[leaf-user] Error on Booting CD
Hi, I just created a Dachstein-CD using the iso image from http://lrp.steinkuehler.net (dachstein-cd-v1.0.2.iso) and when I boot my system I got to the login prompt and it worked fine. Then I created two files in a floppy as mentioned in the documentation lrpkg.cfg and pkgpath.cfg. In lrpkg.cfg I have LRP=etc,ramlog,local,modules,dhcpd,dnscache,weblet and in pkgpath.cfg I have PKGPATH=/dev/cdrom But now when I boot from the cdrom with the floppy inserted the boot process stops with this message . . . LINUXRC: Installing LRP=etc: (nf!) ramlog: (nf!) local: (nf!) modules: (nf!) dhcpd: (nf!) dnscache: (nf!) weblet: (nf!) LINUXRC: Finished autodetecting RAID arrays autorun autorun DONE. Freeing unused kernel memory: 52k freed INIT: version 2.78 booting INIT: No inittab file found Enter runlevel: Could someone please help me out here, I would really appreciate it. How do I get to the login prompt? I want to run a firewall/vpn gateway. Thank you Abjin --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] problem portforwarding with DCD 1.02
Robin wrote: hey greg. wel this is a big help, but still im to dumb to get it working. I wouldn't say that. It is just a familiarity thing. You knew how to do this in Coyote Linux and now are struggling with how to do it in DCD. Many people who help out on the list started out just like you. when i used my coyote linux router i got it working, so im familiar with the direct connect in active mode. heres a dump of that part of my network.conf file. What am i doing wrong here The most important thing here is you helped yourself out. You posted the part of /etc/network.conf that you are struggling with. That helps people help you. Moreover, if you post directly to the list, you may have already had an answer by now. In addition, it gives people a chance to chime in if advice is not correct, etc. 0/0 is a convention to refer to your dynamic or static ip address. You need to allow the domain and bootpc through. bootpc is actually a name for a port found in /etc/services. bootpc refers to port 68. The neo-modus.com stuff does not have a named port so you just use the number that the neo-modus.com Direct Connect requires, 412. EXTERN_UDP_PORTS should look like this. Just at to the list inside the quotes. Like so. NOTE: that the following set of changes are made in /etc/network.conf. ## UDP Services open to outside world # Space seperated list: srcip/mask_dstport # NOTE: bootpc port is used for dhcp client EXTERN_UDP_PORTS=0/0_domain 0/0_bootpc 0/0_412 If you need to add additional ports in the future, just add a space and another port number. Delete the two commented lines below the EXTERN_UDP_PORTS i.e. #EXTERN UDP PORTS=0/0_411 #EXTERN UDP PORTS=0/0_412 Note that there are two ways to perform this task. I am telling you to use the first one. So now we have to clean up the second method. Delete the two lines that look like this below. EXTERN_UDP_PORT2=0/0 411 192.168.0.2 EXTERN_UDP_PORT#=0/0 412 192.168.0.2 # -or- # Indexed list: SrcAddr/Mask port [ DestAddr[/DestMask] ] #EXTERN_UDP_PORT0=0/0 domain #EXTERN_UDP_PORT1=5.6.7.8 500 1.1.1.12 EXTERN_UDP_PORT2=0/0 411 192.168.0.2 EXTERN_UDP_PORT#=0/0 412 192.168.0.2 The problem here is that you have two definitions. The first one was for the incorrect port 411, but it was replaced with the correct 412. Please delete this line from the group below in /etc/network.conf. EXTERN_TCP_PORTS=0/0_411 # TCP services open to outside world # Space seperated list: srcip/mask_dstport EXTERN_TCP_PORTS=0/0_411 EXTERN TCP PORTS=0/0_412 Ok now you have openned up the ports in the firewall with the above steps as per Direct Connect's FAQ. Now you have to forward them to you host on your internal network. Please look for the # Port Forwarding section of the /etc/network.conf file. You are looking specifically for this line. #INTERN_SERVERS=tcp_${EXTERN_IP}_ftp_192.168.1.1_ftp tcp_${EXTERN_IP}_smtp_192.168.1.1_smtp I do not know what your current line looks like. My instructions will presume that you have no other services forwarded. If you do you will have to add them to the list. This is a space seperated list just like the others we have modified. I believe this is how INTERN_SERVERS should look like. Please note the my email client may have broken this line up at the space. This should all be one line in your editor! Also note that I have changed the default port of 192.168.1.1 to the ip address you tried below of 192.168.0.2. That doesn't look correct but go for it. INTERN_SERVERS=tcp_${EXTERN_IP}_412_192.168.0.2_412 udp_${EXTERN_IP}_412_192.168.0.2_412 Finally, backup etc.lrp. Ok