media is presumed to be some sort of
   # readonly boot media.  The default case statement, *) 
   # will ignore readonly media especially cdroms.
   case $line in
 # Search for /dev/fd* and /dev/ram* lines to calculate
 # drive capacity ratios.
   *fd*|*ram*)
IFS=$OIFS
set -- $line

DEV=${1#/dev/}

used=${5%\%}
used=${used:-100}

free=${4:-0}
pcnt=$(( ${free} * 100 / ${2:-1} ))

eval WRN_PCNT=\$WRN_DISK_${DEV}_PCNT
eval WRN_K=\$WRN_DISK_${DEV}_K
eval ERR_PCNT=\$ERR_DISK_${DEV}_PCNT
eval ERR_K=\$ERR_DISK_${DEV}_K

WRN_PCNT=${WRN_PCNT:-$WRN_DISK_PCNT}
WRN_K=${WRN_K:-$WRN_DISK_K}
ERR_PCNT=${ERR_PCNT:-$ERR_DISK_PCNT}
ERR_K=${ERR_K:-$ERR_DISK_K}

[ "$pcnt" -le "${WRN_PCNT}" ] && setwarn
[ "$free" -le "${WRN_K}" ] && setwarn
[ "$pcnt" -le "${ERR_PCNT}" ] && seterror
[ "$free" -le "${ERR_K}" ] && seterror
;;
   *) 
continue
;;
   esac
done

case $func in
verbose)
cat <<- /HTML-DATA
Content-type: text/html

${0##*/}
$(cat cgi.include)

b_head();
t_head("Firewall Status");

$(date)
$(hostname) Disk Status:
${level}
NOTE: If you have less than about 750K free disk
space, you need to be very careful backing up large packages,
like root.  You could run out of disk space and corrupt your
LRP disk image, making it unusable. It is always a good idea
to verify the current and new package sizes before writing
the new package to the disk.
Details:
$(df)

t_foot();
b_foot();

/HTML-DATA
;;
img)
case $level in
ok|warn|error) 
echo "Content-type: image/gif"
echo "Expires: Thu,  7 Mar 1968 00:00:00 GMT"
echo ""
cat "../images/${level}.gif"
;;
*) 

Re: [Leaf-user] Packages (.lrp) list updated

[Mike Noyes]

On Fri, 2002-04-12 at 18:51, Larry Platzek wrote:
> Mike I think the list is good, but how about these
> http://leaf.sourceforge.net/devel/jnilo/bering/packages/

Larry,
All of our leaf/ directory tree on the SF shell server was searched for
packages. The Bering packages are included.

> The html version loads into my browser and I can look at the source but
> the main browser shows nothing on the screen. I am use Netscape 4.05,
> And it does look good with lynx.

Charles did the html version. I created the text version with his help.
This is only a stopgap measure until I commit all of our packages to
cvs.

-- 
Mike Noyes <[EMAIL PROTECTED]>
http://sourceforge.net/users/mhnoyes/
http://leaf-project.org/


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Packages (.lrp) list updated

[Victor McAllister]

> > I've added a slightly easier to read HTML version, with links to the package
> > files, available here:
> > http://leaf.sourceforge.net/pub/packages-list.html
>
>

The table loads and displays with ie but not Netscape 4.79.  Mozilla 1.0 will be
out shortly - maybe that will display it.



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Packages (.lrp) list updated

[Larry Platzek]

Mike I think the list is good, but how about these
http://leaf.sourceforge.net/devel/jnilo/bering/packages/

The html version loads into my browser and I can look at the source but
the main browser shows nothing on the screen. I am use Netscape 4.05,
And it does look good with lynx.

Larry Platzek  [EMAIL PROTECTED]


On 12 Apr 2002, Mike Noyes wrote:

> Date: 12 Apr 2002 16:39:51 -0700
> From: Mike Noyes <[EMAIL PROTECTED]>
> To: leaf-user <[EMAIL PROTECTED]>
> Subject: Re: [Leaf-user] Packages (.lrp) list updated
>
> On Fri, 2002-04-12 at 14:30, Charles Steinkuehler wrote:
> > > I just updated our packages list, with help from Charles. I hope this
> > > helps people find our packages easier.
> > > http://leaf.sourceforge.net/pub/packages-list.txt
> >
> > I've added a slightly easier to read HTML version, with links to the package
> > files, available here:
> > http://leaf.sourceforge.net/pub/packages-list.html
>
> Charles,
> Great job. :-)
> It looks much better than the text version.
>
> > Mike:  You can use the mkpkghtml script in the pub directory to re-create
> > this list if it winds up taking longer than expected to migrate all packages
> > to CVS.
>
> I hope I can get all of our pacakges in cvs by next weekend. This is all
> I'm going to work on until I complete it. It's nice to have a fall back
> position though. Thanks.
>
> --
> Mike Noyes <[EMAIL PROTECTED]>
> http://sourceforge.net/users/mhnoyes/
> http://leaf-project.org/
>
>
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
>


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] long delayed ssh messages

[Mike Sussman]

Thanks, Greg, for the comments, but I still wonder how the University's
computer managed to get a message to my computer through my
Dachstein firewall.  (My original ssh session worked fine.  It was only
18 hours later that I got the "Connection reset by peer" message.)
If the University can get to my computer, who else can?  And how
do I stop it? 

On Friday 12 April 2002 08:56 pm, you wrote:
> ummm...a little more research points to a problem on the university
> site.
> http://support.pinehurst.net/netscape/network_error.html
> "Why do I get "Network Error: Connection Reset By Peer?"
> ---
>-
>
>
> Question:
> When I try to download something from a particular site, I receive a
> message that the connection was reset by peer. How do I resolve this?
>
> Answer:
>
> A connection reset by peer message means that the site you are connected
> to has reset the connection. This is usually caused by a high amount of
> traffic on the site, but may be caused by a server error as well. You
> will need to contact the site administrator or webmaster and inform them
> of this error message if it persists.
>
> Usually waiting a short amount of time and trying to access that site
> again is all it takes to get through to it.
>
> Greg Morgan wrote:
> > Mike Sussman <[EMAIL PROTECTED]> wrote:
> > 
> >
> > > I have observed a strange message and I hope one of you can shed some
> > > light on it.
> > >
> > > Last night I logged into my university shell account using ssh.  I did
> > > some work and logged out.  This afternoon (maybe 18 hours later) I
> > > received the following message:
> > >   "Read from remote host euler.math.pitt.edu: Connection reset by peer"
> > > The message appears to be saying that euler.math.pitt.edu sent me a
> > > message this afternoon and that my computer recognized it as related to
> > > last night's ssh session.  If that interpretation is true, HOW DID THE
> > > MESSAGE GET THROUGH THE DACHSTEIN FIREWALL?  I have no ports opened.
> >
> > Sometimes *nix systems keep track of your last logon and report it back
> > to you but this may not be the case here.
> >
> > Second I think this is the university's ssh daemon talking to you and
> > nothing is coming through your firwall.  I think your connection worked
> > 18 hours ago and now you are having problems.
> >
> > I searched google and came across this message.  It hints that you may
> > have a configuration problem, or the University may be having a
> > problem.  The url is here and a copy of the message. I'd replace putty
> > with your ssh client and Redhat with the university's ssh server when
> > you read the message.
> > http://www.tek-tips.com/gviewthread.cfm/lev2/3/lev3/20/pid/54/qid/197750
> >
> > "dpjc (Visitor) Mar 8, 2002
> > I tried to  use PuTTY to make a ssh connection to a redhat 7.2 server
> > running sshd daemon.( by installing openssh-server2.9p2). But instead of
> > getting connected,it keep give me this error: "Network error: connection
> > reset by peer"
> >
> > I have been looking for the solution for almost a day through numerous
> > sites without still can't find the solution.
> >
> > Is anybody out there can help?
> >
> > ifincham (IS/IT--Manageme) Mar 8, 2002
> > Hi,
> >
> > First suspect would be the RH 7.2 firewall. Did you allow port 22 (ssh)
> > through ? Unless you know you disabled that or configured it already
> > then 'lokkit' is often one of the reasons people can't connect to a
> > RH7.x machine out of the box. You can admin lokkit  via :
> >
> > # /usr/sbin/lokkit
> >
> > ... simplest is to set you lan interface as trusted. Then restart the
> > network :
> >
> > # /etc/rc.d/init.d/network restart
> >
> > Otherwise, see the openssh chapter of the RH Customisation guide -->
> > http://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/custom-guide/open
> >ssh.html
> >
> > When you have the basics working see also -->
> > http://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/ref-guide/s1-ssh-
> >requiring.html
> >
> > Hope this helps
> >
> >
> > aixmurderer (IS/IT--Manageme) Mar 8, 2002
> > For a client I have taken to SecureNetterm as my preferred ssh client,
> > found it pretty robust with lots of extras built-in. One nice feature is
> > the ability to generate private and public keys, doing away with the
> > need for passphrase authentication when connecting.
> >
> > As for setting up SSH (openSSH) on a mix of Sun, AIX and Linux, the info
> > out there was pretty sparse. I ended up buying the O-Reilly SSH book, a
> > bit pricy, but excellent.
> >
> > The "connection reset by peer" may be that your sshd daemon isn't
> > running, do a ps -ef|grep sshd and see if it's up. But then it may be a
> > firewall/router issue as well as ifincham said.
> > IBM Certified Specialist - MQSeries
> >
> >
> > dpjc (Visitor) Mar 10, 2002
> > Thanks guys. It is the firewall setting which blocks the SSH port. Now
> > it works. Thanks, ifincham & aixmurde

Re: [Leaf-user] long delayed ssh messages

[Greg Morgan]

ummm...a little more research points to a problem on the university
site.
http://support.pinehurst.net/netscape/network_error.html
"Why do I get "Network Error: Connection Reset By Peer?"

 

Question: 
When I try to download something from a particular site, I receive a
message that the connection was reset by peer. How do I resolve this? 

Answer: 

A connection reset by peer message means that the site you are connected
to has reset the connection. This is usually caused by a high amount of
traffic on the site, but may be caused by a server error as well. You
will need to contact the site administrator or webmaster and inform them
of this error message if it persists. 

Usually waiting a short amount of time and trying to access that site
again is all it takes to get through to it.  

 


Greg Morgan wrote:
> 
> Mike Sussman <[EMAIL PROTECTED]> wrote:
> 
> > I have observed a strange message and I hope one of you can shed some
> > light on it.
> >
> > Last night I logged into my university shell account using ssh.  I did some
> > work and logged out.  This afternoon (maybe 18 hours later) I received the
> > following message:
> >   "Read from remote host euler.math.pitt.edu: Connection reset by peer"
> > The message appears to be saying that euler.math.pitt.edu sent me a
> > message this afternoon and that my computer recognized it as related to
> > last night's ssh session.  If that interpretation is true, HOW DID THE MESSAGE
> > GET THROUGH THE DACHSTEIN FIREWALL?  I have no ports opened.
> 
> Sometimes *nix systems keep track of your last logon and report it back
> to you but this may not be the case here.
> 
> Second I think this is the university's ssh daemon talking to you and
> nothing is coming through your firwall.  I think your connection worked
> 18 hours ago and now you are having problems.
> 
> I searched google and came across this message.  It hints that you may
> have a configuration problem, or the University may be having a
> problem.  The url is here and a copy of the message. I'd replace putty
> with your ssh client and Redhat with the university's ssh server when
> you read the message.
> http://www.tek-tips.com/gviewthread.cfm/lev2/3/lev3/20/pid/54/qid/197750
> 
> "dpjc (Visitor) Mar 8, 2002
> I tried to  use PuTTY to make a ssh connection to a redhat 7.2 server
> running sshd daemon.( by installing openssh-server2.9p2). But instead of
> getting connected,it keep give me this error: "Network error: connection
> reset by peer"
> 
> I have been looking for the solution for almost a day through numerous
> sites without still can't find the solution.
> 
> Is anybody out there can help?
> 
> ifincham (IS/IT--Manageme) Mar 8, 2002
> Hi,
> 
> First suspect would be the RH 7.2 firewall. Did you allow port 22 (ssh)
> through ? Unless you know you disabled that or configured it already
> then 'lokkit' is often one of the reasons people can't connect to a
> RH7.x machine out of the box. You can admin lokkit  via :
> 
> # /usr/sbin/lokkit
> 
> ... simplest is to set you lan interface as trusted. Then restart the
> network :
> 
> # /etc/rc.d/init.d/network restart
> 
> Otherwise, see the openssh chapter of the RH Customisation guide -->
> http://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/custom-guide/openssh.html
> 
> When you have the basics working see also -->
> 
>http://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/ref-guide/s1-ssh-requiring.html
> 
> Hope this helps
> 
> 
> aixmurderer (IS/IT--Manageme) Mar 8, 2002
> For a client I have taken to SecureNetterm as my preferred ssh client,
> found it pretty robust with lots of extras built-in. One nice feature is
> the ability to generate private and public keys, doing away with the
> need for passphrase authentication when connecting.
> 
> As for setting up SSH (openSSH) on a mix of Sun, AIX and Linux, the info
> out there was pretty sparse. I ended up buying the O-Reilly SSH book, a
> bit pricy, but excellent.
> 
> The "connection reset by peer" may be that your sshd daemon isn't
> running, do a ps -ef|grep sshd and see if it's up. But then it may be a
> firewall/router issue as well as ifincham said.
> IBM Certified Specialist - MQSeries
> 
> 
> dpjc (Visitor) Mar 10, 2002
> Thanks guys. It is the firewall setting which blocks the SSH port. Now
> it works. Thanks, ifincham & aixmurderer.
> 
> 
> > I have set ssh on the firewall to listen only to the internal net. I have no
> > kernel modules to pass packets. I have no services (except the
> > internal ssh) running on the firewall.
> >
> > I must be misinterpreting something.  Please educate me.
> > --
> >Mike Sussman
> >[EMAIL PROTECTED]
> 
> I hope this helps,
> Greg Morgan

