[leaf-user] Bering RC2 mport iptables patch.

2002-06-12 Thread Kim Oppalfens 


Hi,

Is there a module for the mport patch available for bering rc2??
If I am not mistaken that is version 1.2.6a of iptables.

A second question is probably for Tom himself but maybe others are
interested as well.

In the tcrules documentation you specify that you have compiled a new tc
binary file
To be able to work with htb.

Is there a place where we can download this binary or should we recompile
ourselfs?

Thanks in advance
Kim Oppalfens

___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering RC2 mport iptables patch.

2002-06-12 Thread Jacques Nilo 

 Is there a module for the mport patch available for
bering rc2??
 If I am not mistaken that is version 1.2.6a of iptables.
I'll check that and come back to you.
 A second question is probably for Tom himself but maybe
others are
 interested as well.

 In the tcrules documentation you specify that you have
compiled a new tc
 binary file
 To be able to work with htb.

 Is there a place where we can download this binary or
should we recompile
 ourselfs?
The tc.lrp package provided with Bering is patched
accordingly. Check the package section of the
installation guide.
Jacques
--
Profitez de l'offre exceptionnelle Tiscali !
Internet Gratuit le Jour
Cliquez ici, http://register.tiscali.fr/forfaits_ls/
Offre soumise à conditions.



___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Iptables -m length --length 1400:1500

2002-06-12 Thread Kim Oppalfens 

Ok, little wel maybe not little but mistake on my part anyway.
But it still doesn't solve the problem though.

IT is still complaining about no rule/target/match by that name

It did solve the problems I had with another filter though.
So thanks anyway :-)

Kim


-Original Message-
From: Charles Steinkuehler [mailto:[EMAIL PROTECTED]] 
Sent: woensdag 12 juni 2002 17:16
To: Kim Oppalfens; [EMAIL PROTECTED]
Subject: Re: [leaf-user] Iptables -m length --length 1400:1500


 I am trying to play around with qos but I am running into troubles 
 with Marking packets from a specific size.

 The command I use

 Iptables -I INPUT -m length --length 1400:1500 -j MARK --set-mark 10

 But it gives me an error on the length stating no rule target match 
 with that name. The iptables kernel module is located in 
 /lib/iptables.

A quick glance at man iptables indicates you can only play with mark values
in the mangle table:

TARGET EXTENSIONS
   iptables can use extended target  modules:  the  following
   are included in the standard distribution.
   snip
   MARK
   This is used to set the netfilter  mark  value  associated
   with the packet.  It is only valid in the mangle table.

   --set-mark mark

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Iptables -m length --length 1400:1500

2002-06-12 Thread Charles Steinkuehler 

 Ok, little wel maybe not little but mistake on my part anyway.
 But it still doesn't solve the problem though.

 IT is still complaining about no rule/target/match by that name

 It did solve the problems I had with another filter though.
 So thanks anyway :-)

OK, how about going back to the basics...do you have the proper modules
loaded?  I don't play much with iptables, but I think you probably need
ipt_MARK.o and/or ipt_mark.o, and maybe iptable_mangle.o.

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)



___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] (no subject)

2002-06-12 Thread Richard Amerman 

This might or might not be a bit off topic, but the machine I have been working on 
with my Bering setup is connected to a Belkin KVM switch.  Fairly often when I switch 
to another machine and then back to the Bering machine it looses the keyboard.  I have 
tried many things to get it back but always have to reboot (and as you may have 
guessed, I have been caught a couple of times with some un-backed up work!)

 

Any ideas?  I’m not sure if this has anything in particular to do with the LRP 
setup, Linux in general, or maybe just hardware.

 

Thanks!