I am just wondering. You may have to experiment some. It says in their FAQ that you have to plug in your external IP address. If you are port forwarding to this machine with the Direct Conenct software, I wonder if you realy have to configure the external IP. You will have to try the software with and without the IP configuration. See part of their FAQ I copied below in my original response to you. Port forwarding presents the connection right to your internal machine and estentially defeats the NAT in a way. Perhaps their software has to make use of the external IP for some reason? other question. I ssh into my router from within my internal network, when i do ./etc/network.conf it sais permission denied.. how come.. i'm root right? By the way, if you have ssh working, you're not so dumb as you think. You are missing at least one space. ., dot, in front of a file means that it is supposed to be a hidden file. Regardless of being root or a normal user, you were instructing Linux to treat this as an executable file. Linux tried to execute the hidden file, but the file permissions were not correct for an executable file. Hence, the permission denied message. If you ls -l /etc/network.conf you may see -rw-r--r-- in the leftmost part of the ls output. If you ls -l /bin/sed you may see -rwxr-xr-x. The 'x' makes it an
Re: [leaf-user] Error on Booting CD
Aanhalen Abjin M H [EMAIL PROTECTED]: First lets check to see if /dev/cdrom exists. Try booting with the old cdrom and without the floppy disk. login and do a ls -la /dev/cdrom If that link doesn't exist you found your problem. And probably should manually create the link yourself. edit /var/lib/lrpkg/root.dev.mk and and the ln -sf /dev/hdX /dev/cdrom Where X equals A if the cdrom is attached to the primary ide-controller and is a master B if the cdrom is attached to the primary ide-controller and is a slave C if the cdrom is attached to the secondary ide-controller and is a master D if the cdrom is attached to the secondary ide-controller and is a slave Backup initrd Kim Oppalfens Azlan Training Hi, I just created a Dachstein-CD using the iso image from http://lrp.steinkuehler.net (dachstein-cd-v1.0.2.iso) and when I boot my system I got to the login prompt and it worked fine. Then I created two files in a floppy as mentioned in the documentation lrpkg.cfg and pkgpath.cfg. In lrpkg.cfg I have LRP=etc,ramlog,local,modules,dhcpd,dnscache,weblet and in pkgpath.cfg I have PKGPATH=/dev/cdrom But now when I boot from the cdrom with the floppy inserted the boot process stops with this message . . . LINUXRC: Installing LRP=etc: (nf!) ramlog: (nf!) local: (nf!) modules: (nf!) dhcpd: (nf!) dnscache: (nf!) weblet: (nf!) LINUXRC: Finished autodetecting RAID arrays autorun autorun DONE. Freeing unused kernel memory: 52k freed INIT: version 2.78 booting INIT: No inittab file found Enter runlevel: Could someone please help me out here, I would really appreciate it. How do I get to the login prompt? I want to run a firewall/vpn gateway. Thank you Abjin --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html - This mail sent through Tiscali Webmail (http://webmail.tiscali.be) --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Active ftp problems with Bering_1.0-rc3
Hi, I've got my Bering firewall box up and running (P133, 32 MB RAM) and it is masquerading my www and passive ftp connections fine. However, when I try to use active ftp, I think somehow I'm not letting the data connection back in. This is what's happening (let me know if I've forgot to include something): Network setup: Other computers | Me| Firewall --- - --- I | 192.168.1.100 |-| HUB |-| 192.168.1.254 | | 24.81.30.29 |-- S --- - --- P eth0 | eth1 eth0 |(dynamic IP) Some more computers lsmod: ModulePagesUsed by ip_nat_irc2384 0 (unused) ip_nat_ftp2960 0 (unused) ip_conntrack_irc 3056 1 ip_conntrack_ftp 3824 2 smc-ultra 4268 1 ne5988 1 8390 5780 0 [smc-ultra ne] FTP session: [mascdman@omega mascdman]$ lftp oksun2.okanagan.bc.ca lftp oksun2.okanagan.bc.ca:~ debug 9 lftp oksun2.okanagan.bc.ca:~ user aksilves Password: xxx lftp oksun2.okanagan.bc.ca:~ ls Connecting to oksun2.okanagan.bc.ca (192.31.180.2) port 21 --- 220 oksun2 FTP server (OUC/CIS on Sun Jun 23 23:09:58 PDT 2002) ready. --- AUTH TLS --- 500 'AUTH TLS': command not understood --- USER aksilves --- 331 Password required for aksilves. --- PASS --- 230 User aksilves logged in. --- PWD --- 257 /home/oksun2/student/aksilves is current directory --- PASV --- 227 Entering Passive Mode (192,31,180,2,224,166) Connecting data socket to (192.31.180.2) port 57510 --- LIST --- 150 ASCII data connection for /bin/ls (24.81.30.29,1437) (0 bytes). --- 226 ASCII Transfer complete. total 3280 skipping directory listing Closing data socket lftp oksun2.okanagan.bc.ca:~ set ftp:passive-mode off lftp oksun2.okanagan.bc.ca:~ ls --- PORT 192,168,1,100,5,122 --- 200 PORT command successful. --- LIST `ls' at 0 [Waiting for data connection...] And it will sit there... On some ftp sites, I'll eventually get: --- 426 Connection closed; transfer aborted. On the firewall, this line is added to /proc/net/ip_conntrack, so I assume it's tracking the ftp connection? tcp 6 109 SYN_SENT src=192.31.180.2 dst=24.81.30.29 sport=20 dport=1402 [UNREPLIED] src=192.168.1.100 dst=192.31.180.2 sport=1402 dport=20 use=1 Iptables rule set: # Default policies iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP # Send inbound ident/auth to my oidentd server iptables -t nat -A PREROUTING -p tcp --syn --dport auth -j DNAT --to 192.168.1.100 # Masq stuff iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # Allow loopback iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -i lo -j ACCEPT # Allow ssh to the firewall from the LAN iptables -A INPUT -i eth1 -p tcp --dport ssh -j ACCEPT # Allow DHCP traffic from the LAN iptables -A INPUT -i eth1 -p tcp --dport bootps -j ACCEPT iptables -A INPUT -i eth1 -p tcp --dport bootpc -j ACCEPT # Allow related established traffic iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # Allow related established traffic iptables -A OUTPUT -m state -state RELATED,ESTABLISHED -j ACCEPT # Allow related established traffic iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT # Allow new outbound connections iptables -A FORWARD -m state --state NEW -i eth1 -j ACCEPT # Allow inbound ident/auth traffic iptables -A FORWARD -i eth0 -p tcp --syn --dport auth -j ACCEPT What am I missing? Any inbound tcp connections for active ftp should be handled by the -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT rule, so I don't need to explicitly allow them, right? On a somewhat related note, a few of the servers I need to connect to are running on unusual ports (port 777, iirc). Somewhere, someone mentioned that ip_conntrack_ftp won't track these connections unless /etc/modules is changed from: ip_conntrack_ftp ip_nat_ftp to: ip_conntrack_ftp ports=21,777 ip_nat_ftp ports=21,777 Is this true and are these changes right? (Yes this change *has* been made to my /etc/modules and no, active ftp did not work *before* this change was made) Thanks in advance, Alan Silvester (mascdman _at_ shaw _dot_ ca) --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Problem with bridge
Hi, I've got a network of two MS Win computers sitting behind a Leaf Bering firewall running on a p133. The Bering box shares my internet connection (previously Cable, currently serial modem, hopefully soon ADSL) to the other two computers. This it does flawlessly. My problem is that I'm too cheap to buy a hub to connect the eth1 of the Bering box to the other two computers, so I've installed an extra ethernet card in said firewall, and hooked up two crossover cables. I've uncommented both the PPP and Bridge sections of Network conf-Interfaces. I've configured Shorewall-IFaces to be #ZONEINTERFACE BROADCAST OPTIONS net ppp0- loc br0 detect routestopped #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE and lastly I've configured Shorewall-masq to be #INTERFACE SUBNET ADDRESS ppp0br0 #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE oh and I fixed the bug in etc/network/if-pre-up.d/bridge So basically both machines can see the firewall, the firewall can see both machines. both machines can see the internet, but neither machine can see the other. When I ping from one machine to the other I get Reply from 192.168.1.254: Destination port unreachable. So what gives? p.s. The bridge seems to have learned the macs ok # brctl showmacs br0 port no mac addris local? ageing timer 2 00:02:e3:0a:c0:8a no 1.70 1 00:50:da:38:1e:b3 no 2.70 2 00:c0:df:e3:df:e7 yes0.00 1 00:c0:df:e3:ec:9b yes0.00 Antony Briggs --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Problem with bridge
And don't forget about the ACCEPT rule/policy to tie 'loc' to itself. --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] MASQ/NAT problem in Shorewall
On Sun, 23 Jun 2002, Nachman Yaakov Ziskind wrote: This sounds like more work than I'd like to do (right now); maybe later. Fair enough. In another post you mentioned, Groan -- you mentioned at the outset that you are running Shorewall 1.2.12 yet I referred you to the 1.3.x FAQ. My bad... The syntax for 1.2.x is different. but didn't supply the syntax. Having read both the (1.2) documentation and the (1.3) FAQ, and being somewhat bleary-eyed, I was wondering if you could post the correct syntax. The correct syntax is shown at http://www.shorewall.net/1.2/FAQ.htm/#faq2 -Tom -- Tom Eastep\ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED] --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Error on Booting CD
