RE: [Leaf-user] VPN error, please help

[MLU]

Thank you very very much, Charles, I could ping the other private
machines and I am asking them to ping me and use a couple of services on
my private server for thorough test. I hope it will be fine.

The next step for me is to setup for the Road Warrior. I have 2
questions:

1. Do you know of any free client for Windows which works with
Free/SWAN?
2. I guess that regardless which client, I have to create some forward
rule to the one you advised me below. So it would be

IPCH -A forward -j ACCEPT -s 192.168.9.0/24 -d 0/0 -b

Correct?

Thanks again.



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Charles
Steinkuehler
Sent: Friday, April 26, 2002 8:07 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [Leaf-user] VPN error, please help

> 192.168.9 and .3 are my private, so adding the rule as you suggested
is
for them only, right.
>
> For accessing 192.168.1 (the remote ipsec private), do I have to do
the
similar thing, i.e.:
>
> $IPCH -A forward -j ACCEPT -s 192.168.9.0/24 -d 192.168.1.0/24 -b

Oops!  If the 192.168.9 and .3 networks are on the same system, the rule
I
listed will allow them to talk to each other, but not to the remote end
of
the VPN (which is *NOT* what you want).  In your case, you'll need two
rules:

$IPCH -A forward -j ACCEPT -s 192.168.9.0/24 -d 192.168.1.0/24 -b
$IPCH -A forward -j ACCEPT -s 192.168.3.0/24 -d 192.168.1.0/24 -b

NOTE:  These rules will need to be in place on *BOTH* VPN gateway
systems.

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user




___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] does VoIP Blaster work with Dachstein?

[Victor McAllister]

"Chen, Elvis" wrote:

> Greetings,
>
> I'm considering buying a pair of VoIP Blaster from
> Creative Lab
> 
>(http://www.americas.creative.com/products/product.asp?Product=203&MainCategory=7&Centric=&SearchSite=yes)
> for US$20.  The original software that comes with it
> (from Creative) does NOT work behind firewall/NAT, so
> I plan to use alternative (and open source) software
> from fobbit (http://www.fobbit.com/).
>
> According to the fobbit-FAQ, to get it working behind
> NAT, I need to open 2 ports for TCP/UDP, and it gets
> worse if I want to have multiple VoIP behind the
> firewall.
>
> My question is, has anyone tried this with Dachstein
> LRP?  Is there a masq-module that will handle fobbit
> traffic automatically so no ports need to be open?
>
> thx in advance,

I just ordered a couple of these voip blasters (two for $26 with shipping
and tax from Creative Labs).  It uses the h232 protocol so the ip_masq_h323 do the 
masquerading stuff.  For
outgoing calls all you need is the h323 masq stuff - incoming calls is where you need 
the port forwarding.
You can open the appropriate ports
and forward them to a single machine.  Port forwarding only works to one
destination so if you run several of these behind the same firewall you will have to 
use different ports for
each one.

The nice thing about these usb devices is that they have a digital signal
processor for clarity and echo elimination  and a ringer to ring the phone.




___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] cat /proc/interrupts

[David Smead]

Jacques,

Thanks for the input.  I'm not showing interrupts, but the drivers seem to
load, and I/O space is assigned.

>From dmesg:
eth0: 3c5x9 at 0x300, 10baseT port, address  00 50 04 04 7c 94, IRQ 15.
3c509.c:1.18a [EMAIL PROTECTED]
http://www.scyld.com/network/3c509.html
eth1: 3c5x9 at 0x310, 10baseT port, address  00 60 97 79 11 7b, IRQ 3.
3c509.c:1.18a [EMAIL PROTECTED]
http://www.scyld.com/network/3c509.html
eth2: 3c5x9 at 0x320, 10baseT port, address  00 60 97 c3 46 10, IRQ 11.
3c509.c:1.18a [EMAIL PROTECTED]
http://www.scyld.com/network/3c509.html
eth3: 3c5x9 at 0x330, 10baseT port, address  00 60 97 c3 47 5b, IRQ 7.
3c509.c:1.18a [EMAIL PROTECTED]
http://www.scyld.com/network/3c509.html
eth4: 3c5x9 at 0x340, 10baseT port, address  00 a0 24 ed c0 8d, IRQ 5.
3c509.c:1.18a [EMAIL PROTECTED]
http://www.scyld.com/network/3c509.html

>From /proc/ioports:

-001f : dma1
0020-003f : pic1
0040-005f : timer
0060-006f : keyboard
0080-008f : dma page reg
00a0-00bf : pic2
00c0-00df : dma2
00f0-00ff : fpu
0300-030f : 3c509
0310-031f : 3c509
0320-032f : 3c509
0330-033f : 3c509
0340-034f : 3c509
03c0-03df : vga+
0cf8-0cfb : PCI conf2

>From /proc/interrupts:

   CPU0
  0:8241668  XT-PIC  timer
  1:400  XT-PIC  keyboard
  2:  0  XT-PIC  cascade
NMI:  0
ERR:  0

Any ideas about how this happens are appreciated.  This is running on a
Dell Optiplex 575 - P75 with 24 MB ram, no ide cables plugged in.  All
nics have pnp disabled and were configured as the dmesg shows.

Distribution is Bering, 2.4.18, #3, March 15.

-- 
Sincerely,

David Smead
http://www.amplepower.com.

