[leaf-user] Bering RC2 mport iptables patch.
Hi, Is there a module for the mport patch available for bering rc2?? If I am not mistaken that is version 1.2.6a of iptables. A second question is probably for Tom himself but maybe others are interested as well. In the tcrules documentation you specify that you have compiled a new tc binary file To be able to work with htb. Is there a place where we can download this binary or should we recompile ourselfs? Thanks in advance Kim Oppalfens ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering RC2 mport iptables patch.
Is there a module for the mport patch available for bering rc2?? If I am not mistaken that is version 1.2.6a of iptables. I'll check that and come back to you. A second question is probably for Tom himself but maybe others are interested as well. In the tcrules documentation you specify that you have compiled a new tc binary file To be able to work with htb. Is there a place where we can download this binary or should we recompile ourselfs? The tc.lrp package provided with Bering is patched accordingly. Check the package section of the installation guide. Jacques -- Profitez de l'offre exceptionnelle Tiscali ! Internet Gratuit le Jour Cliquez ici, http://register.tiscali.fr/forfaits_ls/ Offre soumise à conditions. ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Iptables -m length --length 1400:1500
Ok, little wel maybe not little but mistake on my part anyway. But it still doesn't solve the problem though. IT is still complaining about no rule/target/match by that name It did solve the problems I had with another filter though. So thanks anyway :-) Kim -Original Message- From: Charles Steinkuehler [mailto:[EMAIL PROTECTED]] Sent: woensdag 12 juni 2002 17:16 To: Kim Oppalfens; [EMAIL PROTECTED] Subject: Re: [leaf-user] Iptables -m length --length 1400:1500 I am trying to play around with qos but I am running into troubles with Marking packets from a specific size. The command I use Iptables -I INPUT -m length --length 1400:1500 -j MARK --set-mark 10 But it gives me an error on the length stating no rule target match with that name. The iptables kernel module is located in /lib/iptables. A quick glance at man iptables indicates you can only play with mark values in the mangle table: TARGET EXTENSIONS iptables can use extended target modules: the following are included in the standard distribution. snip MARK This is used to set the netfilter mark value associated with the packet. It is only valid in the mangle table. --set-mark mark Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Iptables -m length --length 1400:1500
Ok, little wel maybe not little but mistake on my part anyway. But it still doesn't solve the problem though. IT is still complaining about no rule/target/match by that name It did solve the problems I had with another filter though. So thanks anyway :-) OK, how about going back to the basics...do you have the proper modules loaded? I don't play much with iptables, but I think you probably need ipt_MARK.o and/or ipt_mark.o, and maybe iptable_mangle.o. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
This might or might not be a bit off topic, but the machine I have been working on with my Bering setup is connected to a Belkin KVM switch. Fairly often when I switch to another machine and then back to the Bering machine it looses the keyboard. I have tried many things to get it back but always have to reboot (and as you may have guessed, I have been caught a couple of times with some un-backed up work!) Any ideas? Iâm not sure if this has anything in particular to do with the LRP setup, Linux in general, or maybe just hardware. Thanks! Richard Amerman ©¢{(ç[É8bAzFÛiÿü0Á8bAzG(ù^iû¬z¹X§X¬¶W~ë®X¬¶Ë(º·~àzwÛi³ÿåËl²«qç讧zßåËlþX¬¶)ߣù^iû¬z´!¶ÚþW~èç-¢¸?¦æÿv?vjv z¿Ý¡È×ÏuÙ¥
Re: [leaf-user] (no subject)
This might or might not be a bit off topic, but the machine I have been working on with my Bering setup is connected to a Belkin KVM switch. Fairly often when I switch to another machine and then back to the Bering machine it looses the keyboard. I have tried many things to get it back but always have to reboot (and as you may have guessed, I have been caught a couple of times with some un-backed up work!) Any ideas? I’m not sure if this has anything in particular to do with the LRP setup, Linux in general, or maybe just hardware. Do you have the mouse hooked up? I had problems like this with the mouse hooked to the KVM when the mouse port was connected to the KVM as well as the KB. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] (no subject) (actualy -KVM-Bering-lost keyboard)