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] long delayed ssh messages

[Greg Morgan]

Mike Sussman <[EMAIL PROTECTED]> wrote:

> I have observed a strange message and I hope one of you can shed some
> light on it.
> 
> Last night I logged into my university shell account using ssh.  I did some
> work and logged out.  This afternoon (maybe 18 hours later) I received the
> following message:
>   "Read from remote host euler.math.pitt.edu: Connection reset by peer"
> The message appears to be saying that euler.math.pitt.edu sent me a
> message this afternoon and that my computer recognized it as related to
> last night's ssh session.  If that interpretation is true, HOW DID THE MESSAGE
> GET THROUGH THE DACHSTEIN FIREWALL?  I have no ports opened.

Sometimes *nix systems keep track of your last logon and report it back
to you but this may not be the case here.

Second I think this is the university's ssh daemon talking to you and
nothing is coming through your firwall.  I think your connection worked
18 hours ago and now you are having problems.

I searched google and came across this message.  It hints that you may
have a configuration problem, or the University may be having a
problem.  The url is here and a copy of the message. I'd replace putty
with your ssh client and Redhat with the university's ssh server when
you read the message.
http://www.tek-tips.com/gviewthread.cfm/lev2/3/lev3/20/pid/54/qid/197750


"dpjc (Visitor) Mar 8, 2002 
I tried to  use PuTTY to make a ssh connection to a redhat 7.2 server
running sshd daemon.( by installing openssh-server2.9p2). But instead of
getting connected,it keep give me this error: "Network error: connection
reset by peer"

I have been looking for the solution for almost a day through numerous
sites without still can't find the solution.

Is anybody out there can help? 
 
ifincham (IS/IT--Manageme) Mar 8, 2002 
Hi,

First suspect would be the RH 7.2 firewall. Did you allow port 22 (ssh)
through ? Unless you know you disabled that or configured it already
then 'lokkit' is often one of the reasons people can't connect to a
RH7.x machine out of the box. You can admin lokkit  via :

# /usr/sbin/lokkit

... simplest is to set you lan interface as trusted. Then restart the
network :

# /etc/rc.d/init.d/network restart

Otherwise, see the openssh chapter of the RH Customisation guide --> 
http://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/custom-guide/openssh.html

When you have the basics working see also -->
http://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/ref-guide/s1-ssh-requiring.html

Hope this helps

 
aixmurderer (IS/IT--Manageme) Mar 8, 2002 
For a client I have taken to SecureNetterm as my preferred ssh client,
found it pretty robust with lots of extras built-in. One nice feature is
the ability to generate private and public keys, doing away with the
need for passphrase authentication when connecting.

As for setting up SSH (openSSH) on a mix of Sun, AIX and Linux, the info
out there was pretty sparse. I ended up buying the O-Reilly SSH book, a
bit pricy, but excellent.

The "connection reset by peer" may be that your sshd daemon isn't
running, do a ps -ef|grep sshd and see if it's up. But then it may be a
firewall/router issue as well as ifincham said. 
IBM Certified Specialist - MQSeries
 
 
dpjc (Visitor) Mar 10, 2002 
Thanks guys. It is the firewall setting which blocks the SSH port. Now
it works. Thanks, ifincham & aixmurderer. 
 

> I have set ssh on the firewall to listen only to the internal net. I have no
> kernel modules to pass packets. I have no services (except the
> internal ssh) running on the firewall.
> 
> I must be misinterpreting something.  Please educate me.
> --
>Mike Sussman
>[EMAIL PROTECTED]

I hope this helps,
Greg Morgan

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Packages (.lrp) list updated

[Mike Noyes]

On Fri, 2002-04-12 at 14:30, Charles Steinkuehler wrote:
> > I just updated our packages list, with help from Charles. I hope this
> > helps people find our packages easier.
> > http://leaf.sourceforge.net/pub/packages-list.txt
> 
> I've added a slightly easier to read HTML version, with links to the package
> files, available here:
> http://leaf.sourceforge.net/pub/packages-list.html

Charles,
Great job. :-)
It looks much better than the text version.

> Mike:  You can use the mkpkghtml script in the pub directory to re-create
> this list if it winds up taking longer than expected to migrate all packages
> to CVS.

I hope I can get all of our pacakges in cvs by next weekend. This is all
I'm going to work on until I complete it. It's nice to have a fall back
position though. Thanks.

-- 
Mike Noyes <[EMAIL PROTECTED]>
http://sourceforge.net/users/mhnoyes/
http://leaf-project.org/


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] DUCKLING 1.0

[guitarlynn]

On Friday 12 April 2002 12:51, Charles Steinkuehler wrote:
> > Could you give me the web address to find that image? I looked
> > under contributed images but no go.
>
> http://leaf.sourceforge.net/devel/guitarlynn/
>

The image is still in testing (appears stable), but I still need to
do a couple of tweaks before releasing it. I opened the tcp port
for proto 500 which isn't needed (udp is) and I need to finish
adding virtual-interface code to the udhcpd script. I'm finishing
a IPSec HowTo to release around the same time as well.

This floppy image is basically an upgrade for DUCKLING, 
Mr. Napier had said he really didn't have time to do it at 
the time. Everything except the Udhcp package (client
and server combined) has come from Charles' packages/
images, so his documentation applies equally with my
image.

I hope this helps!
-- 

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Local.lrp + Udhcp.lrp??

[guitarlynn]

On Friday 12 April 2002 15:44, Mike Noyes wrote:

> Joey,
> That link is incorrect. Lynn moved his files into cvs per my request.
> Other developers will begin this process shortly.
>
> http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/devel/guitarlynn/
>
> Ewald has a udhcpd.lrp version too. see
> http://leaf.sourceforge.net/pub/packages-list.txt

You can access my Dachstein-based 1680K floppy image from my
devel page at:

http://leaf.sourceforge.net/devel/guitarlynn

I link the latest cvs version from there. The complete udhcp.lrp package
is there too, one is Dachstein-specific and another is generic LEAF.
Most of the NIC modules and local.lrp have been stripped from the 
floppy image for space constraints, so you may need to download
specific NIC modules for your card(s) from the link to Charles' site
on the page.

Ewald's udhcp package does not include both the client and server
last I checked, so I may have the only complete version available 
for now.

local.lrp is for future use with user-space applications and is not 
currently used. A few people do use it to back up the /root directory
instead of backing up the root.lrp package for a couple of things like
ssh keys and the like... these are user mods that are not built in to 
any packages at this time.

I hope this helps!
-- 

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Packages (.lrp) list updated

[Charles Steinkuehler]

> I just updated our packages list, with help from Charles. I hope this
> helps people find our packages easier.
> http://leaf.sourceforge.net/pub/packages-list.txt

I've added a slightly easier to read HTML version, with links to the package
files, available here:
http://leaf.sourceforge.net/pub/packages-list.html

Mike:  You can use the mkpkghtml script in the pub directory to re-create
this list if it winds up taking longer than expected to migrate all packages
to CVS.

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] dachstein serial kernel

[Joey Officer]

Hmm... you might try downloading the file again.. I know that when I did it
before.. that's all I did.. also if you have a linux machine that you could
do this from, and try it again...

Joey


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 12, 2002 3:14 PM
To: [EMAIL PROTECTED]
Cc: David Goodrich; [EMAIL PROTECTED]
Subject: Re: [Leaf-user] dachstein serial kernel

Joey Officer wrote:
>
> First you'll need to rename the .upx file to just plain ;linux; .. no
> extensions.
>

I did that.  That is why I did not understand why it did not
work.

Regards,
Frank Kamp


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] Local.lrp + Udhcp.lrp??

[Mike Noyes]

On Fri, 2002-04-12 at 13:09, Joey Officer wrote:
> My mistake .. the udhcp.lrp file can be found here
> 
> http://leaf.sourceforge.net/devel/guitarlynn/images/udhcp.lrp

Joey,
That link is incorrect. Lynn moved his files into cvs per my request.
Other developers will begin this process shortly.

http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/devel/guitarlynn/

Ewald has a udhcpd.lrp version too. see
http://leaf.sourceforge.net/pub/packages-list.txt

-- 
Mike Noyes <[EMAIL PROTECTED]>
http://sourceforge.net/users/mhnoyes/
http://leaf-project.org/


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] dachstein serial kernel

[fkamp]

Joey Officer wrote:
> 
> First you'll need to rename the .upx file to just plain ;linux; .. no
> extensions.
> 

I did that.  That is why I did not understand why it did not
work.

Regards,
Frank Kamp

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] Local.lrp + Udhcp.lrp??

[Joey Officer]

My mistake .. the udhcp.lrp file can be found here

http://leaf.sourceforge.net/devel/guitarlynn/images/udhcp.lrp

as for the local.lrp file..  on the for the
dachstein-cd

local.lrp
  everything in /usr/local (currently just directory placeholders)


so .. you might be able to remove the local.lrp .. but I wouldn't remove it
just for the sake of sanity within the lrp system.

Joey


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 12, 2002 2:28 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: [Leaf-user] Local.lrp + Udhcp.lrp??

Joey,

I did not mean to imply one was related to the other. I just found the two
questions at the same time.

1 - What does local.lrp do?

2 - Where can I find udhcp.lrp

Two different questions. Sorry if I was not clear.
I will also look more for udhcp on the list.

Thanks,

Jason Massey




"Joey Officer" <[EMAIL PROTECTED]>
04/12/2002 03:26 PM
Please respond to jofficer


To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
cc:
Subject:RE: [Leaf-user] Local.lrp + Udhcp.lrp??


Actually I think you may have been misinformed.  The udhcp.lrp file
replaces
the dhcpd.lrp and the dhcpclient.lrp files.  It has nothing to do with the
local.lrp file.  The udhcp.lrp package is a single and small package to
replace the dhcpd.lrp and the dhcpclient.lrp files.  It works quite well.
Especially when space is a factor.  There are a few messages pertaining to
this that date back a month or two.  If you have any questions regarding
this particularly, you may ask this list.. I'm sure it will be met with
many
answers...

Joey


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, April 12, 2002 1:59 PM
To: [EMAIL PROTECTED]
Subject: [Leaf-user] Local.lrp + Udhcp.lrp??

Hello,

I found the VPN Floppy Image of Dachstein. It mentions deleting local.lrp
and substituting udhcp for the dhclient anddhcpd.

First what is the ramifications of removing local.lrp - according to LRP
it is just a skeleton.
Second where can one fine this udhcp.lrp?

Thanks,

Jason Massey


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user




___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] long delayed ssh messages

[Mike Sussman]

First, I would like to thank you developers for the excellent job you have
done on Leaf.  I am using Dachstein as a router and firewall on my cable
connection and have had nothing but good ffom it.

I have observed a strange message and I hope one of you can shed some
light on it.

Last night I logged into my university shell account using ssh.  I did some 
work and logged out.  This afternoon (maybe 18 hours later) I received the
following message:
  "Read from remote host euler.math.pitt.edu: Connection reset by peer"
The message appears to be saying that euler.math.pitt.edu sent me a
message this afternoon and that my computer recognized it as related to
last night's ssh session.  If that interpretation is true, HOW DID THE MESSAGE
GET THROUGH THE DACHSTEIN FIREWALL?  I have no ports opened.
I have set ssh on the firewall to listen only to the internal net. I have no
kernel modules to pass packets. I have no services (except the
internal ssh) running on the firewall.

