[leaf-user] Bering PPPD and MultiLink
Good day, I am trying to get 2 leased-line modems to connect using multilink. I am unsure which file does what and hope that someone has some guidance for me, please. TIA Glyn __ "The information contained in this email is intended solely for the use of the individual or entity to whom it is addressed and others authorised to receive it. Cirrus Techvue is not liable for the proper, complete transmission of the information contained in this email, or any delay in its receipt, and does not warrant that the mail is virus-free." ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Using HOSTS file
Michael, I think you have confused the issue for John. There is nothing magic about the last two pieces of a domain name; a DNS server can assert it is authoritative for a domain name that has 3 or 4 or 5 pieces. (Examples are fairly common in TLDs that end in country codes; for example, here in the USA, someone is authoritative for ca.us but delegates various_things.ca.us to other authoritative servers; surely domains like co.uk work the same way.) What he is trying to do is perfectly proper -- claim to be (locally) authoritative for the [sub-]domain mullan.dns2go.com, without also claiming to be authoritative for the larger domain dns2go.com. He should be able to do this, in principle. If he were using BIND, I'd be able to tell him how to do it; since he uses tinydns and dnscache, I can't give him the recipe, but if he can't do it, it is a limitation of the apps (either alone or working together), not a "feature" (or even a bug) of DNS. In a non-trivial sense, DNS is just a big lie. It works because we all agree to pretend that the same lie is true (by pointing our DNS servers to the same root servers). Or at least we do most of the time, and the exceptions tend to be on private networks, where any problems are hidden from the larger world. Or eccentrics like alternet (are they still around?), who try to popularize new TLDs by offering different root servers. This is a case where John should be able to tell his local machines a slightly different lie than the one we all agree on. If he can't do it, then either he is doing something wrong or the apps he is using are too inflexible. One low-tech solution that should work, BTW, is to add the hostname/IP address pair to the hosts file on each workatation (/etc/hosts for Linux workstations; I don't know the WinXX analog, though I do know there is one). Adding it to /etc/hosts on the Linux router should be enough for most apps actually running on the router itself to get it right -- the important exceptions are DNS and (usually) SMTP, apps that (usually) do not make use of the /etc/hosts file. As to tinydns, you suggest a candiate approach of >adding this: > > private.network > >to this: > > /etc/tinydns-private/env/DOMAINS I assume there is a typo in what you wrote, and that you meant to suggest adding "dns2go.com" rather than "private.network". If you are right that that would work, then so should adding "mullan.dns2go.com" ... only without the nasty side effects. But perhaps someone more expert than I with tinydns can comment; I am reasoning by analogy to what I would do with BIND. At 10:40 PM 6/6/02 -0500, Michael D. Schleif wrote: >John Mullan wrote: >[...] > > I'm sure I'm missing something, but no luck. I had tried to set it up > > so that dnscache watches 192.168.1.254 and looks to tinydns. Not sure > > if that is what is supposed to happen or if I even got it that way in > > any of my attempted combinations. >[...] > > To recap: The plan is to force internal network to resolve > > MULLAN.DNS2GO.COM to 192.168.1.128. External requests of course will > > already find their way to 192.168.1.128 via the INTERN_SERVERS in > > network.conf > > > > So any ideas? > >Actually, this is the way dns _should_ work -- you do *NOT* own the >domain dns2go.com, so dnscache will always look to the internet >nameservers for that domain. The real problem is that, even though your >dns queries _are_ being directed toward your external ip, *NO* port >forwarding is allowed from internal to external and back to internal ;> > >Now, if you really want to do what you say and if you do *NOT* care >about resolving anything else in the domain dns2go.com, you can try >adding this: > > private.network > >to this: > > /etc/tinydns-private/env/DOMAINS > >and then: > > svi tinydns restart > svi dnscache restart > >I cannot guarantee the results; but, it seems likely that you will be >telling dnscache that, indeed, you do have bailiwick for the domain >dns2go.com -- instead of that domain's rightful nameservers -- and you >maybe able to fool some of the people some of the time . . . > >I do _NOT_ recommend this approach, since I cannot know whether or not >this tomfoolery will lead to other, less impressive results. Instead, I >recommend that you tell your internal boxen to look for whatever >192.168.1.128's legitimate .private.network name really is . . . [...] -- ---"Never tell me the odds!"-- Ray Olszewski-- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] --- ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
[leaf-user] (no subject)
Fcc: +sent Subject: Re: [leaf-user] Using HOSTS file In-reply-to: Your message of "Thu, 06 Jun 2002 22:40:16 CDT." <[EMAIL PROTECTED]> On Thu, 06 Jun 2002 22:40:16 CDT mds wrote: > John Mullan wrote: > > > > To recap: The plan is to force internal network to resolve > > MULLAN.DNS2GO.COM to 192.168.1.128. External requests of course will > > already find their way to 192.168.1.128 via the INTERN_SERVERS in > > network.conf > > > > So any ideas? [snip] > Now, if you really want to do what you say and if you do *NOT* care > about resolving anything else in the domain dns2go.com, you can try > adding this: > > private.network > > to this: > > /etc/tinydns-private/env/DOMAINS > > and then: > > svi tinydns restart > svi dnscache restart To clarify--and hopefully I'm not mis-speaking--this will tell tinydns to tell dnscache that it is authoritative for the domain "private.network". Seems like John probably wants "mullan.dns2go.com" and "1.168.192.in-addr.arpa", possibly in addition to "private.network". > I cannot guarantee the results; but, it seems likely that you will be > telling dnscache that, indeed, you do have bailiwick for the domain > dns2go.com -- instead of that domain's rightful nameservers -- and you > maybe able to fool some of the people some of the time . . . The result should be that dnscache will forward requests for DOMAINS to tinydns listening on /etc/tinydns-private/env/IP. That's only half the battle; tinydns will also need to be configured properly to reply for hosts in DOMAINS. I agree that putting "dns2go.com" in DOMAINS would be a bad idea because John would lose resolution for subdomain.dns2go.com where subdomain!=mullan. Putting "mullan.dns2go.com" in there to create a split horizon seems reasonable to me though; it prevents having separate public and private names that refer to the same resource. > I do _NOT_ recommend this approach, since I cannot know whether or not > this tomfoolery will lead to other, less impressive results. Instead, I > recommend that you tell your internal boxen to look for whatever > 192.168.1.128's legitimate .private.network name really is . . . Agreed you could use different names for all internal hosts, but why? Having two names for the same resource can lead to a lot of confusion, especially if you have hosts that move from the public to the private network, e.g. roadwarrior notebooks. Granted, tinydns can be tricky to setup and an incorrect config can cause plenty of name resolution problems for internal hosts. Once it is setup properly though, it should accomplish exactly what John was trying to do--at least as I understand it. --Brad ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Using HOSTS file
