Re: [leaf-user] Newbie Bering Developer
On Mon, Jun 03, 2002 at 09:25:38PM -0500, Brad Fritz wrote: On Mon, 03 Jun 2002 21:09:59 EDT Steven Nickle wrote: I am in the process of setting up a development environment to build an application to run under Leaf/Bering. snip I am not the best person to answer, but since no one responeded to your leaf-devel posting (or this one) yet, I'll jump in. The most beneficial advice I can probably offer is to check out Jacques' Developing and using LEAF in a virtual environment[1]. It is a great description of using a user-mode linux kernel to setup a virtual development machine. Much easier, IMO, than running a dedicated slink system. You might also want to read Dave Douthitt's LEAF/LRP Developer's Guide[2]. I can only second this advice. The basics are pretty much: Download a compressed filesystem-image Download a kernel image Uncompress both in a directory of your choice (You might need to twiddle a little; I had to chmod +x the kernel, and rename the root filesystem) run the kernel from an xterm, and watch in awe, as the slink system 'boots', and subsequently spawns three xterms with each a login prompt... Many many kudos to Jacques (and anyone else who contributed) for making this stuff available... It rocks! Just fyi, the docs are at: http://leaf.sourceforge.net/devel/jnilo/uml.html snipped kernel/gcc versions stuff I have nothing to add to that, so I'll just... not ;) hth Jon Clausen ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Secure Shell Setup
The link I provided gives the answer to this question You need to generate a key pair on the MindTerm Client. Then put the public key onto the trinux box, into the authorized_keys or authorized_keys2 file. Or both, if you don't know which one you got. .. Configuring SSH can be a real challenge. My suggestion is to use an environment that is not restricted by floppy size (ie not LEAF) and follow the detailed instructions in the install docs for OpenSSH. Once you learn most of the gotchas, then try to make it work on the LEAF box. This is really the best advice I can give you. RedHat (and I am sure other distros as well) will run SSH out of the box. You might start there, get it working, then try to add LEAF. .. On Tue, 4 Jun 2002, David Pitts wrote: Thanks. You are correct in that I want to shell TO the LRP box. I will try this. When you say, put the public key on the LRP box, where would it go? Which directory? Thanks for your assistance with this. David Pitts IT Services Manager Reid Library University of Western Australia Ph: 61 (08) 9380 3492Fax: 61 (08) 9380 1012 Email: [EMAIL PROTECTED] -Original Message- From: T Burt [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 4 June 2002 12:52 PM To: David Pitts Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] Secure Shell Setup I will try and jump in here You did not specify whether you are trying to ssh FROM the LEAF box or INTO the LEAF box. I am going to assume that you want to ssh INTO the LEAF box. If this is the case, then you want to create the key on the box you are doing the ssh from. This could be a PC, a MAC or another *nix box. Take the public key from the generated pair, and place it on the LEAF box. This will allow you to ssh into the LEAF box using the key as authentication. If this is not the case, you can still use the key pair you generate on the PC or MAC or other *nix. In this situation, put the private key on the LEAF box, and the public key onto the box that you want to ssh into. Sigh... But there is more to setting up ssh. File and directory permissions are critical to ssh and it will fail until you get everything setup correctly. I believe I coached someone thru setting up SSH on Trinux last year sometime. You might review the postings for November and December of 2001 in the Trinux-Talk archives. Try http://trinux.sourceforge.net ... Here it is.. I found it http://www.geocrawler.com/archives/3/5032/2001/11/50/7034175/ Look around, there are more messages on that board. I hope this helps... On Tue, 4 Jun 2002, David Pitts wrote: Hi all. I have been trying to setup OpenSSH but I'm having a problem creating the key. I have ssh.lrp, ssh-key.lrp and libz.lrp. Do I also need Makekey? It looks like running ssh will start ssh-keygen which I guess creates a key?? When I run ssh-keygen or ssh I get an error message saying that libcrypto.so.0.9.6 can't be found. The libz I have includes libcrypt-2.0.7.so. Does this mean I have some sort of version conflict? Can anyone point me to a collection of the necessary files without this conflict? Thanks for your attention. David Pitts ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm -- -- leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html -- Timothy Burt Internet Specialist ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] portforward with ipchains
Hi I'm trying to rdp into my win2k server behind my lrp box this is the command to open the port on the lrp box from the command line ipchains -A forward -p tcp -s xxx.xxx.xxx.xxx 3389 -d xxx.xxx.xxx.xxx 3389 -j ACCEPT can any one see a problem with the syntax Thanks Jaime ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering: Unequal cost static default routes out twointerfaces???
