[Leaf-user] [ leaf-Support Requests-547455 ] Log messages. Customize
Support Requests item #547455, was opened at 2002-04-23 01:09 You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=547455group_id=13751 Category: Release/Branch: Bering Group: None Status: Open Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: Log messages. Customize Initial Comment: Hi I am using Bering firewall and I've blocked traffic from my routers port 520. I'm asking what do I have to modify that that 520 port deny's are not logged to messages, cause it only floods that log? Please I've tried to gather that information but not successed. -- You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=547455group_id=13751 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Syslogd delay
Hi. I'm a newbie in LRP world and I have a question on Bering distro. During the boot, syslogd waits for more than 3 minutes prior to continue the boot sequence. I've disabled all the logging functions without any changes in the delay time. Is it possible to use another (maybe better) syslogger in my Bering system ?? Thanks in advance for the answers. Best Regards Ruggero Rissone Italy ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Bering on HD ??
I've read that it's possible to install Bering on CD. Could someone tell me the procedure for installing Bering on Hard Disk ?? Thanks in advance Ruggero ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Bering on HD ??
That seems to be the simplest since all data (modules/packages and boot files) are then in the same media. Reading http://leaf.sourceforge.net/pub/doc/howto/LRPHardDiskHOWTO.txt should help. But anyway, the idea of the Bering and other distributons is to use low cost pc with small size systems. Maybe I'm wrong :) Rissone Ruggero wrote: I've read that it's possible to install Bering on CD. Could someone tell me the procedure for installing Bering on Hard Disk ?? Thanks in advance Ruggero ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] [ leaf-Support Requests-547477 ] Log messages. Customize
Support Requests item #547477, was opened at 2002-04-23 02:30 You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=547477group_id=13751 Category: Release/Branch: Bering Group: None Status: Open Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: Log messages. Customize Initial Comment: Hi I am using Bering firewall and I've blocked traffic from my routers port 520. I'm asking what do I have to modify that that 520 port deny's are not logged to messages, cause it only floods that log? Please I've tried to gather that information but not successed. -- You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=547477group_id=13751 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] [ leaf-Support Requests-547455 ] Log messages. Customize
Support Requests item #547455, was opened at 2002-04-23 01:09 You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=547455group_id=13751 Category: Release/Branch: Bering Group: None Status: Deleted Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: Log messages. Customize Initial Comment: Hi I am using Bering firewall and I've blocked traffic from my routers port 520. I'm asking what do I have to modify that that 520 port deny's are not logged to messages, cause it only floods that log? Please I've tried to gather that information but not successed. -- Comment By: Mike Noyes (mhnoyes) Date: 2002-04-23 05:53 Message: Logged In: YES user_id=39521 Duplicate SR: [ 547477 ] Log messages. Customize https://sourceforge.net/tracker/?func=detailaid=547477group_id=13751atid=213751 -- You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=547455group_id=13751 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Compact Flash
Hello, I have been using both Dachstein and Bering for the last few months, I now want to start working with compact flash cards, can anyone point me in the right direction to start off. I am just looking for some general links to recomended cards and where to look for How-To's etc. I will probably be back looking for lots more information once I get started :} Thanks Paul ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] VPN error, please help
Thank you very Charles, I will modify the RSA key in the config when I get home. In the network.conf I have EXTERN_PROTO0=50 0/0 EXTERN_PROTO1=51 0/0 and EXTERN_UDP_PORTS=0/0_500 on both sides so I think I do not have to set firewall=yes, right? You are correct. With the above entries in network.conf, you do not need FreeS/WAN to generate firewall holes for the IPSec packets. An additional side benifit of using network.conf to create the firewall rules is you can modify your firewall rules while running (ie edit network.conf and run net ipfilter reload) without bringing down any VPN tunnels. If you use the FreeS/WAN [left|right]firewall=yes to do this, you have to shut down IPSec, reload your firewall rules, the re-start ipsec. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Compact Flash
I'll leave the experts to comment on the software how-tos. Suffice to say if you follow the instructions for setting up an IDE drive it is essentially the same. I would like to recommend an excellent source of supply for CF to IDE cards. See http://www.pcengines.com/cflash.htm The cards are cheap, reliable and usually shipped the next day. I have ordered several and have always had good service. (I am not connected with the company.) rgds/andy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of brooksp5 Sent: 23 April 2002 13:26 To: [EMAIL PROTECTED] Subject: [Leaf-user] Compact Flash Hello, I have been using both Dachstein and Bering for the last few months, I now want to start working with compact flash cards, can anyone point me in the right direction to start off. I am just looking for some general links to recomended cards and where to look for How-To's etc. I will probably be back looking for lots more information once I get started :} Thanks Paul ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Compact Flash
Sandisk for cards and adapters. Pricewatch has good deals on the cards. Plug in to IDE primary master. They come preformatted as bootable Fat16 so a Leaf Router will just copy after you use syslinux to load the loader. Same procedure as hard disk. If you want to go ext2, I can probably advise. Remember, these devices are only writable about a million times, so no logging. brooksp5 [EMAIL PROTECTED] on 04/23/2002 07:26:26 AM To: [EMAIL PROTECTED] cc:(bcc: Phillip Watts/austin/Nlynx) Subject: [Leaf-user] Compact Flash Hello, I have been using both Dachstein and Bering for the last few months, I now want to start working with compact flash cards, can anyone point me in the right direction to start off. I am just looking for some general links to recomended cards and where to look for How-To's etc. I will probably be back looking for lots more information once I get started :} Thanks Paul ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] [ leaf-Support Requests-512515 ] Buggy Alcatel adsl modem's dhcp server