On Fri, 26 Apr 2002, Jacques Nilo wrote:

> Here you are:
>
> firewall: -root-
> # cat /proc/interrupts
>CPU0
>   0:  42026  XT-PIC  timer
>   1:117  XT-PIC  keyboard
>   2:  0  XT-PIC  cascade
>   9:  1  XT-PIC  NE2000
>  10:356  XT-PIC  eth1
>  11:158  XT-PIC  eth0
>  13:  0  XT-PIC  fpu
> NMI:  0
> ERR:  0
>
> firewall: -root-
> #
> Jacques
> http://leaf.sourceforge.net/devel/jnilo
> - Original Message -
> From: "David Smead" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, April 26, 2002 7:35 AM
> Subject: [Leaf-user] cat /proc/interrupts
>
>
> > Can anyone running Bering tell me what they be when executing the command:
> > cat /proc/interrupts
>
>
>
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
>


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] Re: [Leaf-devel] ANN: ntpclient.lrp v3.45

[Michael D. Schleif]

Charles Steinkuehler wrote:
> 
> > Although there are already several other ntpclient.lrp's out there, this
> > one is different:
> 
> 
> 
> > 
> >
> > 
> 
> I'm finally getting around to doing some work on Dachstein, and I'm looking
> at adding this package.  I'm wondering how you dealt with the fact that the
> package name is more than eight characters...

Good catch!  My bad ;<

Anyway, this also prompts me to include the actual init script that I'm
using -- one that works ;>

Obviously, I forgot what happens when you put LRP files on a floppy disk
in dos format . . .

So, to clear things up, I've decided to rename the LRP: ntpclnt.lrp

However, I am leaving the internal files labelled: ntpclient -- nine (9)
letters long:









Thank you, for the constructive and helpful criticism.  Any other ideas?

-- 

Best Regards,

mds
mds resource
888.250.3987

Dare to fix things before they break . . .

Our capacity for understanding is inversely proportional to how much we
think we know.  The more I know, the more I know I don't know . . .

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] internal NAT question

[Tony]

Would not the ipchains/iptables rules be applied?

Could you not say forward only traffic from external_ip/32 to
internal_server/32 port 3389 or whatever and essentially say, yeah, this
port is open but only for this one client on the internet?  All others would
be rejected/denied.  Or am I mistaken, and that port forwarding bypasses all
rules.

Thanks,

Tony



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Steve Fink
Sent: Friday, April 26, 2002 3:55 PM
To: LEAF-List
Subject: RE: [Leaf-user] internal NAT question


Phillip,

The security implications are the same as having that port on that machine
exposed directly to the internet.

Example:

Portforwarding port 3389 ( Terminal Server ) from the firewall to port 3389
on a NT/2000 system behind the firewall.

Terminal Server is totally exposed, it's like taking a pipe and tunneling
all communications on port 3389 to the NT/2000 system.  So if there is a
vulnerability in Terminal Server ( which there is ) then Terminal Server is
suceptable to this vulnerability, despite the fact that you have the
firewall in place.

During a scan of your firewall ( with port forwarding enabled on port
3389 ) you would see that port 3389 was open and accepting connections.  So
you would know that there was a Terminal Server connection there, but the
TCP/IP signature and timing would look like a Linux box.  Opening a Terminal
Server connection to the box would bring up a Terminal Server login screen
to a potential intruder.  Then he/she could attempt to gain access using any
other information that could be gleened from the scan, and possibly guess
usernames/passwords etc, or use a known Terminal Server vulnerability to
gain access.


So in short, port forwarding is creating a tunnel from your firewall into
the internal system. Any traffic directed at your firewall on that port will
be transferred directly to the internal system.


Hope this helps,


Steve

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, April 26, 2002 9:12 AM
To: [EMAIL PROTECTED]
Subject: [Leaf-user] internal NAT question




I have situations in which my vpn router is a peer to a proxy server.
The proxy server is the default gateway for the servers behind it.

Therefore I use NAT on the internal interface to force traffic to the
servers
back through the router.

This is approximately the same thing as port forwarding.  Does anyone
know of any security implications in this?

Thanx.



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user





___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] motherboard with no vid card

[David Smead]

www.soekris.com

-- 
Sincerely,

David Smead
http://www.amplepower.com.

On Fri, 26 Apr 2002, Bernie Berg wrote:

> howdy...  I'd like to make a minimalistic "network appliance" looking bearing 
>firewall box...  Is there a motherboard out there that will boot without a video 
>card? since after the load all that would be needed is a network or serial 
>connection...
>
> thanks for the info
>
> bernie
>
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
>


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Bering: How do I get my dns & dhcp servers to work together?

[Jacques Nilo]

(2nd try to reach the list)
> I'm running a Bering firewall, and I want all my local computers added to my
> dns server.  This is so I don't have to try to figure out what address a
> computer got before I can access it.  How can I get my dhcp server to update
> my dns server?  Should I be running tinydns, dnscache, or both?  Thanks!
>
> -Mark Ivey-
Mark:
If I understand you well, you want to update tinydns data with dhcp server
served IP's
Here is the reference:
http://www.thismetalsky.org/magic/projects/dhcp_dns.html
One pb: it's perl. If you want to make an ash shell version of that script I am
sure it would interest a couple of people.
Otherwire you will need dnscache, tinydns and dhcpd
Jacques
http://leaf.sourceforge.net/devel/jnilo



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] does VoIP Blaster work with Dachstein?

[Chen, Elvis]

Greetings,

I'm considering buying a pair of VoIP Blaster from
Creative Lab
(http://www.americas.creative.com/products/product.asp?Product=203&MainCategory=7&Centric=&SearchSite=yes)
for US$20.  The original software that comes with it
(from Creative) does NOT work behind firewall/NAT, so
I plan to use alternative (and open source) software
from fobbit (http://www.fobbit.com/).  