I am by no means a routing expert, but I believe there may be a fundamental flaw in your intentions. I think you can provide redundent connectivity for outbound connections in the manner you describe, but for inbound, it is a different story. Basically, if you get a static IP from the Cable ISP and a different static IP from the DSL provider, then your inbound connections (for http or smtp or whatever) will be routed to the IP of either provider as configured by your DNS. If the cable company gives you x.x.x.x and the DSL is y.y.y.y and you configure your DNS as mail.yourdomain.com -- x.x.x.x When the circuit connecting x.x.x.x goes down, all of the servers trying to deliver mail will hold up until x.x.x.x comes back on-line. You will need to adjust DNS to get them to use y.y.y.y as your mail server. DNS changes propogate slowly. Too slowly. In the case of mail, you could setup y.y.y.y as a lower priority MX record, and that might work, but http and other protocols don't work that way. If your router is also serving as your mail server, it should properly handle which network card to send the reply packets out on (egress?). If your mail server is within your NAT domain, then you might consider setting up different NAT subnets for each of your ISP's and configure the mail server to use an IP alias on the same port for the two subnets. It could be seen by both connections then MX 10 -- x.x.x.x -- 192.168.10.111 -- your.mail.server and MX 20 -- y.y.y.y -- 192.168.20.111 -- your.mail.server (by aliases) I believe you are correct that BGP would solve your problem most properly, but is not an option. In that case, your routable addresses would change route when x.x.x.x went down. If email is critical, then you might consider using an email server that is external to your connection, like rent-a-redhat.com for $99 a month. Then your email connectivity becomes an outbound connection, which you can handle. The only trouble with this solution, is that a 2 MB attatchment going crom cubicle A to cubicle B must egress and ingress your DSL, which if it is ADSL, will be a bottleneck. I hope this helps On Tue, 4 Jun 2002, Rob Fegley wrote: Hello! Please excuse if I've missed this topic elsewhere on this list, in the man pages, or in a HOWTO somewhere. I'm about 2000 messages behind in my reading on this list. I'll disclose right up front that most of my experience is in Cisco gear and occasionally Alteon load-balancers, so excuse me if my questions seem a bit stupid or if my expectations about how something should work in LEAF or Bering are contorted to the Cisco world. Honestly, if I could run BGP with my Cable and DSL providers, I wouldn't be posting any of the following questions. In any event, I have DSL already and will be accepting a cable modem circuit this afternoon. I'm hoping to just toss another interface in my Bering box, and add another default route out that interface. However, my questions are these: -With equal metrics assigned to two default routes, will traffic that ingresses on one interface be routed back out of that same interface upon server reply, since I'm port-forwarding inbound connections? This would imply that a port-forwarding session table entry would take precedence over the routing table, right? This would be my most preferred option, because it allows the greatest flexibility and imparts the hardest work on Bering to figure out. -If not, then I need to apply a better cost to the interface that will do most of my hosting, then apply some sort of periodic test that would flush my better cost default route in the event that it's upstream path dies. The problem here is that both interfaces will be plugging into a switch (on separate VLANs), but even if the interfaces were crossover-cabled to my cable modem (bridge) and DSL bridge, the Bering box should never see that interface link go down, so there is no route flushing mechanism since a Layer 2 path always exists. Essentially, I am looking for Bering to have some knowledge almost like a hello timer to some upstream device, such that if visibility to that device (not necessarily another router, maybe my ISP's DNS server) goes away, then a process kicks off to flush my current preferred default route and uses the higher cost default. To read into this from a Cisco perspective, I am looking for some method of simulating neighbor adjacency without p! eering with an upstream router, which is not an option. Both of the two previous questions are aimed at how the traffic flows back out to an external client who made an initial inbound connection to something on my network. -Finally, in either an equal- or unequal-cost metric setup, does my outbound source NAT (for my browsing) take place pre- or post-routing? In essence, by NATting my internal subnet (or host) to an interface or an address within the address/netmask applied to that