On Thu, 06 Jun 2002 23:01:43 EDT you wrote: > Thanks for you help so far Brad.. Glad to help. > I'm sure I'm missing something, but no luck. I had tried to set it up > so that dnscache watches 192.168.1.254 and looks to tinydns. Not sure > if that is what is supposed to happen or if I even got it that way in > any of my attempted combinations. That's the approach that I am using. internal hosts -> dnscache -> tinydns for vmware.priv -> tinydns for .70.168.192.in-addr.arpa -> root DNS servers all other domains I had it setup under LEAF, but currently I am only running that configuration on my notebook. A masq'd set of vmware clients on 192.168.70.0/24 is my equivalent to your internal 192.168.1.0/24 net. > If it helps, here are some configuration extracts, both what they are > and what I have tried.. > > DNSCACHE: > LRP Internal 192.168.1.254 tried 127.0.0.1 192.168.1.254 is correct. That allows the internal clients to reach dnscache. > Query Hosts 192.168 tried 127.0.0.1 192.168 is correct, allowing hosts 192.168.*.* to access dnscache. > FORWARDONLY NO tried YES NO is probably what you want. YES would be used to forward all of your requests to a single server, e.g. an upstream caching name server. > TINYDNS: > Type PRIVATE kept PRIVATE > Internal DNS 127.0.0.1 kept 127.0.0.1 Both correct. > Data records > .1.168.192.in-addr.arpa::localhost > +myrouter.private.network:192.168.1.254 > =mullan.dns2go.com:192.168.1.254 I think there are two problems here. First: =mullan.dns2go.com:192.168.1.254 ^^^ should probably be =mullan.dns2go.com:192.168.1.128 ^^^ since you say mullan.dns2go.com is supposed to point to your web server at 192.168.1.128. Second: According to http://cr.yp.to/djbdns/tinydns-data.html, you need to add a line like ".mullan.dns2go.com:192.168.1.254" to create a NS record that says 192.168.1.254 is the name server for mullan.dns2go.com. Otherwise, tinydns will ignore queries for mullan.dns2go.com. After making these adjustments and running the tinydns-data command[1], check to see if tinydns is working as expected. Ideally, you'd run "dig @127.0.0.1 mullan.dns2go.com" or an equivalent nslookup command. Since you probably don't have dig available on the leaf box, you can temporarily comment out all the nameserver lines in /etc/resolv.conf execpt for the one with 127.0.0.1 and ping mullan.dns2go.com. Ping should report the address for mullan.dns2go.com as 192.168.1.128. If it doesn't something is still wrong with the tinydns configuration. Once tinydns is resolving mullan.dns2go.com and 192.168.1.128 properly, you'll need to make sure dnscache has files /etc/dnscache/root/servers/mullan.dns2go.com /etc/dnscache/root/servers/1.168.192.in-addr.arpa with the text "127.0.0.1" in them to point dnscache to tinydns to resolve those domains. Not sure about the leaf packages, but there is a /etc/tinydns-private/env/DOMAINS file in the version I am using that automatically creates them when from /etc/init.d/tinydns when tinydns is started is restarted. > Resolv.conf is.. > search nimc1.on.cogeco.ca tried 127.0.0.1 and > private.network > nameserver 127.0.0.1 no changes > nameserver 216.221.81.53 no changes > nameserver 24.226.1.47no changes > nameserver 24.226.1.90no changes You'll probably want the router to use dnscache to resolve names, so the first nameserver line should use 192.168.1.254. tinydns on 127.0.0.1 won't reply to queries for domains other than mullan.dns2go.com and 1.168.192.in-addr.arpa so you don't want to use it directly. You can keep the external nameserver lines if you want to use your ISPs name servers when 192.168.1.254 doesn't reply. > Even when I did change resolv.conf it gets rewritten when I reboot. Sounds like Dachstein. There are variables in /etc/network.conf that control the "nameserver 127.0.0.1" line and whether or not the other nameserver lines are added when the DHCP server hands them out. I don't remember the variable names off-hand, but the variable names and inline comments should make them obvious. > To recap: The plan is to force internal network to resolve > MULLAN.DNS2GO.COM to 192.168.1.128. External requests of course will > already find their way to 192.168.1.128 via the INTERN_SERVERS in > network.conf > > So any ideas? Hope the comments above help. The first step is to get tinydns working right, then move on to dnscache, and then the configuration of the machines in your LAN (if they don't already use 192.168.1.254 for name service). If you can't get tinydns or dnscache working, describe how they are failing and your configuration files and we should be able to get it worked out. --Br
Re: [leaf-user] Using HOSTS file
John Mullan wrote: > > Thanks for you help so far Brad.. > > I'm sure I'm missing something, but no luck. I had tried to set it up > so that dnscache watches 192.168.1.254 and looks to tinydns. Not sure > if that is what is supposed to happen or if I even got it that way in > any of my attempted combinations. > > If it helps, here are some configuration extracts, both what they are > and what I have tried.. > > DNSCACHE: > LRP Internal192.168.1.254 tried 127.0.0.1 > Query Hosts 192.168 tried 127.0.0.1 > FORWARDONLY NO tried YES > > TINYDNS: > TypePRIVATE kept PRIVATE > Internal DNS127.0.0.1 kept 127.0.0.1 > Data records > .1.168.192.in-addr.arpa::localhost > +myrouter.private.network:192.168.1.254 > =mullan.dns2go.com:192.168.1.254 > > Resolv.conf is.. > search nimc1.on.cogeco.ca tried 127.0.0.1 and > private.network > nameserver 127.0.0.1no changes > nameserver 216.221.81.53no changes > nameserver 24.226.1.47 no changes > nameserver 24.226.1.90 no changes > > Even when I did change resolv.conf it gets rewritten when I reboot. > > To recap: The plan is to force internal network to resolve > MULLAN.DNS2GO.COM to 192.168.1.128. External requests of course will > already find their way to 192.168.1.128 via the INTERN_SERVERS in > network.conf > > So any ideas? Actually, this is the way dns _should_ work -- you do *NOT* own the domain dns2go.com, so dnscache will always look to the internet nameservers for that domain. The real problem is that, even though your dns queries _are_ being directed toward your external ip, *NO* port forwarding is allowed from internal to external and back to internal ;> Now, if you really want to do what you say and if you do *NOT* care about resolving anything else in the domain dns2go.com, you can try adding this: private.network to this: /etc/tinydns-private/env/DOMAINS and then: svi tinydns restart svi dnscache restart I cannot guarantee the results; but, it seems likely that you will be telling dnscache that, indeed, you do have bailiwick for the domain dns2go.com -- instead of that domain's rightful nameservers -- and you maybe able to fool some of the people some of the time . . . I do _NOT_ recommend this approach, since I cannot know whether or not this tomfoolery will lead to other, less impressive results. Instead, I recommend that you tell your internal boxen to look for whatever 192.168.1.128's legitimate .private.network name really is . . . hth -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Combining NAT with PAT