I just created a Dachstein-CD using the iso image from http://lrp.steinkuehler.net (dachstein-cd-v1.0.2.iso) and when I boot my system I got to the login prompt and it worked fine. Then I created two files in a floppy as mentioned in the documentation lrpkg.cfg and pkgpath.cfg. In lrpkg.cfg I have LRP=etc,ramlog,local,modules,dhcpd,dnscache,weblet and in pkgpath.cfg I have PKGPATH=/dev/cdrom But now when I boot from the cdrom with the floppy inserted the boot process stops with this message LINUXRC: Installing. LRP=etc: (nf!) ramlog: (nf!) local: (nf!) modules: (nf!) dhcpd: (nf!) dnscache: (nf!) weblet: (nf!) The init scripts are not finding any packages. Try the following two modifications: 1) Remove, delete, or rename the pkgpath.cfg file on the floppy, so it is *NOT* found by the init scripts. The default package path should work fine as-is. 2) Change the lrpkg.cfg file to the following (note the LRP= is removed from the front of the line): etc,ramlog,local,modules,dhcpd,dnscache,weblet This should get you up and running. If you really want to use the pkgpath.cfg file, you'll need to use the correct format. Remove the PKGPATH= from the file contents, and it helps to specify the file (but this is not required). So, for a typical CD install of Dachstein pkgpath.cfg should contain the following (and does by default if you don't change anything): /dev/cdrom:iso9660 Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bearing 1.0-RC3 -- PPPOE
Hi guys, Just installed Bearing 1.0-RC3 Running a Static ADSL via eth1 and Cable Modem pppoe via eth0 For some reason, when I was testing, without the ADSL, my cable connection seemed to work pretty fine, once the both of them was configured, then the PPPOE seems like he didn't want to start up, I received the following messages: Jun 24 17:10:45 gw-homenet pppd[25591]: Connecting PPPoE socket: 00:00:00:00:00:00 0x807c260 Jun 24 17:10:45 gw-homenet pppd[25591]: Couldn't get channel number: Transport endpoint is not connected Jun 24 17:10:45 gw-homenet pppd[25591]: Doing disconnect Jun 24 17:11:15 gw-homenet pppd[25591]: Sending PADI Thnks for any experienced help that will follow, Please see config below: --- Interfaces setup --- auto lo ppp0 eth1 eth2 eth3 iface lo inet loopback # Cable interface (ppp0) iface ppp0 inet ppp pre-up ip link set eth0 up provider dsl-provider eth0 # ADSL Interface (eth1) iface eth1 inet static address 10.0.0.100 masklen 24 broadcast 10.255.255.255 gateway 10.0.0.138 # LAN Interface-Backbone (eth2) iface eth2 inet static address 192.168.10.254 masklen 24 broadcast 192.168.10.255 # LAN Interface-Clients (eth3) iface eth3 inet static address 192.168.1.1 masklen 30 broadcast 192.168.1.3 PPPOE/PPP Configurations: These are the standard configs that came with Bearing, besides the change of the PAP login name in pap, and PPPOE config And this: Shorewall Config Zones: #ZONE DISPLAY COMMENTS net Net Internet loc Local Local networks loc1Subnet 1.0 Local Subnet loc2Subnet 11.0 Local Subnet Interfaces: ## #ZONEINTERFACE BROADCAST OPTIONS net eth1detect routefilter net ppp0- routefilter,norfc1918 loc eth2detect routestopped - eth3detect routestopped Hosts #ZONE HOST(S) OPTIONS loc1eth3:192.168.1.0/30 routestopped loc2eth3:192.168.11.0/28routestopped Policy: ### #SOURCE DESTPOLICY LOG LEVEL LIMIT:BURST loc net ACCEPT loc1net ACCEPT loc2net ACCEPT $FW loc ACCEPT #fw net ACCEPT net all DROPinfo 10/sec:40 all all REJECT info Masq: ## #INTERFACE SUBNET ADDRESS ppp0eth2 ppp0192.168.11.0/28 ppp0192.168.1.0/30 eth1eth2 eth1192.168.11.0/28 eth1192.168.1.0/30 --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] ip_conntrack: max number of expected connections problem
Hi again, I'm using a Bering RC3 system and if I try to create more than one outgoing ftp connection I get the following message: Jun 24 16:50:46 firewall kernel: ip_conntrack: max number of expected connections 1 of ftp reached for 192.168.1.11-193.41.x.x, reusing Is there a way of increasing the expected connections? Thanks in advance, Antony Briggs --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering on Gigabyte GA-586ATS motherboard