 

Richard Amerman
©¢{(­ç[É8bžAžzF­†Ûiÿü0Á8bžAžzG(›ù^iû¬z¹šŠX§‚X¬¶Wš~ë®X¬¶Ë(º·~Šàzw­†Ûi³ÿåŠËl²‹«qç讧zßåŠËlþX¬¶)ߣù^iû¬z´‘!¶ÚþWš~šèç-¢¸?¦æÿv‡?v‡jv z¿Ý¡È×Ïu†Ù¥

Re: [leaf-user] (no subject)

2002-06-12 Thread Charles Steinkuehler 

 This might or might not be a bit off topic, but the machine I have been
working on with my Bering setup is connected to a Belkin KVM switch.  Fairly
often when I switch to another machine and then back to the Bering machine
it looses the keyboard.  I have tried many things to get it back but always
have to reboot (and as you may have guessed, I have been caught a couple of
times with some un-backed up work!)

 Any ideas?  I’m not sure if this has anything in particular to do with the
LRP setup, Linux in general, or maybe just hardware.

Do you have the mouse hooked up?  I had problems like this with the mouse
hooked to the KVM when the mouse port was connected to the KVM as well as
the KB.

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)



___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] (no subject) (actualy -KVM-Bering-lost keyboard)

2002-06-12 Thread Richard Amerman 

I do indead as this was formerly (sigh) a W2K dev box.
 
I will give it a try, though I will be backing up before each switch.
 
Thanks!
 
Richard Amerman

-Original Message- 
From: Charles Steinkuehler [mailto:[EMAIL PROTECTED]] 
Sent: Wed 6/12/2002 10:33 AM 
To: Richard Amerman; [EMAIL PROTECTED] 
Cc: 
Subject: Re: [leaf-user] (no subject)



 This might or might not be a bit off topic, but the machine I have been
working on with my Bering setup is connected to a Belkin KVM switch.  Fairly
often when I switch to another machine and then back to the Bering machine
it looses the keyboard.  I have tried many things to get it back but always
have to reboot (and as you may have guessed, I have been caught a couple of
times with some un-backed up work!)

 Any ideas?  I’m not sure if this has anything in particular to do with the
LRP setup, Linux in general, or maybe just hardware.

Do you have the mouse hooked up?  I had problems like this with the mouse
hooked to the KVM when the mouse port was connected to the KVM as well as
the KB.

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)




©¢{(­ç[É8bžAžzF­†Ûiÿü0Á8bžAžzG(›ù^iû¬z¹šŠX§‚X¬¶Wš~ë®X¬¶Ë(º·~Šàzw­†Ûi³ÿåŠËl²‹«qç讧zßåŠËlþX¬¶)ߣù^iû¬z´‘!¶ÚþWš~šèç-¢¸?¦æÿv‡?v‡jv z¿Ý¡È×Ïu†Ù¥

[leaf-user] Bering behind Private Network

2002-06-12 Thread Bobby Whitley 

I have a bering 1.0rc2 firewall that I would like to place behind a Netopia Router 
that will provide VPN 
Services between my locations and then I would like to have the bering firewall 
forward the private VPN.

Configuration

Location 1Netopia Router   10.0.5.1 (Gateway)  VPN to Location 2
   DHCP IP address to Bering firewall 10.0.5.59 (eth0) remove rfc
   that restricts private IP routing
   Bering eth1 10.1.0.1
   eth1 is doing DHCP 
   Workstation can get onto the internet through the Bering 
Firewall

Location 2   Netopia Router (10.0.6.1 (Gateway)  VPN to Location 1

I can ping the 10.0.6 network from the Bering firewall.   How do I give location 1 
access to location 2 
(10.0.6.0 Network)?




Bobby Whitley
Initial Contract Services
Information Systems Manager
Voice:  678-584-2009
Fax:  404-806-7550


This email has been scanned for all viruses by the MessageLabs SkyScan
service. For more information on a proactive anti-virus service working
around the clock, around the globe, visit http://www.messagelabs.com


___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Iptables -m length --length 1400:1500

2002-06-12 Thread Kim Oppalfens 

 
The problem isn't related to the mangle or mark thingies.