I must be misinterpreting something.  Please educate me.
-- 
   Mike Sussman
   [EMAIL PROTECTED]

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] Local.lrp + Udhcp.lrp??

[jmassey]

Joey,

I did not mean to imply one was related to the other. I just found the two 
questions at the same time.

1 - What does local.lrp do?

2 - Where can I find udhcp.lrp

Two different questions. Sorry if I was not clear.
I will also look more for udhcp on the list.

Thanks,

Jason Massey




"Joey Officer" <[EMAIL PROTECTED]>
04/12/2002 03:26 PM
Please respond to jofficer

 
To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
cc: 
Subject:RE: [Leaf-user] Local.lrp + Udhcp.lrp??


Actually I think you may have been misinformed.  The udhcp.lrp file 
replaces
the dhcpd.lrp and the dhcpclient.lrp files.  It has nothing to do with the
local.lrp file.  The udhcp.lrp package is a single and small package to
replace the dhcpd.lrp and the dhcpclient.lrp files.  It works quite well.
Especially when space is a factor.  There are a few messages pertaining to
this that date back a month or two.  If you have any questions regarding
this particularly, you may ask this list.. I'm sure it will be met with 
many
answers...

Joey


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, April 12, 2002 1:59 PM
To: [EMAIL PROTECTED]
Subject: [Leaf-user] Local.lrp + Udhcp.lrp??

Hello,

I found the VPN Floppy Image of Dachstein. It mentions deleting local.lrp
and substituting udhcp for the dhclient anddhcpd.

First what is the ramifications of removing local.lrp - according to LRP
it is just a skeleton.
Second where can one fine this udhcp.lrp?

Thanks,

Jason Massey


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user





___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] SCP _through_ Bering firewall disk problem

[Rick Price]

I'm not using scp or ssh *into* the firewall, I just want to get through
it from the outside to the inside so to speak.

So I don't have any scp or ssh installed on the firewall.

My ssh on my pc(s) would be the latest Debian Testing version from about a
week ago. It's OpenSSH_3.0.2p1.

On solaris it's, OpenSSH_3.0.2p1 from Sunfreeware.com

The target machine runs Debian testing, ssh version as above.

SSH works just fine through the firewall.

I would pretty much have to assume my scp version is the same as the ssh
version because I always install it as a package.

One way I try to use it is to scp from my work Solaris machine to my
machine in the dmz. I've tried it with scp from Cygwin on my work NT2000
machine and it's also broken.

The other way is to scp from my internal (home) debian or Solaris machine
and it is broken as well.

SSH works just fine in these situations.

I have not tried to scp out from inside the firewall (except from internal
to dmz) because I have nowhere to copy to until I can get into work from
home.

I did a verbose on scp and it does not come up with any errors.

I noticed a message on the net about TOS not properly dealing with a
checksum in < 2.4.2 kernels, and so I removed the TOS entries for SSH but
that didn't seem to make a difference.

Please switch to my other email for the weekend [EMAIL PROTECTED], I'm
leaving work soon and I can't access my work email from home. (work
firewall issues).


Rick

On Fri, 12 Apr 2002, Jacques Nilo wrote:

> > Uh, sorry about that, I was trying really hard to have everything in the
> > email.
> >
> > This is from the readme file:
> >
> > LEAF "Bering" Firewall - V1.0-rc1 Jacques Nilo <[EMAIL PROTECTED]>
> > On Fri, 12 Apr 2002, Jacques Nilo wrote: Eric Wolzak <[EMAIL PROTECTED]>
> > Instruction & user's guide at:>
>
> No I mean where did you get the scp package from ?
> Also are you using from with the firewall or not ?
> Also do you have ssh installed (scp is a wrapper program to ssh) ?
> If so is your ssh version the same as you scp version ?
>
> Jacques
>


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] Local.lrp + Udhcp.lrp??

[Joey Officer]

Actually I think you may have been misinformed.  The udhcp.lrp file replaces
the dhcpd.lrp and the dhcpclient.lrp files.  It has nothing to do with the
local.lrp file.  The udhcp.lrp package is a single and small package to
replace the dhcpd.lrp and the dhcpclient.lrp files.  It works quite well.
Especially when space is a factor.  There are a few messages pertaining to
this that date back a month or two.  If you have any questions regarding
this particularly, you may ask this list.. I'm sure it will be met with many
answers...

Joey


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, April 12, 2002 1:59 PM
To: [EMAIL PROTECTED]
Subject: [Leaf-user] Local.lrp + Udhcp.lrp??

Hello,

I found the VPN Floppy Image of Dachstein. It mentions deleting local.lrp
and substituting udhcp for the dhclient anddhcpd.

First what is the ramifications of removing local.lrp - according to LRP
it is just a skeleton.
Second where can one fine this udhcp.lrp?

Thanks,

Jason Massey


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] SCP _through_ Bering firewall disk problem

[Jacques Nilo]

> Uh, sorry about that, I was trying really hard to have everything in the
> email.
> 
> This is from the readme file:
> 
> LEAF "Bering" Firewall - V1.0-rc1 Jacques Nilo <[EMAIL PROTECTED]>
> On Fri, 12 Apr 2002, Jacques Nilo wrote: Eric Wolzak <[EMAIL PROTECTED]>
> Instruction & user's guide at:>

No I mean where did you get the scp package from ?
Also are you using from with the firewall or not ?
Also do you have ssh installed (scp is a wrapper program to ssh) ?
If so is your ssh version the same as you scp version ?

Jacques


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] Packages (.lrp) list updated

[Mike Noyes]

Everyone,
I just updated our packages list, with help from Charles. I hope this
helps people find our packages easier.
http://leaf.sourceforge.net/pub/packages-list.txt

-- 
Mike Noyes <[EMAIL PROTECTED]>
http://sourceforge.net/users/mhnoyes/
http://leaf-project.org/


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] dachstein serial kernel

[Charles Steinkuehler]

> I tried this and it does not work for me.  Maybe its because
> I don't understand what a .upx file is.  Evidently Syslinux
> does not understand what a .upx file is either.  It gives me
> an error message that the kernel is corrupt.

As mentioned, copy the .upx file on top of the existing linux file
on your floppy disk.  If syslinux is complaining about a corrupt file, you
may have had download problems.  Verify the file you downloaded is *exactly*
the same size as the web directory listing.  Your success using the
RAID-IPSec kernel from the CD-ROM distribution indicates you should be able
to get the normal kernel working, if you get a clean kernel image file.

If for some reason, http downloads arn't working properly for you, you can
try using rsync, or simply download the whole normal kernel tarball, and
de-compress it on your local system...this will verify there are no hidden
file corruption problems when downloading.

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] SCP _through_ Bering firewall disk problem

[Rick Price]

Uh, sorry about that, I was trying really hard to have everything in the
email.

This is from the readme file:

LEAF "Bering" Firewall - V1.0-rc1 Jacques Nilo <[EMAIL PROTECTED]>
On Fri, 12 Apr 2002, Jacques Nilo wrote: Eric Wolzak <[EMAIL PROTECTED]>
Instruction & user's guide at:>


On Fri, 12 Apr 2002, Jacques Nilo wrote:

> > I'm having trouble getting scp to work through a Bering firewall (it
> > hangs).
> Which version are you using ? Where did you get it from ?
> Jacques
>


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Can someone read this log, I think it was a DNSattack

[Scott C. Best]

DJ:
I've updated the advice.txt file at:

www.echogent.com/cgi-bin/fwlog.pl

...so that it correctly reports on these packets that you're
seeing. Quick answer: it's a terribly sloppy type of load-balancing,
not a DNS attack. If the SYN flag were set, I'd be much more worried.

If your LEAF box is not running a DNS server, can safely block
without logging any TCP packets that arrive destined for your port 53.
I think I'll add this to the upcoming update to echowall, akshally...

cheers,
Scott

---Original Message---

Apr 14 23:00:57 firewall kernel: Packet log: input DENY eth0 PROTO=6
  128.121.10.146:5 X.X.X.X:53 L=44 S=0x00 I=0 F=0x T=246 (#48)

This is what my log says. Only its repeated 800 times in 1 day.
With various IPs.  I only noticed the problem when I could not
access my own website or email.

Is there anyway to stop or block this?

I have been using leaf for about six months and it has been great.

Thanks



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] SCP _through_ Bering firewall disk problem

[Jacques Nilo]

> I'm having trouble getting scp to work through a Bering firewall (it
> hangs).
Which version are you using ? Where did you get it from ?
Jacques


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] VPN behind Dachstein

[Sergio Morilla]

Dustin,

This was my setup and it worked!
Hope this helps
Watch out this are indexed variables!!! Change them!!!

#EXTERN_TCP_PORT4="0/0 1723 192.168.1.24/32"#Microsoftp PPTP
#EXTERN_PROTO0="47 0/0 192.168.1.24/32" #GRE
INTERN_PPTP_SERVER=192.168.1.xx # Internal M$ PPTP server to make available
#INTERN_SERVER2="tcp ${EXTERN_IP} 1723 ${INTERN_PPTP_SERVER} 1723"

Sergio

> -Mensaje original-
> De: Dustin Reiner [mailto:[EMAIL PROTECTED]]
> Enviado el: Friday, April 12, 2002 15:48
> Para: Scott C. Best; [EMAIL PROTECTED]
> Asunto: RE: [Leaf-user] VPN behind Dachstein
> 
> 
> Yes, I have allowed both port 47 and port 1723 with:
> EXTERN_PROTO0="47 vpnserverip/32"
> EXTERN_PROTO1="1723 vpnserverip/32"
> 
> I have forwarded pptp traffic to the vpn server with:
> ipmasqadm portfw -a -P tcp -L externalip 1723 -R vpnserverip 1723
> 
> and I have allowed GRE tunneling with:
> 
> ipfwd --masq vpnserverip 47 &
> 
> but I still cannot connect.  The firewall rules shown in 
> Weblet regarding
> pptp are below.  Do these look right?  If someone could 
> summarize the steps
> to do this, to make sure I didn't miss anything, it would be greatly
> appreciated.
> 
> Thanks,
> Dustin
> 
> 0 0 ACCEPT 47   -- 0xFF 0x00  eth0
> vpnserverip   externalip   n/a
> 0 0 ACCEPT 1723 -- 0xFF 0x00  eth0
> vpnserverip   externalip   n/a
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of 
> Scott C. Best
> Sent: Friday, April 12, 2002 2:30 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: [Leaf-user] VPN behind Dachstein
> 
> 
> Dustin:
> 
>   Heya. Just a quick check to see if you've told your
> firewall to allow those protocol=47 packets to come through.
> You got the TCP port=1723 ones for PPTP right, but there's
> two pieces to it.
> 
> -Scott
> 
> > Hello,
> >
> >I am attempting to replace a 2.9.4 based firewall with 
> Dachstein.  The
> > current firewall forwards VPN traffic to a server behind 
> itself.  I have
> > setup the new server with the following entries in 
> network.conf, but I
> have
> > apparently missed something because I can't connect.  If 
> anyone can help,
> I
> > would appreciate it.
> >
> > Thanks,
> > Dustin
> >
> > -snip-
> > # TCP services open to outside world
> > # Space seperated list: srcip/mask_dstport
> > #EXTERN_TCP_PORTS="216.171.153.128/25_ssh 0/0_www 0/0_1023"
> > EXTERN_TCP_PORTS="0/0_vpn"
> > -snip-
> > # Advanced settings: parameters passed directly to portfw and autofw
> > # Indexed list: ""
> > #INTERN_SERVER0="-a -P PROTO -L LADDR LPORT -R RADDR RPORT 
> [-p PREF]"
> > #INTERN_SERVER1=""
> > INTERN_SERVER0="-a -P tcp -L external_ip 1723 -R vpnserverip 1723"
> > -snip-
> >
> > I have also added the vpn service to /etc/services as:
> >
> > vpn 1723/tcp#vpn traffic
> >
> > and am running ipfwd as:
> >
> > /usr/sbin/ipfwd --masq vpnserverip 47 &
> 
> 
> 
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> 
> 
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> 

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] dachstein serial kernel

[Joey Officer]

First you'll need to rename the .upx file to just plain ;linux; .. no
extensions.

The second paragraph pretty much explains your success and your failure all
at the same time.. the .upx file (although I don't really know why) is just
something that was added to the file on the server.  Replace the linux file
on the floppy with the one that is downloaded, and rename it to linux..

As for creating your very own kernel, there are a few patches that are
included within the directories for the source tree on the Dachstein
website.  I personally have not done that, nor have I found an immediate
need to do so.

As for your problems, don't stress to much about them, we all lack knowledge
in something, and you should be able to find adequate help within this list.
Hopefully you will.  If you don't get it fixed with this last explanation,
let me know and I will grab the files necessary for you, and save it in the
form you need it, and ultimately just overwrite the file on the floppy.