This is something I'm writing just so it will be added to the archives. I have a few old boxes around here with Gigabyte GA-586ATS motherboards. I tried to get them to boot a version of Bering I'd adjusted to work on Compact Flash which worked on other boards. During the kernel boot, it would fail around the time it was looking at the PCI bus. I played with the BIOS for a while to no avail. Eventually I found a BIOS upgrade for this board which solved the problem. So, if anyone has troubles with this board, I would suggest going to the Gigabyte site and looking for the BIOS upgrade. I suspect the problem is 2.4 kernel-related as I didn't have the problem with the old Eiger image. Probably good advice to keep the BIOS current anyway, but sometimes one hears hoofbeats and doesn't expect to see zebras ;-) I always initially think that problems like this are of my own making, but luckily, sometimes this isn't the case... Brock --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] dhcp server
Hello, I have a couple of questions about the udhcp.lrp package. The server that runs on my leaf box can give ip address to machines in my local network. How can i specify the ip address a particular machine gets from the server? How can I authenticate machines on the network based on mac address? thanks, brian --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] dhcp server
On Monday 24 June 2002 16:40, Henning, Brian wrote: Hello, I have a couple of questions about the udhcp.lrp package. The server that runs on my leaf box can give ip address to machines in my local network. How can i specify the ip address a particular machine gets from the server? Give it a static ip address in the *.200-*.253 ip range. The DHCP range of *.1-*.199 is given in the order requested (booted). The range is configurable in /etc/udhcpd.conf. How can I authenticate machines on the network based on mac address? I dunno. Most authentication is done via Samba (SMB), NFS, NIS and use host/domain/user to authenticate (which then maps the MAC to the *name used). -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] MASQ/NAT problem in Shorewall
On Sun, 23 Jun 2002, Tom Eastep wrote: The NAT rules that you post above don't include the fourth column. That column determines if NAT occurs only from the interface specified in column 2 or if it applies to connections from all interfaces. If you leave it out, then NAT only applies to packets arriving through the interface in column 2. Since you were pinging from another interface, NAT didn't apply and the ICMP echo requests were directed to the firewall itself. Ok -- I'm now wiping the egg off of my face. The fourth column (ALL INTERFACES) defaults to Yes. -Tom -- Tom Eastep\ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED] --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] ICQ configuration
Hello, my son would like to do file xfer with a friend using ICQ. How would I go about configuring that? I am using DCD. Thank you. --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] dhcp server
This is done through a group setting, look below for an example... group { use-host-decl-names on; host workstation1 { hardware ethernet 00:03:6D:13:09:F5; fixed-address 192.168.1.200; } } the fixed-address can be anything you want it to be, as long as it is in the same subnet, also make sure that you don't specify an IP within the range of the dhcp leases. Joey Officer Advocate in Action -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Henning, Brian Sent: Monday, June 24, 2002 4:40 PM To: leaf (E-mail) Subject: [leaf-user] dhcp server Hello, I have a couple of questions about the udhcp.lrp package. The server that runs on my leaf box can give ip address to machines in my local network. How can i specify the ip address a particular machine gets from the server? How can I authenticate machines on the network based on mac address? thanks, brian --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] snmp problem on bering-1.0.rc-2
Hi everyone, I have problem with snmp on Bering-1.0.rc-2. The problem is i can't grep snmp which i installed on bering-1.0.rc-2 from the other machine (on local and remote network) but i can grep it on local machine. I thought that it is a firewall problem, but i already have these lines to my firewall shorewall: ACCEPT loc fwtcp 161 ACCEPT net fwtcp 161 and it still doesn't work. FYI, i used default instalation of snmp.lrp and i used snmpwalk and snmpstatus with public community to grep snmp. FYI too, these are part of my default line configuration on snmpd.conf # community publicxmini - ## uncomment for private entry: # community private minimini ## ## now follows the specific section of the linux-port. ## ## ## port to use (default is 161): ## port: 161 And these are part of the output of my ps -ax: 753 root S/usr/sbin/inetd 756 root S/usr/sbin/snmpd -f 1740 root S/usr/sbin/cron I really confuse now, i hope someone in here can answer my question. Thx for the answer. Hari Nuryadi - Kemudahan Hosting PlasaCom --- Hosting menjadi lebih mudah dan murah dengan keringanan 50% biaya registrasi mail hosting dan webhosting selama bulan Juni 2002. Klik http://idc.plasa.com untuk pendaftaran --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] snmp problem on bering-1.0.rc-2