According to the fobbit-FAQ, to get it working behind
NAT, I need to open 2 ports for TCP/UDP, and it gets
worse if I want to have multiple VoIP behind the
firewall.

My question is, has anyone tried this with Dachstein
LRP?  Is there a masq-module that will handle fobbit
traffic automatically so no ports need to be open?

thx in advance,

__ 
Only a few days left to file! http://taxes.yahoo.ca

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] internal NAT question

[Steve Fink]

Phillip,

The security implications are the same as having that port on that machine
exposed directly to the internet.

Example:

Portforwarding port 3389 ( Terminal Server ) from the firewall to port 3389
on a NT/2000 system behind the firewall.

Terminal Server is totally exposed, it's like taking a pipe and tunneling
all communications on port 3389 to the NT/2000 system.  So if there is a
vulnerability in Terminal Server ( which there is ) then Terminal Server is
suceptable to this vulnerability, despite the fact that you have the
firewall in place.

During a scan of your firewall ( with port forwarding enabled on port
3389 ) you would see that port 3389 was open and accepting connections.  So
you would know that there was a Terminal Server connection there, but the
TCP/IP signature and timing would look like a Linux box.  Opening a Terminal
Server connection to the box would bring up a Terminal Server login screen
to a potential intruder.  Then he/she could attempt to gain access using any
other information that could be gleened from the scan, and possibly guess
usernames/passwords etc, or use a known Terminal Server vulnerability to
gain access.


So in short, port forwarding is creating a tunnel from your firewall into
the internal system. Any traffic directed at your firewall on that port will
be transferred directly to the internal system.


Hope this helps,


Steve

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, April 26, 2002 9:12 AM
To: [EMAIL PROTECTED]
Subject: [Leaf-user] internal NAT question




I have situations in which my vpn router is a peer to a proxy server.
The proxy server is the default gateway for the servers behind it.

Therefore I use NAT on the internal interface to force traffic to the
servers
back through the router.

This is approximately the same thing as port forwarding.  Does anyone
know of any security implications in this?

Thanx.



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user





___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] motherboard with no vid card

[Bernie Berg]

thanks for the leads!, 

btw, that router design project site is great... =)

-Original Message-
From: Mike Noyes [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 26, 2002 1:13 PM
To: [EMAIL PROTECTED]
Subject: Re: [Leaf-user] motherboard with no vid card


On Fri, 2002-04-26 at 09:41, Bernie Berg wrote:
> howdy...  I'd like to make a minimalistic "network appliance" looking
> bearing firewall box...  Is there a motherboard out there that will
> boot without a video card? since after the load all that would be
> needed is a network or serial connection...

Bernie,
Take a look at our hardware web links.

http://leaf.sourceforge.net/links.php?op=viewlink&cid=8
http://leaf.sourceforge.net/links.php?op=viewslink&sid=2

-- 
Mike Noyes <[EMAIL PROTECTED]>
http://sourceforge.net/users/mhnoyes/
http://leaf-project.org/


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] motherboard with no vid card

[Mike Noyes]

On Fri, 2002-04-26 at 11:29, Charles Steinkuehler wrote:
> > Have you looked at the router designs on the site below? If so, what do
> > you think of them?
> >
> > RDP Router Designs
> > http://www.routerdesign.com/designs.shtml
> 
> I hadn't seen this before.  I'm not sure whether to laugh or cry :-)
> 
> Looks like the folks probably had fun building them, but I've sort of gotten
> hooked on rack-mount stuff lately...

Everyone,
It looks like they're accepting router design submissions. Anyone with a
digital camera and some time may want to submit a LEAF branch/release
based design.

RDP Submit your router
http://routerdesign.com/submitdesign.shtml

-- 
Mike Noyes <[EMAIL PROTECTED]>
http://sourceforge.net/users/mhnoyes/
http://leaf-project.org/


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] Bering: How do I get my dns & dhcp servers to work together?

[Richard Doyle]

DHCPD v.3 provides dynamic DNS services. Unfortunately, tinydns does not support this, 
but BIND (versions 8 and 9) does. Consider running DHCPD v.3 and BIND on an internal 
server, behind your firewall. I've run DHCPD, BIND and dnscache together at two sites 
for more than a year with no problems.