On Thu, 2002-06-06 at 15:35, Nachman Yaakov Ziskind wrote: > Omar D. Samuels wrote (on Thu, Jun 06, 2002 at 05:09:49PM -0500): > | What do you mean, I still don't understand. > | > | > | One learns something new everyday... does PAT stand for Private Address > | > | Translation? > | > > | > NAT = Network Address Translation (one to one). > | > PAT = Port Address Translation (one to many). > | > > | > | Is it different from NAR (Network Address Retention)? > | > > | > Dunno. :-) > > In NAT, the router essentially changes the source IP number to some other > (presumably better :-) one, and makes no other changes. So, your network > address is hidden, but you still need one public IP address for every host on > your network. > > In PAT, the router changes the port number as well (to some random port > number), and keeps track of a table consisting of: the original source IP > number, and the port coded to the packet. The point is that the router can > inspect the reply packet, check the table, and send it off to the machine that > sent the source packet because it knows the port it arrived on. So, many hosts > can use the same IP number. > > Both NAT and PAT have their uses; we use both here. As I understand it, netfilter (iptables) can do what you want, although the terminology and approach may be unfamiliar. Start here: http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO.html The Bering branch of LEAF uses a 2.4 kernel with netfilter. Dachstein still uses a 2.2 kernel. -Richard ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] tftp and network.conf
On Thursday 06 June 2002 21:28, [EMAIL PROTECTED] wrote: > EXTERN_UDP_PORTS="ip.ad.dr.es/32_tftp" > EXTERN_PROTO0="69 ip.ad.dr.es/32" > > I would presumably also need a line for the x-server, but I > don't know of-hand what it is.. at any rate... does > something like this work? the stated "tftp" probably won't work, unless the variable is matched to a port number. So you will probably need to find out what port tftp runs on and substitute it in the line. The same goes for allowing X-servers, vnc, and anything else (that should probably been sent through a ssh or zebedee encrypted tunnel in my view). I hope this helps, -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Using HOSTS file
Thanks for you help so far Brad.. I'm sure I'm missing something, but no luck. I had tried to set it up so that dnscache watches 192.168.1.254 and looks to tinydns. Not sure if that is what is supposed to happen or if I even got it that way in any of my attempted combinations. If it helps, here are some configuration extracts, both what they are and what I have tried.. DNSCACHE: LRP Internal192.168.1.254 tried 127.0.0.1 Query Hosts 192.168 tried 127.0.0.1 FORWARDONLY NO tried YES TINYDNS: TypePRIVATE kept PRIVATE Internal DNS127.0.0.1 kept 127.0.0.1 Data records .1.168.192.in-addr.arpa::localhost +myrouter.private.network:192.168.1.254 =mullan.dns2go.com:192.168.1.254 Resolv.conf is.. search nimc1.on.cogeco.ca tried 127.0.0.1 and private.network nameserver 127.0.0.1no changes nameserver 216.221.81.53no changes nameserver 24.226.1.47 no changes nameserver 24.226.1.90 no changes Even when I did change resolv.conf it gets rewritten when I reboot. To recap: The plan is to force internal network to resolve MULLAN.DNS2GO.COM to 192.168.1.128. External requests of course will already find their way to 192.168.1.128 via the INTERN_SERVERS in network.conf So any ideas? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Brad Fritz Sent: Thursday, June 06, 2002 9:13 PM To: John Mullan Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] Using HOSTS file On Thu, 06 Jun 2002 20:40:25 EDT you wrote: > OK Brad. I've put tinydns on. I left the tinydns option for internal > IP at 127.0.0.1 > > Is this the proper loopback interface address? Yes, it is: $ cat /etc/tinydns-private/env/IP 127.0.0.1 --Brad ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Port Forwarding Failure
On Thursday 06 June 2002 18:12, James K. Wiggs wrote: > running OpenH323 and GnomeMeeting 0.85; > the other is an NT 4.0 box running NetMeeting 3.01. I've configured Load the "ip_masq_h323" module in /etc/modules. This is a helper module to get it to work right. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] tftp and network.conf
I'm trying to get something working at work, and I need to be able to allow tftp and ultimately an x-server. first I assume that I can add a a few lines into the network.conf similar to the following EXTERN_UDP_PORTS="ip.ad.dr.es/32_tftp" EXTERN_PROTO0="69 ip.ad.dr.es/32" I would presumably also need a line for the x-server, but I don't know of-hand what it is.. at any rate... does something like this work? joey ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Using HOSTS file
On Thu, 06 Jun 2002 20:40:25 EDT you wrote: > OK Brad. I've put tinydns on. I left the tinydns option for internal > IP at 127.0.0.1 > > Is this the proper loopback interface address? Yes, it is: $ cat /etc/tinydns-private/env/IP 127.0.0.1 --Brad ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Combining NAT with PAT
On Thu, 6 Jun 2002, Nachman Yaakov Ziskind wrote: > Omar D. Samuels wrote (on Thu, Jun 06, 2002 at 05:09:49PM -0500): > | What do you mean, I still don't understand. > | > | > | One learns something new everyday... does PAT stand for Private Address > | > | Translation? > | > > | > NAT = Network Address Translation (one to one). > | > PAT = Port Address Translation (one to many). > | > > | > | Is it different from NAR (Network Address Retention)? > | > > | > Dunno. :-) > > In NAT, the router essentially changes the source IP number to some other > (presumably better :-) one, and makes no other changes. So, your network > address is hidden, but you still need one public IP address for every host on > your network. I am not aware of how to do this in Linux. The 2.0 kernel certainly cannot, I vaguely recall hearing that it is possible with 2.2/ipchains, and I think 2.4/iptables should be able to but cannot confirm. More commonly, to get something approximating what you want a DMZ is set up and either bridge/firewalled or proxyarp/firewalled. > In PAT, the router changes the port number as well (to some random port > number), and keeps track of a table consisting of: the original source IP > number, and the port coded to the packet. The point is that the router can > inspect the reply packet, check the table, and send it off to the machine that > sent the source packet because it knows the port it arrived on. So, many hosts > can use the same IP number. This is called "masquerading" in Linux, and is quite well supported. --- Jeff NewmillerThe . . Go Live... DCN:<[EMAIL PROTECTED]>Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Using HOSTS file
