Re: [leaf-user] Anybody know what happened to:
Kim: Good point. If there was a machine on the LAN that was trying to ping (or otherwise connect with) 0.0.0.0, it could generate this sort of response. But...hmmm...would the destination unreachable reply be said to come *from* 0.0.0.0? I would think it would be from my ISP's routers. Or, possibly, these ICMP messages always come from a broadcast address, where the source IP is the address that's unreachable (eg, 80.135.217.223). I should Google for how these ICMP messages are put together, and update fwlog.pl accordingly. -Scott On Tue, 9 Jul 2002 [EMAIL PROTECTED] wrote: Aanhalen Scott C. Best [EMAIL PROTECTED]: Just gambling here but couldn't a packet coming from the inside with an echo request or (probably any data destined for 0.0.0.0) provoke this kind off response? A capture of network traffic should help you out if that is the case. Kim Oppalfens PS: These are some strange logs you're seeing. :) I believe they're getting logged because of the 0.0.0.0 return IP address that the packets say they are from. That IP address was historically used for broadcasts, but is now much more likely a sign of trouble. A lot of firewall rulesets block traffic from that IP address straight away. PPS: The message that it's sending in this log is an ICMP error message Destination Unreachable. My hunch is that your LEAF box is on a cable-modem environment, and someone in your neighborhood is experiment with a rather sloppy and noisy DOS attack. You may want to send this logfile to your ISP's abuse email. Message: 1 Date: Sun, 07 Jul 2002 02:27:08 -0700 From: Michael McClure [EMAIL PROTECTED] To: Leaf Mailing List [EMAIL PROTECTED] Subject: [leaf-user] Anybody know what happened to: http://www.echogent.com/cgi-bin/fwlog.pl Its not there anymore Jul 7 03:04:00 mikerouter kernel: Packet log: input DENY eth0 PROTO=1 0.0.0.0:3 80.135.217.223:3 L=56 S=0x00 I=42918 F=0x T=150 (#17) --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html - This mail sent through Tiscali Webmail (http://webmail.tiscali.be) --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering rc3 and Wireless
Hello I have a Problem with Bering RC3 and Wirless Card D-Link DWL-650 in an Rico PCMCIA/PCI-Adapter. PCMCIA Adapter is working fine. Also the Card. When i load the orinoco.o drivers. Then i tried the hostap_cs.o drivers and it says me that the CardServices have the wrong version (Need this driver for Briging and AP). I downloaded all the drivers form the Bering Homepage at LEAF. I tried all i can, but nothing worked. Btw: Im not so good in Linux. Hope you can understand my poor english and help me ;-) Cya --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Freeswan/IPSEC 1.98b for Bering available
Please check: http://leaf.sourceforge.net/article.php?sid=47 for the details Those updated packages are untested. Please report success/problems. Jacques --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] IPSEC Howto for LRP
A while ago I saw a HOWTO on implementing IPSEC on LRP with 4 different scenario's, may have been on Jacques' web site on sourceforge. Now I cannot find it for the life of me, there is plenty of other documentation around but it was the easiest read. I have IPSEC up and going sort of, but I want to add road warrior support (as it is called) as well. Any help here gratefully received. Matt --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] IPSEC Howto for LRP
Le Mardi 9 Juillet 2002 14:42, Matthew Pozzi a écrit : A while ago I saw a HOWTO on implementing IPSEC on LRP with 4 different scenario's, may have been on Jacques' web site on sourceforge. Now I cannot find it for the life of me, there is plenty of other documentation around but it was the easiest read. I have IPSEC up and going sort of, but I want to add road warrior support (as it is called) as well. Any help here gratefully received. Matt: The only doc related to IPSEC available on my Web site is the one wriiten by Chad Carr for Bering. It's here: http://leaf.sourceforge.net/devel/jnilo/buipsec.html Jacques --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] IPSEC Howto for LRP
Hi Matt, It's not the source you requested, but I've found what I think is a pretty well described and simple to follow explanation of IPSEC using the FreeS/WAN project in a book called Red Hat Linux Security and Optimization by Mohammed J. Kabir. He describes setting up the road warrior scenario, etc., and I thought it was pretty easy to follow (and I'm fairly new to Linux!). Hope that helps. Cheers! Craig --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] DCD - bits and pieces
- which package backs up the directory /root? After setting up the backup options, I've tried local, root and etc with no luck... I would like to backup the /root/.profile... It's the root package, but you can't backup root (and make it stick) w/o burning a new CD : I usually make the root directory part of the local package (edit /var/lib/lrpkg/local.list local.local) Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] IPSEC Howto for LRP
Here's an article I ran across (from a link in this mailing list, I believe). It references duckling and LRP. http://www.linuxjournal.com/article.php?sid=4772 And also another from seawall: http://seawall.sourceforge.net/IPSEC.html or more recently, shorewall: http://www.shorewall.net/IPSEC.htm (Tom Eastep kicks butt!!) Furthermore, this last link recommends a guide at http://jixen.tripod.com Hope that helps, George --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] IPSEC Howto for LRP