It is the length match that is creating the problem.
the complete iptables filter is a bit longer.
And if I eliminate the length match  just do the same thing
without the length (a simple source ip  destination port) filter
everything works out fine.

Kim

-Original Message-
From: Charles Steinkuehler
To: Kim Oppalfens; [EMAIL PROTECTED]
Sent: 12/06/2002 18:00
Subject: Re: [leaf-user] Iptables -m length --length 1400:1500

 Ok, little wel maybe not little but mistake on my part anyway.
 But it still doesn't solve the problem though.

 IT is still complaining about no rule/target/match by that name

 It did solve the problems I had with another filter though.
 So thanks anyway :-)

OK, how about going back to the basics...do you have the proper modules
loaded?  I don't play much with iptables, but I think you probably need
ipt_MARK.o and/or ipt_mark.o, and maybe iptable_mangle.o.

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] (no subject)

2002-06-12 Thread Phil Faris 

Have you tried pressing the Scroll Lock key to see if it unlocks the 
keyboard?

At 10:22 AM 6/12/02 -0700, Richard Amerman wrote:
This might or might not be a bit off topic, but the machine I have been 
working on with my Bering setup is connected to a Belkin KVM 
switch.  Fairly often when I switch to another machine and then back to 
the Bering machine it looses the keyboard.  I have tried many things to 
get it back but always have to reboot (and as you may have guessed, I have 
been caught a couple of times with some un-backed up work!)



Any ideas?  I’m not sure if this has anything in particular to do with 
the LRP setup, Linux in general, or maybe just hardware.



Thanks!



Richard Amerman
©¢{(­ç[É8bžAžzF­†Ûiÿü0Á8bžAžzG(›ù^iû¬z¹šŠX§‚X¬¶Wš~ë®X¬¶Ë(º·~Šàzw­†Ûi³ÿåŠËl² 
‹«qç讧zßåŠËlþX¬¶)ߣù^iû¬z´‘!¶ÚþWš~šèç-¢¸?¦æÿv‡?v‡jv z¿Ý¡È×Ïu†Ù¥


___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Iptables -m length --length 1400:1500

2002-06-12 Thread Charles Steinkuehler 

 The problem isn't related to the mangle or mark thingies.

 It is the length match that is creating the problem.
 the complete iptables filter is a bit longer.
 And if I eliminate the length match  just do the same thing
 without the length (a simple source ip  destination port) filter
 everything works out fine.

from earlier mail

 The command I use

 Iptables -I INPUT -m length --length 1400:1500 -j MARK --set-mark 10

 But it gives me an error on the length stating no rule target match with
 that name.
 The iptables kernel module is located in /lib/iptables.

Um...maybe that's because there is no -m length match rule?  At least not
according to man iptables on my RedHat 7.2 system.  Maybe you need some
add-on kernel modules/patches that aren't in the default kernel?

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)



___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Wireless security with LEAF and VPN

2002-06-12 Thread David Suh 

I saw the original note from Charles Baker which mentioned the 2002 issue of
Linux Journal about setting up a wireless home network.  Unfortunately, the
article is only available to subscribers. So here goes...

Is there a difference in the security arrangement at the point in between
the wireless access point and the client in the two scenarios below?  It
would seem that in the scenario A, implementing the VPN gateway with
FreeS/WAN at the LRP box secures you from the point of the company VPN to
the LRP router.  However, once inside your LAN, the data that is transmitted
between the wireless access point and the client is no longer secure (no
encryption provided by the VPN).

In scenario B, it would seem that because you are masquerading to the point
of the client, the data will be encrypted over the wireless network for the
entire length of transmission from the company VPN to the end point at the
client.

Granted, you can implement further security measures over your wireless LAN,
but leaving that out of the discussion, does scenario B offer more
protection?  Is there a fallacy in my thought process here and that scenario
B is just as vulnerable?  Could it be that hacker tools like Airsnort and
WEPcrack can still decrypt the data?