Re: [leaf-user] portforward with ipchains
On Tue, 2002-06-04 at 06:37, Jaime Goncalves wrote: Hi I'm trying to rdp into my win2k server behind my lrp box this is the command to open the port on the lrp box from the command line ipchains -A forward -p tcp -s xxx.xxx.xxx.xxx 3389 -d xxx.xxx.xxx.xxx 3389 -j ACCEPT can any one see a problem with the syntax I'm not sure what rdp is, but I wouldn't limit my source port to 3389. It seems unlikely that your source port will always be 3389. -- Joe ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] portforward with ipchains
RDP is remote desktop for windows and yes it always listens on port 3389 Jaime [EMAIL PROTECTED] writes: On Tue, 2002-06-04 at 06:37, Jaime Goncalves wrote: Hi I'm trying to rdp into my win2k server behind my lrp box this is the command to open the port on the lrp box from the command line ipchains -A forward -p tcp -s xxx.xxx.xxx.xxx 3389 -d xxx.xxx.xxx.xxx 3389 -j ACCEPT can any one see a problem with the syntax I'm not sure what rdp is, but I wouldn't limit my source port to 3389. It seems unlikely that your source port will always be 3389. -- Joe ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] portforward with ipchains
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 4 Jun 2002 at 6:49, Joe Copeland wrote: On Tue, 2002-06-04 at 06:37, Jaime Goncalves wrote: Hi I'm trying to rdp into my win2k server behind my lrp box this is the command to open the port on the lrp box from the command line ipchains -A forward -p tcp -s xxx.xxx.xxx.xxx 3389 -d xxx.xxx.xxx.xxx 3389 -j ACCEPT can any one see a problem with the syntax I'm not sure what rdp is, but I wouldn't limit my source port to 3389. It seems unlikely that your source port will always be 3389. RDP is Remote Desktoip Protocol, what MS uses for their Terminal Services. And indeed, opening only 3389 incoming will work; I just set up my Pix at work yesterday to allow access to our TS server, and I only needed to open TCP 3389. MS doesn't send via a random high port, like some unix services do, so specifying 3389 as a source port will probably be fine. I'm told that there are also times when it will use TCP 1494, but I don't know that for a fact. I do know we're doing production work specifying 3389. -BEGIN PGP SIGNATURE- Version: PGP 7.0.4 -- QDPGP 2.68 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBPPzKiZq0HvZapbzfEQLcbgCg4rjhNTM1jBZhppcfLMRPlBGIkl4An2kU PrfuaBlMqLuemqL1RUzPLST0 =dqVB -END PGP SIGNATURE- ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] portforward with ipchains
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 4 Jun 2002 at 6:49, Joe Copeland wrote: On Tue, 2002-06-04 at 06:37, Jaime Goncalves wrote: Hi I'm trying to rdp into my win2k server behind my lrp box this is the command to open the port on the lrp box from the command line ipchains -A forward -p tcp -s xxx.xxx.xxx.xxx 3389 -d xxx.xxx.xxx.xxx 3389 -j ACCEPT can any one see a problem with the syntax I'm not sure what rdp is, but I wouldn't limit my source port to 3389. It seems unlikely that your source port will always be 3389. RDP is Remote Desktoip Protocol, what MS uses for their Terminal Services. And indeed, opening only 3389 incoming will work; I just set up my Pix at work yesterday to allow access to our TS server, and I only needed to open TCP 3389. MS doesn't send via a random high port, like some unix services do, so specifying 3389 as a source port will probably be fine. I'm told that there are also times when it will use TCP 1494, but I don't know that for a fact. I do know we're doing production work specifying 3389. -BEGIN PGP SIGNATURE- Version: PGP 7.0.4 -- QDPGP 2.68 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBPPzKipq0HvZapbzfEQKscgCeLxEcJLXO5DxQPGgfeEHVQ1VHWG4AoNgX 2kYENJo9ssefNExCT5nylCQD =hxvS -END PGP SIGNATURE- ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] portforward with ipchains