On Tue, 9 Jul 2002 22:42:47 +1000 Matthew Pozzi [EMAIL PROTECTED] wrote: A while ago I saw a HOWTO on implementing IPSEC on LRP with 4 different scenario's, may have been on Jacques' web site on sourceforge. Now I cannot find it for the life of me, there is plenty of other documentation around but it was the easiest read. I have IPSEC up and going sort of, but I want to add road warrior support (as it is called) as well. I think the doc you are talking about is this ipsec howto, courtesy of Lynn Avants, which describes four different scenarios for ipsec setup. I cannot, however, find it anywhere on the site. Lynn? Have a link for us to the current version? Also, perhaps we should consider merging the documents, since mine is a little light on actual ipsec configuration, but has some pretty good stuff on certificates and Windows 2000 configuration. Or we can just steal each other's good parts and have two docs in different places! Thanks, Chad # start of HowTo ### # Basic IPSec VPN HowTo ## By Lynn Avants Virtual Private Networking (aka VPN) is very popular for low-cost connections between remote offices, employees that need a connection to the company LAN from home, and mobile users that need to access a private LAN while on the run. This document covers several different connection types that are commonly used with a LEAF firewall or router running the IPSec VPN program. IPSec is known to integrate with Windows 2000 VPN, Cisco VPN, UNIX IPSec, the SSH Sentinal, and many other commercial VPN solutions. Hopefully this will answer many questions regarding VPN setup and use. TABLE OF CONTENTS 1) General Information 2) Connection Types 3) Firewall Considerations 4) Firewall Pass-Through 5) Host to Host Connections 6) Host to Subnet Connections 7) Subnet to Subnet Connections 8) Gateway to Gateway Connections 9) /etc/ipsec.conf 10) /etc/ipsec.secrets 11) Bringing up the Connection 12) Troubleshooting 13) Links 1) GENERAL INFORMATION IPSec is an OpenSource program for VPN connections that has been packaged for LEAF use. This document is based off of my custom Dachstein-IPSec enabled floppy image, but is totally compliant to the Dachstein CDROM release and is configurable to any LEAF or Linux system using IPSec. I will describe using Preshared Secret Keys (PSK) and RSA Key authentication within the scope of this document. 509 certificates may be used with IPSec, but additional licensing may be needed to create the certificates. Certificate type authentication is described thoroughly in other documents, and explained better by someone that has more experience than myself. A Pre-shared Secret Key (PSK) is a secret alpha-numeric key that is created by the person setting up the IPSec configuration. This secret password is the exactly the same on all the computers authenticating the connection and case-sensitive. A RSA Key is an authentication method that uses a program to generate a set of authentication keys. This program is built into IPSec. Each computer should generate its own set of keys. The private key is kept secret by the computer that generated it, and the public key is copied to the remote computer(s) for use to authenticate the connection. A basic way of describing this is accessing a safe-deposit box at a post office or bank. The post office or bank keeps one key and the person renting the box keeps a different key. To gain access to the box, both keys must be used to open the door. RSA is an electronic equivalent of this. This authentication method is also used with other programs, such as ssh and cvs. This is the suggested method for authentication. There are several different encryption alogarthims that can be used for closed source versions of IPSec, however the strongest one available for the open source version of IPSec at this time is the 3DES alogarthim. This is the only one that I suggest using. Required packages for connections (other than Firewall-Pass-Through): an IPSec-patched kernel for your distribution/version ipsec.lrp ifconfig.lrp mawk.lrp ipsec509.lrp (if using 509 authentication certificates instead of PSK or RSA Keys) 2) CONNECTION TYPES Firewall-pass-through: This connection is for an individual computer behind a firewall to make a connection to a remote computer or network. The firewall that is protecting the individual computer does not participate in the VPN connection or authenticate it, but rather allows the connection through the firewall. A home connection that is protected to an company network is an example of this type of connection. Host to Subnet: This connection is for a single computer to connect to a remote network. This is typically known as the Road Warrior connection and the remote computer is not behind a firewall. The ip address that the remote computer will be
RE: [leaf-user] eth1:Tx timeout! Resetting card
Date: Sun, 7 Jul 2002 08:07:54 +0900 (KST) From: Taewoon.Goo [EMAIL PROTECTED] To: [EMAIL PROTECTED] Organization: Subject: [leaf-user] eth1:Tx timeout! Resetting card.. Hi, I'm having some trouble making a wireless gateway or router, and need some help. when I ping to 192.168.0.2(my second pc), Bering puts this message repeatedly eth1:Tx timeout! Resetting card what it means and what should i do? Thanks ah, my setup is as follows.. hardware eth0 -- realtek 8139 pci eth1 -- lucent orinoco 11mbit 802.11b card in a ricoh rl5c475 pci-pcmcia adapter. software bering 1.0 rc2 + pcmcia.lrp,wireless.lrp,libm.lrp You don't mention if you have wireutil.lrp on your system. You probably should. Also, some choice extracts from your logs would be helpful. I'm going to guess that the card isn't coming up during boot properly at all. Brock --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Motorola Surfboard 4100
Anyone set up Dachstein for a Motorola Surfboard 4100 cable modem through Charter Communications (or other MSO)? It has an ethernet iface. I am assuming I will just use DHCP to get an IP, and go from there. I would be interested in any experiences that you have had with this modem. TIA, R. W. T. --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] bering, pcmcia, wireless, and bridge
Using rc3, I've managed to get pcmcia and wireless to work. However bridge is another matter. I suspect part of my problem is my near lack of experience with debian. I've looked into it a little bit, and /etc/init.d/networking issues: br_add_bridge: Packge not installed after ifup -a. I also believe some of the variables are not set for the bridge scripts in /etc/networking Can anyone offer some pointers? -- Mark Gaba-Gaba-Hey --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] IPSEC Howto for LRP