Scenario A
    _   ___
 ||| ||Wireless|   |   |
 |Company |___(Internet)___| LRP || Access |__///__|Client |
 |  VPN   |   ()   | VPN ||  Point |   |___|
 |||_|||


Scenario B
    __  ___
 ||| LRP  |   |Wireless|   |   |
 |Company |___(Internet)___|IPSec |___| Access |__///__|Client |
 |  VPN   |   ()   | Masq |   |  Point |   |VPN End|
 |||__|   ||   |___|


___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] [ leaf-Support Requests-568227 ] eth1, 64MB CompactFLASH IDE problem?

2002-06-12 Thread noreply 

Support Requests item #568227, was opened at 2002-06-12 14:01
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detailatid=213751aid=568227group_id=13751

Category: Release/Branch: Dachstein
Group: None
Status: Open
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Mike Noyes (mhnoyes)
Summary: eth1, 64MB CompactFLASH IDE problem?

Initial Comment:
I am trying to install DachStien on a 64MB 
CompactFLASH IDE drive, but I must use eth1 as my 
connection to the Internet. 

Where do I make the proper changes from eth0 to eth1?


Thank you for your time and efforts.

Regards,

Don Carrico


--

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detailatid=213751aid=568227group_id=13751

___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Iptables -m length --length 1400:1500

2002-06-12 Thread Kim Oppalfens 

At 20:45 12/06/2002, Charles Steinkuehler wrote:

I think that is indeed correct I think there are seperate kernal modules
for that. but I think they are included in bering.

the directory /lib/iptables contains a file libipt_length.so
So I expect the module patch library whatever it is to be there.

Kim

  The problem isn't related to the mangle or mark thingies.
 
  It is the length match that is creating the problem.
  the complete iptables filter is a bit longer.
  And if I eliminate the length match  just do the same thing
  without the length (a simple source ip  destination port) filter
  everything works out fine.

from earlier mail

  The command I use
 
  Iptables -I INPUT -m length --length 1400:1500 -j MARK --set-mark 10
 
  But it gives me an error on the length stating no rule target match with
  that name.
  The iptables kernel module is located in /lib/iptables.

Um...maybe that's because there is no -m length match rule?  At least not
according to man iptables on my RedHat 7.2 system.  Maybe you need some
add-on kernel modules/patches that aren't in the default kernel?

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)



___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering behind Private Network

2002-06-12 Thread Jeff Newmiller 

On 2147483647 xxx -1, Bobby Whitley wrote:

 I have a bering 1.0rc2 firewall that I would like to place behind a Netopia Router 
that will provide VPN 
 Services between my locations and then I would like to have the bering firewall 
forward the private VPN.
 
 Configuration
 
 Location 1Netopia Router   10.0.5.1 (Gateway)  VPN to Location 2
DHCP IP address to Bering firewall 10.0.5.59 (eth0) remove rfc
that restricts private IP routing
Bering eth1 10.1.0.1
eth1 is doing DHCP 
Workstation can get onto the internet through the Bering 
Firewall
 
 Location 2   Netopia Router (10.0.6.1 (Gateway)  VPN to Location 1
 
 I can ping the 10.0.6 network from the Bering firewall.   How do I give location 1 
access to location 2 
 (10.0.6.0 Network)?

If all you want is access from location 1 to location 2, then you can turn
on masquerading in the Bering router.  If you want location 2 to to be
able to access location 1 (seems likely) then you have to explain the
situation to the Netopia routers (requires use of static ip for Bering
eth0).  I don't know if the Netopia router will allow that.

I don't see what the Bering router is buying you in this
configuration.  Do you not trust traffic over the VPN?