-Richard

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Chad Carr
> Sent: Friday, April 26, 2002 6:47 AM
> To: Mark Ivey
> Cc: [EMAIL PROTECTED]
> Subject: Re: [Leaf-user] Bering: How do I get my dns & dhcp servers to
> work together?
> 
> 
> On Fri, 26 Apr 2002 00:38:40 -0700
> "Mark Ivey" <[EMAIL PROTECTED]> wrote:
> 
> > I'm running a Bering firewall, and I want all my local 
> computers added
> > to my dns server.  This is so I don't have to try to figure out what
> > address a computer got before I can access it.  How can I 
> get my dhcp
> > server to update my dns server?  Should I be running 
> tinydns, dnscache,
> > or both?  Thanks!
> 
> This is called dynamic dns, and you will need to run both tinydns and
> dnscache (assuming you want a caching recursive dns resolver for your
> internal network).
> 
> Take a look at the script at 
> http://www.thismetalsky.org/files/dhcp_dns
> 
> It monitors your dhcpd leases file for new entries, then puts 
> matching A
> and PTR records into your tinydns data file and reloads it.
> 
> There is a trick to running tinydns and dnscache on the same machine
> unless you use two ip addresses.  Run tinydns on localhost, 
> dnscache on
> your internal address and forward queries for your domain to 
> localhost. 
> That way, your internal hosts get the dynamic entries.  Unfortunately,
> dnscache will never return a true authoritative response for your own
> domain, but what the heck.  You can do it right or some way 
> that works.
> 
> You forward the queries from dnscache to tinydns by putting a 
> file in the
> /etc/dnscache/root/servers directory for your domain that points to
> localhost, e.g. franzdoodle.com file would contain 127.0.0.1
> 
> Okay,  That is from memory, but I think it is mostly 
> accurate.  There are
> probably some other pitfalls that I've forgotten, so take a look at
> http://www.fefe.de/djbdns/#sameip for all the gory details.
> 
> I use this setup for a department of about 100 engineers on a 
> /22 subnet
> with 500 or so Windows, Solaris, and Linux dhcp machines.  It 
> works well
> and replaced an "equivalent" Windows NT setup that actually 
> needed to be
> maintained (rebooted) frequently.  Nobody even thinks about 
> our dhcp/dns
> server anymore unless they need to add static records.  Ahhh, 
> the way it
> should be.
> 
> Later.
> Chad Carr
> 
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> 


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] motherboard with no vid card

[Charles Steinkuehler]

> Have you looked at the router designs on the site below? If so, what do
> you think of them?
>
> RDP Router Designs
> http://www.routerdesign.com/designs.shtml

I hadn't seen this before.  I'm not sure whether to laugh or cry :-)

Looks like the folks probably had fun building them, but I've sort of gotten
hooked on rack-mount stuff lately...

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] motherboard with no vid card

[Mike Noyes]

On Fri, 2002-04-26 at 09:54, Charles Steinkuehler wrote:
> > howdy...  I'd like to make a minimalistic "network appliance" looking
> bearing firewall box...  Is there a motherboard out there that will boot
> without a video card? since after the load all that would be needed is a
> network or serial connection...
> 
> There are a number of these available, but you'll have to dig for them.
> Typical markets include embedded systems and server appliances.  Typically,
> these systems have console re-direction (ie the normal BIOS boot screens and
> configuration are done via the serial port, rather than kb/monitor).  These
> systems will be generally more expensive than "standard" hardware due to the
> more limited market.

Charles,
Have you looked at the router designs on the site below? If so, what do
you think of them?

RDP Router Designs
http://www.routerdesign.com/designs.shtml

-- 
Mike Noyes <[EMAIL PROTECTED]>
http://sourceforge.net/users/mhnoyes/
http://leaf-project.org/


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] motherboard with no vid card

[Mike Noyes]

On Fri, 2002-04-26 at 09:41, Bernie Berg wrote:
> howdy...  I'd like to make a minimalistic "network appliance" looking
> bearing firewall box...  Is there a motherboard out there that will
> boot without a video card? since after the load all that would be
> needed is a network or serial connection...

Bernie,
Take a look at our hardware web links.

http://leaf.sourceforge.net/links.php?op=viewlink&cid=8
http://leaf.sourceforge.net/links.php?op=viewslink&sid=2

-- 
Mike Noyes <[EMAIL PROTECTED]>
http://sourceforge.net/users/mhnoyes/
http://leaf-project.org/


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] motherboard with no vid card

[Zachariah Mully]

www.soekris.com 

Z
DC

On Fri, 2002-04-26 at 12:41, Bernie Berg wrote:
> howdy...  I'd like to make a minimalistic "network appliance" looking bearing 
>firewall box...  Is there a motherboard out there that will boot without a video 
>card? since after the load all that would be needed is a network or serial 
>connection...
> 
> thanks for the info
> 
> bernie
> 
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] motherboard with no vid card

[Charles Steinkuehler]

> howdy...  I'd like to make a minimalistic "network appliance" looking
bearing firewall box...  Is there a motherboard out there that will boot
without a video card? since after the load all that would be needed is a
network or serial connection...

There are a number of these available, but you'll have to dig for them.
Typical markets include embedded systems and server appliances.  Typically,
these systems have console re-direction (ie the normal BIOS boot screens and
configuration are done via the serial port, rather than kb/monitor).  These
systems will be generally more expensive than "standard" hardware due to the
more limited market.

You may find obtaining a complete system is easier than finding just a
motherboard.  Right now you can get Intel INS1010 hosting appliances for
about $400.  This is a 1U box with CPU, memory, HDD, dual on-board NIC's,
and 2 PCI slots (one normal, one low-profile).  Their BIOS supports
serial-port re-direction, and would make a nice router.  I've got several of
the INS1020's (same box with a faster CPU, more memory, and Ultra-160 SCSI)
I'm using for servers.

Best places I know of to find these boxes are e-bay and Business Systems
Connection http://www.bizsyscon.com/products.asp?grp=spl

All standard disclaimers apply...I bought my INS1020's from CompGeeks, not
the BSC guys, so I know nothing about them, except they claim to have a
stash of the 1010's, and are selling them occasionally on e-bay.

Of course, you can always just pull the video card and turn off all errors
in the BIOS.  Some systems will boot this way, while others will complain
there's no VGA card.  Also, if memory serves, I think I've seen some cards
that were essentially "console redirectors"...basically a ROM on a card with
software that looks like a video card bios, but actually uses the serial
port.  It's been ages since I saw one of these, however, and with most
BIOS's supporting serial redirection these days (at least if you buy a BIOS
license and are building your own hardware...typical for the embedded
market), I'm not sure if these cards are still around...