This is Lynn's HOWTO: http://leaf.sourceforge.net/devel/guitarlynn/ipsec.txt -Original Message- From: Chad Carr [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 09, 2002 10:49 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] IPSEC Howto for LRP On Tue, 9 Jul 2002 22:42:47 +1000 Matthew Pozzi [EMAIL PROTECTED] wrote: A while ago I saw a HOWTO on implementing IPSEC on LRP with 4 different scenario's, may have been on Jacques' web site on sourceforge. Now I cannot find it for the life of me, there is plenty of other documentation around but it was the easiest read. I have IPSEC up and going sort of, but I want to add road warrior support (as it is called) as well. I think the doc you are talking about is this ipsec howto, courtesy of Lynn Avants, which describes four different scenarios for ipsec setup. I cannot, however, find it anywhere on the site. Lynn? Have a link for us to the current version? Also, perhaps we should consider merging the documents, since mine is a little light on actual ipsec configuration, but has some pretty good stuff on certificates and Windows 2000 configuration. Or we can just steal each other's good parts and have two docs in different places! Thanks, Chad # start of HowTo ### # Basic IPSec VPN HowTo ## By Lynn Avants Virtual Private Networking (aka VPN) is very popular for low-cost connections between remote offices, employees that need a connection to the company LAN from home, and mobile users that need to access a private LAN while on the run. This document covers several different connection types that are commonly used with a LEAF firewall or router running the IPSec VPN program. IPSec is known to integrate with Windows 2000 VPN, Cisco VPN, UNIX IPSec, the SSH Sentinal, and many other commercial VPN solutions. Hopefully this will answer many questions regarding VPN setup and use. TABLE OF CONTENTS 1) General Information 2) Connection Types 3) Firewall Considerations 4) Firewall Pass-Through 5) Host to Host Connections 6) Host to Subnet Connections 7) Subnet to Subnet Connections 8) Gateway to Gateway Connections 9) /etc/ipsec.conf 10) /etc/ipsec.secrets 11) Bringing up the Connection 12) Troubleshooting 13) Links 1) GENERAL INFORMATION IPSec is an OpenSource program for VPN connections that has been packaged for LEAF use. This document is based off of my custom Dachstein-IPSec enabled floppy image, but is totally compliant to the Dachstein CDROM release and is configurable to any LEAF or Linux system using IPSec. I will describe using Preshared Secret Keys (PSK) and RSA Key authentication within the scope of this document. 509 certificates may be used with IPSec, but additional licensing may be needed to create the certificates. Certificate type authentication is described thoroughly in other documents, and explained better by someone that has more experience than myself. A Pre-shared Secret Key (PSK) is a secret alpha-numeric key that is created by the person setting up the IPSec configuration. This secret password is the exactly the same on all the computers authenticating the connection and case-sensitive. A RSA Key is an authentication method that uses a program to generate a set of authentication keys. This program is built into IPSec. Each computer should generate its own set of keys. The private key is kept secret by the computer that generated it, and the public key is copied to the remote computer(s) for use to authenticate the connection. A basic way of describing this is accessing a safe-deposit box at a post office or bank. The post office or bank keeps one key and the person renting the box keeps a different key. To gain access to the box, both keys must be used to open the door. RSA is an electronic equivalent of this. This authentication method is also used with other programs, such as ssh and cvs. This is the suggested method for authentication. There are several different encryption alogarthims that can be used for closed source versions of IPSec, however the strongest one available for the open source version of IPSec at this time is the 3DES alogarthim. This is the only one that I suggest using. Required packages for connections (other than Firewall-Pass-Through): an IPSec-patched kernel for your distribution/version ipsec.lrp ifconfig.lrp mawk.lrp ipsec509.lrp (if using 509 authentication certificates instead of PSK or RSA Keys) 2) CONNECTION TYPES Firewall-pass-through: This connection is for an individual computer behind a firewall to make a connection to a remote computer or network. The firewall that is protecting the individual computer does not
[leaf-user] DFE-570-TX Too much work during interrupt
I am running dhrelay. So it is getting hit with quite a few lease requests being forwarded to our DHCP servers. About once a week when our leases get renewed I get the following error. Eth1 : Too much work during interrupt. Csr5=0xF0630040. (This is the interface where our DHCP server resides) I am assuming that this is because the nic is being flooded on port 67 between its' ports and it is dropping packets as a result. So far I have updated to the most recent tulip driver (v0.93), and I have applied the following fix: echo 500 1000 2000 /proc/sys/vm/freepages (Check link for details) http://www.tux.org/hypermail/linux-tulip/2001-Nov/0053.html This seemed to work but the problem has returned. Does anyone have any suggestions? Is there a way that I can increase the maximum work during the interrupt? Is there a driver for this card that works properly? Can someone point me to a link that will be helpful? Thanks in advance. Troy --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Motorola Surfboard 4100
Hi Dr. Tibbs! I have the same modem and I use the Dachstein CD, and it works flawlessly. I use an old AMDk6 200Mhz. Box, and boot from the CD. I just ran my CAT5 from the modem to the box, box to a hub, plugged my computers on the LAN into the hub...and away I went. You'll like it! Cheers, Craig --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] attempt to access beyond end of device