---
Jeff NewmillerThe .   .  Go Live...
DCN:[EMAIL PROTECTED]Basics: ##.#.   ##.#.  Live Go...
  Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/BatteriesO.O#.   #.O#.  with
/Software/Embedded Controllers)   .OO#.   .OO#.  rocks...2k
---


___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] FreeS/Wan and tinydns

2002-06-12 Thread Vic Berdin 

Hello Charles,

Your response is quite sufficient. I have not gone to the details of
FreeS/WAN docs yet.
All I know is that it is dependent on a DNS server, specificly the
standard linux DNS server
which is Bind. All I wanted to know is if the tinydns package is enough
to work with
FreeS/WAN. And you said yes. Hence, excellent! And thanks!

Regards, Vic

- Original Message -
From: Charles Steinkuehler [EMAIL PROTECTED]
To: Vic Berdin [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Tuesday, June 11, 2002 10:40 PM
Subject: Re: [leaf-user] FreeS/Wan and tinydns


  Can FreeS/Wan make use of tinydns instead of bind8? I've read docs
from
  J.Nilo's site and
  I'm sold that tinydns is a much better choice compared to bind.
However,
  I also would like to
  setup VPN using FreeS/Wan (already patched my kernel). But will
  FreeS/Wan work with tinydns?

 The short answer is yes, but actually, your question doesn't make
much
 sense.

 Tinydns and bind are both DNS servers.  While a DNS server is critical
in
 getting any domains you may be in control of to resolve for folks out
on the
 internet, it doesn't have much to do with name resolution on your
local
 hosts.  What really matters is the contents of the /etc files hosts,
 resolv.conf, nsswitch, and similar.

 Charles Steinkuehler
 http://lrp.steinkuehler.net
 http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)



___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Bering - VPN - Pocket PC

2002-06-12 Thread Richard Amerman 

Has anyone had any luck getting Movian VPN for Pocket PC to work with FreeSwan on 
Bering?

 

My primary need is simply to get VPN to work between Pocket PC and Bering, Movian just 
looks like one of the best options.

 

Richard Amerman
Jš'²ŠÞu¼“†)äç¤jØm¶ŸÿÃ
†)äç¤r‰¿•æŸºÇ«™¨¥Šx%ŠËey§î±êåŠËl²‹«qç讧zØm¶›?þX¬¶Ë(º·~Šàzw­þX¬¶ÏåŠËbú?•æŸºÇ«I@Bm§ÿåy§é®ˆÞrÚ+ƒúno÷hs÷hrf§j«ýÚ‰Ý|÷Xmš

[leaf-user] DHCLIENT errors filling up my log...eigerstein.

2002-06-12 Thread Michael McClure 

I was recently forced to switch from dedicated to dhclient ip by my 
cable modem company.  It worked fine, but I'm getting the following 
messages in my log (which are shown in a manual startup:

# svi dhclient start
Starting dhclient...
Internet Software Consortium DHCP Client 2.0pl5
Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium.
All rights reserved.

Please contribute if you find this software useful.
For info, please visit http://www.isc.org/dhcp-contrib.html

   IP filters: [IP Forwarding: DISABLED] flushed
Listening on LPF/eth0/00:80:29:68:a1:4f
Sending on   LPF/eth0/00:80:29:68:a1:4f
Sending on   Socket/fallback/fallback-net
   IP filters: [IP Forwarding: DISABLED] flushed
   IP filters: [IP Forwarding: DISABLED] flushed
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 10
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 10
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 20
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.

ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
DHCPOFFER from 64.255.221.4
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
DHCPOFFER from 64.255.221.4
DHCPOFFER already seen.
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
DHCPOFFER from 64.255.221.4
DHCPOFFER already seen.
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
DHCPOFFER from 64.255.221.4
DHCPOFFER already seen.
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
DHCPOFFER from 64.255.221.4
DHCPOFFER already seen.
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
DHCPOFFER from 64.255.221.4
DHCPOFFER already seen.
DHCPREQUEST on eth0 to 255.255.255.255 port 67
ip length 328 disagrees with bytes received 332.
accepting packet with data after udp payload.
DHCPACK from 64.255.221.4
   IP filters: firewall [IP Forwarding: ENABLED]
Would send signal 15 to 1904.
Stopped /usr/sbin/dnscache (pid 1904).
Starting /usr/sbin/dnscache...
bound to 66.235.3.59 -- renewal in 43200 seconds.