Joey


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 12, 2002 1:49 PM
To: [EMAIL PROTECTED]
Cc: David Goodrich; [EMAIL PROTECTED]
Subject: Re: [Leaf-user] dachstein serial kernel

I tried this and it does not work for me.  Maybe its because
I don't understand what a .upx file is.  Evidently Syslinux
does not understand what a .upx file is either.  It gives me
an error message that the kernel is corrupt.

On my Dachstein disk, Syslinux loads root.lrp then loads
Linux.  The boot that follows seems to boot using the Linux
file.  What I have done to get the boot messages to show on
the serial terminal is to create a boot disk for
Dachstein-CD.  Then copy the Linux file from this boot disk
to the Dachstein disk that has been modified to include the
serial terminal support.

This works but it also provides RAID support and some other
things that I don't need.

I suppose the right way to do this is to create a new kernel
that includes all that is needed for Dachstein as well as
serial support.  I have been reluctant to do that because
I'm not sure what is needed for basic Dachstein support.  Is
there a file or information available that would give this
information?  Where would I find it.

I am sure that problems here are a result of my lack of
knowlege, or maybe lack of understanding of what I think I
know.  Some help here would be appreciated as long as it
steers me to a solution that works.

Thanks,
Frank Kamp


Joey Officer wrote:
>
> No, there is a linux kernel available from the Charles' website, below is
> the direct link.  Save this as a file on your floppy (overwriting the
> 'linux' file) then you will also need to modify the syslinux.cfg file.
> There is a very extensive HOW-TO available on the website that talks about
> this.  If you have any further questions, please ask...
>
>
http://lrp.steinkuehler.net/files/kernels/Dachstein-normal/linux-2.2.19-3-LE
> AF-normal.zImage.upx
>
> copy the above file to 'linux' on the floppy, and you should be good to
> go...
>
> joey
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of David Goodrich
> Sent: Monday, April 08, 2002 7:37 PM
> To: [EMAIL PROTECTED]
> Subject: [Leaf-user] dachstein serial kernel
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> I'm trying to get boot messages posted to the serial port with my
dachstein
> 1.0.2 floppy fw, instead of just the screen.  I assume, then, that i need
a
> kernel with serial support compiled into it, instead of loading serial.o
as
> a kernel module.  is it as simple as grabbing root.lrp from the dachstein
CD
> image and putting it on my floppy?  tia
>  -david
>
> -BEGIN PGP SIGNATURE-
> Version: PGPfreeware 7.0.3 for non-commercial use 
>
> iQA/AwUBPLI3vtemHuGGnm+XEQKTKgCgvpAj3aDKPkjkFkBWzjw0vG7B7OkAoNgX
> CT+A0qOLzuZiSqHcznxEBGbj
> =6lYa
> -END PGP SIGNATURE-
>
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
>
> Sponsored by http://www.ThinkGeek.com/
>
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] Local.lrp + Udhcp.lrp??

[jmassey]

Hello,

I found the VPN Floppy Image of Dachstein. It mentions deleting local.lrp 
and substituting udhcp for the dhclient anddhcpd.

First what is the ramifications of removing local.lrp - according to LRP 
it is just a skeleton.
Second where can one fine this udhcp.lrp?

Thanks,

Jason Massey


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] VPN behind Dachstein

[Scott C. Best]

Dustin:

Close. :) PPTP uses *protocol* 47, and TCP (which is,
itself, protocol 6) *port* 1723.

You need to tell your firewall to let those two types
of packets in. Then you need to port-forward the two of them.
Since ipmasqadm only knows about TCP, UDP, and ICMP (protocols
6, 17, and 1, respectively), you need to use the ipfwd utility
to forward the protocol 47 packets.

Lastly...you need to have the ip_masq_pptp module
line uncommented in your /etc/modules file. It's commented out
by default, and if you don't activate it, your DS box won't
know to masq the packets to let them out. This step is the one
most people miss. It's what I missed the first time too. :)

Here's the relevant section from the echowall.lrp
package, which of course supports PPTP:

$IPCHAINS -A input -s 0/0 -d $IP_EXT/32 1723 -p tcp -l -j ACCEPT
$IPCHAINS -A input -s 0/0 -d $IP_EXT/32 -p 47 -j ACCEPT
$IPMASQADM portfw -a -P tcp -L $IP_EXT 1723 -R $PPTP_HOST 1723
ipfwd --masq $PPTP_HOST 47 &

Hope this helps!

-Scott


On Fri, 12 Apr 2002, Dustin Reiner wrote:

> Yes, I have allowed both port 47 and port 1723 with:
> EXTERN_PROTO0="47 vpnserverip/32"
> EXTERN_PROTO1="1723 vpnserverip/32"
>
> I have forwarded pptp traffic to the vpn server with:
> ipmasqadm portfw -a -P tcp -L externalip 1723 -R vpnserverip 1723
>
> and I have allowed GRE tunneling with:
>
> ipfwd --masq vpnserverip 47 &
>
> but I still cannot connect.  The firewall rules shown in Weblet regarding
> pptp are below.  Do these look right?  If someone could summarize the steps
> to do this, to make sure I didn't miss anything, it would be greatly
> appreciated.
>
> Thanks,
> Dustin
>
> 0 0 ACCEPT 47   -- 0xFF 0x00  eth0
> vpnserverip   externalip   n/a
> 0 0 ACCEPT 1723 -- 0xFF 0x00  eth0
> vpnserverip   externalip   n/a
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Scott C. Best
> Sent: Friday, April 12, 2002 2:30 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: [Leaf-user] VPN behind Dachstein
>
>
> Dustin:
>
>   Heya. Just a quick check to see if you've told your
> firewall to allow those protocol=47 packets to come through.
> You got the TCP port=1723 ones for PPTP right, but there's
> two pieces to it.
>
> -Scott
>
> > Hello,
> >
> >I am attempting to replace a 2.9.4 based firewall with Dachstein.  The
> > current firewall forwards VPN traffic to a server behind itself.  I have
> > setup the new server with the following entries in network.conf, but I
> have
> > apparently missed something because I can't connect.  If anyone can help,
> I
> > would appreciate it.
> >
> > Thanks,
> > Dustin



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] dachstein serial kernel

[fkamp]

I tried this and it does not work for me.  Maybe its because
I don't understand what a .upx file is.  Evidently Syslinux
does not understand what a .upx file is either.  It gives me
an error message that the kernel is corrupt.

On my Dachstein disk, Syslinux loads root.lrp then loads
Linux.  The boot that follows seems to boot using the Linux
file.  What I have done to get the boot messages to show on
the serial terminal is to create a boot disk for
Dachstein-CD.  Then copy the Linux file from this boot disk
to the Dachstein disk that has been modified to include the
serial terminal support.

This works but it also provides RAID support and some other
things that I don't need.

I suppose the right way to do this is to create a new kernel
that includes all that is needed for Dachstein as well as
serial support.  I have been reluctant to do that because
I'm not sure what is needed for basic Dachstein support.  Is
there a file or information available that would give this
information?  Where would I find it.

I am sure that problems here are a result of my lack of
knowlege, or maybe lack of understanding of what I think I
know.  Some help here would be appreciated as long as it
steers me to a solution that works.

Thanks,
Frank Kamp


Joey Officer wrote:
> 
> No, there is a linux kernel available from the Charles' website, below is
> the direct link.  Save this as a file on your floppy (overwriting the
> 'linux' file) then you will also need to modify the syslinux.cfg file.
> There is a very extensive HOW-TO available on the website that talks about
> this.  If you have any further questions, please ask...
> 
> http://lrp.steinkuehler.net/files/kernels/Dachstein-normal/linux-2.2.19-3-LE
> AF-normal.zImage.upx
> 
> copy the above file to 'linux' on the floppy, and you should be good to
> go...
> 
> joey
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of David Goodrich
> Sent: Monday, April 08, 2002 7:37 PM
> To: [EMAIL PROTECTED]
> Subject: [Leaf-user] dachstein serial kernel
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> I'm trying to get boot messages posted to the serial port with my dachstein
> 1.0.2 floppy fw, instead of just the screen.  I assume, then, that i need a
> kernel with serial support compiled into it, instead of loading serial.o as
> a kernel module.  is it as simple as grabbing root.lrp from the dachstein CD
> image and putting it on my floppy?  tia
>  -david
> 
> -BEGIN PGP SIGNATURE-
> Version: PGPfreeware 7.0.3 for non-commercial use 
> 
> iQA/AwUBPLI3vtemHuGGnm+XEQKTKgCgvpAj3aDKPkjkFkBWzjw0vG7B7OkAoNgX
> CT+A0qOLzuZiSqHcznxEBGbj
> =6lYa
> -END PGP SIGNATURE-
> 
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> 
> Sponsored by http://www.ThinkGeek.com/
> 
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] SCP _through_ Bering firewall disk problem

[Rick Price]

I'm having trouble getting scp to work through a Bering firewall (it
hangs).

I have no trouble whatsoever with ssh.

I have only tried to scp things from the outside into a machine in the
dmz, and from the internal network into the dmz. No other incoming
connections are allowed.

I tried removing the ssh entries for TOS, but that did not seem to fix
things.

A friend had it work once with no problems from freeshell.org. But it now
seems broken.

I have used scp a lot before with no problems (but not with Bering). So
far I have tried it from Debian Testing and OpenSSH on Solaris 8.

My Bering firewall is configured to allow everything out from the internal
network (both external network, and into dmz).

Allow one port (tcp 1966) into the dmz from the Internet to port 22 on a
machine inside.

The outside network and the dmz are not allowed into the internal network.

The dmz is allowed out.

Does anyone else have these problems, or am I missing something?

Rick



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] VPN behind Dachstein

[Dustin Reiner]

Yes, I have allowed both port 47 and port 1723 with:
EXTERN_PROTO0="47 vpnserverip/32"
EXTERN_PROTO1="1723 vpnserverip/32"

I have forwarded pptp traffic to the vpn server with:
ipmasqadm portfw -a -P tcp -L externalip 1723 -R vpnserverip 1723

and I have allowed GRE tunneling with:

ipfwd --masq vpnserverip 47 &

but I still cannot connect.  The firewall rules shown in Weblet regarding
pptp are below.  Do these look right?  If someone could summarize the steps
to do this, to make sure I didn't miss anything, it would be greatly
appreciated.

Thanks,
Dustin

0 0 ACCEPT 47   -- 0xFF 0x00  eth0
vpnserverip   externalip   n/a
0 0 ACCEPT 1723 -- 0xFF 0x00  eth0
vpnserverip   externalip   n/a

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Scott C. Best
Sent: Friday, April 12, 2002 2:30 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [Leaf-user] VPN behind Dachstein


Dustin:

Heya. Just a quick check to see if you've told your
firewall to allow those protocol=47 packets to come through.
You got the TCP port=1723 ones for PPTP right, but there's
two pieces to it.

-Scott

> Hello,
>
>I am attempting to replace a 2.9.4 based firewall with Dachstein.  The
> current firewall forwards VPN traffic to a server behind itself.  I have
> setup the new server with the following entries in network.conf, but I
have
> apparently missed something because I can't connect.  If anyone can help,
I
> would appreciate it.
>
> Thanks,
> Dustin
>
> -snip-
> # TCP services open to outside world
> # Space seperated list: srcip/mask_dstport
> #EXTERN_TCP_PORTS="216.171.153.128/25_ssh 0/0_www 0/0_1023"
> EXTERN_TCP_PORTS="0/0_vpn"
> -snip-
> # Advanced settings: parameters passed directly to portfw and autofw
> # Indexed list: ""
> #INTERN_SERVER0="-a -P PROTO -L LADDR LPORT -R RADDR RPORT [-p PREF]"
> #INTERN_SERVER1=""
> INTERN_SERVER0="-a -P tcp -L external_ip 1723 -R vpnserverip 1723"
> -snip-
>
> I have also added the vpn service to /etc/services as:
>
> vpn   1723/tcp#vpn traffic
>
> and am running ipfwd as:
>
> /usr/sbin/ipfwd --masq vpnserverip 47 &



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] VPN behind Dachstein

[Scott C. Best]

Dustin:

Heya. Just a quick check to see if you've told your
firewall to allow those protocol=47 packets to come through.
You got the TCP port=1723 ones for PPTP right, but there's
two pieces to it.