there are lots (stopped counting) of these in my logs: Jul 9 08:48:02 firewall kernel: attempt to access beyond end of device Jul 9 08:48:02 firewall kernel: 01:01: rw=0, want=6148, limit=6144 Jul 9 08:48:02 firewall kernel: dev 01:01 blksize=1024 blocknr=6147 sector=12294 size=1024 count=1 i'm running dachstein 1.02 floppy, dual 3c905b nic's, pentium 133/64mb ram. everything works fine (portforwarding, dhcpd, nat, etc, etc), but my logs are filling up with these three lines over and over again (that and dhrequest messages, but that's from the cable modem and not really a problem). has anyone seen these before or does anyone know what they mean? tia -david --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Motorola Surfboard 4100
Thanks, that is good news. Now to de-volve my Dachstein/floppy from pppoe over DSL to straight ethernet... maniacal cackle. Craig wrote: Hi Dr. Tibbs! I have the same modem and I use the Dachstein CD, and it works flawlessly. I use an old AMDk6 200Mhz. Box, and boot from the CD. I just ran my CAT5 from the modem to the box, box to a hub, plugged my computers on the LAN into the hub...and away I went. You'll like it! Cheers, Craig --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Motorola Surfboard 4100
The only trick with the cable modems is that they remember the MAC address of the last nic connected to them. If you plug a different nic in, they don't connect. UNLESS you unplug the cable modem for a few min. so it will forget the MAC address. Then everything goes fine. Thanks, that is good news. Now to de-volve my Dachstein/floppy from pppoe over DSL to straight ethernet... maniacal cackle. Craig wrote: Hi Dr. Tibbs! I have the same modem and I use the Dachstein CD, and it works flawlessly. I use an old AMDk6 200Mhz. Box, and boot from the CD. I just ran my CAT5 from the modem to the box, box to a hub, plugged my computers on the LAN into the hub...and away I went. You'll like it! Cheers, Craig --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] DFE-570-TX Too much work during interrupt
On Tue, 2002-07-09 at 09:56, Troy Aden wrote: I am running dhrelay. So it is getting hit with quite a few lease requests being forwarded to our DHCP servers. About once a week when our leases get renewed I get the following error. Eth1 : Too much work during interrupt. Csr5=0xF0630040. (This is the interface where our DHCP server resides) I am assuming that this is because the nic is being flooded on port 67 between its' ports and it is dropping packets as a result. So far I have updated to the most recent tulip driver (v0.93), and I have applied the following fix: echo 500 1000 2000 /proc/sys/vm/freepages (Check link for details) http://www.tux.org/hypermail/linux-tulip/2001-Nov/0053.html This seemed to work but the problem has returned. Does anyone have any suggestions? Is there a way that I can increase the maximum work during the interrupt? Is there a driver for this card that works properly? Can someone point me to a link that will be helpful? Thanks in advance. Troy FWIW, the current version of the tulip driver at scyld (ftp://ftp.scyld.com/pub/network/tulip.c) is 0.95. --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] attempt to access beyond end of device
there are lots (stopped counting) of these in my logs: Jul 9 08:48:02 firewall kernel: attempt to access beyond end of device Jul 9 08:48:02 firewall kernel: 01:01: rw=0, want=6148, limit=6144 Jul 9 08:48:02 firewall kernel: dev 01:01 blksize=1024 blocknr=6147 sector=12294 size=1024 count=1 i'm running dachstein 1.02 floppy, dual 3c905b nic's, pentium 133/64mb ram. everything works fine (portforwarding, dhcpd, nat, etc, etc), but my logs are filling up with these three lines over and over again (that and dhrequest messages, but that's from the cable modem and not really a problem). has anyone seen these before or does anyone know what they mean? tia I haven't seen this exact error, but it sounds like you may have gotten your system confused about floppy disk size (ie 1440K vs 1680K or similar). Did you do something like migrate a 1680K image to a 1440K disk? Do the floppy format and boot= settings in syslinux.cfg (also in /proc/cmdline) match? Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] bering, pcmcia, wireless, and bridge
Manfred, Loaded bridge.lrp and bridge.o wasn't anywhere to be found. Grabbed bridge.o from the web and put it in /lib/modules. This solved the br_add_bridge message. Looking at the scripts in /etc/networking, it looks like there's several variable which aren't initialized (IF_BRIDGE_PORTS for example). Should I be doing this as part of configuration, or should this be pick up out of /etc/network/interfaces? (sorry if I'm a bit weak on information, shell scripts have never been my forte). Manfred Schuler wrote: Mark, did you load the bridge module in /etc/modules? Did you load the bridge package in syslinux.cfg? Manfred Mark A Nordstrand schrieb: Using rc3, I've managed to get pcmcia and wireless to work. However bridge is another matter. I suspect part of my problem is my near lack of experience with debian. I've looked into it a little bit, and /etc/init.d/networking issues: br_add_bridge: Packge not installed after ifup -a. I also believe some of the variables are not set for the bridge scripts in /etc/networking Can anyone offer some pointers? -- Mark Gaba-Gaba-Hey --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html -- Manfred Schuler E_Mail: mailto:[EMAIL PROTECTED] -- Mark Those who make peaceful revolution impossible make violent revolution inevitable. --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] DNS request timed out
Hi folks, As I indicated from an earlier port, I'm trying to learn about nslookup. It doesn't work at all from my Dachstein firewall, so I decided to try nslookup, and its various command line options, from a computer on my LAN thinking that would work. Unfortunately, I don't think it really does work. My message(s) I get are below. Any comments, suggestions, etc.,etc. Cheers, Craig nslookup www.yahoo.com Server: www.yahoo.akadns.net Addresses: 66.218.71.84, 66.218.71.88, 66.218.71.81, 66.218.71.87 66.218.71.80, 66.218.71.83, 66.218.71.86 Aliases: www.yahoo.com DNS request timed out. timeout was 2 seconds. *** Request to www.yahoo.com timed-out --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] daemon vs. savelog ???