Support Requests item #512515, was opened at 2002-02-03 15:01 You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=512515group_id=13751 Category: Release/Branch: Dachstein Group: None Status: Closed Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: Buggy Alcatel adsl modem's dhcp server Initial Comment: Hello, I'm trying to get my dachstein router working in combination with my Alcatel Speedtouch ADSL modem. It has an option for DHCP spoofing, so theorethically al I need to do is setup DHCP on my external interface and that's it. Sadly, alcatel has made a buggy DHCP server- implementation on their modems which has the feature of only giving the last 3 bytes of the ip-adress instead of the subnet mask. The current dhclient doesn't really like this... Could anyone provide a patched dhclient package which resolves this issue or a modified dhcpclient-script that hardcodes the subnetmask to 255.255.255.255 (i think that should also do the trick). I already found a patched version of client.c which someone else wrote for pathing his RedHat install, maybe it's useful for adressing this problem under LRP Thanks in advance, Thijs *** client.c.orig Sun Aug 5 12:14:21 2001 --- client.c Sun Aug 5 12:22:12 2001 *** *** 469,476 memcpy(p-sin_addr.s_addr,DhcpOptions.val [subnetMask],4); if ( ioctl(dhcpSocket,SIOCSIFNETMASK,ifr) == -1 ) /* setting netmask */ { ! syslog(LOG_ERR,dhcpConfig: ioctl SIOCSIFNETMASK: % m ); ! return -1; } memcpy(p-sin_addr.s_addr,DhcpOptions.val [broadcastAddr],4); if ( ioctl(dhcpSocket,SIOCSIFBRDADDR,ifr) == -1 ) /* setting broadcast address */ --- 469,480 memcpy(p-sin_addr.s_addr,DhcpOptions.val [subnetMask],4); if ( ioctl(dhcpSocket,SIOCSIFNETMASK,ifr) == -1 ) /* setting netmask */ { ! p-sin_addr.s_addr = 0x; /* try 255.255.255.255 */ ! if ( ioctl(dhcpSocket,SIOCSIFNETMASK,ifr) == -1 ) ! { ! syslog(LOG_ERR,dhcpConfig: ioctl SIOCSIFNETMASK: % m ); ! return -1; ! } } memcpy(p-sin_addr.s_addr,DhcpOptions.val [broadcastAddr],4); if ( ioctl(dhcpSocket,SIOCSIFBRDADDR,ifr) == -1 ) /* setting broadcast address */ -- Comment By: Mike Noyes (mhnoyes) Date: 2002-04-23 06:02 Message: Logged In: YES user_id=39521 No reply in over one month, so I'm closing this support request. If you still have problems, please open a new support request. -- Comment By: Lynn Avants (guitarlynn) Date: 2002-03-18 17:26 Message: Logged In: YES user_id=176069 Well, the source won't help much since it is in C and we shell-script the dhcp scripts with LEAF. You could change the netmask in all instances of ip addr, ip route...,and ip link ., but this would involve going through roughly 300+ lines of code. If you have a static option with the modem, it would be consideably easier. LEAF firewalls all do ip spoofing by default, so you are not gaining anything by using this option with your modem. Is this possible??? -- You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=512515group_id=13751 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] VPN tunnel up, but can't reach other subnet
CS Forgot to include LEAF list in previous reply... - Original Message - From: Rein Inge Hoff [EMAIL PROTECTED] To: Charles Steinkuehler [EMAIL PROTECTED] Sent: Tuesday, April 23, 2002 7:27 AM Subject: Re: [Leaf-user] VPN tunnel up, but can't reach other subnet Hi Charles, I am still not able to operate with this setup. I have tried all the things you and others have suggested but with no luck. Below the latest email I received from you is the output from ipsec barf. Do you see any errors or misconfigurations here? Thanks alot for the help so far. CS I don't really see anything wrong. At first, I thought you were missing the [left|right]nexthop settings, but then I noticed that's because you're running both endpoints on the same subnet. About the only thing I can suggest to try is removing the default and opportunistic connection entries, so you have a single connection entry for the tunnel you're trying to build. If that doesn't help, you'll probably have to post your barf to the FreeS/WAN list, where there are hopefully more knowledgable folks...I'm not exactly an IPSec guru, I just got the code running on LEAF, and managed to get a few tunnels up running. CS I also notice you're setting auto=add. You realize this means you'll have to manually start the connection (using ipsec auto --up connection) from one end or the other, right? If you want the connection to start automatically, use auto=start. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] [ leaf-Support Requests-536605 ] Oxygen installation: howto location
Support Requests item #536605, was opened at 2002-03-28 20:22 You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=536605group_id=13751 Category: Release/Branch: Oxygen Group: None Status: Open Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: Oxygen installation: howto location Initial Comment: I have downloaded the three version 1.8 Oxygen .bin files from LEAF. As I am new to Linux, and cannot locate the necessary HOWTO, can someone please help with the instruction on how to install Oxygen?. The three Oxygen files have been downloaded to a Windows system, and are to be installed to a seperate PC (that meets the minimum specified requirements). My hope is to create a bootable CD. I would appreciate any help. Many Thanks Greg G -- Comment By: Mike Noyes (mhnoyes) Date: 2002-04-23 06:15 Message: Logged In: YES user_id=39521 This page may help you get started. http://leaf.sourceforge.net/mod.php?mod=userpagemenu=90001page_id=16 -- You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=536605group_id=13751 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] VPN tunnel up, but can't reach other subnet