I do indead as this was formerly (sigh) a W2K dev box. I will give it a try, though I will be backing up before each switch. Thanks! Richard Amerman -Original Message- From: Charles Steinkuehler [mailto:[EMAIL PROTECTED]] Sent: Wed 6/12/2002 10:33 AM To: Richard Amerman; [EMAIL PROTECTED] Cc: Subject: Re: [leaf-user] (no subject) This might or might not be a bit off topic, but the machine I have been working on with my Bering setup is connected to a Belkin KVM switch. Fairly often when I switch to another machine and then back to the Bering machine it looses the keyboard. I have tried many things to get it back but always have to reboot (and as you may have guessed, I have been caught a couple of times with some un-backed up work!) Any ideas? Iâm not sure if this has anything in particular to do with the LRP setup, Linux in general, or maybe just hardware. Do you have the mouse hooked up? I had problems like this with the mouse hooked to the KVM when the mouse port was connected to the KVM as well as the KB. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ©¢{(ç[É8bAzFÛiÿü0Á8bAzG(ù^iû¬z¹X§X¬¶W~ë®X¬¶Ë(º·~àzwÛi³ÿåËl²«qç讧zßåËlþX¬¶)ߣù^iû¬z´!¶ÚþW~èç-¢¸?¦æÿv?vjv z¿Ý¡È×ÏuÙ¥
[leaf-user] Bering behind Private Network
I have a bering 1.0rc2 firewall that I would like to place behind a Netopia Router that will provide VPN Services between my locations and then I would like to have the bering firewall forward the private VPN. Configuration Location 1Netopia Router 10.0.5.1 (Gateway) VPN to Location 2 DHCP IP address to Bering firewall 10.0.5.59 (eth0) remove rfc that restricts private IP routing Bering eth1 10.1.0.1 eth1 is doing DHCP Workstation can get onto the internet through the Bering Firewall Location 2 Netopia Router (10.0.6.1 (Gateway) VPN to Location 1 I can ping the 10.0.6 network from the Bering firewall. How do I give location 1 access to location 2 (10.0.6.0 Network)? Bobby Whitley Initial Contract Services Information Systems Manager Voice: 678-584-2009 Fax: 404-806-7550 This email has been scanned for all viruses by the MessageLabs SkyScan service. For more information on a proactive anti-virus service working around the clock, around the globe, visit http://www.messagelabs.com ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Iptables -m length --length 1400:1500
The problem isn't related to the mangle or mark thingies. It is the length match that is creating the problem. the complete iptables filter is a bit longer. And if I eliminate the length match just do the same thing without the length (a simple source ip destination port) filter everything works out fine. Kim -Original Message- From: Charles Steinkuehler To: Kim Oppalfens; [EMAIL PROTECTED] Sent: 12/06/2002 18:00 Subject: Re: [leaf-user] Iptables -m length --length 1400:1500 Ok, little wel maybe not little but mistake on my part anyway. But it still doesn't solve the problem though. IT is still complaining about no rule/target/match by that name It did solve the problems I had with another filter though. So thanks anyway :-) OK, how about going back to the basics...do you have the proper modules loaded? I don't play much with iptables, but I think you probably need ipt_MARK.o and/or ipt_mark.o, and maybe iptable_mangle.o. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] (no subject)
Have you tried pressing the Scroll Lock key to see if it unlocks the keyboard? At 10:22 AM 6/12/02 -0700, Richard Amerman wrote: This might or might not be a bit off topic, but the machine I have been working on with my Bering setup is connected to a Belkin KVM switch. Fairly often when I switch to another machine and then back to the Bering machine it looses the keyboard. I have tried many things to get it back but always have to reboot (and as you may have guessed, I have been caught a couple of times with some un-backed up work!) Any ideas? Iâm not sure if this has anything in particular to do with the LRP setup, Linux in general, or maybe just hardware. Thanks! Richard Amerman ©¢{(ç[É8bAzFÛiÿü0Á8bAzG(ù^iû¬z¹X§X¬¶W~ë®X¬¶Ë(º·~àzwÛi³ÿåËl² «qç讧zßåËlþX¬¶)ߣù^iû¬z´!¶ÚþW~èç-¢¸?¦æÿv?vjv z¿Ý¡È×ÏuÙ¥ ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Iptables -m length --length 1400:1500
The problem isn't related to the mangle or mark thingies. It is the length match that is creating the problem. the complete iptables filter is a bit longer. And if I eliminate the length match just do the same thing without the length (a simple source ip destination port) filter everything works out fine. from earlier mail The command I use Iptables -I INPUT -m length --length 1400:1500 -j MARK --set-mark 10 But it gives me an error on the length stating no rule target match with that name. The iptables kernel module is located in /lib/iptables. Um...maybe that's because there is no -m length match rule? At least not according to man iptables on my RedHat 7.2 system. Maybe you need some add-on kernel modules/patches that aren't in the default kernel? Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Wireless security with LEAF and VPN