I have a compiled application that runs find under dcd. This app spews data on STDOUT while running. I want to run this app as a daemon (continuously running in background) and I want to save the stdout data to a logfile. In fact, I am doing this now and everything is OK: $DAEMON $LOG 21 Except, when _savelog_ rotates the logfile, the application writes to the first archive, rather than the file with original logfile label: -rw-r- 1 root adm 0 Jul 9 05:07 logfile -rw-r- 1 root adm 17943 Jul 9 14:17 logfile.0 After savelog rotates the logfile, $DAEMON is writing to logfile.0, instead of logfile. Obviously, this is not acceptable ; I assume that this has something to do with the original redirected output keeping logfile open, even during the rename to logfile.0 -- is there a workaround? What do you think? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Newbie questions (I know, I know)
I'm new to the whole LEAF / LRP arena, but an old programmer. Started my first ISP with a single Linux/486DX4-100 box a while ago, sold it, and now have a dozen machines running at my home/office. I have a few questions. I read what documentation I could find, but most of the sites appear to be down/moved (c0wz, etc). My hardware is an older 486-dx4100, with 4 NETGEAR FA311 PCI cards, 2X 210Meg IDE drives (in case), generic ISA video, serial / parallel. 64Meg RAM I have ISDN with fixed IP's running through an old Firewall box, feeding a DMZ with 2 servers and a subnet of masqueraded windoze boxes. The new LEAF box will replace that older Firewall, and allow me to switch to a Cable modem. I hope to get the new one operational, and move things over a bit at a time before axeing the old box. Thats why I have 4 ehternet cards (eth0=CABLE, eth1=ISDN, eth2=DMZ, eth3=MASQ) I will have 5 fixed IP's on the CABLE connection when I get it all done. (GW/eth0, DMZ/eth2, 3Xservers in DMZ) I have D/L'd several versions of the project, most recently Dachstein V1.0.2. 1) Which version should I be playing with? Security is my main concern.. 2) The Ethernet cards came with a fa31x.o file, but it generates lots of errors when included in the module area. Tulip.o seems to generate less errors, but still a few. Which module should I be using? 3) Where do I get ipcfg, route, and the other required tools to troubleshoot this whole process? I don't believe LINUX is seeing any of the cards. dmesg lists the tulip module banner as the last line in the startup process. 4)Will I have to create yet another machine just to compile kernels if I want to use the IDE drives, and the network cards? Thanks for the boost. Once the basics are running, the firewall, etc should be a straight forward port from the existing linux box. (ipchains) If ya wanna flame me, please do it off-line at [EMAIL PROTECTED], and not on the list...Suggestions can be sent to the same address. Harold Miller [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by NW.NET's MailScanner, and is believed to be clean. --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re:RE: [leaf-user] eth1:Tx timeout! Resetting card
- Original Message - From: Brock Nanson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Date: Tue, 9 Jul 2002 08:31:47 -0700 Subject: RE: [leaf-user] eth1:Tx timeout! Resetting card Date: Sun, 7 Jul 2002 08:07:54 +0900 (KST) From: Taewoon.Goo [EMAIL PROTECTED] To: [EMAIL PROTECTED] Organization: Subject: [leaf-user] eth1:Tx timeout! Resetting card.. Hi, I'm having some trouble making a wireless gateway or router, and need some help. when I ping to 192.168.0.2(my second pc), Bering puts this message repeatedly eth1:Tx timeout! Resetting card what it means and what should i do? Thanks ah, my setup is as follows.. hardware eth0 -- realtek 8139 pci eth1 -- lucent orinoco 11mbit 802.11b card in a ricoh rl5c475 pci-pcmcia adapter. software bering 1.0 rc2 + pcmcia.lrp,wireless.lrp,libm.lrp You don't mention if you have wireutil.lrp on your system. You probably should. Also, some choice extracts from your logs would be helpful. I'm going to guess that the card isn't coming up during boot properly at all. Brock As you say, I added wireutil.lrp on my system. But nothing changed. In redhat7.3, same error message is occured, but it is doing well as a gateway. ping and masquerading is ok. error messages are eth1:Tx error status 4(FID=01E2) at boot time, and eth1: Tx error status 1(FID=017E), eth1:Tx error status 1(FID=0xxx) at ping time continually. my logs in /var/log/ is changed. syslog for example ## before i ping to 192.168.0.2 Jul 10 08:39:21 firewall syslogd 1.3-3#31.slink1: restart. Jul 10 08:39:21 firewall kernel: klogd 1.3-3#31.slink1, log source = /proc/kmsg started. Jul 10 08:39:21 firewall kernel: Cannot find map file. Jul 10 08:39:21 firewall kernel: Loaded 17 symbols from 8 modules. Jul 10 08:39:21 firewall kernel: Linux version 2.4.18 (root@debian) (gcc version 2.95.2 2220 (Debian GNU/Linux)) #1 Sun Apr 21 12:50:34 CEST 2002 Jul 10 08:39:21 firewall kernel: BIOS-provided physical RAM map: Jul 10 08:39:21 firewall kernel: BIOS-e820: - 000a (usable) Jul 10 08:39:21 firewall kernel: BIOS-e820: 000f - 0010 (reserved) Jul 10 08:39:21 firewall kernel: BIOS-e820: 0010 - 17ff (usable) Jul 10 08:39:21 firewall kernel: BIOS-e820: 