Make sure that you've done the ipsec auto -route name that was the problem I had before, also the -up command Joey -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Charles Steinkuehler Sent: Tuesday, April 23, 2002 10:39 AM To: Rein Inge Hoff Cc: [EMAIL PROTECTED] Subject: Re: [Leaf-user] VPN tunnel up, but can't reach other subnet CS Forgot to include LEAF list in previous reply... - Original Message - From: Rein Inge Hoff [EMAIL PROTECTED] To: Charles Steinkuehler [EMAIL PROTECTED] Sent: Tuesday, April 23, 2002 7:27 AM Subject: Re: [Leaf-user] VPN tunnel up, but can't reach other subnet Hi Charles, I am still not able to operate with this setup. I have tried all the things you and others have suggested but with no luck. Below the latest email I received from you is the output from ipsec barf. Do you see any errors or misconfigurations here? Thanks alot for the help so far. CS I don't really see anything wrong. At first, I thought you were missing the [left|right]nexthop settings, but then I noticed that's because you're running both endpoints on the same subnet. About the only thing I can suggest to try is removing the default and opportunistic connection entries, so you have a single connection entry for the tunnel you're trying to build. If that doesn't help, you'll probably have to post your barf to the FreeS/WAN list, where there are hopefully more knowledgable folks...I'm not exactly an IPSec guru, I just got the code running on LEAF, and managed to get a few tunnels up running. CS I also notice you're setting auto=add. You realize this means you'll have to manually start the connection (using ipsec auto --up connection) from one end or the other, right? If you want the connection to start automatically, use auto=start. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Syslogd delay
Aanhalen Rissone Ruggero [EMAIL PROTECTED]: I had the same issue, probably has something to do with name resolution. Check you /etc/hosts /etc/resolv.conf for incorrect settings. Kim Hi. I'm a newbie in LRP world and I have a question on Bering distro. During the boot, syslogd waits for more than 3 minutes prior to continue the boot sequence. I've disabled all the logging functions without any changes in the delay time. Is it possible to use another (maybe better) syslogger in my Bering system ?? Thanks in advance for the answers. Best Regards Ruggero Rissone Italy ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user - This mail sent through Tiscali Webmail (http://webmail.tiscali.be) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Bering on HD ??
Aanhalen Przemyslaw Rudy [EMAIL PROTECTED]: I don't think bering has builtin support for ide so booting might be a problem. Unless /boot/lib/modules can help. But if I am not mistaken that won't allow you to put lrp packages on that disk since those modules are loaded after unpacking the lrp packages. Could be just mumbling here though. Jacques any insight here? Could we use modules to boot from HDD? Kim That seems to be the simplest since all data (modules/packages and boot files) are then in the same media. Reading http://leaf.sourceforge.net/pub/doc/howto/LRPHardDiskHOWTO.txt should help. But anyway, the idea of the Bering and other distributons is to use low cost pc with small size systems. Maybe I'm wrong :) Rissone Ruggero wrote: I've read that it's possible to install Bering on CD. Could someone tell me the procedure for installing Bering on Hard Disk ?? Thanks in advance Ruggero ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user - This mail sent through Tiscali Webmail (http://webmail.tiscali.be) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Syslogd delay
I don't know exactly what your problem is, but 3 minutes is a big hint. This length of delay is usually associated with a reverse-lookup failure. Your DNS resolver is trying to get the name associated with some IP address and failing to do so; it waits for 3 minutes before timing out. How to fix it? That depends on the details of your setup, which will tell you what address the router is trying to look up (probably at the behest of syslogd, based on your report). You might add an appropriate entry to your DNS server, or you might put an entry in the router's /etc/hosts file ... or maybe something else I'm not thinking of this early in the morning. Without knowing the details of your setup, I cannot offer more specific advice. Except that this is, almost surely, not a problem with syslogd itself, so switching to a better one won't fix it. At 10:38 AM 4/23/02 +0200, Rissone Ruggero wrote: Hi. I'm a newbie in LRP world and I have a question on Bering distro. During the boot, syslogd waits for more than 3 minutes prior to continue the boot sequence. I've disabled all the logging functions without any changes in the delay time. Is it possible to use another (maybe better) syslogger in my Bering system ?? -- Never tell me the odds!--- Ray Olszewski-- Han Solo Palo Alto, CA[EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] [ leaf-Support Requests-542543 ] Bering development: kernel compression?
Support Requests item #542543, was opened at 2002-04-11 08:39 You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=542543group_id=13751 Category: Release/Branch: Bering Group: None Status: Open Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: Bering development: kernel compression? Initial Comment: i am working with the bering distro and building a custom kernel. i started with the bering.config that is on the ftp server and added ntfs write (yes, i know but i have to prove it). The compiled kernel that i got was 597k. i doubt that the ntfs write is responsible for all of that difference in size (124k). Did you do anything to compress the kernel that ships on the diskette image? thanks, dean -- Comment By: Mike Noyes (mhnoyes) Date: 2002-04-23 06:46 Message: Logged In: YES user_id=39521 Dean, Bering uses UPX to compress the kernel. http://freshmeat.net/projects/upx/ -- You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=542543group_id=13751 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] [ leaf-Support Requests-542543 ] Bering development: kernel compression?
Support Requests item #542543, was opened at 2002-04-11 08:39 You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=542543group_id=13751 Category: Release/Branch: Bering Group: None Status: Open Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: Bering development: kernel compression? Initial Comment: i am working with the bering distro and building a custom kernel. i started with the bering.config that is on the ftp server and added ntfs write (yes, i know but i have to prove it). The compiled kernel that i got was 597k. i doubt that the ntfs write is responsible for all of that difference in size (124k). Did you do anything to compress the kernel that ships on the diskette image? thanks, dean -- Comment By: Nobody/Anonymous (nobody) Date: 2002-04-23 06:49 Message: Logged In: NO that's what i thought. thanks, dean -- Comment By: Mike Noyes (mhnoyes) Date: 2002-04-23 06:46 Message: Logged In: YES user_id=39521 Dean, Bering uses UPX to compress the kernel. http://freshmeat.net/projects/upx/ -- You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=542543group_id=13751 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] [ leaf-Support Requests-542543 ] Bering development: kernel compression?