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 4 Jun 2002 at 7:36, T Burt wrote: I prefer to use VNC tunneled thru an SSH connection to manage my remote windoze boxes. Actually, TS is on the order of about a THOUSAND times faster than VNC, even without SSH. :-) (a slight exaggeration; I do use VNC to control my Windows boxes, and there is no sane comparison - for speed - between RDP and VNC. Also, RDP is like getting a *separate* virtual console in Linux; it is not remote control, like VNC is. It can be, if you install it that way, but usually is meant as a whole VM session) Security may be a different issue. -BEGIN PGP SIGNATURE- Version: PGP 7.0.4 -- QDPGP 2.68 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBPPzShZq0HvZapbzfEQIC2QCfb0N3uprhsg4u1e3Q1POY8K363oUAnRTk blrIKyeJB4ZoWipSgupiu4hk =tBU+ -END PGP SIGNATURE- ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] portforward with ipchains
At 09:37 AM 6/4/02 -0400, Jaime Goncalves wrote: Hi I'm trying to rdp into my win2k server behind my lrp box this is the command to open the port on the lrp box from the command line ipchains -A forward -p tcp -s xxx.xxx.xxx.xxx 3389 -d xxx.xxx.xxx.xxx 3389 -j ACCEPT can any one see a problem with the syntax The syntax looks fine. But in choosing to conceal the IP addresses involved, you left open the question of whether this setup is a simple router or a NAT'ing router. If the LEAF router is NAT'ing, you'll need to add a port-forwarding entry (via ipmasqadm) instead of this ipchains entry. And in any case, you may need to modify the input chain to ACCEPT incoming traffic from or to (or both) port 3389. (And since I am unacqquainted with the rdp service, I don't actuaally know that it can be made to work through a NAT'd connection at all.) Oh, one qualification on my syntax comment ... you are adding (-A) this rule rather than inserting (-I ##) it. This means it gets put at the *end* of the forward chain. Since packets pass through the rules of a chain in order until they hit a matching one, it is possible that some rule prior to the one you are creating will catch and act on the packets. This is why a chain's rules have to be evaluated as a set, not singly, in isolation. If this really was just a question about the syntax of ipchains commends, then you are set. If you are experiencing trouble with the hookup, though (as I suspect), you'll probably need to post a more complete trouble descriptnion. See the SR FAQ link below for help if you need to do this. -- ---Never tell me the odds!-- Ray Olszewski-- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] --- ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] To Bering users: help us to release 1.0
On Mon, 3 Jun 2002, Jacques Nilo wrote: Dear all: With its v1.0-rc2 version Bering appears now fairly stable and it seems that quite a lot of people have been giving it a try. We would like to stabilize this first version with a last rc3 before final release. rc3 should include: 2.4.18 kernel with: a/ More netfilter patches (to take care of H323, pptp and the like) b/ grsecurity patch busybox 0.60.3 (will save 10k) fix for bridge script So if anyone wants to report a bug or some code change proposal it is the time to do so. I got some proposal in the last weeks but lost my hard disk with all my mail in it so do not hesitate to re-issue previous suggestion. I am trying out Bering for the first time. I think your modules tarball should include modules.dep as a reference for module dependencies for your compilation of the kernel and modules. --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] portforward with ipchains
There is a FAQ on this here: http://sourceforge.net/docman/display_doc.php?docid=4427group_id=13751 I use it to access my box currently. Let me know if it is just the one port. I think Terminal Server uses 3389 and Citrix uses 1494. I probably need to update the FAQ. -sp On Tue, 04 June 2002, Ray Olszewski wrote At 09:37 AM 6/4/02 -0400, Jaime Goncalves wrote: Hi I'm trying to rdp into my win2k server behind my lrp box this is the command to open the port on the lrp box from the command line ipchains -A forward -p tcp -s xxx.xxx.xxx.xxx 3389 -d xxx.xxx.xxx.xxx 3389 -j ACCEPT can any one see a problem with the syntax The syntax looks fine. But in choosing to conceal the IP addresses involved, you left open the question of whether this setup is a simple router or a NAT'ing router. If the LEAF router is NAT'ing, you'll need to add a port-forwarding entry (via ipmasqadm) instead of this ipchains entry. And in any case, you may need to modify the input chain to ACCEPT incoming traffic from or to (or both) port 3389. (And since I am unacqquainted with the rdp service, I don't actuaally know that it can be made to work through a NAT'd connection at all.) Oh, one