17ff - 17ff3000 (ACPI NVS) Jul 10 08:39:21 firewall kernel: BIOS-e820: 17ff3000 - 1800 (ACPI data) Jul 10 08:39:21 firewall kernel: BIOS-e820: - 0001 (reserved) Jul 10 08:39:21 firewall kernel: On node 0 totalpages: 98288 Jul 10 08:39:21 firewall kernel: zone(0): 4096 pages. Jul 10 08:39:21 firewall kernel: zone(1): 94192 pages. Jul 10 08:39:21 firewall kernel: zone(2): 0 pages. Jul 10 08:39:21 firewall kernel: Kernel command line: BOOT_IMAGE=linux initrd=initrd.lrp init=/linuxrc root=/dev/ram0 boot=/dev/fd0u1680:msdos PKGPATH=/dev/fd0u1680 LRP=root,etc,local,modules,pump,shorwall,dnscache,libm,wireless,pcmcia,wireutil Jul 10 08:39:21 firewall kernel: Initializing CPU#0 Jul 10 08:39:21 firewall kernel: Detected 451.042 MHz processor. Jul 10 08:39:21 firewall kernel: Console: colour VGA+ 80x25 Jul 10 08:39:21 firewall kernel: Calibrating delay loop... 897.84 BogoMIPS Jul 10 08:39:21 firewall kernel: Memory: 384880k/393152k available (853k kernel code, 7888k reserved, 204k data, 60k init, 0k highmem) Jul 10 08:39:21 firewall kernel: Dentry-cache hash table entries: 65536 (order: 7, 524288 bytes) Jul 10 08:39:21 firewall kernel: Inode-cache hash table entries: 32768 (order: 6, 262144 bytes) Jul 10 08:39:21 firewall kernel: Mount-cache hash table entries: 8192 (order: 4, 65536 bytes) Jul 10 08:39:21 firewall kernel: Buffer-cache hash table entries: 32768 (order: 5, 131072 bytes) Jul 10 08:39:21 firewall kernel: Page-cache hash table entries: 131072 (order: 7, 524288 bytes) Jul 10 08:39:21 firewall kernel: CPU: Before vendor init, caps: 0387f9ff , vendor = 0 Jul 10 08:39:21 firewall kernel: CPU: L1 I cache: 16K, L1 D cache: 16K Jul 10 08:39:21 firewall kernel: CPU: L2 cache: 512K Jul 10 08:39:21 firewall kernel: CPU: After vendor init, caps: 0387f9ff Jul 10 08:39:21 firewall kernel: CPU serial number disabled. Jul 10 08:39:21 firewall kernel: Intel machine check architecture supported. Jul 10 08:39:21 firewall kernel: Intel machine check reporting enabled on CPU#0. Jul 10 08:39:21 firewall kernel: CPU: After generic, caps: 0383f9ff Jul 10 08:39:21 firewall kernel: CPU: Common caps: 0383f9ff Jul 10 08:39:21 firewall kernel: CPU: Intel Pentium III (Katmai) stepping 03 Jul 10 08:39:21 firewall kernel: Enabling fast FPU save and restore... done. Jul 10 08:39:21 firewall kernel: Enabling unmasked SIMD FPU exception support... done. Jul 10 08:39:21 firewall kernel: Checking 'hlt'
Re: [leaf-user] bering, pcmcia, wireless, and bridge
I'm using a Prism-2.5 based PCI board (Tekram PC-400) with hostap_pci in AP mode. IIRC, there are problems to use orinoco cards in AP mode. Search the hostap mailing list: http://hostap.epitest.fi/htdig/ Manfred hari-nuryadi schrieb: Talking about bridgeManfred, do u want to try orinocco based card with bridge mode? Do anyone here have a succes story about making orinocco card to become bridge? I have read on a mailing list (i forgot the mailing list name) which said that orinocco card can't be act as a bridge, because of it's capability that can't forward MAC address. Correct me if i'm wrong please. hari-huhui - Yang Mudah dan Menghibur Hosting menjadi mudah dan murah hanya di PlasaCom. Klik http://idc.plasa.com F1 Mania!! Ikuti F1 Game di Obelix Game Corner di http://www.plasa.com/infotel/f1.html --- -- Manfred Schuler E_Mail: mailto:[EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] bering, pcmcia, wireless, and bridge
Manfred, Have the eth entries commented out and the bridge entry uncommented in /etc/network/interfaces. My poking around in if-pre-up.d/bridge has /proc/net/dev empty (or with out any eth entries). As a guess, this is because pcmcia either hasn't run or isn't finished. My gut tells me this is the root of the problem. Further poking around confirms this as I see the bridge scripts exiting before hearing the beeps (and messages) from pcmcia. Manfred Schuler wrote: Mark, bridge configuration is done in /etc/network/interfaces. At the end of the file is an example bridge configuration In the bridge_ports line you list the devices you want to bridge, normally your internal interfaces. These devices must not be configured, so comment out the respective lines. Backup etc. In the file /etc/network/if-pre-up.d/bridge the line brctl addif $IFACE $i ip set dev $i up should read brctl addif $IFACE $i ip link set dev $i up Change this and backup bridge. -- Mark --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Newbie questions (I know, I know)
Hi Harold! I don't know answers to all of your questions, but I almost positive the Netgear cards use the natsemi.o module. As far as which version...I know Charles says he personally uses his Dachstein CD. I'm sure other people will chime in, but I must admit it's nice booting from a CD because you can have so many features incorporated into it. Cheers, Craig --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Newbie questions (I know, I know)
There are several Netgear cards out there. The FA310 uses the tulip.o module and the FA311 uses the natsemi.o module. Robert Chambers Craig wrote: Hi Harold! I don't know answers to all of your questions, but I almost positive the Netgear cards use the natsemi.o module. As far as which version...I know Charles says he personally uses his Dachstein CD. I'm sure other people will chime in, but I must admit it's nice booting from a CD because you can have so many features incorporated into it. Cheers, Craig --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] dnscache.lrp