Support Requests item #542543, was opened at 2002-04-11 08:39 You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=542543group_id=13751 Category: Release/Branch: Bering Group: None Status: Closed Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: Bering development: kernel compression? Initial Comment: i am working with the bering distro and building a custom kernel. i started with the bering.config that is on the ftp server and added ntfs write (yes, i know but i have to prove it). The compiled kernel that i got was 597k. i doubt that the ntfs write is responsible for all of that difference in size (124k). Did you do anything to compress the kernel that ships on the diskette image? thanks, dean -- Comment By: Mike Noyes (mhnoyes) Date: 2002-04-23 07:03 Message: Logged In: YES user_id=39521 Based on the most recent comment on this support request, it is our understanding that this matter has been addressed. Should you require further assistance from the LEAF project members, please submit a new support request. Thank you, leaf-project.org support -- Comment By: Nobody/Anonymous (nobody) Date: 2002-04-23 06:49 Message: Logged In: NO that's what i thought. thanks, dean -- Comment By: Mike Noyes (mhnoyes) Date: 2002-04-23 06:46 Message: Logged In: YES user_id=39521 Dean, Bering uses UPX to compress the kernel. http://freshmeat.net/projects/upx/ -- You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=542543group_id=13751 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Bering on HD ??
Hi, Aanhalen Przemyslaw Rudy [EMAIL PROTECTED]: I don't think bering has builtin support for ide so booting might be a problem. Unless /boot/lib/modules can help. But if I am not mistaken that /boot/lib/modules is stored in initrd.lrp so the modules there are loaded from the boot device by syslinux. So when linuxrc is run, the modules are loaded and the packages located on the HD can be loaded if the parameters on the syslinux.cfg are correctly set. you need ide-mod.o ide-disk.o ide-probe-mod.o and for cd ide-cd.o isofs.o in /boot/lib/modules and boot=/dev/hda1,msdos PKGPATH=/dev/hda1 in syslinux.cfg (hda1 to be changed according to your setup) the easiest is to prepare a standard bering floppy (bad summary from the lrpharddisk howtp...) - boot it - copy the modules in /boot/lib/modules - backup initrd - boot with a dos floppy - fdsik/format your partition - use syslinux to install the boot loader ( don't forget the lock command before syslinux) copy all files from your bering floppy to the hd edit syslinux.cfg ( see above) remove the floppy... reboot won't allow you to put lrp packages on that disk since those modules are loaded after unpacking the lrp packages. Could be just mumbling here though. Jacques any insight here? Could we use modules to boot from HDD? Kim That seems to be the simplest since all data (modules/packages and boot files) are then in the same media. Reading http://leaf.sourceforge.net/pub/doc/howto/LRPHardDiskHOWTO.txt should help. But anyway, the idea of the Bering and other distributons is to use low cost pc with small size systems. Maybe I'm wrong :) Rissone Ruggero wrote: I've read that it's possible to install Bering on CD. Could someone tell me the procedure for installing Bering on Hard Disk ?? Thanks in advance Ruggero ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user - This mail sent through Tiscali Webmail (http://webmail.tiscali.be) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Nagasaki Disk On Module Update
Group, Here is the latest in the Nagasaki saga... All communications left in tact intentionally... Steve - Dear Steve, Our newest design DOM's protected function is hardware mode. We will send our utility to you , you can install this utility on your linux major program. That will become hardware protected function . Please let me know how many capacity that you need? Regards Andy - Original Message - From: Steve Fink To: Andy Chen Sent: Saturday, April 20, 2002 12:51 AM Subject: RE: Disk On Module Password Andy, How does the write protect version work? Is it write protect version software or hardware protected? Thanks, Steve -Original Message- From: Andy Chen [mailto:[EMAIL PROTECTED]] Sent: Friday, April 19, 2002 2:23 AM To: Steve Fink Cc: [EMAIL PROTECTED] Subject: Re: Disk On Module Password Dear Steve, We can offer our protect version of DOM on April 26~27. The first version is 40 pin vertical type DOM. The price will be increase 15~20%. Please confirm. We can offer the follows capacity of protect DOM: 4MB 16MB 32MB 64MB We will not offer write protect's program to any customer, please confirm, thanks. Regards Andy - Original Message - From: Steve Fink To: andy Sent: Tuesday, April 02, 2002 11:17 PM Subject: RE: Disk On Module Password Andy, Thank you for your prompt reply. I am currently using three Nagasaki DOM's in my firewalls. They work great! The firewall boots in about 14 seconds, extremely fast! I want to set a password on the DOM itself so if the firewall is penetrated by an outside source, they cannot write to the DOM. The scenario is this I create my software and put it onto the DOM then set the password, so it cannot be written to without entering the password. The utility could work much the same way, the first time the password is set the utility assumes the person running the utility is the owner and sets the password. Then every subsequent time it needs to be written to the same utility has to be used to unlock the DOM. The utility can check the DOM and verify that the user has authorization to modify the DOM based on the password and then unlock the DOM for writing. Then files are written to the DOM and then the utility is re-run and the DOM locked again. Any assistance would be much appreciated, Thanks in advance, Steve -Original Message- From: andy [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 02, 2002 2:44 AM To: Steve Fink Cc: [EMAIL PROTECTED] Subject: Re: Disk On Module Password Dear Steve, Please enter into BIOS setting, there have a User password that you can setting. If you ask our if our DOM can setting password or security function , I have some questions are as follows: 1. What kinds of password or security function that you want to use?? More detail is great. 