-Scott

> Hello,
>
>I am attempting to replace a 2.9.4 based firewall with Dachstein.  The
> current firewall forwards VPN traffic to a server behind itself.  I have
> setup the new server with the following entries in network.conf, but I have
> apparently missed something because I can't connect.  If anyone can help, I
> would appreciate it.
>
> Thanks,
> Dustin
>
> -snip-
> # TCP services open to outside world
> # Space seperated list: srcip/mask_dstport
> #EXTERN_TCP_PORTS="216.171.153.128/25_ssh 0/0_www 0/0_1023"
> EXTERN_TCP_PORTS="0/0_vpn"
> -snip-
> # Advanced settings: parameters passed directly to portfw and autofw
> # Indexed list: ""
> #INTERN_SERVER0="-a -P PROTO -L LADDR LPORT -R RADDR RPORT [-p PREF]"
> #INTERN_SERVER1=""
> INTERN_SERVER0="-a -P tcp -L external_ip 1723 -R vpnserverip 1723"
> -snip-
>
> I have also added the vpn service to /etc/services as:
>
> vpn   1723/tcp#vpn traffic
>
> and am running ipfwd as:
>
> /usr/sbin/ipfwd --masq vpnserverip 47 &



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Making Disk Images

[Eric Wolzak]

Under Linux use 

dd if=/dev/fd0u1680 of=yourfilename 
or if you have a 1440 disk
dd if=/dev/fd0  of=yourfilename

Under Windows you can use for example winimage

http://www.winimage.com 
to create a binary image from your disk or to write a disk from your 
image.
With this programm you can even create a selfinstalling exefile

> Hello again,
> 
> I would be very interested in making disk images of my modified LEAF 
> versions. I would like to do this for Linux images and perhaps a windows 
> installer as well. Can anyone point me in the right direction? What tools 
> are available to do so?
> 
> Thanks,
> 
> Jason Massey
> 
Eric Wolzak

member of the Bering crew

http://leaf.sf.net/devel/jnilo/bering


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Making Disk Images

[jmassey]

Thanks..I will give it a try

Jason Massey




"Simon Bolduc" <[EMAIL PROTECTED]>
04/12/2002 01:56 PM

 
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
cc: 
Subject:Re: [Leaf-user] Making Disk Images


for windows you can use winimage available at www.winimage.com - just read 

the disk and save it to a self extracting disk image.  Then anyone running 

windows (9x+ I believe) should be able to make a disk from the image.

S


>From: [EMAIL PROTECTED]
>To: <[EMAIL PROTECTED]>
>Subject: [Leaf-user] Making Disk Images
>Date: Fri, 12 Apr 2002 13:37:04 -0400
>
>Hello again,
>
>I would be very interested in making disk images of my modified LEAF
>versions. I would like to do this for Linux images and perhaps a windows
>installer as well. Can anyone point me in the right direction? What tools
>are available to do so?
>
>Thanks,
>
>Jason Massey
>
>___
>Leaf-user mailing list
>[EMAIL PROTECTED]
>https://lists.sourceforge.net/lists/listinfo/leaf-user




_
Join the world's largest e-mail service with MSN Hotmail. 
http://www.hotmail.com





___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] DUCKLING 1.0

[jmassey]

Charles,

You are the best!

Jason Massey




"Charles Steinkuehler" <[EMAIL PROTECTED]>
04/12/2002 01:51 PM

 
To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
cc: 
Subject:Re: [Leaf-user] DUCKLING 1.0


> Could you give me the web address to find that image? I looked under 
> contributed images but no go.

http://leaf.sourceforge.net/devel/guitarlynn/

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)





___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] LRP and MS Messenger

[Simon Bolduc]

Probably because you don't have certain ports forwarded.  Take a look at any 
denied packets in /var/log/messages that coincide with the attempts to 
transmit info.   Thats all I or quite possibly anyone else can offer as your 
question was way too vague.  Helpful info would include what program are you 
using to send files, what is your firewall setup / type etc are you seeing 
any denied packets and the like.

S


>From: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED] (leaf)
>Subject: [Leaf-user] LRP and MS Messenger
>Date: Fri, 12 Apr 2002 17:21:00 +
>
>Why is i cant send thru file transfer but can recieve.
>Using DCD with one ip and masq internal network.
>
>___
>Leaf-user mailing list
>[EMAIL PROTECTED]
>https://lists.sourceforge.net/lists/listinfo/leaf-user




_
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] DUCKLING 1.0

[Charles Steinkuehler]

> Could you give me the web address to find that image? I looked under 
> contributed images but no go.

http://leaf.sourceforge.net/devel/guitarlynn/

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Making Disk Images

[Simon Bolduc]

for windows you can use winimage available at www.winimage.com - just read 
the disk and save it to a self extracting disk image.  Then anyone running 
windows (9x+ I believe) should be able to make a disk from the image.

S


>From: [EMAIL PROTECTED]
>To: <[EMAIL PROTECTED]>
>Subject: [Leaf-user] Making Disk Images
>Date: Fri, 12 Apr 2002 13:37:04 -0400
>
>Hello again,
>
>I would be very interested in making disk images of my modified LEAF
>versions. I would like to do this for Linux images and perhaps a windows
>installer as well. Can anyone point me in the right direction? What tools
>are available to do so?
>
>Thanks,
>
>Jason Massey
>
>___
>Leaf-user mailing list
>[EMAIL PROTECTED]
>https://lists.sourceforge.net/lists/listinfo/leaf-user




_
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] Making Disk Images

[jmassey]

Hello again,

I would be very interested in making disk images of my modified LEAF 
versions. I would like to do this for Linux images and perhaps a windows 
installer as well. Can anyone point me in the right direction? What tools 
are available to do so?

Thanks,

Jason Massey

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] LRP and MS Messenger

[crush]

Why is i cant send thru file transfer but can recieve. 
Using DCD with one ip and masq internal network.

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] sshd problem solved/weblet still doesn't work

[Victor McAllister]

"Chen, Elvis" wrote:

> Thanks to helpful people on this list, my sshd problem
> is now solved:  now I can ssh into my router from
> external machines.
>
> I solved it by doing the following 2 things:
>
> 1) edit /etc/network/conf and add the following line:
> EXTERN_TCP_PORTS="0/0_22"
>
> and
> 2) edit /etc/hosts.allow and add the following line:
> sshd: ALL
>
> I then saved the files and REBOOTED.  Appearently just
> saving the file won't change the configuration for
> subsequent ssh connection.  I needed to reboot for the
> change to take effect.
>
> I don't know which did the trick (or the combination
> of both), but sshd works the way I want it now.
>

You do not need to backup and reboot to get your changes installed.

# svi network ipfilter reload
will take the info in ram and reload - if it works then back up etc.
You can see all the possible parameters that can be passed to the network script
with
# svi network
It will come back with the useage>

Can be used with other scripts, for example, let's say you made some changes to
dhcpd
# svi dhcpd restart
if it works as you expected then back it up.

The only times I reboot are with a version change or a complete power failure
that exceeds the battery of my ups.  Keeps the uptime adding up.

> snip

--
Victor McAllister



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Exact error messages from Floppy VPN endpoint (Dachsteinbased) - CORRECTION!!!

[jmassey]

Charles,

You are absolutely right. I am sorry to waste your time with abstract 
functioning questions when I have the docs and source available. I am sure 
I will have more implementation questions though :-)

Thanks again for all of your help,

Jason Massey




"Charles Steinkuehler" <[EMAIL PROTECTED]>
04/12/2002 12:32 PM

 
To: <[EMAIL PROTECTED]>
cc: <[EMAIL PROTECTED]>
Subject:Re: [Leaf-user] Exact error messages from Floppy VPN endpoint 
(Dachstein 
based) - CORRECTION!!!


> > Thank you very much!
> > BTW what effect does setting the spoof to NO have?
>
> It sets rp_filter for the interface to 0...

> and that has what effect?

Use the source...from my linux kernel source tree:

debian:/usr/src/linux# cat Documentation/networking/ip-sysctl.txt


rp_filter - INTEGER
2 - do source validation by reversed path, as specified in RFC1812
Recommended option for single homed hosts and stub network
routers. Could cause troubles for complicated (not loop free)
networks running a slow unreliable protocol (sort of RIP),
or using static routes.

1 - (DEFAULT) Weaker form of RP filtering: drop all the packets
that look as sourced at a directly connected interface, but
were input from another interface.

0 - No source validation.

NOTE: do not disable this option! All BSD derived routing software
(sort of gated, routed etc. etc.) is confused by such packets,
even if they are valid. When enabled it also prevents ip spoofing
in some limited fashion.

NOTE: this option is turned on per default only when ip_forwarding
is on. For non-forwarding hosts it doesn't make much sense and
makes some legal multihoming configurations impossible.


If you want to know more, you'll have to crawl through the kernel 
networking
code...

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)





___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] help with opensshd/weblet/dachstein

[Victor McAllister]

"Chen, Elvis" wrote:

> hi Victor,
>
> I have done what you suggested, but it still doesn't
> work.  My /etc/hosts.allow looks like:
>
> # Allow anything from the local net
> ALL: 192.168.1.0/255.255.255.0
> sshd: ALL
>
> and weblet is loaded:
>
> # lrpkg -l
> NameVersionDescription
> ===-==-==
> root4.0.6
> etc 4.0.1
> ramlog  1.1Creates additinal
> ramdisks on boot
> local   4.0.6  Local package. This
> package does not contain a
> modules 4.0.6  Modules package.
> Contains kernel modules and u
> dhclient2.0pl5 dhclient - Dynamically
> configure an interface
> dhcpd   2.0pl5 dhcpd - Autoconfigure
> client machines
> dnscache1.05a  dnscache from djbdns
> (V1.05a) package creates
> weblet  1.2.0  weblet - LRP status via
> a small web server
> libz
> sshd2.9p2  OpenSSH sshd daemon.
> ssh 2.9p2  OpenSSH ssh & scp
> programs.
>
> any help is very much appreciated!

The reason weblet is not working is not immediately clear from the above info.
What have you modified in your setup?  If you boot up an unmodified setup does it
work?

Are you really going to ssh out from the router to other machines?  If not, you
don't need ssh.lrp.  I would get the daemon working first before adding the
client.
--
Victor McAllister



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Exact error messages from Floppy VPN endpoint (Dachstein based) - CORRECTION!!!

[Charles Steinkuehler]

> > Thank you very much!
> > BTW what effect does setting the spoof to NO have?
>
> It sets rp_filter for the interface to 0...

> and that has what effect?

Use the source...from my linux kernel source tree:

debian:/usr/src/linux# cat Documentation/networking/ip-sysctl.txt


rp_filter - INTEGER
2 - do source validation by reversed path, as specified in RFC1812
Recommended option for single homed hosts and stub network
routers. Could cause troubles for complicated (not loop free)
networks running a slow unreliable protocol (sort of RIP),
or using static routes.

1 - (DEFAULT) Weaker form of RP filtering: drop all the packets
that look as sourced at a directly connected interface, but
were input from another interface.

0 - No source validation.

NOTE: do not disable this option! All BSD derived routing software
(sort of gated, routed etc. etc.) is confused by such packets,
even if they are valid. When enabled it also prevents ip spoofing
in some limited fashion.

NOTE: this option is turned on per default only when ip_forwarding
is on. For non-forwarding hosts it doesn't make much sense and
makes some legal multihoming configurations impossible.


If you want to know more, you'll have to crawl through the kernel networking
code...

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Adding to syslinux.cfg on DCD

[Simon Bolduc]

> > Also, am I correct in thinking that I can replace the .lrp files in
> > the image with my floppy backups and reburn to get a "floppyless"
> > setup once I have it all configured?
>
>Yep!


Lynn is correct - just make sure you do a full and not a partial backup when 
backing up to floppy

S

_
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] sshd problem solved/weblet still doesn't work

[Chen, Elvis]

Thanks to helpful people on this list, my sshd problem
is now solved:  now I can ssh into my router from
external machines.

I solved it by doing the following 2 things:

1) edit /etc/network/conf and add the following line:
EXTERN_TCP_PORTS="0/0_22"

and 
2) edit /etc/hosts.allow and add the following line:
sshd: ALL

I then saved the files and REBOOTED.  Appearently just
saving the file won't change the configuration for
subsequent ssh connection.  I needed to reboot for the
change to take effect.