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] ANN: ntpclient.lrp v3.45

[Michael D. Schleif]

Although there are already several other ntpclient.lrp's out there, this
one is different:

[1] It is the smallest that I've found:

# ls -al ntpclient.lrp
-rw-r--r--1 helices  leaf 7651 Apr 26 09:32 ntpclient.lrp

[2] It includes an init script starting, stopping and configuring the
daemon:

/etc/init.d/ntpclient

[3] It includes standard complement of /var/lib/lrpkg/ntpclient.* files.

Look here:





-- 

Best Regards,

mds
mds resource
888.250.3987

Dare to fix things before they break . . .

Our capacity for understanding is inversely proportional to how much we
think we know.  The more I know, the more I know I don't know . . .

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] motherboard with no vid card

[Bernie Berg]

howdy...  I'd like to make a minimalistic "network appliance" looking bearing firewall 
box...  Is there a motherboard out there that will boot without a video card? since 
after the load all that would be needed is a network or serial connection...

thanks for the info

bernie

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Bering: How do I get my dns & dhcp servers to work together?

[Michael D. Schleif]

Mark Ivey wrote:
> 
> I'm running a Bering firewall, and I want all my local computers added to my
> dns server.  This is so I don't have to try to figure out what address a
> computer got before I can access it.  How can I get my dhcp server to update
> my dns server?  Should I be running tinydns, dnscache, or both?  Thanks!

Look here:



You need to run it periodically.  I run it from /etc/multicron-p.

HTH

-- 

Best Regards,

mds
mds resource
888.250.3987

Dare to fix things before they break . . .

Our capacity for understanding is inversely proportional to how much we
think we know.  The more I know, the more I know I don't know . . .

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] cat /proc/interrupts

[Jacques Nilo]

Here you are:

firewall: -root-
# cat /proc/interrupts
   CPU0   
  0:  42026  XT-PIC  timer
  1:117  XT-PIC  keyboard
  2:  0  XT-PIC  cascade
  9:  1  XT-PIC  NE2000
 10:356  XT-PIC  eth1
 11:158  XT-PIC  eth0
 13:  0  XT-PIC  fpu
NMI:  0 
ERR:  0

firewall: -root-
# 
Jacques
http://leaf.sourceforge.net/devel/jnilo
- Original Message - 
From: "David Smead" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, April 26, 2002 7:35 AM
Subject: [Leaf-user] cat /proc/interrupts


> Can anyone running Bering tell me what they be when executing the command:
> cat /proc/interrupts



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Bering: How do I get my dns & dhcp servers to work together?

[Chad Carr]

On Fri, 26 Apr 2002 15:41:28 +0200
"Jacques Nilo" <[EMAIL PROTECTED]> wrote:

> > I'm running a Bering firewall, and I want all my local computers added
> > to my dns server.  This is so I don't have to try to figure out what
> > address a computer got before I can access it.  How can I get my dhcp
> > server to update my dns server?  Should I be running tinydns,
> > dnscache, or both?  Thanks!
> >
> > -Mark Ivey-
> Mark:
> If I understand you well, you want to update tinydns data with dhcp
> server served IP's
> Here is the reference:
> http://www.thismetalsky.org/magic/projects/dhcp_dns.html
> One pb: it's perl. If you want to make an ash shell version of that
> script I am sure it would interest a couple of people.
> Otherwire you will need dnscache, tinydns and dhcpd
> Jacques
> http://leaf.sourceforge.net/devel/jnilo

Of course, one of the pitfalls that I forgot being that perl is huge!  I
forgot what list I am on!

;-)

Chad

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] internal NAT question

[Charles Steinkuehler]

> I have situations in which my vpn router is a peer to a proxy server.
> The proxy server is the default gateway for the servers behind it.
>
> Therefore I use NAT on the internal interface to force traffic to the
servers
> back through the router.
>
> This is approximately the same thing as port forwarding.  Does anyone
> know of any security implications in this?

It's not real clear exactly what you've got setup...how about an ascii-art
network diagram, and maybe a bit more detail on the packet flow?

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] VPN error, please help

[Charles Steinkuehler]

> 192.168.9 and .3 are my private, so adding the rule as you suggested is
for them only, right.
>
> For accessing 192.168.1 (the remote ipsec private), do I have to do the
similar thing, i.e.:
>
> $IPCH -A forward -j ACCEPT -s 192.168.9.0/24 -d 192.168.1.0/24 -b

Oops!  If the 192.168.9 and .3 networks are on the same system, the rule I
listed will allow them to talk to each other, but not to the remote end of
the VPN (which is *NOT* what you want).  In your case, you'll need two
rules:

$IPCH -A forward -j ACCEPT -s 192.168.9.0/24 -d 192.168.1.0/24 -b
$IPCH -A forward -j ACCEPT -s 192.168.3.0/24 -d 192.168.1.0/24 -b

NOTE:  These rules will need to be in place on *BOTH* VPN gateway systems.

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] internal NAT question

[Phillip . Watts]

I have situations in which my vpn router is a peer to a proxy server.
The proxy server is the default gateway for the servers behind it.

Therefore I use NAT on the internal interface to force traffic to the servers
back through the router.

This is approximately the same thing as port forwarding.  Does anyone
know of any security implications in this?

Thanx.



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] VPN error, please help

[MLU]

192.168.9 and .3 are my private, so adding the rule as you suggested is for them only, 
right.