I saw the original note from Charles Baker which mentioned the 2002 issue of Linux Journal about setting up a wireless home network. Unfortunately, the article is only available to subscribers. So here goes... Is there a difference in the security arrangement at the point in between the wireless access point and the client in the two scenarios below? It would seem that in the scenario A, implementing the VPN gateway with FreeS/WAN at the LRP box secures you from the point of the company VPN to the LRP router. However, once inside your LAN, the data that is transmitted between the wireless access point and the client is no longer secure (no encryption provided by the VPN). In scenario B, it would seem that because you are masquerading to the point of the client, the data will be encrypted over the wireless network for the entire length of transmission from the company VPN to the end point at the client. Granted, you can implement further security measures over your wireless LAN, but leaving that out of the discussion, does scenario B offer more protection? Is there a fallacy in my thought process here and that scenario B is just as vulnerable? Could it be that hacker tools like Airsnort and WEPcrack can still decrypt the data? Scenario A _ ___ ||| ||Wireless| | | |Company |___(Internet)___| LRP || Access |__///__|Client | | VPN | () | VPN || Point | |___| |||_||| Scenario B __ ___ ||| LRP | |Wireless| | | |Company |___(Internet)___|IPSec |___| Access |__///__|Client | | VPN | () | Masq | | Point | |VPN End| |||__| || |___| ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-568227 ] eth1, 64MB CompactFLASH IDE problem?
Support Requests item #568227, was opened at 2002-06-12 14:01 You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=568227group_id=13751 Category: Release/Branch: Dachstein Group: None Status: Open Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: eth1, 64MB CompactFLASH IDE problem? Initial Comment: I am trying to install DachStien on a 64MB CompactFLASH IDE drive, but I must use eth1 as my connection to the Internet. Where do I make the proper changes from eth0 to eth1? Thank you for your time and efforts. Regards, Don Carrico -- You can respond by visiting: http://sourceforge.net/tracker/?func=detailatid=213751aid=568227group_id=13751 ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Iptables -m length --length 1400:1500
At 20:45 12/06/2002, Charles Steinkuehler wrote: I think that is indeed correct I think there are seperate kernal modules for that. but I think they are included in bering. the directory /lib/iptables contains a file libipt_length.so So I expect the module patch library whatever it is to be there. Kim The problem isn't related to the mangle or mark thingies. It is the length match that is creating the problem. the complete iptables filter is a bit longer. And if I eliminate the length match just do the same thing without the length (a simple source ip destination port) filter everything works out fine. from earlier mail The command I use Iptables -I INPUT -m length --length 1400:1500 -j MARK --set-mark 10 But it gives me an error on the length stating no rule target match with that name. The iptables kernel module is located in /lib/iptables. Um...maybe that's because there is no -m length match rule? At least not according to man iptables on my RedHat 7.2 system. Maybe you need some add-on kernel modules/patches that aren't in the default kernel? Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering behind Private Network
On 2147483647 xxx -1, Bobby Whitley wrote: I have a bering 1.0rc2 firewall that I would like to place behind a Netopia Router that will provide VPN Services between my locations and then I would like to have the bering firewall forward the private VPN. Configuration Location 1Netopia Router 10.0.5.1 (Gateway) VPN to Location 2 DHCP IP address to Bering firewall 10.0.5.59 (eth0) remove rfc that restricts private IP routing Bering eth1 10.1.0.1 eth1 is doing DHCP Workstation can get onto the internet through the Bering Firewall Location 2 Netopia Router (10.0.6.1 (Gateway) VPN to Location 1 I can ping the 10.0.6 network from the Bering firewall. How do I give location 1 access to location 2 (10.0.6.0 Network)? If all you want is access from location 1 to location 2, then you can turn on masquerading in the Bering router. If you want location 2 to to be able to access location 1 (seems likely) then you have to explain the situation to the Netopia routers (requires use of static ip for Bering eth0). I don't know if the Netopia router will allow that. I don't see what the Bering router is buying you in this configuration. Do you not trust traffic over the VPN? --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] FreeS/Wan and tinydns