Dnscache.lrp doesn't seem to work. Ive installed as per instructions on site. Daemontls.lrp is installed too. I noticed there is no log files in /var/log/dnscache dir. How can I troubleshoot this thing? thnx --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Newbie questions (I know, I know)
Replies inline below. I waited a bit before replying to see if others could give you more direct answers than I can. Please take these comments for what they are worth. At 05:09 PM 7/9/02 -0700, Harold Miller wrote: I'm new to the whole LEAF / LRP arena, but an old programmer. Started my first ISP with a single Linux/486DX4-100 box a while ago, sold it, and now have a dozen machines running at my home/office. I have a few questions. I read what documentation I could find, but most of the sites appear to be down/moved (c0wz, etc). My hardware is an older 486-dx4100, with 4 NETGEAR FA311 PCI cards, 2X 210Meg IDE drives (in case), generic ISA video, serial / parallel. 64Meg RAM I have ISDN with fixed IP's running through an old Firewall box, feeding a DMZ with 2 servers and a subnet of masqueraded windoze boxes. The new LEAF box will replace that older Firewall, and allow me to switch to a Cable modem. I hope to get the new one operational, and move things over a bit at a time before axeing the old box. Thats why I have 4 ehternet cards (eth0=CABLE, eth1=ISDN, eth2=DMZ, eth3=MASQ) I will have 5 fixed IP's on the CABLE connection when I get it all done. (GW/eth0, DMZ/eth2, 3Xservers in DMZ) I have D/L'd several versions of the project, most recently Dachstein V1.0.2. 1) Which version should I be playing with? Security is my main concern.. There is no simple answer to this question. All the variant developers take security seriously. But all the variants still miss on security from time to time, needing to upgrade to deal with (for recent examples) security holes in ssh and bind. glibc-2.0.x is no longer maintained, so you should worry about the possibility of security holes in variants that use it. 2) The Ethernet cards came with a fa31x.o file, but it generates lots of errors when included in the module area. Tulip.o seems to generate less errors, but still a few. Which module should I be using? It depends a bit on what the fa31x.o file was compiled for. You need a module that matches your kernel version. At least some Netgear cards work with some versions of the tulip driver. Whether yours do or not ... well, it depends on what the errors are, right? If you want meaningful advice here, you really need to tell us more about the cards, the modules, and what the error messages say. 3) Where do I get ipcfg, route, and the other required tools to troubleshoot this whole process? I don't believe LINUX is seeing any of the cards. dmesg lists the tulip module banner as the last line in the startup process. What is ipcfg? If you mean ifconfig, either you use the ip command instead (ip link show, specifically) or you choose a variant that has an ifconfig.lrp dropin package (discussed on this list earlier today). For route, use either netstat to get information or ip to set things. What other tools do you consider to be required? 4)Will I have to create yet another machine just to compile kernels if I want to use the IDE drives, and the network cards? Well ... if you need to compile your own kernels, you will need a machine able to handle kernel source and the usual compilers. LEAF systems are focused on routing (or other special-purpose concerns), not this sort of general capability. But you should check more carefully at the Sourceforge site for kernels and packages that meet your particular needs (whatever they are). If you only want to use the IDE drives *after* boot/init, for example, you can add IDE support in as a module; it needs to be compiled in only if you are loading packages from there. Thanks for the boost. Once the basics are running, the firewall, etc should be a straight forward port from the existing linux box. (ipchains) If ya wanna flame me, please do it off-line at [EMAIL PROTECTED], and not on the list...Suggestions can be sent to the same address. -- ---Never tell me the odds!-- Ray Olszewski-- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] --- --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] dnscache.lrp
Dnscache.lrp doesn't seem to work. Ive installed as per instructions on site. Daemontls.lrp is installed too. I noticed there is no log files in /var/log/dnscache dir. How can I troubleshoot this thing? thnx --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] eth1:Tx timeout! Resetting card