For accessing 192.168.1 (the remote ipsec private), do I have to do the similar thing, 
i.e.:

$IPCH -A forward -j ACCEPT -s 192.168.9.0/24 -d 192.168.1.0/24 -b
^

Thank you.




-- Original Message --
From: "Charles Steinkuehler" <[EMAIL PROTECTED]>
Date:  Fri, 26 Apr 2002 08:48:41 -0500

>> I think you are probably right. I do have forward rules to allow traffic
>> between both my private 192.168.9 and 192.168.3. And those rules are
>> added by myself in /etc/ipfilter.conf (based on what you did for DMZ,
>> your DMZ is one-way, mine is 2-way). I will try to disable it asap, but
>> my question is if I can still have traffic between my private networks
>> and at the same time ipsec to remote private?
>>
>> Also I think I should use your scripts
>> /etc/ipchains.input,
>> /etc/ipchains.forward
>> /etc/ipchains.output
>>
>> for those rules rather than inventing my own (and messing up things -:()
>> but I cannot find them as examples.
>>
>> Could you help in this regard.
>>
>> And yes, I try to log protocol 50 and even 51 but nothing showed in my
>> log. Again something is wrong here too.
>
>It sounds like you probably don't have forwarding rules in place for your
>VPN traffic, so it's being denied before the packets get turned into VPN
>data.  Try adding the following to /etc/ipchains.forward:
>
>$IPCH -A forward -j ACCEPT -s 192.168.9.0/24 -d 192.168.3.0/24 -b
>
>The ipchains.* files are simply sourced by the firewall scripts, so you can
>add or insert ipchains rules as required.  You can also use variables and
>procedures from network.conf and ipfilter.conf (which is where $IPCH is
>defined).
>
>Charles Steinkuehler
>http://lrp.steinkuehler.net
>http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
>
>

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] VPN behind Dachstein

[Scott C. Best]

Morgan:

Heya. I think you're doing two things incorrectly. First,
you're using "iphains -A input ..." which means to Append the rule
at the end of the input chain. So, it may be appendning it after
rule #41 which is blocking it. You need either use -I to Insert
the rule earlier in the chain, or well manage things when you
Append.
Secondly...and more obvisouly...your rule to allow the
GRE (proto=47) packets thru didn't take. From the echowall.lrp
package, the line should look more like this:

   ipchains -A input -s 0/0 -d $IP_EXT/32 -p 47 -j ACCEPT

Note that there's no "1723" in there. :) Also, if you
know your VPN partner very well, you can change that 0/0 to
tighten things down a notch.

Hope this helps!

-Scott


On Thu, 25 Apr 2002, Morgan Reed wrote:

> Scott,
>
> A quick follow-up question regarding allowing protocol 47 packets though, I
> attempted to manually set the IPCHAINS rules just to do a quick test, and
> this is what I got:
>
> firewall: -root-
> # ipchains -A input -s 0/0 -d 0/0 1723 -p tcp -l -j ACCEPT
>
> firewall: -root-
> # ipchains -A input -s 0/0 -d 0/0 1723 -p 47 -j ACCEPT
> ipchains: can only specify ports for icmp, tcp or udp
> Try `ipchains -h' or 'ipchains --help' for more information.
>
> I am not trying to port forward anything at this point, I want to be able to
> allow any machine on my home network to connect to a VPN machine at a
> client.  So no ipmasqadm portfw.
>
> I uncommented the PPTP module and this is reflected in my log:
>
> Apr 25 10:55:35 firewall kernel: ip_masq_gre(): creating GRE masq for
> 192.168.1.3 -> 205.158.144.234 CID=43E6 MCID=10EA
> Apr 25 10:55:35 firewall kernel: Packet log: input DENY eth0 PROTO=47
> 205.158.144.234:65535 68.49.250.48:65535 L=93 S=0x00 I=62911 F=0x T=116
> (#41)
> 
>
> But clearly it is viewing protocol 47 packets as junk and denying them.
>
> What step(s) am I missing?
>
>



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] VPN behind Dachstein

[Andrew G. Gray]

I simply use the following in the scripts which allows for both outbound and/or
inbound VPNs through several Dachstien Firewalls:

Firstly in netwoork.conf add

#INTERN_SSH_SERVER=192.168.1.1  # Internal SSH server to make available
#EXTERN_SSH_PORT=24 # External port to use for internal SSH access
INTERN_VPN_SERVER=192.168.2.10  # Internal VPN server to make available
EXTERN_VPN_PORT=1723# External port to use for internal VPN access

then in ipfilter.conf (I usually add this after the ssh section again)

if [ -n "$INTERN_VPN_SERVER" ] ; then
if [ -n "$EXTERN_VPN_PORT" ] ; then
$IPMASQADM portfw -a -P tcp -L $EXTERN_IP $EXTERN_VPN_PORT \
-R $INTERN_VPN_SERVER vpn
else
$IPMASQADM portfw -a -P tcp -L $EXTERN_IP vpn \
-R $INTERN_VPN_SERVER vpn
fi
ipfwd --masq $INTERN_VPN_SERVER 47 &
fi

I have several firewalls using this method and all are working well. If an
internal VPN Server is not defined, I only open the input chain for protocol 47
in network.conf and have had no problems yet.