OK Brad. I've put tinydns on. I left the tinydns option for internal IP at 127.0.0.1 Is this the proper loopback interface address? -Original Message- From: Brad Fritz [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 06, 2002 4:42 AM To: John Mullan Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] Using HOSTS file On Thu, 06 Jun 2002 00:09:38 PDT Ray Olszewski wrote: > Jeff's response is the right one here -- the router (or some other host on > the LAN) needs to run a DNS server that resolves FQNs of hosts on the LAN > to their private addresses and forwards all other requests to a "real" > nameserver. The LAN hosts then need to be told (via manual setup or DHCP or > whatever) to use that nameserver for their DNS inquiries. > > In practice, I find it easier here to do all of this on a host separate > from my router ... but my DNS requirements are elaborate enough to call for > using full-size BIND. If you want to do it on your LEAF router, it's not *too* bad to setup using tinydns and dnscache. One setup that has worked for me is to run tinydns bound to the router's loopback interface and dnscache bound to the internal interface. Files in /etc/dnscache/root/servers/ are used to point dnscache to tinydns for the internal hosts. The names and addresses of those hosts (or just your firewall, if that's all you need) are set in /etc/tinydns-private/root/data. If you decide to pursue the tinydns/dnscache setup and need more detail or have specific questions, let me know (on-list) and I'll do my best to answer. The djbdns docs and the Bering tinydns.lrp and dnscache.lrp documents[1,2] might also be useful even if you are using a LEAF variant other than Bering. --Brad [1] http://leaf.sourceforge.net/devel/jnilo/tinydns.html [2] http://leaf.sourceforge.net/devel/jnilo/dnscache.html ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Port Forwarding Failure
Hello Folks, Uncertain which mailing list is the correct and active one, so I'm posting to both. I'm trying to get voice over IP working between two boxes; each is behind a basic EigerStein LRP box, both configured as firewalls. Almost all ports on both boxes are closed. One of the boxes is a Debian 2.2r2 box, running OpenH323 and GnomeMeeting 0.85; the other is an NT 4.0 box running NetMeeting 3.01. I've configured a third box, behind the same firewall as the NT machine, to act as an ILS server for the NT machine. The problem is that I can't seem to get the necessary ports opened up on these boxes so that traffic will go through on them. I have the following configuration for the INTERN_SERVERS variable in /etc/network.conf on each machine, but no matter what, when we attempt connections, I find DENY log messages on these ports. INTERN_SERVERS="udp_${EXTERN_IP}_389_192.168.1.16_389 udp_${EXTERN_IP}_522_192.168.1.16_522 udp_${EXTERN_IP}_1503_192.168.1.128_1503 udp_${EXTERN_IP}_1720_192.168.1.128_1720 udp_${EXTERN_IP}_1731_192.168.1.128_1731 tcp_${EXTERN_IP}_389_192.168.1.16_389 tcp_${EXTERN_IP}_522_192.168.1.16_522 tcp_${EXTERN_IP}_1503_192.168.1.128_1503 tcp_${EXTERN_IP}_1720_192.168.1.128_1720 tcp_${EXTERN_IP}_1731_192.168.1.128_1731 tcp_${EXTERN_IP}_8080_192.168.1.2_8080 udp_${EXTERN_IP}_8080_192.168.1.2_8080" I even suspected that there might be some problem with trying to open up privileged ports with this technique, so I tried adding the following line to /etc/network.conf: INTERN_LDAP_SERVER=192.168.1.16 # Internal LDAP server to make available and these lines in /etc/ipfilter.conf: if [ -n "$INTERN_LDAP_SERVER" ] ; then $IPMASQADM portfw -a -P tcp -L $EXTERN_IP ldap -R $INTERN_LDAP_SERVER ldap fi What am I doing wrong? The INTERN_WWW_SERVER and INTERN_SMTP_SERVER stuff works properly, but this same code *doesn't* work for port 389. What's that all about? I *know* there have to be other people doing the VoIP thing through LRP machines; has anyone written a HowTo? best, Jim Wiggs James Wiggs Email: [EMAIL PROTECTED] ICBM: 97 30 18 W, 42 52 27 N ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Zeroing out ipchains
On Thu, 6 Jun 2002, Nachman Yaakov Ziskind wrote: > Say, how come I can't zero out the ipchains counters? You can... some of them. > # ipchains -nvL > Chain input (policy ACCEPT: 15420 packets, 3599705 bytes): > Chain forward (policy ACCEPT: 178 packets, 13155 bytes): > Chain output (policy ACCEPT: 8343 packets, 3177138 bytes): These are the policy counters. > > # ipchains --zero After this command, the individual rule counters will be cleared. I don't know how to affect the policy counters. > # ipchains -nvL > Chain input (policy ACCEPT: 15491 packets, 3602979 bytes): > Chain forward (policy ACCEPT: 193 packets, 14154 bytes): > Chain output (policy ACCEPT: 8389 packets, 3179717 bytes): > > # ipchains -V > ipchains 1.3.10, 1-Sep-2000 --- Jeff NewmillerThe . . Go Live... DCN:<[EMAIL PROTECTED]>Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Combining NAT with PAT
Omar D. Samuels wrote (on Thu, Jun 06, 2002 at 05:09:49PM -0500): | What do you mean, I still don't understand. | | > | One learns something new everyday... does PAT stand for Private Address | > | Translation? | > | > NAT = Network Address Translation (one to one). | > PAT = Port Address Translation (one to many). | > | > | Is it different from NAR (Network Address Retention)? | > | > Dunno. :-) In NAT, the router essentially changes the source IP number to some other (presumably better :-) one, and makes no other changes. So, your network address is hidden, but you still need one public IP address for every host on your network. In PAT, the router changes the port number as well (to some random port number), and keeps track of a table consisting of: the original source IP number, and the port coded to the packet. The point is that the router can inspect the reply packet, check the table, and send it off to the machine that sent the source packet because it knows the port it arrived on. So, many hosts can use the same IP number. Both NAT and PAT have their uses; we use both here. -- _ Nachman Yaakov Ziskind, EA, LLM [EMAIL PROTECTED] Attorney and Counselor-at-Law http://yankel.com Economic Group Pension Services http://egps.com Actuaries and Employee Benefit Consultants ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Zeroing out ipchains
Say, how come I can't zero out the ipchains counters? # ipchains -nvL Chain input (policy ACCEPT: 15420 packets, 3599705 bytes): Chain forward (policy ACCEPT: 178 packets, 13155 bytes): Chain output (policy ACCEPT: 8343 packets, 3177138 bytes): # ipchains --zero # ipchains -nvL Chain input (policy ACCEPT: 15491 packets, 3602979 bytes): Chain forward (policy ACCEPT: 193 packets, 14154 bytes): Chain output (policy ACCEPT: 8389 packets, 3179717 bytes): # ipchains -V ipchains 1.3.10, 1-Sep-2000 -- _ Nachman Yaakov Ziskind, EA, LLM [EMAIL PROTECTED] Attorney and Counselor-at-Law http://yankel.com Economic Group Pension Services http://egps.com Actuaries and Employee Benefit Consultants ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Combining NAT with PAT