qualification on my syntax comment ... you are adding (-A) this rule rather than inserting (-I ##) it. This means it gets put at the *end* of the forward chain. Since packets pass through the rules of a chain in order until they hit a matching one, it is possible that some rule prior to the one you are creating will catch and act on the packets. This is why a chain's rules have to be evaluated as a set, not singly, in isolation. If this really was just a question about the syntax of ipchains commends, then you are set. If you are experiencing trouble with the hookup, though (as I suspect), you'll probably need to post a more complete trouble descriptnion. See the SR FAQ link below for help if you need to do this. -- ---Never tell me the odds!-- Ray Olszewski -- Han Solo Palo Alto, California, USA[EMAIL PROTECTED] --- ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] bering (shorewall) traffic shaping
Hi all, I am trying to do some traffic shaping and it appears to be working. Just have one question though, would it be possible to mix fwmark filter with the u32 ones? u32 seems easier for complex rules like filtering on ack/syn/ size of data packet and so on. Thanks in advance Kim ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] bering (shorewall) traffic shaping
Is it possible to accomplish traffic shaping with Dachstein? - Original Message - From: Kim Oppalfens [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, June 04, 2002 1:13 PM Subject: [leaf-user] bering (shorewall) traffic shaping Hi all, I am trying to do some traffic shaping and it appears to be working. Just have one question though, would it be possible to mix fwmark filter with the u32 ones? u32 seems easier for complex rules like filtering on ack/syn/ size of data packet and so on. Thanks in advance Kim ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] bering (shorewall) traffic shaping
On Tue, 4 Jun 2002, Kim Oppalfens wrote: Hi all, I am trying to do some traffic shaping and it appears to be working. Just have one question though, would it be possible to mix fwmark filter with the u32 ones? u32 seems easier for complex rules like filtering on ack/syn/ size of data packet and so on. Thanks in advance You can use any type of clasifier you choose -- Shorewall itself only supports fwmark though. -Tom -- Tom Eastep\ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED] ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] bering (shorewall) traffic shaping
I suspect you can, but you are most likely to get knowledgeable help on the LARTC list: http://mailman.ds9a.nl/mailman/listinfo/lartc -Richard On Tue, 2002-06-04 at 11:13, Kim Oppalfens wrote: Hi all, I am trying to do some traffic shaping and it appears to be working. Just have one question though, would it be possible to mix fwmark filter with the u32 ones? u32 seems easier for complex rules like filtering on ack/syn/ size of data packet and so on. Thanks in advance Kim ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] To Bering users: help us to release 1.0
Le Mardi 4 Juin 2002 19:43, Jeff Newmiller a écrit : I am trying out Bering for the first time. I think your modules tarball should include modules.dep as a reference for module dependencies for your compilation of the kernel and modules. OK. Will do with the next release. Jacques ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] error message: pon: not found
Hello! I installed and configured Bering 1rc2 for my first time. When I boot the system I get the message: Configuring network inferfaces: pon: not found I think I configured everything very well but its not possible to ping the machine from another host. (kernel modules for NICs are loaded with no problem) When i shutdown the system I get the message poff: not found What can I do? Any Ideas? Thank you very much for your help, Jan ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] portforward with ipchains
At 09:37 AM 6/4/02 -0400, Jaime Goncalves wrote: Hi I'm trying to rdp into my win2k server behind my lrp box this is the command to open the port on the lrp box from the command line ipchains -A forward -p tcp -s xxx.xxx.xxx.xxx 3389 -d xxx.xxx.xxx.xxx 3389 -j ACCEPT can any one see a problem with the syntax Here's a FAQ for port-forwarding with Dachstein that doesn't appear to be on the FAQ menu: http://sourceforge.net/docman/display_doc.php?docid=10418group_id=13751 -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering: Unequal cost static default routes out two interfaces???