Hello Charles, Your response is quite sufficient. I have not gone to the details of FreeS/WAN docs yet. All I know is that it is dependent on a DNS server, specificly the standard linux DNS server which is Bind. All I wanted to know is if the tinydns package is enough to work with FreeS/WAN. And you said yes. Hence, excellent! And thanks! Regards, Vic - Original Message - From: Charles Steinkuehler [EMAIL PROTECTED] To: Vic Berdin [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, June 11, 2002 10:40 PM Subject: Re: [leaf-user] FreeS/Wan and tinydns Can FreeS/Wan make use of tinydns instead of bind8? I've read docs from J.Nilo's site and I'm sold that tinydns is a much better choice compared to bind. However, I also would like to setup VPN using FreeS/Wan (already patched my kernel). But will FreeS/Wan work with tinydns? The short answer is yes, but actually, your question doesn't make much sense. Tinydns and bind are both DNS servers. While a DNS server is critical in getting any domains you may be in control of to resolve for folks out on the internet, it doesn't have much to do with name resolution on your local hosts. What really matters is the contents of the /etc files hosts, resolv.conf, nsswitch, and similar. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering - VPN - Pocket PC
Has anyone had any luck getting Movian VPN for Pocket PC to work with FreeSwan on Bering? My primary need is simply to get VPN to work between Pocket PC and Bering, Movian just looks like one of the best options. Richard Amerman J'²Þu¼)äç¤jØm¶ÿà )äç¤r¿æºÇ«¨¥x%Ëey§î±êåËl²«qç讧zØm¶?þX¬¶Ë(º·~àzwþX¬¶ÏåËbú?æºÇ«I@Bm§ÿåy§é®ÞrÚ+úno÷hs÷hrf§j«ýÚÝ|÷Xm
[leaf-user] DHCLIENT errors filling up my log...eigerstein.
I was recently forced to switch from dedicated to dhclient ip by my cable modem company. It worked fine, but I'm getting the following messages in my log (which are shown in a manual startup: # svi dhclient start Starting dhclient... Internet Software Consortium DHCP Client 2.0pl5 Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium. All rights reserved. Please contribute if you find this software useful. For info, please visit http://www.isc.org/dhcp-contrib.html IP filters: [IP Forwarding: DISABLED] flushed Listening on LPF/eth0/00:80:29:68:a1:4f Sending on LPF/eth0/00:80:29:68:a1:4f Sending on Socket/fallback/fallback-net IP filters: [IP Forwarding: DISABLED] flushed IP filters: [IP Forwarding: DISABLED] flushed DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3 DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4 ip length 328 disagrees with bytes received 332. accepting packet with data after udp payload. DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 10 ip length 328 disagrees with bytes received 332. accepting packet with data after udp payload. DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7 DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 10 ip length 328 disagrees with bytes received 332. accepting packet with data after udp payload. ip length 328 disagrees with bytes received 332. accepting packet with data after udp payload. ip length 328 disagrees with bytes received 332. accepting packet with data after udp payload. ip length 328 disagrees with bytes received 332. accepting packet with data after udp payload. ip length 328 disagrees with bytes received 332. accepting packet with data after udp payload. ip length 328 disagrees with bytes received 332. accepting packet with data after udp payload. DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 20 ip length 328 disagrees with bytes received 332. accepting packet with data after udp payload. ip length 328 disagrees with bytes received 332. accepting packet with data after udp payload. ip length 328 disagrees with bytes received 332. accepting packet with data after udp payload. ip length 328 disagrees with bytes received 332. accepting packet with data after udp payload. ip length 328 disagrees with bytes received 332. accepting packet with data after udp payload. ip length 328 disagrees with bytes received 332. accepting packet with data after udp payload. DHCPOFFER from 64.255.221.4 ip length 