Omar D. Samuels wrote (on Thu, Jun 06, 2002 at 04:36:46PM -0500): | One learns something new everyday... does PAT stand for Private Address | Translation? NAT = Network Address Translation (one to one). PAT = Port Address Translation (one to many). | Is it different from NAR (Network Address Retention)? Dunno. :-) | Okay, just wanting to learn. Thanks. | | > I'd like to combine NAT with PAT in Dachstein 1.0.2; e.g. to have private | > addresses on 10.1.1 to PAT to a single public IP number, except for | 10.1.1.[1-5], which should each NAT to a (separate and distinct) public IP | >address. | > I've looked through the FAQ's, the sample network.conf/ipfilter.conf & and | the HOWTO's for ipchains and masquerading, and reached a point of MEGO. Can | anyone point me in the right direction? Thanks. | > | > Some stuff: | > | > # uname -a | > Linux kochav 2.2.19-3-LEAF #1 Sat Dec 1 12:15:05 CST 2001 i386 unknown | > | > # ip addr show | > 1: lo: mtu 3924 qdisc noqueue | > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 | > inet 127.0.0.1/8 brd 127.255.255.255 scope global lo | > 2: eth0: mtu 1500 qdisc pfifo_fast qlen 100 | > link/ether 00:10:5a:e1:e3:8b brd ff:ff:ff:ff:ff:ff | > inet 10.1.2.203/24 brd 10.1.2.255 scope global eth0 | > 3: eth1: mtu 1500 qdisc pfifo_fast qlen 100 | > link/ether 00:a0:24:57:55:be brd ff:ff:ff:ff:ff:ff | > inet 10.1.1.202/24 brd 10.1.1.255 scope global eth1 | > | > # ip route show | > 10.1.1.0/24 dev eth1 proto kernel scope link src 10.1.1.202 | > 10.1.2.0/24 dev eth0 proto kernel scope link src 10.1.2.203 | > default via 10.1.2.248 dev eth0 -- _ Nachman Yaakov Ziskind, EA, LLM [EMAIL PROTECTED] Attorney and Counselor-at-Law http://yankel.com Economic Group Pension Services http://egps.com Actuaries and Employee Benefit Consultants ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Combining NAT with PAT
I'd like to combine NAT with PAT in Dachstein 1.0.2; e.g. to have private addresses on 10.1.1 to PAT to a single public IP number, except for 10.1.1.[1- 5], which should each NAT to a (separate and distinct) public IP address. I've looked through the FAQ's, the sample network.conf/ipfilter.conf & and the HOWTO's for ipchains and masquerading, and reached a point of MEGO. Can anyone point me in the right direction? Thanks. Some stuff: # uname -a Linux kochav 2.2.19-3-LEAF #1 Sat Dec 1 12:15:05 CST 2001 i386 unknown # ip addr show 1: lo: mtu 3924 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope global lo 2: eth0: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:10:5a:e1:e3:8b brd ff:ff:ff:ff:ff:ff inet 10.1.2.203/24 brd 10.1.2.255 scope global eth0 3: eth1: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:a0:24:57:55:be brd ff:ff:ff:ff:ff:ff inet 10.1.1.202/24 brd 10.1.1.255 scope global eth1 # ip route show 10.1.1.0/24 dev eth1 proto kernel scope link src 10.1.1.202 10.1.2.0/24 dev eth0 proto kernel scope link src 10.1.2.203 default via 10.1.2.248 dev eth0 -- _ Nachman Yaakov Ziskind, EA, LLM [EMAIL PROTECTED] Attorney and Counselor-at-Law http://yankel.com Economic Group Pension Services http://egps.com Actuaries and Employee Benefit Consultants ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Combining NAT with PAT
One learns something new everyday... does PAT stand for Private Address Translation? Is it different from NAR (Network Address Retention)? Okay, just wanting to learn. Thanks. - Original Message - From: "Nachman Yaakov Ziskind" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 06, 2002 4:18 PM Subject: [leaf-user] Combining NAT with PAT > I'd like to combine NAT with PAT in Dachstein 1.0.2; e.g. to have private > addresses on 10.1.1 to PAT to a single public IP number, except for 10.1.1.[1- > 5], which should each NAT to a (separate and distinct) public IP address. > > I've looked through the FAQ's, the sample network.conf/ipfilter.conf & and the > HOWTO's for ipchains and masquerading, and reached a point of MEGO. Can anyone > point me in the right direction? Thanks. > > Some stuff: > > # uname -a > Linux kochav 2.2.19-3-LEAF #1 Sat Dec 1 12:15:05 CST 2001 i386 unknown > > # ip addr show > 1: lo: mtu 3924 qdisc noqueue > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 brd 127.255.255.255 scope global lo > 2: eth0: mtu 1500 qdisc pfifo_fast qlen 100 > link/ether 00:10:5a:e1:e3:8b brd ff:ff:ff:ff:ff:ff > inet 10.1.2.203/24 brd 10.1.2.255 scope global eth0 > 3: eth1: mtu 1500 qdisc pfifo_fast qlen 100 > link/ether 00:a0:24:57:55:be brd ff:ff:ff:ff:ff:ff > inet 10.1.1.202/24 brd 10.1.1.255 scope global eth1 > > # ip route show > 10.1.1.0/24 dev eth1 proto kernel scope link src 10.1.1.202 > 10.1.2.0/24 dev eth0 proto kernel scope link src 10.1.2.203 > default via 10.1.2.248 dev eth0 > > -- > _ > Nachman Yaakov Ziskind, EA, LLM [EMAIL PROTECTED] > Attorney and Counselor-at-Law http://yankel.com > Economic Group Pension Services http://egps.com > Actuaries and Employee Benefit Consultants > > ___ > > Don't miss the 2002 Sprint PCS Application Developer's Conference > August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm > > > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Using HOSTS file
Hi Ray [EMAIL PROTECTED] wrote the following at 18:13 06.06.2002: >Message: 11 >Date: Thu, 06 Jun 2002 08:47:27 -0700 >To: [EMAIL PROTECTED] >From: Ray Olszewski <[EMAIL PROTECTED]> >Subject: RE: [leaf-user] Using HOSTS file > >At 09:45 AM 6/6/02 +0200, Erich Titl wrote: >[...] > >>At 08:38 PM 6/5/2002 -0400, you wrote: > >> >I use DNS2GO to handle my dynamic IP for the benefit of the outside > >> >world (one day I'll register my own domain). > >> > > >> >But for now, if anyone in the internal network trys to browse > >> >mullan.dns2go.com it won't work (of course). What I would like is for > >> >the LEAF box to recognize this DNS request and translate it to the > >> >internal IP (192.168.1.128). > >> > > >> >Can anyone tell me how to do this? I thought it might be the HOSTS > >>file > >> >but that doesn't seem to work. > > > >You will have to implement your own DNS server to do that. This is not a > >trivial task because you don't own DNS2GO. > >It might be better to register your own domain and then you can basically > >do with it what you want. > > > >For exampe I own think.ch, it is hosted at zoneedit.com, but for my > >internal network I override it with my own DNS server > >Huh? DNS is just a state of mind. You don't need to "own" a domain to >override its resolution locally. And while it's *usually* not a good idea >to supersede the public DNS servers for domains you don't own, the original >poster should face no special *technical * problems in arranging for an >on-LAN DNS server to be authoritative (locally, not globally - globally >DOES require that you "own" the domain) for the domain mullan.dns2go.com . >Full-size BIND can do this trivially easily, and I would expect the >tinydns/dnscache combo that someone else suggested can manage it too. Of course you are right, I just don't feel too comfortable to mess up foreign territory. I still believe it is worth to have your own domain if you want to play with DNS. Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] lrpkg bug?