2. Do you ever use another company's DOM have this function ? What is the brand? 3. We can do a easy security for you, but you need to send it back to us. 4. We can not offer this utility to our customer, because if we offer this utility to customer , the security is do not make a sence. If you need anything else, please contact with me, thanks. Regards Andy - Original Message - From: Steve Fink To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, April 02, 2002 4:47 PM Subject: Disk On Module Password Dear Sales, I attempted to fill out the form on your website for support, unfortunately it does not complete the process. Could you please forward this message to support? Thank you. Dear Support, I own three Disk On Modules. I was reading the technical pdf for the product and can see where it is possible to set a password on the DOM. Is there a utility to set this password? Or how would one go about setting the password? Thanks in advance, Steve Fink ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] VPN error, please help
Thank you Charles. After making the RSA right, I restarted the ipsec service on both side and then I try to ping a machine on 192.168.1.x from 192.168.9.x subnet but the ping times out and there is nothing in auth.log or syslog suggesting a reason. Could you please suggest what I should look at now? I am including the log messages and the config files. BTW, both ends have dynamic IPs but they do not change for long time. The left, leftnexthop, right and rightnexthop are extracted from the file /var/state/dhcp/dhclient.leases Here is the auth.log after restarting the ipsec service: on 192.168.1.x 3 Apr 23 12:07:17 router Pluto[18965]: Starting Pluto (FreeS/WAN Version 1.91) Apr 23 12:07:18 router Pluto[18965]: added connection description Binh Apr 23 12:07:18 router Pluto[18965]: listening for IKE messages Apr 23 12:07:18 router Pluto[18965]: adding interface ipsec0/eth0 24.76.93.9 Apr 23 12:07:18 router Pluto[18965]: loading secrets from /etc/ipsec.secrets Apr 23 12:07:19 router Pluto[18965]: Binh #1: initiating Main Mode Apr 23 12:07:19 router Pluto[18965]: some IKE message we sent has been rejected with ECONNREFUSED (kernel supplied no details) ^^^ probably because I started this before the other end Apr 23 12:07:58 router Pluto[18965]: Binh #2: responding to Main Mode Apr 23 12:07:59 router Pluto[18965]: Binh #2: STATE_MAIN_R3: sent MR3, ISAKMP SA established Apr 23 12:07:59 router Pluto[18965]: Binh #3: responding to Quick Mode Apr 23 12:07:59 router Pluto[18965]: Binh #3: STATE_QUICK_R2: IPsec SA established Apr 23 12:08:29 router Pluto[18965]: Binh #1: STATE_MAIN_I4: ISAKMP SA established Apr 23 12:08:29 router Pluto[18965]: Binh #4: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS Apr 23 12:08:29 router Pluto[18965]: Binh #4: STATE_QUICK_I2: sent QI2, IPsec SA established # On 192.168.9.x Apr 23 12:07:58 router Pluto[11171]: Starting Pluto (FreeS/WAN Version 1.91) Apr 23 12:07:58 router Pluto[11171]: added connection description CuHoi Apr 23 12:07:58 router Pluto[11171]: listening for IKE messages Apr 23 12:07:58 router Pluto[11171]: adding interface ipsec0/eth0 24.83.28.213 Apr 23 12:07:58 router Pluto[11171]: loading secrets from /etc/ipsec.secrets Apr 23 12:07:58 router Pluto[11171]: CuHoi #1: initiating Main Mode Apr 23 12:07:59 router Pluto[11171]: CuHoi #1: STATE_MAIN_I4: ISAKMP SA established Apr 23 12:07:59 router Pluto[11171]: CuHoi #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS Apr 23 12:07:59 router Pluto[11171]: CuHoi #2: STATE_QUICK_I2: sent QI2, IPsec SA established Apr 23 12:08:29 router Pluto[11171]: CuHoi #3: responding to Main Mode Apr 23 12:08:29 router Pluto[11171]: CuHoi #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established Apr 23 12:08:29 router Pluto[11171]: CuHoi #4: responding to Quick Mode Apr 23 12:08:30 router Pluto[11171]: CuHoi #4: STATE_QUICK_R2: IPsec SA established I also try ipsec look on both sides and saw the following: ## On 192.168.1.x side router Tue Apr 23 12:41:00 PDT 2002 192.168.1.0/24 - 192.168.9.0/24 = [EMAIL PROTECTED] [EMAIL PROTECTED] (0) ipsec0-eth0 mtu=16260(1500)-1500 [EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=out src=24.76.93.9 iv_bits=64bits iv=0xc6c1541a7d8b3da7 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=add(14,0,0) [EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=in src=24.83.28.213 iv_bits=64bits iv=0xe22a68599253e1dc ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=add(14,0,0) [EMAIL PROTECTED] IPIP: dir=in src=24.83.28.213 life(c,s,h)=add(14,0,0) [EMAIL PROTECTED] IPIP: dir=out src=24.76.93.9 life(c,s,h)=add(14,0,0) Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 24.76.92.1 0.0.0.0 UG0 0 0 eth0 192.168.9.0 24.76.92.1 255.255.255.0 UG0 0 0 ipsec0 24.76.92.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0 24.76.92.0 0.0.0.0 255.255.252.0 U 0 0 0 ipsec0 ### On 192.168.9.x side router Tue Apr 23 12:40:24 PDT 2002 192.168.9.0/24 - 192.168.1.0/24 = [EMAIL PROTECTED] [EMAIL PROTECTED] (0) ipsec0-eth0 mtu=16260(1500)-1500 [EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=in src=24.76.93.9 iv_bits=64bits iv=0x5d9e98819d25068d ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=add(106,0,0) [EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=out src=24.83.28.213 iv_bits=64bits iv=0x603513885b325daf ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=add(106,0,0) [EMAIL PROTECTED] IPIP: dir=in src=24.76.93.9 life(c,s,h)=add(106,0,0) [EMAIL PROTECTED] IPIP: dir=out src=24.83.28.213 life(c,s,h)=add(106,0,0) Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 24.83.28.1 0.0.0.0 UG0 0 0 eth0 192.168.1.0 24.83.28.1 255.255.255.0 UG0 0 0 ipsec0 24.83.28.0 0.0.0.0 255.255.252.0 U 0 0