Try using UDP instead of TCP -Original Message- From: hari-nuryadi [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 25, 2002 00:30 To: [EMAIL PROTECTED] Subject: [leaf-user] snmp problem on bering-1.0.rc-2 Hi everyone, I have problem with snmp on Bering-1.0.rc-2. The problem is i can't grep snmp which i installed on bering-1.0.rc-2 from the other machine (on local and remote network) but i can grep it on local machine. I thought that it is a firewall problem, but i already have these lines to my firewall shorewall: ACCEPT loc fwtcp 161 ACCEPT net fwtcp 161 and it still doesn't work. FYI, i used default instalation of snmp.lrp and i used snmpwalk and snmpstatus with public community to grep snmp. FYI too, these are part of my default line configuration on snmpd.conf # community publicxmini - ## uncomment for private entry: # community private minimini ## ## now follows the specific section of the linux-port. ## ## ## port to use (default is 161): ## port: 161 And these are part of the output of my ps -ax: 753 root S/usr/sbin/inetd 756 root S/usr/sbin/snmpd -f 1740 root S/usr/sbin/cron I really confuse now, i hope someone in here can answer my question. Thx for the answer. Hari Nuryadi - Kemudahan Hosting PlasaCom --- Hosting menjadi lebih mudah dan murah dengan keringanan 50% biaya registrasi mail hosting dan webhosting selama bulan Juni 2002. Klik http://idc.plasa.com untuk pendaftaran --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] snmp problem on bering-1.0.rc-2
On Tue, 25 Jun 2002 01:10:46 +0200 Reginald R. Richardson [EMAIL PROTECTED] wrote: Try using UDP instead of TCP -Original Message- From: hari-nuryadi [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 25, 2002 00:30 To: [EMAIL PROTECTED] Subject: [leaf-user] snmp problem on bering-1.0.rc-2 Hi everyone, I have problem with snmp on Bering-1.0.rc-2. The problem is i can't grep snmp which i installed on bering-1.0.rc-2 from the other machine (on local and remote network) but i can grep it on local machine. I thought that it is a firewall problem, but i already have these lines to my firewall shorewall: ACCEPT loc fwtcp 161 ACCEPT net fwtcp 161 and it still doesn't work. FYI, i used default instalation of snmp.lrp and i used snmpwalk and snmpstatus with public community to grep snmp. FYI too, these are part of my default line configuration on snmpd.conf # community publicxmini - ## uncomment for private entry: # community private minimini ## ## now follows the specific section of the linux-port. ## ## ## port to use (default is 161): ## port: 161 And these are part of the output of my ps -ax: 753 root S/usr/sbin/inetd 756 root S/usr/sbin/snmpd -f 1740 root S/usr/sbin/cron I really confuse now, i hope someone in here can answer my question. Thx for the answer. Hari Nuryadi - Kemudahan Hosting PlasaCom --- Hosting menjadi lebih mudah dan murah dengan keringanan 50% biaya registrasi mail hosting dan webhosting selama bulan Juni 2002. Klik http://idc.plasa.com untuk pendaftaran Wow, what a nice, cool, and sort answer :) It's work now :) Thx man. --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html - Kemudahan Hosting PlasaCom --- Hosting menjadi lebih mudah dan murah dengan keringanan 50% biaya registrasi mail hosting dan webhosting selama bulan Juni 2002. Klik http://idc.plasa.com untuk pendaftaran --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] GuitarLynn's FreeS/WAN image problem
I tried getting the image working but for the life of me can't get passed loading the network modules. I've done several of Charles' LRP on floppies and even on CD-ROM without a problem and even Bering. But when I try to load this image from floppy after replacing it with the proper network modules it errors out. I've tried both versions rtl8139.o and 8139too.o and even the via-rhine.o module is having problems loading. When it tries the RTL8139 it does see a card initially and tells me it's MAC address and what the current setting of the card is then says the line is locked or something to that effect. Could my ipsec.conf settings have an effect on whether the modules not load? --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] How to fix a duplex mismatch?