Andrew Gray
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Chad Carr
Sent: Fri, 26 Apr 2002 13:47 PM
To: Morgan Reed
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [Leaf-user] VPN behind Dachstein


On Thu, 25 Apr 2002 23:09:38 -0400
"Morgan Reed" <[EMAIL PROTECTED]> wrote:

> Scott,
>
> A quick follow-up question regarding allowing protocol 47 packets
> though, I attempted to manually set the IPCHAINS rules just to do a
> quick test, and this is what I got:
>
> firewall: -root-
> # ipchains -A input -s 0/0 -d 0/0 1723 -p tcp -l -j ACCEPT
>
> firewall: -root-
> # ipchains -A input -s 0/0 -d 0/0 1723 -p 47 -j ACCEPT
> ipchains: can only specify ports for icmp, tcp or udp
> Try `ipchains -h' or 'ipchains --help' for more information.

This ipchains rule should not specify port 1723.  Ports are not a part of
the GRE header, so they cannot be specified as targets for ipchains.  The
rule should read:

ipchains -A input -p 47 -j ACCEPT

To be absolutely minimal about it.  If no source or destination address is
given, the default is everything.

HTH,
Chad

p.s. take a look at http://www.protocols.com/pbook/tcpip3-1.htm and
http://www.protocols.com/pbook/tcpip.htm#TCP for more details on this.
This is pretty heavy stuff if you're not used to it, but it tells you what
is in the headers of the packets you are trying to filter.  It is
invaluable if you want to really nkow what you can do with ipchains.

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Bering: How do I get my dns & dhcp servers to work together?

[Jacques Nilo]

> I'm running a Bering firewall, and I want all my local computers added to my
> dns server.  This is so I don't have to try to figure out what address a
> computer got before I can access it.  How can I get my dhcp server to update
> my dns server?  Should I be running tinydns, dnscache, or both?  Thanks!
>
> -Mark Ivey-
Mark:
If I understand you well, you want to update tinydns data with dhcp server
served IP's
Here is the reference:
http://www.thismetalsky.org/magic/projects/dhcp_dns.html
One pb: it's perl. If you want to make an ash shell version of that script I am
sure it would interest a couple of people.
Otherwire you will need dnscache, tinydns and dhcpd
Jacques
http://leaf.sourceforge.net/devel/jnilo



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] Mailing list test

[Jacques Nilo]

Sorry to disturb but many of my recent mails have not reached the list :-(
Jacques
http://leaf.sourceforge.net/devel/jnilo


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] Dnscache configuration on DCD 1.02

[Sergio Morilla]

Hi,

I was reading dnscache documentation and I wanted it to resolve
internal addresses using our internal DNS server.

In http://cr.yp.to/djbdns/faq/cache.html it reads:

How do I tell my cache to consult internal DNS servers? Our network has internal 
servers at IP addresses 10.1.2.5 and 10.1.2.6 providing information about the 
moon.af.mil and 10.in-addr.arpa domains. 
Answer: Put 

 10.1.2.5
 10.1.2.6
into /service/dnscache/root/servers/moon.af.mil and into 
/service/dnscache/root/servers/10.in-addr.arpa. Make sure that both files are readable 
by the DNS cache account. Restart dnscache: 
 svc -t /service/dnscache
dnscache will contact the internal servers for information about moon.af.mil and 
10.in-addr.arpa. If the moon.af.mil servers delegate darkside.moon.af.mil to another 
server, dnscache will contact that server for information about darkside.moon.af.mil.

I´ve done that, saved dnscache and restarted. Not working!!
I´ve checked how dnscache.lrp is backed up and in dnscache.exclude.list it reads:
# cat dnscache.exclude.list
etc/dnscache/log/supervise
etc/dnscache/supervise
etc/dnscache/root/servers/* <---!!
etc/dnscache/root/ip/*

So my changes were not being backed up.
Is there any problem if I remove this exclude line???

TIA

Sergio D. Morilla
Sistemas

Tipoiti SATIC
San Martín 647 Piso 2 Tel. : +54 11 4314-4482
C1004AAM - Buenos Aires   Fax  : +54 11 4508-6425
Argentina e-mail [EMAIL PROTECTED]  


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Bering - rtl8139 module

[Chad Carr]

On Fri, 26 Apr 2002 11:31:02 + (GMT)
"Angel Martin Alganza" <[EMAIL PROTECTED]> wrote:

> Hello,
> 
> Is it possible to find the rtl8139.o module (RealTeak NIC) already
> compiled for Bering rc2 (kernel 2.4.18)? I cannot find it at SF and
> haven't a box with such kernel to compile it myself.


Use the mii.o and 8139too.o modules in the modules tarball.  Put themn in
/lib/modules.  Load them in /etc/modules in that order.

Mail if you have more questions.

Thanks,
Chad

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] VPN error, please help

[Charles Steinkuehler]

> I think you are probably right. I do have forward rules to allow traffic
> between both my private 192.168.9 and 192.168.3. And those rules are
> added by myself in /etc/ipfilter.conf (based on what you did for DMZ,
> your DMZ is one-way, mine is 2-way). I will try to disable it asap, but
> my question is if I can still have traffic between my private networks
> and at the same time ipsec to remote private?
>
> Also I think I should use your scripts
> /etc/ipchains.input,
> /etc/ipchains.forward
> /etc/ipchains.output
>
> for those rules rather than inventing my own (and messing up things -:()
> but I cannot find them as examples.
>
> Could you help in this regard.
>
> And yes, I try to log protocol 50 and even 51 but nothing showed in my
> log. Again something is wrong here too.

It sounds like you probably don't have forwarding rules in place for your
VPN traffic, so it's being denied before the packets get turned into VPN
data.  Try adding the following to /etc/ipchains.forward:

$IPCH -A forward -j ACCEPT -s 192.168.9.0/24 -d 192.168.3.0/24 -b

The ipchains.* files are simply sourced by the firewall scripts, so you can
add or insert ipchains rules as required.  You can also use variables and
procedures from network.conf and ipfilter.conf (which is where $IPCH is
defined).