In addition, when I tried a restart, I got some errors in the script:
# svi dhclient restart
Starting dhclient...
Internet Software Consortium DHCP Client 2.0pl5
Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium.
All rights reserved.

Please contribute if you find this software useful.
For info, please visit http://www.isc.org/dhcp-contrib.html

/var/state/dhcp/dhclient.leases line 36: no option named dhlease
  option dhlease {
 ^
/var/state/dhcp/dhclient.leases line 50: expecting lease declaration.
lease
^
/var/state/dhcp/dhclient.leases line 64: expecting semicolon.
lease
^
/var/state/dhcp/dhclient.leases line 78: expecting lease declaration.
lease
^
/var/state/dhcp/dhclient.leases line 92: expecting semicolon.
lease
^
/var/state/dhcp/dhclient.leases line 106: expecting lease declaration.
lease
^
/var/state/dhcp/dhclient.leases line 120: expecting semicolon.
lease
^
/var/state/dhcp/dhclient.leases line 133: unterminated lease declaration.
lease {
^
   IP filters: [IP Forwarding: DISABLED] flushed
Listening on LPF/eth0/00:80:29:68:a1:4f
Sending on   LPF/eth0/00:80:29:68:a1:4f
Sending on   Socket/fallback/fallback-net
   IP filters: [IP Forwarding: DISABLED] flushed
   IP filters: [IP Forwarding: DISABLED] flushed
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 11
DHCPDISCOVER on eth0 to

Re: [leaf-user] Iptables -m length --length 1400:1500 solved!

2002-06-12 Thread Kim Oppalfens 



I know your not supposed to answer your own mails but hey
call schizophrenic ok :-)

Charles nailed it again the libipt is some sort of library but still needs
the module to work, once I copied the module onto my system everything 
worked out fine.

Thanks again (it is starting to get boring :-))
Kim



I think that is indeed correct I think there are seperate kernal modules
for that. but I think they are included in bering.

the directory /lib/iptables contains a file libipt_length.so
So I expect the module patch library whatever it is to be there.

Kim

  The problem isn't related to the mangle or mark thingies.
 
  It is the length match that is creating the problem.
  the complete iptables filter is a bit longer.
  And if I eliminate the length match  just do the same thing
  without the length (a simple source ip  destination port) filter
  everything works out fine.

from earlier mail

  The command I use
 
  Iptables -I INPUT -m length --length 1400:1500 -j MARK --set-mark 10
 
  But it gives me an error on the length stating no rule target match with
  that name.
  The iptables kernel module is located in /lib/iptables.

Um...maybe that's because there is no -m length match rule?  At least not
according to man iptables on my RedHat 7.2 system.  Maybe you need some
add-on kernel modules/patches that aren't in the default kernel?

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)



___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - 
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] I drop a packet every 3 minutes; help to ID?

2002-06-12 Thread Eric House 

My shorewall logs show that I'm dropping an identical packet every
three minutes (exactly).  After a reboot of the router the packet
resumes, but might be at a different time -- which makes me wonder
if it's an artifact of the router rather than coming from outside.

Anyway, here's one entry.  Does this mean anything to any of you?

Jun 12 19:26:22 pauling kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT=
MAC=01:00:5e:00:00:01:00:20:40:64:a1:fd:08:00 SRC=192.168.100.1
DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2

(My internal networks are 192.168.1.0 and 192.168.2.0.  I'm running
Bering rc2 with ATT cable.)

Thanks,

--Eric House

**
* From the desktop of: Eric House, [EMAIL PROTECTED]*
*Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords  *
**


___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - 
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html