I inadvertently used the .lrp extension yesterday, as in # lrpkg -i sshd.lrp instead of # lrpkg -i sshd and to my later surprise, it worked. (... perhaps because I was working from an msdos filesystem?) Unfortunately, when I later went to backup sshd, the backup screen showed it as "sshd.lrp" instead of "sshd", and when I attempted to back it up by number, it complained that "/var/lib/lrpkg/sshd.lrp.list" and "sshd.lrp.lrp" could not be found and prompted me to backup a zero-bytes file. I edited /var/lib/lrpkg/packages and /var/lib/backdisk to eliminate the .lrp extension and was able to backup. Perhaps /lib/POSIXness/POSIXness.linuxrouter could be modified... (this is from Bering, but I think the same fix could be applied to DS.) -- --- POSIXness.linuxrouter_old Thu Jun 6 09:46:06 2002 +++ POSIXness.linuxrouter Thu Jun 6 09:46:58 2002 @@ -30,8 +30,8 @@ install () { - f="$1" + f="${1%%.lrp}" local d="" if [ -z "$2" ]; then local d="`sed 's/.*boot=/\1/; s/[: ].*//' /proc/cmdline`" -- --- Jeff NewmillerThe . . Go Live... DCN:<[EMAIL PROTECTED]>Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] rebooting
On Thu, 6 Jun 2002, J wrote: The fact that you are unable to reboot indicates that you have a problem. This could be a hardware problem or a configuration issue. Reloading the init scripts is not likely to fix your problem, so heading in that direction is not advised. Try the generic lrp image and see if you can reboot then. Try the off-the-shelf Bering image and see if you can reboot then. If these reboot OK, then you have a config issue. If not, then I would venture to guess you have a hardware problem. It could be net card, it could be display card, or it could be system bios. Somewhere on the website there is a suggested format for requesting assistance. You might read it, and someone might be able to help you further. > Okay, > > i've come to the conclusion that bering (at least in my config) > can't reboot my machine. That said, what would be the best way > of achieving the same effect as a reboot? ie. how would I flush > everything and rerun all the startup scripts? > > I need to do this, as pump is incapable of holding my cable modem > connection for more than a couple of hours. For the life of me, i > can't figure out why it works at startup and not once it's running. > Shorewall is configured to work w/ dhcp (it says so in its startup > script), and i'm allowing all connections and ports.. i can't see > any reason for a dhcp request to fail. > > It's bothersome that windows can reboot my machine, and linux can't. > Windows can maintain my internet connection, linux can't. Admittedly, > I am relatively new at this, but I've literally looked everywhere > in this bering set up for a solution. > > Regards, > -- > JCA > > __ > Do You Yahoo!? > Yahoo! - Official partner of 2002 FIFA World Cup > http://fifaworldcup.yahoo.com > > ___ > > Don't miss the 2002 Sprint PCS Application Developer's Conference > August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm > > > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > -- Timothy Burt Internet Specialist ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] rebooting
On Thursday 06 June 2002 10:25, J wrote: > Okay, > > i've come to the conclusion that bering (at least in my config) > can't reboot my machine. That said, what would be the best way > of achieving the same effect as a reboot? ie. how would I flush > everything and rerun all the startup scripts? Change to runlevel 6. This is the only way to re-run all the startup scripts without issuing restart commands for each one. > I need to do this, as pump is incapable of holding my cable modem > connection for more than a couple of hours. For the life of me, i > can't figure out why it works at startup and not once it's running. > Shorewall is configured to work w/ dhcp (it says so in its startup > script), and i'm allowing all connections and ports.. i can't see > any reason for a dhcp request to fail. I don't either. I haven't heard of anyone that has had this problem. You have most likely configured something wrong. You could get some useful help if you would send the information requested for mailing-list help found here: http://sourceforge.net/docman/display_doc.php?docid=1891&group_id=13751 > It's bothersome that windows can reboot my machine, and linux can't. > Windows can maintain my internet connection, linux can't. Admittedly, > I am relatively new at this, but I've literally looked everywhere > in this bering set up for a solution. If Windows is not configured properly, it won't work either. I would doubt there is a problem with the dhcp client binary, otherwise very few of us would be using it. Resolving the configuration problem will probably make you feel better about Linux. I've used Linux for DHCP for _many_ years without problems with several clients, I am sure your system will work too once the problem is located and fixed. I hope this helps, -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] rebooting
Okay, i've come to the conclusion that bering (at least in my config) can't reboot my machine. That said, what would be the best way of achieving the same effect as a reboot? ie. how would I flush everything and rerun all the startup scripts? I need to do this, as pump is incapable of holding my cable modem connection for more than a couple of hours. For the life of me, i can't figure out why it works at startup and not once it's running. Shorewall is configured to work w/ dhcp (it says so in its startup script), and i'm allowing all connections and ports.. i can't see any reason for a dhcp request to fail. It's bothersome that windows can reboot my machine, and linux can't. Windows can maintain my internet connection, linux can't. Admittedly, I am relatively new at this, but I've literally looked everywhere in this bering set up for a solution. Regards, -- JCA __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Using HOSTS file
On Thursday 06 June 2002 02:09, Ray Olszewski wrote: > At 12:07 AM 6/6/02 -0500, guitarlynn wrote: > >By chance have any of you attempted to declare "files" before "dns" > >in /etc/nsswitch.conf??? > > > >By doing this, any host/network listed in nsswitch.conf should > > resolve according to the order listed in this .conf file. > > This change affects ONLY host resolution by the router itself, and > John reports that it already works fine. > > Jeff's response is the right one here -- You're are right thx. for the correction. I don't know what I was thinking ;-) -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering, non-root crontab and more...