RE: [Leaf-user] Nagasaki Disk On Module Update
Hmm.. it sounds like to me that the utility is a software solution. That'll work as long as it is backwards compatible with the older designs. Surely it is.. otherwise I'll be disappointed in myself for not waiting... Keep us informed when you get the utility to see if we can incorporate it into the LRP distro... Joey -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steve Fink Sent: Tuesday, April 23, 2002 1:25 PM To: LEAF-List Subject: [Leaf-user] Nagasaki Disk On Module Update Group, Here is the latest in the Nagasaki saga... All communications left in tact intentionally... Steve - Dear Steve, Our newest design DOM's protected function is hardware mode. We will send our utility to you , you can install this utility on your linux major program. That will become hardware protected function . Please let me know how many capacity that you need? Regards Andy - Original Message - From: Steve Fink To: Andy Chen Sent: Saturday, April 20, 2002 12:51 AM Subject: RE: Disk On Module Password Andy, How does the write protect version work? Is it write protect version software or hardware protected? Thanks, Steve -Original Message- From: Andy Chen [mailto:[EMAIL PROTECTED]] Sent: Friday, April 19, 2002 2:23 AM To: Steve Fink Cc: [EMAIL PROTECTED] Subject: Re: Disk On Module Password Dear Steve, We can offer our protect version of DOM on April 26~27. The first version is 40 pin vertical type DOM. The price will be increase 15~20%. Please confirm. We can offer the follows capacity of protect DOM: 4MB 16MB 32MB 64MB We will not offer write protect's program to any customer, please confirm, thanks. Regards Andy - Original Message - From: Steve Fink To: andy Sent: Tuesday, April 02, 2002 11:17 PM Subject: RE: Disk On Module Password Andy, Thank you for your prompt reply. I am currently using three Nagasaki DOM's in my firewalls. They work great! The firewall boots in about 14 seconds, extremely fast! I want to set a password on the DOM itself so if the firewall is penetrated by an outside source, they cannot write to the DOM. The scenario is this I create my software and put it onto the DOM then set the password, so it cannot be written to without entering the password. The utility could work much the same way, the first time the password is set the utility assumes the person running the utility is the owner and sets the password. Then every subsequent time it needs to be written to the same utility has to be used to unlock the DOM. The utility can check the DOM and verify that the user has authorization to modify the DOM based on the password and then unlock the DOM for writing. Then files are written to the DOM and then the utility is re-run and the DOM locked again. Any assistance would be much appreciated, Thanks in advance, Steve -Original Message- From: andy [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 02, 2002 2:44 AM To: Steve Fink Cc: [EMAIL PROTECTED] Subject: Re: Disk On Module Password Dear Steve, Please enter into BIOS setting, there have a User password that you can setting. If you ask our if our DOM can setting password or security function , I have some questions are as follows: 1. What kinds of password or security function that you want to use?? More detail is great. 2. Do you ever use another company's DOM have this function ? What is the brand? 3. We can do a easy security for you, but you need to send it back to us. 4. We can not offer this utility to our customer, because if we offer this utility to customer , the security is do not make a sence. If you need anything else, please contact with me, thanks. Regards Andy - Original Message - From: Steve Fink To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, April 02, 2002 4:47 PM Subject: Disk On Module Password Dear Sales, I attempted to fill out the form on your website for support, unfortunately it does not complete the process. Could you please forward this message to support? Thank you. Dear Support, I own three Disk On Modules. I was reading the technical pdf for the product and can see where it is possible to set a password on the DOM. Is there a utility to set this password? Or how would one go about setting the password? Thanks in advance, Steve Fink ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] ip_masq_ipsec.o for bering
Hello All, I need to be able to make an IPSec connection through my Bering 1.0-rc1 firewall. If I understand correctly I will need the ip_masq_ipsec.o module to be able to do this. I have been unable to find the ip_masq_ipsec.o for Bering. I have already searched through all of the files in the modules section online and did not come across it. Is it already compiled in to the kernel or is it somewhere else or have I just missed it? Thanks in advance, Eric ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Compact Flash
Here are some more links that might help you out... _Flash Memory_ www.pcengines.com/cflash.htm --Compact Flash to IDE converter (Internal Interface) www.abiatech.com/fb4617.htm --Compact Flash to IDE converter (External Interface) www.sandisk.com/main.htm --I found their prices to be surprisingly reasonable. www.flashmemory.com.au --Memory and more www.psism.com/psiiia.htm --CF to IDE converter that mounts in an external drive bay for easy access. Good Luck, Eric ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] ip_masq_ipsec.o for bering