I don't know which did the trick (or the combination
of both), but sshd works the way I want it now.

btw, my weblet (un-changed at all) still doesn't work.
 It is loaded:
# lrpkg -l
NameVersionDescription
===-==-==
root4.0.6
etc 4.0.1
ramlog  1.1Creates additinal
ramdisks on boot
local   4.0.6  Local package. This
package does not contain a
modules 4.0.6  Modules package.
Contains kernel modules and u
dhclient2.0pl5 dhclient - Dynamically
configure an interface
dhcpd   2.0pl5 dhcpd - Autoconfigure
client machines
dnscache1.05a  dnscache from djbdns
(V1.05a) package creates
weblet  1.2.0  weblet - LRP status via
a small web server
libz1.1.4  zlib compression
library. Needed for openssh
sshd3.1p1  OpenSSH sshd daemon.
ssh 3.1p1  OpenSSH ssh & scp
programs.

but whenever I try to connect to http://192.168.1.254
I get the error of "this page contains no data".  Any
help is much appreciated,

Elvis

I still ca


__ 
Music, Movies, Sports, Games! http://entertainment.yahoo.ca

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] sshd and remote login

[Victor McAllister]

Joey Officer wrote:

> I have added to my Dachstein setup and have gotten the SSHd to work under
> dachstein (using Disk-On-Module), and from within the internal network I can
> ssh into the LRP box.  I have added an entry into the hosts.allow file that
> is specific to the LRP box on the office side (and vice versa).  But I can
> not ssh in from the outside LRP box (outside world).  I have reviewed the
> 'messages' & 'syslog.log' files and have seen that the machine is being
> denied, but where do I look to open that port up?
>
> Joey

Edit this in /etc/network.conf
EXTERN_TCP_PORTS="0/0_22"
or
EXTERN_TCP_PORTS="0/0_ssh"

better yet put in the ip and mask of the computer you will use to connect from
the outside.

EXTERN_TCP_PORTS="1.2.3.4/32_ssh"


Victor McAllister



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] VPN behind Dachstein

[Charles Steinkuehler]

> In regards to:
> -snip-
> Oh...you also have to let the VPN protocol packets through the
> firewall...it's not clear if you're doing this from the above.  ie:
> EXTERN_PROTO0="47 vpnserverip/32"
> -snip-
>
> Would I have to also do this for port 1723?

It's probably good practice, but the default Dachsetin rules allow inbound
high-port tcp traffic by default, so it should already be open.

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] DUCKLING 1.0

[jmassey]

Charles,

Could you give me the web address to find that image? I looked under 
contributed images but no go.

Thanks,

Jason Massey




"Charles Steinkuehler" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
04/12/2002 11:35 AM

 
To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
cc: 
Subject:Re: [Leaf-user] DUCKLING 1.0


> I am building a floppy based VPN based on the Dachstein Floppy. I have
> posted some questions about it, as I am having some config issues. I
> really want to make this work for my own education more than anything
> else. I also was going to install the DUCKLING LEAF image to compare
> settings. (Not wanting to really use it.) However I could not make the
> disk from the windows exe files provided. Not a problem as I used my 
Linux
> box. But I was wondering if the exe files work under W2K. I notice the
> files are named ...9x... so maybe not.  Anyway, not important, just
> curious.

AFAIK, Windows NT/2K (and maybe XP?) cannot talk to floppy disks with more
than 80 tracks (ie the 1720K format used by DUCLING).  This is possible,
however, on Windows 95/98/ME (and maybe XP?).

You might also want to check out some of the LEAF disk images available on
the website...IIRC, someone made a single-floppy Dachstien equivlent to
DUCLING...with the smaller Dachstein kernel & root ramdisk, everything 
fits
on a 1680K disk, rather than the previously required 1720K.

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user




___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] VPN behind Dachstein

[Dustin Reiner]

In regards to:
-snip-
Oh...you also have to let the VPN protocol packets through the
firewall...it's not clear if you're doing this from the above.  ie:
EXTERN_PROTO0="47 vpnserverip/32"
-snip-

Would I have to also do this for port 1723?

Thanks.

-Original Message-
From: Charles Steinkuehler [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 12, 2002 11:43 AM
To: Dustin Reiner; [EMAIL PROTECTED]
Subject: Re: [Leaf-user] VPN behind Dachstein


>I am attempting to replace a 2.9.4 based firewall with Dachstein.  The
> current firewall forwards VPN traffic to a server behind itself.  I have
> setup the new server with the following entries in network.conf, but I
have
> apparently missed something because I can't connect.  If anyone can help,
I
> would appreciate it.
>
> Thanks,
> Dustin
>
> -snip-
> # TCP services open to outside world
> # Space seperated list: srcip/mask_dstport
> #EXTERN_TCP_PORTS="216.171.153.128/25_ssh 0/0_www 0/0_1023"
> EXTERN_TCP_PORTS="0/0_vpn"
> -snip-
> # Advanced settings: parameters passed directly to portfw and autofw
> # Indexed list: ""
> #INTERN_SERVER0="-a -P PROTO -L LADDR LPORT -R RADDR RPORT [-p PREF]"
> #INTERN_SERVER1=""
> INTERN_SERVER0="-a -P tcp -L external_ip 1723 -R vpnserverip 1723"
> -snip-
>
> I have also added the vpn service to /etc/services as:
>
> vpn 1723/tcp #vpn traffic
>
> and am running ipfwd as:
>
> /usr/sbin/ipfwd --masq vpnserverip 47 &

I think you need to use the ip_masq_pptp.o module, rather than trying to
forward the VPN packets manually, but I don't do a lot of VPN masquerading.
Is this a standard PPTP VPN?  If so, there are several folks on-list who
have made this work, and can probably help better with exact setup
requirements...

Oh...you also have to let the VPN protocol packets through the
firewall...it's not clear if you're doing this from the above.  ie:
EXTERN_PROTO0="47 vpnserverip/32"

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Exact error messages from Floppy VPN endpoint (Dachsteinbased) - CORRECTION!!!

[jmassey]

Charles,

Thank you very much! 
BTW what effect does setting the spoof to NO have?

Jason Massey




"Charles Steinkuehler" <[EMAIL PROTECTED]>
04/12/2002 11:39 AM

 
To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
cc: 
Subject:Re: [Leaf-user] Exact error messages from Floppy VPN endpoint 
(Dachstein 
based) - CORRECTION!!!



These are normal for FreeS/WAN.  Some types of tunnels run fine with
rp_filter enabled, despite the warnings (specifically 
subnet-subnet...maybe
others).  You may, however, have to disable this for your VPN links to 
work
right...IIRC, host-host tunnels require rp_filter to be 0.

To control rp_filter on a per-interface basis, use the
_IP_SPOOF=[YES|NO] feature of network.conf (ie you probably 
want
to set eth0_IP_SPOOF=NO to make the warnings go away).

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)






___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] VPN behind Dachstein

[Charles Steinkuehler]

>I am attempting to replace a 2.9.4 based firewall with Dachstein.  The
> current firewall forwards VPN traffic to a server behind itself.  I have
> setup the new server with the following entries in network.conf, but I
have
> apparently missed something because I can't connect.  If anyone can help,
I
> would appreciate it.
>
> Thanks,
> Dustin
>
> -snip-
> # TCP services open to outside world
> # Space seperated list: srcip/mask_dstport
> #EXTERN_TCP_PORTS="216.171.153.128/25_ssh 0/0_www 0/0_1023"
> EXTERN_TCP_PORTS="0/0_vpn"
> -snip-
> # Advanced settings: parameters passed directly to portfw and autofw
> # Indexed list: ""
> #INTERN_SERVER0="-a -P PROTO -L LADDR LPORT -R RADDR RPORT [-p PREF]"
> #INTERN_SERVER1=""
> INTERN_SERVER0="-a -P tcp -L external_ip 1723 -R vpnserverip 1723"
> -snip-
>
> I have also added the vpn service to /etc/services as:
>
> vpn 1723/tcp #vpn traffic
>
> and am running ipfwd as:
>
> /usr/sbin/ipfwd --masq vpnserverip 47 &

I think you need to use the ip_masq_pptp.o module, rather than trying to
forward the VPN packets manually, but I don't do a lot of VPN masquerading.
Is this a standard PPTP VPN?  If so, there are several folks on-list who
have made this work, and can probably help better with exact setup
requirements...

Oh...you also have to let the VPN protocol packets through the
firewall...it's not clear if you're doing this from the above.  ie:
EXTERN_PROTO0="47 vpnserverip/32"

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Exact error messages from Floppy VPN endpoint (Dachstein based) - CORRECTION!!!

[Charles Steinkuehler]

> I posted an inaccurate error message. The correct errors are:
>
> ipsec_setup:  Starting FreeS/WAN IPsec 1.91...
> ipsec_setup: Warning: ipsec0 has route filtering turned on, KLIPS may not
> work
> ipsec_setup:   (/proc/sys/netr/ipv4/conf/ipsec0/rp_filter = '1', should be
> 0)
> ipsec_setup: Warning: eth0 has route filtering turned on, KLIPS may not
> work
> ipsec_setup:   (/proc/sys/netr/ipv4/conf/eth0/rp_filter = '1', should be
> 0)

These are normal for FreeS/WAN.  Some types of tunnels run fine with
rp_filter enabled, despite the warnings (specifically subnet-subnet...maybe
others).  You may, however, have to disable this for your VPN links to work
right...IIRC, host-host tunnels require rp_filter to be 0.

To control rp_filter on a per-interface basis, use the
_IP_SPOOF=[YES|NO] feature of network.conf (ie you probably want
to set eth0_IP_SPOOF=NO to make the warnings go away).

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] DUCKLING 1.0

[Charles Steinkuehler]

> I am building a floppy based VPN based on the Dachstein Floppy. I have
> posted some questions about it, as I am having some config issues. I
> really want to make this work for my own education more than anything
> else. I also was going to install the DUCKLING LEAF image to compare
> settings. (Not wanting to really use it.) However I could not make the
> disk from the windows exe files provided. Not a problem as I used my Linux
> box. But I was wondering if the exe files work under W2K. I notice the
> files are named ...9x... so maybe not.  Anyway, not important, just
> curious.

AFAIK, Windows NT/2K (and maybe XP?) cannot talk to floppy disks with more
than 80 tracks (ie the 1720K format used by DUCLING).  This is possible,
however, on Windows 95/98/ME (and maybe XP?).

You might also want to check out some of the LEAF disk images available on
the website...IIRC, someone made a single-floppy Dachstien equivlent to
DUCLING...with the smaller Dachstein kernel & root ramdisk, everything fits
on a 1680K disk, rather than the previously required 1720K.

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] Junk Busting???

[Mike Noyes]

On Fri, 2002-04-12 at 08:01, Todd Pearsall wrote:
> Hadn't considered "turning Snort around".  There used to be a snort.lrp
> around, so if you can get the filtering to work it would be cool.

Todd,
There are a couple of snort packages available. There are junkbuster and
squid-2 packages also. see

http://leaf.sourceforge.net/pub/packages-list.txt

-- 
Mike Noyes <[EMAIL PROTECTED]>
http://sourceforge.net/users/mhnoyes/
http://leaf-project.org/


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] Exact error messages from Floppy VPN endpoint (Dachstein based) - CORRECTION!!!

[jmassey]

I posted an inaccurate error message. The correct errors are:

ipsec_setup:  Starting FreeS/WAN IPsec 1.91...
ipsec_setup: Warning: ipsec0 has route filtering turned on, KLIPS may not 
work
ipsec_setup:   (/proc/sys/netr/ipv4/conf/ipsec0/rp_filter = '1', should be 
0)
ipsec_setup: Warning: eth0 has route filtering turned on, KLIPS may not 
work
ipsec_setup:   (/proc/sys/netr/ipv4/conf/eth0/rp_filter = '1', should be 
0)

Sorry about that,

Jason Massey

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] Junk Busting???

[Todd Pearsall]

Hadn't considered "turning Snort around".  There used to be a snort.lrp
around, so if you can get the filtering to work it would be cool.  Since
the each packet is only part of the http request, dropping the packets
with "bad words" may create corrupted web pages.  It may look funny on
the browser, but would effectly stop the user from see the pages with
bad content or at least skewing the pages pretty badly.