Bering firewall, 1.0rc2: Linux yoreach 2.4.18 #1 Sun Apr 21 12:50:34 CEST 2002 i686 unknown My logs are filling up with entries like: Jun 24 17:14:00 yoreach kernel: eth0: Transmit error, Tx status register 82. Jun 24 17:14:00 yoreach kernel: Probably a duplex mismatch. See Documentation/networking/vortex.txt Jun 24 17:14:00 yoreach kernel: Flags; bus-master 1, dirty 579(3) current 579(3) Jun 24 17:14:00 yoreach kernel: Transmit list vs. c3da62c0. Jun 24 17:14:00 yoreach kernel: 0: @c3da6200 length 820f status 0001020f etc., etc. ad nauseam. I did a web search and found: http://www.scyld.com/network/vortex.html which told me that a host on the network was incorrectly transmitting full- duplex (and, by implication, that my network interface is set to half-duplex). But, I am confused. Eth0 is connected, I'm told (by my ISP, who may be the least reliable source on this subject!), to one other machine, a router in the basement. Since internet access appears to work reasonably well, should I change anything? Persuade my ISP to change something (ha ha)? I assume that the place to change things would be in the module line in /etc/modules? Now, I can live with the error messages, but, my logs are filling up. Apparently, Bering creates a temporary filesystem in Ramdisk to hold the logs (good), allots it 2 meg (ok, I guess) and shuts logging down when /var/log exceeds capacity (bad). So, how do I: 1) Stop these messages from being logged; or 2) tell syslogd/klogd to wrap around or do something useful when the logs fill up; or 3) increase the size of the logging filesystem? I'd like to increase the amount of ram in play (anyway) as I have a lot on this machine (it was a hand me down :-) -- _ Nachman Yaakov Ziskind, EA, LLM [EMAIL PROTECTED] Attorney and Counselor-at-Law http://yankel.com Economic Group Pension Services http://egps.com Actuaries and Employee Benefit Consultants --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] VPN Through Dachstein and SSH problems
Hello all - any assistance you could provide would be great. I have been searching the FAQ's and archives for info to no avail. I have two big problems: 1. The Dachetein router is up and running great! Thank you for previous help. However, I cannot use Microsoft Dial-Up networking from a Windows box on my internal network to dial a VPN connection to a Windows NT server on the internet. (This works fine if I remove the router) Problem 2 - I cannot get SSH to Work!! I followed instructions that I found here: http://sourceforge.net/docman/display_doc.php?docid=1441group_id=13751 I followed each step to the T. However, when I try to connect (Using PuTTY from a Windows 2000 box on the internal network) the terminal screen comes up for about 1 second and then disappears completely) A couple of things I have different: I use MSN for my Broadband connection. The Arescom DSL modem I have gives a 192.168.1.2 IP to the Linux Router. I reconfigured eth1 to hand out and use 192.168.5.xxx to my internal network. All other networking functionality seems to work (browsing the Internet, etc.) Thanks for your help and let me know if you need any more info! Thanks, Eric _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Error on Booting CD
Thanks, the problem was because in my lrpkg.cfg i started the line with LRP=package1,package2. I just removed LRP= and it worked fine. Abjin Jeff Newmiller wrote: On Mon, 24 Jun 2002, Abjin M H wrote: Hi Kim, Thanks, it seems /dev/cdrom exists. ls -la /dev/cdrom gave me lrwxrwxrwx 1 root root8 Jun 24 07:72 /dev/cdrom - .dev/hdb .dev/hdb would be an invalid destination to link to. /dev/hdb would be okay. Check /var/lib/lrpkg/root.dev.mk as Kim suggests? Abjin [EMAIL PROTECTED] wrote: Aanhalen Abjin M H [EMAIL PROTECTED]: First lets check to see if /dev/cdrom exists. Try booting with the old cdrom and without the floppy disk. login and do a ls -la /dev/cdrom If that link doesn't exist you found your problem. And probably should manually create the link yourself. edit /var/lib/lrpkg/root.dev.mk and and the ln -sf /dev/hdX /dev/cdrom Where X equals A if the cdrom is attached to the primary ide-controller and is a master B if the cdrom is attached to the primary ide-controller and is a slave C if the cdrom is attached to the secondary ide-controller and is a master D if the cdrom is attached