On Tuesday 04 June 2002 07:22, Rob Fegley wrote: -With equal metrics assigned to two default routes, will traffic that ingresses on one interface be routed back out of that same interface upon server reply, since I'm port-forwarding inbound connections? This would imply that a port-forwarding session table entry would take precedence over the routing table, right? This would be my most preferred option, because it allows the greatest flexibility and imparts the hardest work on Bering to figure out. -If not, then I need to apply a better cost to the interface that will do most of my hosting, then apply some sort of periodic test that would flush my better cost default route in the event that it's upstream path dies. The problem here is that both interfaces will be plugging into a switch (on separate VLANs), but even if the interfaces were crossover-cabled to my cable modem (bridge) and DSL bridge, the Bering box should never see that interface link go down, so there is no route flushing mechanism since a Layer 2 path always exists. Essentially, I am looking for Bering to have some knowledge almost like a hello timer to some upstream device, such that if visibility to that device (not necessarily another router, maybe my ISP's DNS server) goes away, then a process kicks off to flush my current preferred default route and uses the higher cost default. To read into this from a Cisco perspective, I am looking for some method of simulating neighbor adjacency without peering with an upstream router, which is not an option. -Finally, in either an equal- or unequal-cost metric setup, does my outbound source NAT (for my browsing) take place pre- or post-routing? In essence, by NATting my internal subnet (or host) to an interface or an address within the address/netmask applied to that interface, does that ensure that my traffic will egress on that same interface, thus basically acting like policy routing? This has been a Golden Goose that hasn't worked as hoped for several years with the 2.2.x kernel releases. I can't say that anyone has attempted it with 2.4.x LEAF (Bering) yet. The best advice I have seen (documented) is Jack Coates Load-Balancing HowTo, found at: http://leaf.sourceforge.net/pub/doc/howto/LRP-Load-Balancing-HOWTO.html I hope this helps! __ ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Secure Shell Setup
On Monday 03 June 2002 22:15, David Pitts wrote: Hi all. I have been trying to setup OpenSSH but I'm having a problem creating the key. I have ssh.lrp, ssh-key.lrp and libz.lrp. Do I also need Makekey? It looks like running ssh will start ssh-keygen which I guess creates a key?? For a LEAF-specific FAQ on setting up sshd, check the FAQ: http://sourceforge.net/docman/display_doc.php?docid=1441group_id=13751 I hope this helps, -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Print Server and Dachstein router
Hi Charles, 3 months ago I have setup the Dachstein-floppy router for a friend and he is very happy about it. Now he wants to attach the printer to it so his family can share. I know that Nicholas Fong [EMAIL PROTECTED] has built a package (9100.lrp) for that purpose (something as raw Socket API, used in HP JetDirect and JetDirectEX series). He is posting his package at http://pigtail.net/LRP/printsrv/index.html I contacted Nicholas and he said that we need to modify the kernel to support the LPTs. What do you think about the possibility to include this support in the upcoming version? Building a new kernel is beyond me, but here is what Nicholas wrote me: - Original Message - Here is what to ask for the new kernel: Please modify the kernel to include parallel port and printer support: In the kernel .config General Setup section: CONFIG_PARIDE_PARPORT=m In the kernel .config Character devices section: CONFIG_PRINTER=m CONFIG_PRINTER_READBACK=y For modules.lrp, add these 3 kernel modules in /lib/modules lp.o parport.o parport_pc.o ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] pptp along with ppp dialup
How can i implement a pptp tunnel along side of existing ppp dialup to ISP? Running bearing with one dialup ppp0 and one internal nic eth1. Have downloaded pptp.lrp and want to connect to Mikrotik router via mschap or chap. Need Bering router to be client to tunnel and will be connecting via internet. Can this be done? ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Tulip and Dachstein
Can anybody tell me if its possible to have the old Tulip driver working with Dachstein? Does it need to be re-compiled to work? I have it working with Eigerstein, but the Tulip in Dachstein doesn't work for me so I thought I would try the old version. Thanks for your assistance. David Pitts ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Tulip and Dachstein
On Tuesday 04 June 2002 22:28, David Pitts wrote: Can anybody tell me if its possible to have the old Tulip driver working with Dachstein? Does it need to be re-compiled to work? I have it working with Eigerstein, but the Tulip in Dachstein doesn't work for me so I thought I would try the old version. There is a tulip_old.o or old_tulip.o module that will work with the older chipset if the new tulip.o doesn't work. You'll have to get it from Charles' site for the floppy image (in the small directory) or it should be on the CD-ROM version. I hope this helps, -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Tulip and Dachstein
Thanks you very much for your responses to my questions guitarlynn. Its nice to know I'm not just yelling into a bucket! David Pitts -Original Message- From: guitarlynn [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 5 June 2002 12:27 PM To: [EMAIL PROTECTED] Subject: Re: [leaf-user] Tulip and Dachstein On Tuesday 04 June 2002 22:28, David Pitts wrote: Can anybody tell me if its possible to have the old Tulip driver working with Dachstein? Does it need to be re-compiled to work? I have it working with Eigerstein, but the Tulip in Dachstein doesn't work for me so I thought I would try the old version. There is a tulip_old.o or old_tulip.o module that will work with the older chipset if the new tulip.o doesn't work. You'll have to get it from Charles' site for the floppy image (in the small directory) or it should be on the CD-ROM version. I hope this helps, -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