On Thu, Jun 06, 2002 at 02:46:01AM -0700, Greg Morgan wrote: > > Take it one step at a time. I'd make a backup of the files you will be > modifying. Experiment with what you want to do as root, then worry > about the uid thing. It is not like you're going to have to send hours > reinstalling a full distro. Just hit reset if things go really bad. ;-) Heh... Yeah you're right about that, though booting a 486 from floppy takes several *minutes*... ;) > > 1) How does cron handle itself on Bering? I.e. will it find and execute > > a user-crontab by itself? > > cron on dachstein/bering plays into your game plan. You do not have to > use crontab -e to edit the file. Here's /etc/crontab. Look at > run-parts command. ls -l cr* under /etc. It looks like you throw the > file you want executed into a directory. runparts runs all the stuff in > the directory. O.K... IINM, then what happens here is that run-parts gets called at 6:42 every morning. So then it runs whatever's in cron.daily, e.g. multicron-s and savelog-sh-httpd... But this happens every morning at *6:42* as specified in crontab, no? What I'm after is being able to set different times, for different days, something like f.x: 30 6* * 1 uid script /usr/local/blinder/settings/monday 30 6* * 5 uid script /usr/local/blinder/settings/friday 00 8* * 6 uid script /usr/local/blinder/settings/saturday a.s.o. - which still means that I'd have to put the runtime in crontab (?) > > 2) Any tricks/hints/pointers on how to actually writing to a file? Or > > rather *modifying* a file that is already there (i.e. changing some of > > the fields in a crontab line from f.x. 30 6 * * * to 00 7 * * *) > Since you mention that your knowledge of sed is growing, that would be > your tool here. Thanks. Those region-thingies are bound to come in handy ;) As it were, I've decided to introduce an intermediate times-table, so that what I get on the webpage is: A form where I can change the settings for each of the days in the week. Upon submitting this, the table gets updated, and the page gets refreshed with the new values (read from the table). A *second* submit, that calls a write-to-crontab-script. Advantages being that - changing values for several days in one session should be a little faster (since only one file is being edited) - this table can hold values that crontab doesn't have any concept of (duration of sunrise f.x.) - everything is stored in a single place - I can do some sanity checking at this stage and last but certainly not least; In this phase of development, I can practise writing to certain fields in a file, without risking smashing crontab in the (learning) process :) > > > > 3) Are there any good candidates (scripts/routines) already present in > > Bering/packages, that I can use as starting point for 2) ? > > I think just pick a cgi page to modify. You would want some sort of > confirmation page to print in weblet. Paint the page with the normal > echos. Then echo string > desired_file_name if a whole file. Otherwise, > sed a line with your new value. Perhaps checkmem is an example. Think > of how to use the level variable. Think of above case statement and > below case statement. I'll have a looksee... sometimes it's even more confusing to try and figure out what some script does, rather than start from scratch, but in any case it's nice to have an idea about *which* script to look at ;) > I hope I complied with your wishes. Oh yes! And I very much appreciate your thoughts/comments. Actually your response has been more or less *exactly* the type I was hoping for, conceptual and non-specific :) > call pattern matching Regular Expressions. That much i *did* know... ;P > > Man, this just keeps growing... but it's *fun*! (Next thing you know, > > I'm gonna want to have the ability to specify different runtimes, for > > different days of the week ;) see? The above was yesterday, and already I've agreed that indeed this is something I need... ;D > Ummm. I don't know. Have a scheduled job to start? Pass a parameter > into job i.e. sunrise 20. Do stuff to turn motor on. After all motor > control is done call sleep with value i.e. sleep $1. Then do more > motor control to close blinds or whatever? yeah... dunno I don't think I'd thought this through. What you suggest if prolly gonna be just fine. I think I was worried because 'sleep' doesn't take smaller steps than 1 second, but in reality 1 second is more than enough 'granularity' for this purpose. I mean, I might be attempting to control the sunrise, but it's not like it's rocketscience or anything... > Have fun exploring, oh *I DO* ;) Thanx again Jon Clausen ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
[leaf-user] linksys wmp11 wireless network card
Hi all, has anyone had any succes using this wireless nic or does anyone know of a pretty cheap wireless pci adapter that works with bering? Thanks in advance Kim ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering, non-root crontab and more...
Jon Clausen <[EMAIL PROTECTED]> wrote: > resulting QUERY_STRING, and echo back to a new page. This all works > pretty much as I want it, even if my sed scripts *are* a bit clunky... > > Next step will be to have that data written to a file instead of just > out to a page. Now, since this whole thing is meant to be time-centric > (run at specified times) the logical thing to do is have the cgi-script > write to a crontab, with the appropriate format. > > For a number of reasons, I'm not very comfortable with the idea of > letting my own scripts modify root's crontab, one of the more obvious > being that my scripts would have to run with root-privs to do that. Take it one step at a time. I'd make a backup of the files you will be modifying. Experiment with what you want to do as root, then worry about the uid thing. It is not like you're going to have to send hours reinstalling a full distro. Just hit reset if things go really bad. ;-) > > I'm beginning to think that I should probably add a uid to handle all > this crap, instead of letting it run as sh-hhtp, but either way I'd like > to get some clarification on a couple of issues: > > 1) How does cron handle itself on Bering? I.e. will it find and execute > a user-crontab by itself? cron on dachstein/bering plays into your game plan. You do not have to use crontab -e to edit the file. Here's /etc/crontab. Look at run-parts command. ls -l cr* under /etc. It looks like you throw the file you want executed into a directory. runparts runs all the stuff in the directory. # /etc/crontab: system-wide crontab # Unlike any other crontab you don't have to run the `crontab' # command to install the new version when you edit this file. # This file also has a username field, that none of the other crontabs do. # SHELL=/bin/sh # PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # m h dom mon dow user command 42 6* * * rootrun-parts --report /etc/cron.daily 47 6* * 7 rootrun-parts --report /etc/cron.weekly 52 61 * * rootrun-parts --report /etc/cron.monthly > > 2) Any tricks/hints/pointers on how to actually writing to a file? Or > rather *modifying* a file that is already there (i.e. changing some of > the fields in a crontab line from f.x. 30 6 * * * to 00 7 * * *) Since you mention that your knowledge of sed is