You're just braver than I, venturing out on your own this way ;)

- Todd

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED]] On Behalf Of 
> John Mullan
> Sent: Thursday, April 11, 2002 7:44 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [Leaf-user] Junk Busting???
> 
> 
> Todd:
> 
> I realize that Snort is more for monitoring (NIDS in particular).
> However the current documentation indicates that it can scan 
> for content
> and, if desired, drop the packets.
> 
> It also says it can do this in either direction.
> 
> So, if one were to "think outside the box", instead of 
> blocking outbound
> requests (like a nanny filter), I could watch for undesirable content
> coming in and drop it.  I could also replace the packet with content
> issuing a warning.
> 
> While unconventional, it may meet my desired criteria of 
> fitting into my
> LEAF router and eliminate the need for an extra box.
> 
> Keep in mind, this is just from reading the user manual.  I 
> have yet to
> actually try this...
> 
> John
> 
> -Original Message-
> From: Todd Pearsall [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, April 11, 2002 9:25 AM
> To: 'John Mullan'; [EMAIL PROTECTED]
> Subject: RE: [Leaf-user] Junk Busting???
> 
> 
> In my past use of Snort it was for intrusion detection.  It "watches"
> all the incoming traffic for patterns that may be hack attempts.  I'm
> not aware of it being useful for controlling where internal users go.
> In fact I think it only logs suspicious activity and doesn't actually
> stop traffic from coming in (like portsentry does for port scanning)
> 
> - Todd
> 
> > -Original Message-
> > From: [EMAIL PROTECTED] 
> > [mailto:[EMAIL PROTECTED]] On Behalf Of 
> > John Mullan
> > Sent: Wednesday, April 10, 2002 6:38 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: [Leaf-user] Junk Busting???
> > 
> > 
> > Thanks all for input received so far.
> > 
> > I'm not so picky on the "thin-ness" of my LEAF router box.  I 
> > still have
> > some space left on my 80meg flash disk.  At home it is becoming my
> > catch-all router/firewall so adding a certain amount of extra 
> > abilities
> > flies for me on this one.
> > 
> > However, I have looked around the net and noticed that 
> SNORT may be up
> > to the task (although not necessarily it's conventional use).
> > 
> > Is there anyone that has put SNORT to use on LEAF as a "nanny
> > filter"???
> > 
> > John
> > 
> > -Original Message-
> > From: Todd Pearsall [mailto:[EMAIL PROTECTED]] 
> > Sent: Wednesday, April 10, 2002 9:33 AM
> > To: 'John Mullan'; [EMAIL PROTECTED]
> > Subject: RE: [Leaf-user] Junk Busting???
> > 
> > 
> > I use squid and squidguard on a separate machine.  
> Squidguard is nice
> > because it updates nightly with a new "bad" list.  I'm 
> pretty sure you
> > can run squid on your Dachstein box, but you'll need a HD 
> to store the
> > cached pages and logs and probably more memory (32MB-64MB?).  
> > With squid
> > in place you can probably add squidguard.  There are also 
> > rules you can
> > add so the web proxy is transparent, meaning the users PC 
> > just uses the
> > Dachstein box as the gateway and the rules pump anything 
> destined for
> > port 80 thru squid.
> > 
> > I put this in the category of "can be done" if your pretty 
> > familiar with
> > Dachstein, Linux and firewalls, but I doubt you'll find a drop in
> > package.
> > 
> > If you can scrape up another PC then this should be a piece of cake
> > since squid is a standard package in RedHat and all you'd 
> > need to do it
> > is to add squidguard (pretty easy).  If you get it to work on 
> > Dachstein
> > please write it up.  I would like to have squid and 
> squidguard running
> > on the firewall, but I love having no HD in the firewall, so I'm
> > sticking with my current solution. 
> > 
> > I run e-smith as a server and Dachstein as firewall.  If you used
> > e-smith as both you just add squidguard and be done.  
> > Personally I like
> > the firewall as skinny as possible and separate from the server.
> > 
> > Enough rambling, good luck.
> > 
> > - Todd
> > 
> > > -Original Message-
> > > From: [EMAIL PROTECTED] 
> > > [mailto:[EMAIL PROTECTED]] On Behalf Of 
> > > John Mullan
> > > Sent: Tuesday, April 09, 2002 10:11 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: [Leaf-user] Junk Busting???
> > > 
> > > 
> > > I am now in need of blocking certain web content from my 
> 8-year-old
> > > grandson.
> > > 
> > > Since my only gateway to the internet is through the 
> > > Dachstein box, I am
> > > wonder

[Leaf-user] DUCKLING 1.0

[jmassey]

Hello,

I am building a floppy based VPN based on the Dachstein Floppy. I have 
posted some questions about it, as I am having some config issues. I 
really want to make this work for my own education more than anything 
else. I also was going to install the DUCKLING LEAF image to compare 
settings. (Not wanting to really use it.) However I could not make the 
disk from the windows exe files provided. Not a problem as I used my Linux 
box. But I was wondering if the exe files work under W2K. I notice the 
files are named ...9x... so maybe not.  Anyway, not important, just 
curious.

Thanks,

Jason Massey


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] sshd and remote login

[Simon Bolduc]

I think you may need an entry in the hosts.allow file - which allows 
machines to access services on the daemon - remember you're not being 
forwarded thru the router - you are accessing it.

HTH

S


>From: "Joey Officer" <[EMAIL PROTECTED]>
>Reply-To: <[EMAIL PROTECTED]>
>To: "LRP Support" <[EMAIL PROTECTED]>
>Subject: [Leaf-user] sshd and remote login
>Date: Fri, 12 Apr 2002 08:49:33 -0500
>
>I have added to my Dachstein setup and have gotten the SSHd to work under
>dachstein (using Disk-On-Module), and from within the internal network I 
>can
>ssh into the LRP box.  I have added an entry into the hosts.allow file that
>is specific to the LRP box on the office side (and vice versa).  But I can
>not ssh in from the outside LRP box (outside world).  I have reviewed the
>'messages' & 'syslog.log' files and have seen that the machine is being
>denied, but where do I look to open that port up?
>
>Joey
>
>
>
>___
>Leaf-user mailing list
>[EMAIL PROTECTED]
>https://lists.sourceforge.net/lists/listinfo/leaf-user




_
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] Exact error messages from Floppy VPN endpoint (Dachstein based)

[jmassey]

Hello Again!

Thank you for your response to my previous post. Since it is possible here 
are the exact error messages:

ipsec_setup:  Starting FreeS/WAN IPsec 1.91...
ipsec_setup: Warning: ipsec0 has route filtering turned on, KLIPS may not 
work
ipsec_setup:   (/proc/sys/netr/ipv4/conf/ipsec0/rp_filter = '1', should be 
0)
ipsec_setup: Warning: ipsec1 has route filtering turned on, KLIPS may not 
work
ipsec_setup:   (/proc/sys/netr/ipv4/conf/ipsec1/rp_filter = '1', should be 
0)

I guess I could go to the file, manually change it and back up the 
changes, but I want to know if there is a setting that I have wrong. Any 
help in this regard would be most appreciated.

Thanks,

Jason Massey

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] VPN behind Dachstein

[Dustin Reiner]

Hello,

   I am attempting to replace a 2.9.4 based firewall with Dachstein.  The
current firewall forwards VPN traffic to a server behind itself.  I have
setup the new server with the following entries in network.conf, but I have
apparently missed something because I can't connect.  If anyone can help, I
would appreciate it.

Thanks,
Dustin

-snip-
# TCP services open to outside world
# Space seperated list: srcip/mask_dstport
#EXTERN_TCP_PORTS="216.171.153.128/25_ssh 0/0_www 0/0_1023"
EXTERN_TCP_PORTS="0/0_vpn"
-snip-
# Advanced settings: parameters passed directly to portfw and autofw
# Indexed list: ""
#INTERN_SERVER0="-a -P PROTO -L LADDR LPORT -R RADDR RPORT [-p PREF]"
#INTERN_SERVER1=""
INTERN_SERVER0="-a -P tcp -L external_ip 1723 -R vpnserverip 1723"
-snip-

I have also added the vpn service to /etc/services as:

vpn 1723/tcp#vpn traffic

and am running ipfwd as:

/usr/sbin/ipfwd --masq vpnserverip 47 &




___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] dumba*s sorry

[Joey Officer]

I just posted a similar post to the list about the openssh, but did not read
this morning email.. sorry for the duplicate questions...

Joey



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] help with opensshd/weblet/dachstein

[Joey Officer]

I'm working on this same type of problem (which I just emailed the list
about, sorry), you might check that there is a ramlog.lrp and/or log.lrp
being loaded.  This is how I fixed my problem.  Hope this helps...

Joey


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Chen, Elvis
Sent: Friday, April 12, 2002 12:08 AM
To: [EMAIL PROTECTED]
Subject: [Leaf-user] help with opensshd/weblet/dachstein

Greetings,

I'm a long time user of LRP.  My last LRP was a
2-disks EigerStein with ssh/sshd and it worked great.
I have decided to give Dachstein a try but ran into 2
problems, and I seek your help.

Here is how I got Dachstein to work with my cable
modem (Cogeco@Ontario, Canada).
I downloaded the Dachstein 1680 image from
http://leaf.sourceforge.net/devel/cstein/DiskImages/Dachstein.htm
and wrote it to a desk.  Added modules for my ethernet
card, changed the host name, configured dhclient, and
it worked perfectly with my cable modem.  No other
modification was needed.  Dachstein is much an
improvement over EigerStein as far as step-up goes.

I then used a 2nd disks, and copied ssh/sshd/sshkey to
it.  The ssh packages are downloaded from
http://leaf.sourceforge.net/devel/jnilo

According to the User's Guide at
http://leaf.sourceforge.net/devel/jnilo/openssh2.html,
the sshd is SUPPOSED to run through inetd.  Since I
don't want to regenerate the key everytime, I
commented out the following line from
/etc/init.d/sshd:


#Comment out and edit /etc/inetd.conf to run as a
stand alone server
#echo "Secure Shell server via inetd: sshd"
#exit 0

I ran makekey to generate new keys, it worked.

However, here is my first problem:
1) I can only ssh to my router from my local machines.
 I can NOT ssh to it from my external machines.  Any
ideas?  With EigerStein this was not an issue.

from my external machines, I ran
ssh  -v

I get:
debug: connecting to ...
debug: entering event loop

and it stays there forever.  If I ran "dmesg" on my
router, I see:
Packet log: input DENY eth0 PROTO=6 :39141 :22 L=48 S=0
x00 I=35425 F=0x4000 T=60 SYN (#40)

so it looks like the router is blocking port 22.
However, I explicitely opened port 22 from
/etc/ssh/sshd_config:

#   $OpenBSD: sshd_config,v 1.38 2001/04/15
21:41:29 deraadt Exp $

# This sshd was compiled with
PATH=/usr/bin:/bin:/usr/sbin:/sbin

# This is the sshd server system-wide configuration
file.  See sshd(8)
# for more information.

Port 22
...

2) weblet doesn't really work.  From my internal
machine, if I try to access http://192.168.1.254 (from
Netscape), I get the error of "This page contains no
data".  Is there anything I need to change to activate
it?

thx in advance,

Elvis

__
Music, Movies, Sports, Games! http://entertainment.yahoo.ca

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] serial console access

[Chad Carr]

On Fri, 12 Apr 2002 08:40:01 -0500
"Charles Steinkuehler" <[EMAIL PROTECTED]> wrote:

> > > Bering doesn't have serial support compiled into the kernel.
> >
> > Yes.  True.  I have used the posts at the beginning of this thread to
> > configure my serial-as-a-module kernel to boot, and I get (finally) a
> > login message, but no boot messages.
> >
> > I just get the initial message which lets me know Linux is loading,
> > then nothing until the login prompt.  All I want to know is if there
> > is something I am missing to see this relevant stuff (even if it is
> > just a file to look at or a command to issue post-login)
> 
> Without serial support complied into the kernel, this is all you will
> get. To see kernel boot messages, you need to have serial support
> compiled into the kernel (ie not a module), and you also need to pass
> the kernel a console= parameter, telling it to send messages to the
> serial port.

Okay.  That's what I thought.  There is nothing I can do.  Either it is
compiled in or I don't get boot messages.  It's as simple as that.  I'm
sorry I dragged this out.

Thanks,
Chad

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] sshd and remote login

[Joey Officer]

I have added to my Dachstein setup and have gotten the SSHd to work under
dachstein (using Disk-On-Module), and from within the internal network I can
ssh into the LRP box.  I have added an entry into the hosts.allow file that
is specific to the LRP box on the office side (and vice versa).  But I can
not ssh in from the outside LRP box (outside world).  I have reviewed the
'messages' & 'syslog.log' files and have seen that the machine is being
denied, but where do I look to open that port up?

Joey



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] help with opensshd/weblet/dachstein

[Charles Steinkuehler]

> However, here is my first problem:
> 1) I can only ssh to my router from my local machines.
>  I can NOT ssh to it from my external machines.  Any
> ideas?  With EigerStein this was not an issue.

You probably need to open port 22 in the firewall rules:

EXTERN_TCP_PORTS="0/0_22"

You may also have to edit /etc/hosts.allow, as mentioned previously...