to the secondary ide-controller and is a slave Backup initrd Kim Oppalfens Azlan Training Hi, I just created a Dachstein-CD using the iso image from http://lrp.steinkuehler.net (dachstein-cd-v1.0.2.iso) and when I boot my system I got to the login prompt and it worked fine. Then I created two files in a floppy as mentioned in the documentation lrpkg.cfg and pkgpath.cfg. In lrpkg.cfg I have LRP=etc,ramlog,local,modules,dhcpd,dnscache,weblet and in pkgpath.cfg I have PKGPATH=/dev/cdrom But now when I boot from the cdrom with the floppy inserted the boot process stops with this message . . . LINUXRC: Installing LRP=etc: (nf!) ramlog: (nf!) local: (nf!) modules: (nf!) dhcpd: (nf!) dnscache: (nf!) weblet: (nf!) LINUXRC: Finished autodetecting RAID arrays autorun autorun DONE. Freeing unused kernel memory: 52k freed INIT: version 2.78 booting INIT: No inittab file found Enter runlevel: Could someone please help me out here, I would really appreciate it. How do I get to the login prompt? I want to run a firewall/vpn gateway. Thank you Abjin --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html - This mail sent through Tiscali Webmail (http://webmail.tiscali.be) --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] VPN Through Dachstein and SSH problems
On Mon, 24 Jun 2002, Eric Kubischta wrote: Hello all - any assistance you could provide would be great. I have been searching the FAQ's and archives for info to no avail. I have two big problems: 1. The Dachetein router is up and running great! Thank you for previous help. However, I cannot use Microsoft Dial-Up networking from a Windows box on my internal network to dial a VPN connection to a Windows NT server on the internet. (This works fine if I remove the router) I think you need to look for information on masquerading pptp. I haven't done it and don't know the details, but if it is possible I think you need to at least load a special kernel module to make it work, because the masquerading is an abuse that VPN's don't ordinarily get along with. Problem 2 - I cannot get SSH to Work!! I followed instructions that I found here: http://sourceforge.net/docman/display_doc.php?docid=1441group_id=13751 I followed each step to the T. However, when I try to connect (Using PuTTY from a Windows 2000 box on the internal network) the terminal screen comes up for about 1 second and then disappears completely) A couple of things I have different: I use MSN for my Broadband connection. The Arescom DSL modem I have gives a 192.168.1.2 IP to the Linux Router. I reconfigured eth1 to hand out and use 192.168.5.xxx to my internal network. You should fix your /etc/hosts.allow file. It should be allowing 192.168.5. in rather than 192.168.1. --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] GuitarLynn's FreeS/WAN image problem
On Monday 24 June 2002 19:24, Ping Kwong wrote: I tried getting the image working but for the life of me can't get passed loading the network modules. I've done several of Charles' LRP on floppies and even on CD-ROM without a problem and even Bering. But when I try to load this image from floppy after replacing it with the proper network modules it errors out. The modules are exactly the same as the Dachstein floppy image, except for the fact that I stripped most of the NIC modules out. You should use the modules from the 2.2.19-small tree from Charles site for the ipsec-floppy image. I haven't heard of anyone including myself having this particular error, but the rtl8139 chipset can be picky about the correct module. Which revision is the chipset? I've tried both versions rtl8139.o and 8139too.o and even the via-rhine.o module is having problems loading. When it tries the RTL8139 it does see a card initially and tells me it's MAC address and what the current setting of the card is then says the line is locked or something to that effect. Could my ipsec.conf settings have an effect on whether the modules not load? ipsec has no effect on the card and module loading. It shouldn't effect any other browsing or networking other than the subnet(s)/host(s) that are defined in ipsec.conf. It would appear to be a hardware/module problem to me. Any information regarding this (/var/log/syslog, etc...) should help you get your system up. I hope this helps, -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html