growing, that would be your tool here. Look at the \( and \). You have up to nine of them to replay values with \1 to \9, etc. I call these dog teeth because I imagine the character art to be dog fangs and you are taking a bite out of the line--YMMV here. Also consider first of line in sed. This is the ^. You may need any character too that is ., the period. The idea is to hold the parts of the line in multiple occurrences of \( \). Replace the parts of the line that changes with your new values and replay static values with \1. I leave you plenty of research room here. In some of my work I use what I call search tokens, PLACE_STEP_MOTOR_VALUE_HERE, for example. It makes an easy target in sed. You will have to experiment in the crontab line in how to apply this. > > 3) Are there any good candidates (scripts/routines) already present in > Bering/packages, that I can use as starting point for 2) ? I think just pick a cgi page to modify. You would want some sort of confirmation page to print in weblet. Paint the page with the normal echos. Then echo string > desired_file_name if a whole file. Otherwise, sed a line with your new value. Perhaps checkmem is an example. Think of how to use the level variable. Think of above case statement and below case statement. > > I must admit that I haven't done a great lot of research on this, before > asking. But, as usual, what I'm asking is more on the order of 'where > to look for docs on this' or 'advice/considerations, please?' rather > than 'tell me what to write where', so I hope it's o.k... I hope I complied with your wishes. I used the sed manual pages, and Unix in a Nutshell to learn more about pattern matching in sed. They call pattern matching Regular Expressions. > > Man, this just keeps growing... but it's *fun*! (Next thing you know, > I'm gonna want to have the ability to specify different runtimes, for > different days of the week ;) > > Oh yeah, one other thing; > Setting the time to open/close is all very nice, but I'd like to be able > to specify a *duration* of the 'sunrise' as well... Ummm. I don't know. Have a scheduled job to start? Pass a parameter into job i.e. sunrise 20. Do stuff to turn motor on. After all motor control is done call sleep with value i.e. sleep $1. Then do more motor control to close blinds or whatever? > > There are ~576 'steps' of the stepper motor from extreme-open to > extreme-closed. Any idea how to distribute x steps per minute...? > > TIA > > Jon Clausen > Have fun exploring, Greg Morgan ___ Don't miss the 2002
Re: [leaf-user] port forwarding to DMZ
On Thu, Jun 06, 2002 at 02:34:13PM +0700, GREGOR wrote: > > How do I solve this problem? Are the switches limited for only 5 DMZ? I have nine entries like that, which work as intended, so no there's no limit. (Not at 5 anyway ;) But you have three external IPs... Are you certain that works? If that's set up correctly (I'm not exactly sure how, but I'm pretty certain you can do that) then I'd suggest to check if you opened the ports in the first place. Somewhere around line 250 in network.conf... If that's not the problem, I hope someone else will step in, cause that's about it from me... :( hth Jon Clausen ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Using HOSTS file
On Thu, 06 Jun 2002 00:09:38 PDT Ray Olszewski wrote: > Jeff's response is the right one here -- the router (or some other host on > the LAN) needs to run a DNS server that resolves FQNs of hosts on the LAN > to their private addresses and forwards all other requests to a "real" > nameserver. The LAN hosts then need to be told (via manual setup or DHCP or > whatever) to use that nameserver for their DNS inquiries. > > In practice, I find it easier here to do all of this on a host separate > from my router ... but my DNS requirements are elaborate enough to call for > using full-size BIND. If you want to do it on your LEAF router, it's not *too* bad to setup using tinydns and dnscache. One setup that has worked for me is to run tinydns bound to the router's loopback interface and dnscache bound to the internal interface. Files in /etc/dnscache/root/servers/ are used to point dnscache to tinydns for the internal hosts. The names and addresses of those hosts (or just your firewall, if that's all you need) are set in /etc/tinydns-private/root/data. If you decide to pursue the tinydns/dnscache setup and need more detail or have specific questions, let me know (on-list) and I'll do my best to answer. The djbdns docs and the Bering tinydns.lrp and dnscache.lrp documents[1,2] might also be useful even if you are using a LEAF variant other than Bering. --Brad [1] http://leaf.sourceforge.net/devel/jnilo/tinydns.html [2] http://leaf.sourceforge.net/devel/jnilo/dnscache.html ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Using HOSTS file
Hi At 09:33 06.06.2002, you wrote: >Message: 9 >From: "John Mullan" <[EMAIL PROTECTED]> >To: "'Lee Kimber'" <[EMAIL PROTECTED]>, > <[EMAIL PROTECTED]> >Subject: RE: [leaf-user] Using HOSTS file >Date: Wed, 5 Jun 2002 22:54:53 -0400 > > >At 08:38 PM 6/5/2002 -0400, you wrote: > >I use DNS2GO to handle my dynamic IP for the benefit of the outside > >world (one day I'll register my own domain). > > > >But for now, if anyone in the internal network trys to browse > >mullan.dns2go.com it won't work (of course). What I would like is for > >the LEAF box to recognize this DNS request and translate it to the > >internal IP (192.168.1.128). > > > >Can anyone tell me how to do this? I thought it might be the HOSTS >file > >but that doesn't seem to work. You will have to implement your own DNS server to do that. This is not a trivial task because you don't own DNS2GO. It might be better to register your own domain and then you can basically do with it what you want. For exampe I own think.ch, it is hosted at zoneedit.com, but for my internal network I override it with my own DNS server. regards THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] port forwarding to DMZ
Hi, I'm using DCD-1.02 and has been working great. So far I've been using DMZ=PRIVATE to do port forwarding. I put them in DMZ_SERVER0 to DMZ_SERVER4 switch, and they're working fine. . . . DMZ_SERVER4="tcp 64.110.181.168 110 192.168.15.202 110" Now I have new servers, I put them in DMZ_SERVER5 to DMZ_SERVER9. DMZ_SERVER5="tcp 64.110.181.168 25 192.168.15.202 25" DMZ_SERVER6="tcp 64.110.181.170 25 192.168.15.16 25" DMZ_SERVER7="tcp 64.110.181.170 110 192.168.15.16 110" DMZ_SERVER8="tcp 64.110.181.170 80 192.168.15.25 80" DMZ_SERVER9="tcp 64.110.181.171 80 192.168.15.210 80" when I ran "svi network ipfilter list portfw", the result was looking fine, external IP would be forwarded to the intended DMZ IP. I've also add some rules in the /etc/ipchains.input files to ACCEPT all request to the intended services. But errors occured when tried to access all services of DMZ_SERVER5 to DMZ_SERVER9 from the outside. you can try it for yourself. All IP I wrote above are my real IP. try this : telnet 64.110.181.168 25 it will make you wait forever :) How do I solve this problem? Are the switches limited for only 5 DMZ? regards, Gregor http://www.uajy.ac.id http://www.uajy.or.id/forum http://www.uajy.or.id/seminarham ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html