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Bering: How do I get my dns & dhcp servers to work together?

[Chad Carr]

On Fri, 26 Apr 2002 00:38:40 -0700
"Mark Ivey" <[EMAIL PROTECTED]> wrote:

> I'm running a Bering firewall, and I want all my local computers added
> to my dns server.  This is so I don't have to try to figure out what
> address a computer got before I can access it.  How can I get my dhcp
> server to update my dns server?  Should I be running tinydns, dnscache,
> or both?  Thanks!

This is called dynamic dns, and you will need to run both tinydns and
dnscache (assuming you want a caching recursive dns resolver for your
internal network).

Take a look at the script at http://www.thismetalsky.org/files/dhcp_dns

It monitors your dhcpd leases file for new entries, then puts matching A
and PTR records into your tinydns data file and reloads it.

There is a trick to running tinydns and dnscache on the same machine
unless you use two ip addresses.  Run tinydns on localhost, dnscache on
your internal address and forward queries for your domain to localhost. 
That way, your internal hosts get the dynamic entries.  Unfortunately,
dnscache will never return a true authoritative response for your own
domain, but what the heck.  You can do it right or some way that works.

You forward the queries from dnscache to tinydns by putting a file in the
/etc/dnscache/root/servers directory for your domain that points to
localhost, e.g. franzdoodle.com file would contain 127.0.0.1

Okay,  That is from memory, but I think it is mostly accurate.  There are
probably some other pitfalls that I've forgotten, so take a look at
http://www.fefe.de/djbdns/#sameip for all the gory details.

I use this setup for a department of about 100 engineers on a /22 subnet
with 500 or so Windows, Solaris, and Linux dhcp machines.  It works well
and replaced an "equivalent" Windows NT setup that actually needed to be
maintained (rebooted) frequently.  Nobody even thinks about our dhcp/dns
server anymore unless they need to add static records.  Ahhh, the way it
should be.

Later.
Chad Carr

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Bering: How do I get my dns & dhcp servers to work together?

[kimoppalfens]

Aanhalen Mark Ivey <[EMAIL PROTECTED]>:

I think tinydns will be sufficient, dnscache definitely will not cut it 
because it is what the name implies, a caching-only dns server, so there is no 
way to add extra entries or records to dnscache. This should be possible with 
tinydns and I don't think tinydns is dependent on dnscache could be mistaken 
here though.

Kim


> I'm running a Bering firewall, and I want all my local computers added
> to my
> dns server.  This is so I don't have to try to figure out what address
> a
> computer got before I can access it.  How can I get my dhcp server to
> update
> my dns server?  Should I be running tinydns, dnscache, or both? 
> Thanks!
> 
> -Mark Ivey-
> 
> 
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> 
> 


-
This mail sent through Tiscali Webmail (http://webmail.tiscali.be)

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] Bewan ADSL ATM & PCI modules

[Jacques Nilo]

Bewan ADSL ATM & PCI are available here:
http://leaf.sourceforge.net/devel/jnilo/bering/latest/contrib/

Jacques
http://leaf.sourceforge.net/devel/jnilo


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Bering - rtl8139 module

[Jacques Nilo]

They  are available (yu need to load mii.o first):
http://leaf.sourceforge.net/devel/jnilo/bering/latest/modules/drivers/net/mii.o
http://leaf.sourceforge.net/devel/jnilo/bering/latest/modules/drivers/net/8139t
oo.o
Jacques
http://leaf.sourceforge.net/devel/jnilo
- Original Message -
From: "Angel Martin Alganza" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, April 26, 2002 1:31 PM
Subject: [Leaf-user] Bering - rtl8139 module


> Hello,
>
> Is it possible to find the rtl8139.o module (RealTeak NIC) already
> compiled for Bering rc2 (kernel 2.4.18)? I cannot find it at SF and
> haven't a box with such kernel to compile it myself.
>
> Thanks,
> Angel
>
>
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] cat /proc/interrupts

[Chad Carr]

On Thu, 25 Apr 2002 22:35:05 -0700 (PDT)
"David Smead" <[EMAIL PROTECTED]> wrote:

> Can anyone running Bering tell me what they be when executing the
> command: cat /proc/interrupts

Mine reads:

   CPU0
  0:  12582  XT-PIC  timer
  1:  0  XT-PIC  keyboard
  2:  0  XT-PIC  cascade
  4:416  XT-PIC  serial
 10:  0  XT-PIC  eth0
 11:  3  XT-PIC  eth1
 14:   5687  XT-PIC  ide0
NMI:  0
ERR:  0

But I am running on a very trimmed down embedded box, so it's liable to
look much different than yours.

HTH,
Chad

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] Bering - rtl8139 module

[Angel Martin Alganza]

Hello,

Is it possible to find the rtl8139.o module (RealTeak NIC) already
compiled for Bering rc2 (kernel 2.4.18)? I cannot find it at SF and
haven't a box with such kernel to compile it myself.

Thanks,
Angel


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] Bering: How do I get my dns & dhcp servers to work together?

[Mark Ivey]

I'm running a Bering firewall, and I want all my local computers added to my
dns server.  This is so I don't have to try to figure out what address a
computer got before I can access it.  How can I get my dhcp server to update
my dns server?  Should I be running tinydns, dnscache, or both?  Thanks!

-Mark Ivey-


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user