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Changes for new Dachstein release

[Greg Morgan]

Charles Steinkuehler wrote:
> 
> > > - Alter weblet disk-checking script to ignore CD-ROM (always 100% full)
> >
> > I am not following the weblet CD-ROM issue.  I am running weblet 1.2.0
> > off of DCD 1.0.2.  I've clicked all around on the weblet web pages and I
> > do not see where the CD-ROM is reported at all.
> 
> If you mount the CD-ROM, the weblet disk-check script will report an error.
> This only occurs when the CD-ROM is actually mounted (ie it shows up in the
> output of df).  The disk monitoring script should probably be modified to
> ignore read-only media.
> 
ahh.  I see the problem now after I mounted the cdrom.  I didn't
save the original file to do a diff on it, but a weblet checkdisk
solution is listed below.  I am not posting all of it because my message
would get bounced because of html content.  I simply added a case
statement and ignored all lines that are not /dev/ram?  Four lines of
comments explain my rational in the code below.

I hope this helps,
Greg Morgan

for line in `df | grep /dev/` ; do
   # Look at the greped line returned from df.
   # We are only concerned about shortage of space on the ram drives.
   # All other mounted media is presumed to be some sort of boot media.
   # The default case statement will ignore it especially cdroms.
   case $line in
   *ram*)
IFS=$OIFS
set -- $line

DEV=${1#/dev/}

used=${5%\%}
used=${used:-100}

free=${4:-0}
pcnt=$(( ${free} * 100 / ${2:-1} ))

eval WRN_PCNT=\$WRN_DISK_${DEV}_PCNT
eval WRN_K=\$WRN_DISK_${DEV}_K
eval ERR_PCNT=\$ERR_DISK_${DEV}_PCNT
eval ERR_K=\$ERR_DISK_${DEV}_K

WRN_PCNT=${WRN_PCNT:-$WRN_DISK_PCNT}
WRN_K=${WRN_K:-$WRN_DISK_K}
ERR_PCNT=${ERR_PCNT:-$ERR_DISK_PCNT}
ERR_K=${ERR_K:-$ERR_DISK_K}

[ "$pcnt" -le "${WRN_PCNT}" ] && setwarn
[ "$free" -le "${WRN_K}" ] && setwarn
[ "$pcnt" -le "${ERR_PCNT}" ] && seterror
[ "$free" -le "${ERR_K}" ] && seterror
;;
   *) 
continue
;;
   esac
done

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] serial console access

[Charles Steinkuehler]

> > Bering doesn't have serial support compiled into the kernel.
>
> Yes.  True.  I have used the posts at the beginning of this thread to
> configure my serial-as-a-module kernel to boot, and I get (finally) a
> login message, but no boot messages.
>
> I just get the initial message which lets me know Linux is loading, then
> nothing until the login prompt.  All I want to know is if there is
> something I am missing to see this relevant stuff (even if it is just a
> file to look at or a command to issue post-login)

Without serial support complied into the kernel, this is all you will get.
To see kernel boot messages, you need to have serial support compiled into
the kernel (ie not a module), and you also need to pass the kernel a
console= parameter, telling it to send messages to the serial port.

NOTE:  You can have more than one console= setting, for multiple consoles.
Kernel messages will go to all consoles, but standard I/O (like the output
from the linuxrc init script) will only go to the "primary" console, which
is the last console= device listed on the kernel command line.

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Adding to syslinux.cfg on DCD

[Charles Steinkuehler]

> Thanks for the response Charles,
> I am planning to burn a new CD but I don't see where to edit
> syslinux.cfg
> to use when burning the new CD. I can copy it from a boot floppy but
> where do I have winimage put it to replace the current one on the ISO
> image?

As mentioned, you have to modify the bootdisk.bin file on the ISO image,
which is a 1440K floppy disk boot image.

NOTE:  You have to do more than simply edit the bootdisk.bin file, and put
it on your new CD image.  The important thing is to use your modified
bootdisk.bin image when making the CD-ROM bootable.  The actual boot image
used by the BIOS when booting the CD is *NOT* the bootdisk.bin file, but is
actually data "hidden" on the ISO image...the bootdisk.bin file is there
simply for your convinence.  The CD-ROM readme contains an example mkisofs
command you can use to re-create a working bootable CD Image.

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] STEP 1 IN INSTALLING BERING WITH ADSL-ALCATEL SPEEDTOUCH ON ETHER NET

[Jacques Nilo]

> I'm new to this Linux world, but I have extensive
knowledge to the other
> side of the computer inudstry. This is my first
invention with Linux and my
> first LRP experience.
>
> I need help regarding how to get my LRP working. I have
the newest Bering
> release and I'm trying to get it to work. The LRP PC is
a 486/66 with 32Mb
> Ram, CD, 512MB HD. Two 3Com PCI Ethernet Cards. My
modem is an external
> Alcatel Speedtouch ADSL modem connected via Ethernet.
>
> The modem has IP: 10.0.0.138 and it's set. How the
provider and the modem
> communicate, is not of my concirn, is it??
>
> So far I have figured out the right net cards, so eth0
is connected to the
> modem and eth1 to the hub. I have pinged eth1, and it's
ok. I have pinged
> the modem, and it responds.

You do not tell us which variety of speedtouch ADSL Modem
version you have. Be careful to load the USB modules if
you have got the USB version.

AFAIK this modem requires a special driver. Check:
http://www.tldp.org/HOWTO/DSL-HOWTO/speedtouchusb.html

You also need to know the type of connection you will
need to talk to your modem. Speedtouch supports both
PPPoE and PPPoA but you have to check the one which is
supported by your ISP. Bering supports both types of
connection.

Let me know the precise reference of your modem.
http://www.speedtouchdsl.com/homeprod.htm

Let me know the type of connection you need to use (PPPoE
or PPPoA) and I will compile the driver (if required) for
you and help you to setup your connection. This is a very
popular modem here in Europe and could be useful to some
other folks.

Jacques



--
Profitez de l'offre spéciale Tiscali Liberty Surf !
50% de temps en plus pendant 3 mois sur tous les forfaits Internet.

http://register.libertysurf.fr/subscribe_fr/signup.php3



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] serial console access

[Joey Officer]

There is a setting that defines the where to send boot messages, however
this will eliminate the message on the console (pc/monitor).  Whichever the
last 'console' setting is, is where the messages will be sent .. ie:

console=tty0 console=ttyS0,19200n8 would send all relavent information to
the serial console (check the syntax, it might be wrong).

Joey


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Chad Carr
Sent: Thursday, April 11, 2002 10:34 PM
To: Mike Noyes
Cc: [EMAIL PROTECTED]
Subject: Re: [Leaf-user] serial console access

On 11 Apr 2002 09:09:42 -0700
"Mike Noyes" <[EMAIL PROTECTED]> wrote:

> On Thu, 2002-04-11 at 08:45, guitarlynn wrote:
> > Boot messages are set in Syslinux, not the LEAF OS until the kernel
> > gives up control to INIT. The console keyword in /syslinux.cfg should
> > point to the serial port instead of tty if your planning to run
> > headless. Charles serial HowTo and the Serial Console FAQ aptly
> > covers this change as well. All LEAF kernels except DF small should
> > have serial support compiled in, so usually kernel support isn't an
> > issue in the least.
>
> Lynn,
> Bering doesn't have serial support compiled into the kernel.

Yes.  True.  I have used the posts at the beginning of this thread to
configure my serial-as-a-module kernel to boot, and I get (finally) a
login message, but no boot messages.

I just get the initial message which lets me know Linux is loading, then
nothing until the login prompt.  All I want to know is if there is
something I am missing to see this relevant stuff (even if it is just a
file to look at or a command to issue post-login)

Thanks,
Chad


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Adding to syslinux.cfg on DCD

[guitarlynn]

On Thursday 11 April 2002 18:43, Kory Krofft wrote:
> How do I edit syslinux.cfg on the DCD image? I have winimage and can
> view the ISO image but I don't see syslinux.cfg. I want to add the
> serial terminal redirect to it so I will see boot messages.

Use Winimage to make a bootdisk out of "bootdisk.bin" on the cd, then
modify the syslinux.cfg on the bootdisk. You can then make an image
of your modified boot floppy (bootdisk.bin) and copy it over the 
bootdisk.bin file (image) on the ISO image.


> Also, am I correct in thinking that I can replace the .lrp files in
> the image with my floppy backups and reburn to get a "floppyless"
> setup once I have it all configured?

Yep!

-- 

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] STEP 1 IN INSTALLING BERING WITH ADSL-ALCATEL SPEEDTOUCH ON ETHER NET

[guitarlynn]

On Friday 12 April 2002 04:51, Thorolfsson, Halldor -Civ wrote:

> So far it looks like I have gotten the Bering to work, but how to I
> test the connection to the internet? Can anybody please help me with
> this one?
>

Halldor,

Try:
ping www.yahoo.com

I hope this helps!
-- 

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] STEP 1 IN INSTALLING BERING WITH ADSL-ALCATEL SPEEDTOUCH ON ETHERNET

[Thorolfsson, Halldor -Civ]

Hello there.

I'm new to this Linux world, but I have extensive knowledge to the other
side of the computer inudstry. This is my first invention with Linux and my
first LRP experience.

I need help regarding how to get my LRP working. I have the newest Bering
release and I'm trying to get it to work. The LRP PC is a 486/66 with 32Mb
Ram, CD, 512MB HD. Two 3Com PCI Ethernet Cards. My modem is an external
Alcatel Speedtouch ADSL modem connected via Ethernet.

The modem has IP: 10.0.0.138 and it's set. How the provider and the modem
communicate, is not of my concirn, is it??

So far I have figured out the right net cards, so eth0 is connected to the
modem and eth1 to the hub. I have pinged eth1, and it's ok. I have pinged
the modem, and it responds. 

So far it looks like I have gotten the Bering to work, but how to I test the
connection to the internet? Can anybody please help me with this one?

Regards
Halldor Thorolfsson
Iceland.


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] help with opensshd/weblet/dachstein

[Victor McAllister]

"Chen, Elvis" wrote:

> Greetings,
>
> I'm a long time user of LRP.  My last LRP was a
> 2-disks EigerStein with ssh/sshd and it worked great.
> I have decided to give Dachstein a try but ran into 2
> problems, and I seek your help.
>
> Here is how I got Dachstein to work with my cable
> modem (Cogeco@Ontario, Canada).
> I downloaded the Dachstein 1680 image from
> http://leaf.sourceforge.net/devel/cstein/DiskImages/Dachstein.htm
> and wrote it to a desk.  Added modules for my ethernet
> card, changed the host name, configured dhclient, and
> it worked perfectly with my cable modem.  No other
> modification was needed.  Dachstein is much an
> improvement over EigerStein as far as step-up goes.
>
> I then used a 2nd disks, and copied ssh/sshd/sshkey to
> it.  The ssh packages are downloaded from
> http://leaf.sourceforge.net/devel/jnilo
>
> According to the User's Guide at
> http://leaf.sourceforge.net/devel/jnilo/openssh2.html,
> the sshd is SUPPOSED to run through inetd.  Since I
> don't want to regenerate the key everytime, I
> commented out the following line from
> /etc/init.d/sshd:
>
> #Comment out and edit /etc/inetd.conf to run as a
> stand alone server
> #echo "Secure Shell server via inetd: sshd"
> #exit 0
>
> I ran makekey to generate new keys, it worked.
>
> However, here is my first problem:
> 1) I can only ssh to my router from my local machines.
>  I can NOT ssh to it from my external machines.  Any
> ideas?  With EigerStein this was not an issue.
>
> from my external machines, I ran
> ssh  -v
>
> I get:
> debug: connecting to ...
> debug: entering event loop
>
> and it stays there forever.  If I ran "dmesg" on my
> router, I see:
> Packet log: input DENY eth0 PROTO=6  IP>:39141 :22 L=48 S=0
> x00 I=35425 F=0x4000 T=60 SYN (#40)
>
> so it looks like the router is blocking port 22.
> However, I explicitely opened port 22 from
> /etc/ssh/sshd_config:
>
> #   $OpenBSD: sshd_config,v 1.38 2001/04/15
> 21:41:29 deraadt Exp $
>
> # This sshd was compiled with
> PATH=/usr/bin:/bin:/usr/sbin:/sbin
>
> # This is the sshd server system-wide configuration
> file.  See sshd(8)
> # for more information.
>
> Port 22
> ...
>
> 2) weblet doesn't really work.  From my internal
> machine, if I try to access http://192.168.1.254 (from
> Netscape), I get the error of "This page contains no
> data".  Is there anything I need to change to activate
> it?
>
> thx in advance,
>
> Elvis
>

I believe sshd is compiled to check the /etc/hosts.allow and
/etc/hosts.deny files. Your /etc/hosts.allow may need an sshd line added

ALL: 192.168.1.0/255.255.255.0
sshd: ip.ad.dr.ess / mask of the external network you want to give access
to.

Don't put this unless you really want everyone on the net to have a go at
it.
sshd: ALL

Is weblet loading?

do an "lrpkg -l " for a list of packages loaded.
Thats a lower case L not a one.



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user