328 disagrees with bytes received 332. accepting packet with data after udp payload. DHCPOFFER from 64.255.221.4 DHCPOFFER already seen. ip length 328 disagrees with bytes received 332. accepting packet with data after udp payload. DHCPOFFER from 64.255.221.4 DHCPOFFER already seen. ip length 328 disagrees with bytes received 332. accepting packet with data after udp payload. DHCPOFFER from 64.255.221.4 DHCPOFFER already seen. ip length 328 disagrees with bytes received 332. accepting packet with data after udp payload. DHCPOFFER from 64.255.221.4 DHCPOFFER already seen. ip length 328 disagrees with bytes received 332. accepting packet with data after udp payload. DHCPOFFER from 64.255.221.4 DHCPOFFER already seen. DHCPREQUEST on eth0 to 255.255.255.255 port 67 ip length 328 disagrees with bytes received 332. accepting packet with data after udp payload. DHCPACK from 64.255.221.4 IP filters: firewall [IP Forwarding: ENABLED] Would send signal 15 to 1904. Stopped /usr/sbin/dnscache (pid 1904). Starting /usr/sbin/dnscache... bound to 66.235.3.59 -- renewal in 43200 seconds. In addition, when I tried a restart, I got some errors in the script: # svi dhclient restart Starting dhclient... Internet Software Consortium DHCP Client 2.0pl5 Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium. All rights reserved. Please contribute if you find this software useful. For info, please visit http://www.isc.org/dhcp-contrib.html /var/state/dhcp/dhclient.leases line 36: no option named dhlease option dhlease { ^ /var/state/dhcp/dhclient.leases line 50: expecting lease declaration. lease ^ /var/state/dhcp/dhclient.leases line 64: expecting semicolon. lease ^ /var/state/dhcp/dhclient.leases line 78: expecting lease declaration. lease ^ /var/state/dhcp/dhclient.leases line 92: expecting semicolon. lease ^ /var/state/dhcp/dhclient.leases line 106: expecting lease declaration. lease ^ /var/state/dhcp/dhclient.leases line 120: expecting semicolon. lease ^ /var/state/dhcp/dhclient.leases line 133: unterminated lease declaration. lease { ^ IP filters: [IP Forwarding: DISABLED] flushed Listening on LPF/eth0/00:80:29:68:a1:4f Sending on LPF/eth0/00:80:29:68:a1:4f Sending on Socket/fallback/fallback-net IP filters: [IP Forwarding: DISABLED] flushed IP filters: [IP Forwarding: DISABLED] flushed DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4 DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 11 DHCPDISCOVER on eth0 to
Re: [leaf-user] Iptables -m length --length 1400:1500 solved!
I know your not supposed to answer your own mails but hey call schizophrenic ok :-) Charles nailed it again the libipt is some sort of library but still needs the module to work, once I copied the module onto my system everything worked out fine. Thanks again (it is starting to get boring :-)) Kim I think that is indeed correct I think there are seperate kernal modules for that. but I think they are included in bering. the directory /lib/iptables contains a file libipt_length.so So I expect the module patch library whatever it is to be there. Kim The problem isn't related to the mangle or mark thingies. It is the length match that is creating the problem. the complete iptables filter is a bit longer. And if I eliminate the length match just do the same thing without the length (a simple source ip destination port) filter everything works out fine. from earlier mail The command I use Iptables -I INPUT -m length --length 1400:1500 -j MARK --set-mark 10 But it gives me an error on the length stating no rule target match with that name. The iptables kernel module is located in /lib/iptables. Um...maybe that's because there is no -m length match rule? At least not according to man iptables on my RedHat 7.2 system. Maybe you need some add-on kernel modules/patches that aren't in the default kernel? Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] I drop a packet every 3 minutes; help to ID?
My shorewall logs show that I'm dropping an identical packet every three minutes (exactly). After a reboot of the router the packet resumes, but might be at a different time -- which makes me wonder if it's an artifact of the router rather than coming from outside. Anyway, here's one entry. Does this mean anything to any of you? Jun 12 19:26:22 pauling kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:20:40:64:a1:fd:08:00 SRC=192.168.100.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 (My internal networks are 192.168.1.0 and 192.168.2.0. I'm running Bering rc2 with ATT cable.) Thanks, --Eric House ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords * ** ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html