Are you sure that you need the ip_masq_ipsec.o file. I think that this is only needed if you have an internal ipsec server. In my case I run the ipsec server (I'm sure as does everyone else) on the actual gateway server / leaf server... Joey -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eric B Kiser Sent: Tuesday, April 23, 2002 3:27 PM To: [EMAIL PROTECTED] Subject: [Leaf-user] ip_masq_ipsec.o for bering Hello All, I need to be able to make an IPSec connection through my Bering 1.0-rc1 firewall. If I understand correctly I will need the ip_masq_ipsec.o module to be able to do this. I have been unable to find the ip_masq_ipsec.o for Bering. I have already searched through all of the files in the modules section online and did not come across it. Is it already compiled in to the kernel or is it somewhere else or have I just missed it? Thanks in advance, Eric ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] ip_masq_ipsec.o for bering
On Tue, 23 Apr 2002, Joey Officer wrote: Are you sure that you need the ip_masq_ipsec.o file. I think that this is only needed if you have an internal ipsec server. In my case I run the ipsec server (I'm sure as does everyone else) on the actual gateway server / leaf server... And in any case, the modules for a 2.4 kernel are most likely named ip_conntrack_ipsec.o and ip_nat_ipsec.o. I think that Harald Welte recently made those modules available -- check the Netfilter site. -Tom -- Tom Eastep\ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] ip_masq_ipsec.o for bering
Joey, Thanks for the quick reply. Here is what I am looking at... [1] I have to use IPSec client software on an NT4.0 machine from inside my network to make a connection to the company firewall/IPSec server to be able to gain remote access into my company. Since we are unable to do both pass-through and termination I am forced to set this box up to do pass-through only. [2] I am planning on setting up a second box inside my network to act as an IPSec server so that I can connect to my lab while on the road. I hope this helped to explain it a little better. Regards, Eric -Original Message- From: Joey Officer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 4:54 PM To: Eric B Kiser; [EMAIL PROTECTED] Subject: RE: [Leaf-user] ip_masq_ipsec.o for bering Are you sure that you need the ip_masq_ipsec.o file. I think that this is only needed if you have an internal ipsec server. In my case I run the ipsec server (I'm sure as does everyone else) on the actual gateway server / leaf server... Joey -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eric B Kiser Sent: Tuesday, April 23, 2002 3:27 PM To: [EMAIL PROTECTED] Subject: [Leaf-user] ip_masq_ipsec.o for bering Hello All, I need to be able to make an IPSec connection through my Bering 1.0-rc1 firewall. If I understand correctly I will need the ip_masq_ipsec.o module to be able to do this. I have been unable to find the ip_masq_ipsec.o for Bering. I have already searched through all of the files in the modules section online and did not come across it. Is it already compiled in to the kernel or is it somewhere else or have I just missed it? Thanks in advance, Eric ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] VPN error, please help
On Tuesday 23 April 2002 14:57, MLU wrote: Thank you Charles. After making the RSA right, I restarted the ipsec service on both side and then I try to ping a machine on 192.168.1.x from 192.168.9.x subnet but the ping times out and there is nothing in auth.log or syslog suggesting a reason. Funny, it appears that the tunnel has come up even though your left right sides are not the same on both gateways that normally doesn't happen (might be a problem). But more likely, the route to the correct local subnet on each machine is missing (I assume eth1). Using a Subnet-to-Subnet connection you cannot get the gateways to use the tunnel, they only route the local subnet traffic to the remote subnet... so any machine on the local subnet should be able to ping any machine on the remote subnet except the gateways themselves. I hope this helps! :-) -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] ip_masq_ipsec.o for bering
ahh.. I think I understand know.. so you need to have the packets passed through on the home machine so that you can make the connection to work. I understand now. There was another post earlier that mentioned the nameing difference for the Bering ipsec.o files. You might look there. I'm not familiar at all w/ Bering, but I'll be glad to assist you by looking as well, and if necessary, maybe I or someone else can compile this for you. joey At Tuesday, 23 April 2002, Eric B Kiser [EMAIL PROTECTED] wrote: Joey, Thanks for the quick reply. Here is what I am looking at... [1] I have to use IPSec client software on an NT4.0 machine from inside my network to make a connection to the company firewall/IPSec server to be able to gain remote access into my company. Since we are unable to do both pass-through and termination I am forced to set this box up to do pass-through only. [2] I am planning on setting up a second box inside my network to act as an IPSec server so that I can connect to my lab while on the road. I hope this helped to explain it a little better. Regards, Eric -Original Message- From: Joey Officer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 4:54 PM To: Eric B Kiser; [EMAIL PROTECTED] Subject: RE: [Leaf-user] ip_masq_ipsec.o for bering Are you sure that you need the ip_masq_ipsec.o file. I think that this is only needed if you have an internal ipsec server. In my case I run the ipsec server (I'm sure as does everyone else) on the actual gateway server / leaf server... Joey -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eric B Kiser Sent: Tuesday, April 23, 2002 3:27 PM To: [EMAIL PROTECTED] Subject: [Leaf-user] ip_masq_ipsec.o for bering Hello All, I need to be able to make an IPSec connection through my Bering 1.0-rc1 firewall. If I understand correctly I will need the ip_masq_ipsec. o module to be able to do this. I have been unable to find the ip_masq_ipsec. o for Bering. I have already searched through all of the files in the modules section online and did not come across it. Is it already compiled in to the kernel or is it somewhere else or have I just missed it? Thanks in advance, Eric ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Bering on HD ??
On Tue, 23 Apr 2002 17:04:14 +0200 (CEST) [EMAIL PROTECTED] wrote: Aanhalen Przemyslaw Rudy [EMAIL PROTECTED]: I don't think bering has builtin support for ide so booting might be a problem. Unless /boot/lib/modules can help. But if I am not mistaken that won't allow you to put lrp packages on that disk since those modules are loaded after unpacking the lrp packages. Could be just mumbling here though. This is the Makefile I use for making a Bering floppy img bootable on compact flash (ignore the steps for serial boot messages if you don't need them): * Makefile inline * # # Makefile to build new soekris image from bering floppy image # *THIS WILL DESTROY WHATEVER IS ON YOUR CF CARD* # Instructions: put this Makefile and a bering floppy image in a scratch # directory. Get the modules you want to load before packagesChange the following vars to reflect your system: # BERING_IMAGE - the name of the floppy image # CF_DEV - the device name or your compact flash drive # BERING_BOOT_MOD_DIR - relative path to modules needed for package load # (for soekris, serial, ide-mod, ide-probe-mod, ide-disk) # BERING_OTHER_MOD_DIR - relative path to other modules you want to load # (for soekris, natsemi) # BERING_IMAGE=Bering_1.0-rc2_img_bering_1680_last.bin CF_DEV=/dev/hde1 BERING_BOOT_MOD_DIR=bootmods BERING_OTHER_MOD_DIR=othermods .DUMMY: bering bering: # make mountpoint and mount floppy image mkdir -p mnt mount -t msdos $(BERING_IMAGE) mnt -o loop # make mountpoint, format fs and mount cf mkdir -p cf mkdosfs $(CF_DEV) mount -t msdos $(CF_DEV) cf # copy all the files from the floppy image to the cf cp mnt/* cf/ # umount the filesystems umount mnt umount cf # run syslinux to make them bootable syslinux $(CF_DEV) # remount the cf so me can muck with it mount -t msdos $(CF_DEV) cf # get packages from hda1 and send messages to serial console # remove syslinux.dpy banner; it messes up serial console sed -e 's/fd0u1680/hda1/g' cf/syslinux.cfg cf/syslinux.tmp grep -v syslinux.dpy cf/syslinux.tmp cf/syslinux.cfg echo append console=ttyS0,19200 cf/syslinux.cfg rm cf/syslinux.dpy # modify etc.lrp to allow serial console login from root mkdir -p scratch tar xzf cf/etc.lrp -C scratch sed -e 's/^\([12]:\)/#\1/g' \ -e 's/^#T1\(.*\)ttyS1/T0\1ttyS0/' scratch/etc/inittab \ scratch/etc/inittab.tmp mv scratch/etc/inittab.tmp scratch/etc/inittab sed -e '/^tty[0-9]/d' scratch/etc/securetty scratch/etc/securetty.tmp echo ttyS0 scratch/etc/securetty.tmp mv scratch/etc/securetty.tmp scratch/etc/securetty tar czf cf/etc.lrp -C scratch `ls scratch` # get boot modules into initrd.lrp gunzip -S .lrp cf/initrd.lrp mount -t minix cf/initrd mnt -o loop # cp $(BERING_BOOT_MOD_DIR)/serial.omnt/boot/lib/modules cp $(BERING_BOOT_MOD_DIR)/ide-mod.o mnt/boot/lib/modules cp $(BERING_BOOT_MOD_DIR)/ide-disk.o mnt/boot/lib/modules cp $(BERING_BOOT_MOD_DIR)/ide-probe-mod.o mnt/boot/lib/modules # echo serial mnt/boot/etc/modules echo ide-modmnt/boot/etc/modules echo ide-disk mnt/boot/etc/modules echo ide-probe-mod mnt/boot/etc/modules umount mnt gzip -S .lrp cf/initrd # unmount cf umount cf ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] ip_masq_ipsec.o for bering
damn... I have just been sitting here staring at my monitor while the reality of what I am trying to do has dawned on me. When Tom pointed me in the direction of the files ip_conntrack_ipsec.o and ip_nat_ipsec.o I began searching for them under the assumption that I would just load them like any other module. After reading your reply things suddenly came more into focus. If I understand this correctly, then what I am actually looking for is a patch that will make these options available for when I have to recompile the kernel. At which time, I can then select to either compile them as modules or to compile them directly into the kernel. Thanks Joey, for the offer of assistance. Any and all help would be graciously received. I am still a newbie here so if someone would be kind enough to either confirm or deny my assumptions about how to go about this I would appreciate it. Respectfully, Eric -Original Message- From: joey officer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 10:05 PM To: Eric B Kiser Cc: [EMAIL PROTECTED] Subject: RE: [Leaf-user] ip_masq_ipsec.o for bering ahh.. I think I understand know.. so you need to have the packets passed through on the home machine so that you can make the connection to work. I understand now. There was another post earlier that mentioned the nameing difference for the Bering ipsec.o files. You might look there. I'm not familiar at all w/ Bering, but I'll be glad to assist you by looking as well, and if necessary, maybe I or someone else can compile this for you. joey At Tuesday, 23 April 2002, Eric B Kiser [EMAIL PROTECTED] wrote: Joey, Thanks for the quick reply. Here is what I am looking at... [1] I have to use IPSec client software on an NT4.0 machine from inside my network to make a connection to the company firewall/IPSec server to be able to gain remote access into my company. Since we are unable to do both pass-through and termination I am forced to set this box up to do pass-through only. [2] I am planning on setting up a second box inside my network to act as an IPSec server so that I can connect to my lab while on the road. I hope this helped to explain it a little better. Regards, Eric -Original Message- From: Joey Officer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 4:54 PM To: Eric B Kiser; [EMAIL PROTECTED] Subject: RE: [Leaf-user] ip_masq_ipsec.o for bering Are you sure that you need the ip_masq_ipsec.o file. I think that this is only needed if you have an internal ipsec server. In my case I run the ipsec server (I'm sure as does everyone else) on the actual gateway server / leaf server... Joey -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eric B Kiser Sent: Tuesday, April 23, 2002 3:27 PM To: [EMAIL PROTECTED] Subject: [Leaf-user] ip_masq_ipsec.o for bering Hello All, I need to be able to make an IPSec connection through my Bering 1.0-rc1 firewall. If I understand correctly I will need the ip_masq_ipsec. o module to be able to do this. I have been unable to find the ip_masq_ipsec. o for Bering. I have already searched through all of the files in the modules section online and did not come across it. Is it already compiled in to the kernel or is it somewhere else or have I just missed it? Thanks in advance, Eric ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user