| Date: Wed, 10 Jul 2002 09:17:54 +0900 (KST) | From: Taewoon.Goo [EMAIL PROTECTED] | Subject: Re:RE: [leaf-user] eth1:Tx timeout! Resetting card | To: [EMAIL PROTECTED] | cc: [EMAIL PROTECTED] | Organization: | | | - Original Message - | From: Brock Nanson [EMAIL PROTECTED] | To: [EMAIL PROTECTED] | Cc: [EMAIL PROTECTED] | Date: Tue, 9 Jul 2002 08:31:47 -0700 | Subject: RE: [leaf-user] eth1:Tx timeout! Resetting card | | Date: Sun, 7 Jul 2002 08:07:54 +0900 (KST) | From: Taewoon.Goo [EMAIL PROTECTED] | To: [EMAIL PROTECTED] | Organization: | Subject: [leaf-user] eth1:Tx timeout! Resetting card.. | | Hi, I'm having some trouble making a wireless gateway or router, and | need some help. | when I ping to 192.168.0.2(my second pc), Bering puts this message | repeatedly | eth1:Tx timeout! Resetting card | | what it means and what should i do? | | Thanks | | ah, my setup is as follows.. | | hardware | eth0 -- realtek 8139 pci | eth1 -- lucent orinoco 11mbit 802.11b card in a ricoh rl5c475 | pci-pcmcia adapter. | | software | bering 1.0 rc2 + pcmcia.lrp,wireless.lrp,libm.lrp | | | You don't mention if you have wireutil.lrp on your system. You probably | should. Also, some choice extracts from your logs would be helpful. | I'm going to guess that the card isn't coming up during boot properly at | all. | | Brock | | | | As you say, I added wireutil.lrp on my system. But nothing changed. | | In redhat7.3, same error message is occured, but it is doing well as a gateway. | ping and masquerading is ok. | error messages are eth1:Tx error status 4(FID=01E2) at boot time, and eth1: | Tx error status 1(FID=017E), eth1:Tx error status 1(FID=0xxx) at ping time continually. | | my logs in /var/log/ is changed. | | syslog for example | | ## before i ping to 192.168.0.2 | giant hack | Jul 10 08:39:21 firewall kernel: 8139too Fast Ethernet driver 0.9.24 | Jul 10 08:39:21 firewall kernel: PCI: Found IRQ 11 for device 00:10.0 | Jul 10 08:39:21 firewall kernel: PCI: Sharing IRQ 11 with 00:07.2 | Jul 10 08:39:21 firewall kernel: PCI: Sharing IRQ 11 with 00:07.3 | Jul 10 08:39:21 firewall kernel: eth0: RealTek RTL8139 Fast Ethernet at 0xd8821000, 00:c0:26:73:51:8d, IRQ 11 | Jul 10 08:39:21 firewall kernel: eth0: Identified 8139 chip type 'RTL-8139C' | Jul 10 08:39:21 firewall kernel: eth0: Setting half-duplex based on auto-negotiated partner ability . | Jul 10 08:39:21 firewall kernel: Linux PCMCIA Card Services 3.1.33 | Jul 10 08:39:21 firewall kernel: kernel build: 2.4.18 #9 Sun Apr 7 13:54:58 CEST 2002 | Jul 10 08:39:21 firewall kernel: options: [pci] [cardbus] | Jul 10 08:39:21 firewall kernel: Intel ISA/PCI/CardBus PCIC probe: | Jul 10 08:39:21 firewall kernel: PCI: Found IRQ 9 for device 00:0e.0 | Jul 10 08:39:21 firewall kernel: Ricoh RL5C475 rev 80 PCI-to-CardBus at slot 00:0e, mem 0xdb003000 | Jul 10 08:39:21 firewall kernel: host opts [0]: [isa irq] [io 3/6/1] [mem 3/6/1] [pci irq 9] [lat 32/176] [bus 2/5] | Jul 10 08:39:21 firewall kernel: ISA irqs (default) = 3,4,5,7,14,15 PCI status changes | Jul 10 08:39:21 firewall cardmgr[699]: watching 1 sockets | Jul 10 08:39:21 firewall cardmgr[700]: starting, version is 3.1.33 | Jul 10 08:39:21 firewall cardmgr[700]: socket 0: Intersil PRISM2 11 Mbps Wireless Adapter | Jul 10 08:39:21 firewall kernel: cs: memory probe 0xa000-0xa0ff: clean. | Jul 10 08:39:21 firewall cardmgr[700]: executing: 'insmod /lib/modules/2.4.18/pcmcia/hermes.o' | Jul 10 08:39:21 firewall kernel: hermes.c: 16 Jan 2002 David Gibson [EMAIL PROTECTED] | Jul 10 08:39:21 firewall cardmgr[700]: + Using /lib/modules/2.4.18/pcmcia/hermes.o | Jul 10 08:39:21 firewall cardmgr[700]: executing: 'insmod /lib/modules/2.4.18/pcmcia/orinoco.o' | Jul 10 08:39:21 firewall kernel: orinoco.c 0.09b (David Gibson [EMAIL PROTECTED] and others) | Jul 10 08:39:21 firewall cardmgr[700]: + Using /lib/modules/2.4.18/pcmcia/orinoco.o | Jul 10 08:39:21 firewall cardmgr[700]: executing: 'insmod /lib/modules/2.4.18/pcmcia/orinoco_cs.o' | Jul 10 08:39:21 firewall kernel: orinoco_cs.c 0.09b (David Gibson [EMAIL PROTECTED] and others) | Jul 10 08:39:21 firewall cardmgr[700]: + Using /lib/modules/2.4.18/pcmcia/orinoco_cs.o | Jul 10 08:39:21 firewall kernel: cs: IO port probe 0x0100-0x04ff: excluding 0x170-0x177 0x1f0-0x1f7 0x220-0x22f 0x370-0x37f 0x388-0x38f 0x3c0-0x3df 0x3f0-0x3ff 0x4d0-0x4d7 | Jul 10 08:39:21 firewall kernel: cs: IO port probe 0x0178-0x01ef: clean. | Jul 10 08:39:21 firewall kernel: cs: IO port probe 0x01f8-0x021f: clean. | Jul 10 08:39:21 firewall kernel: cs: IO port probe 0x0230-0x036f: clean. | Jul 10 08:39:21 firewall kernel: cs: IO port probe 0x0380-0x0387: clean. | Jul 10 08:39:21 firewall kernel: cs: IO port probe 0x0390-0x03bf: clean. | Jul 10 08:39:21 firewall kernel: cs: IO port probe 0x03e0-0x03ef: clean. | Jul 10 08:39:21 firewall kernel: cs: IO port probe 0x0400-0x04cf: clean. | Jul 10 08:39:21 firewall kernel: cs:
Re: [leaf-user] dnscache.lrp
On Tue, 09 Jul 2002 20:10:58 PDT Jim Van Eeckhoutte wrote: Dnscache.lrp doesn't seem to work. Ive installed as per instructions on site. Daemontls.lrp is installed too. I noticed there is no log files in /var/log/dnscache dir. How can I troubleshoot this thing? thnx I almost replied to your first post, but decided I would wait to see if someone with daemontools experience did first. Is it possible for you to (at least temporarily) remove daemontools? It adds one more layer that can be misconfigured and cause problems and dnscache should run fine without it. If you can dump daemontools for now, here is the troubleshooting procedure I recommend: 1. In /etc/dnscache/env, verify IP is set to your internal interface address. 192.168.20.254, IIRC. Verify IPQUERY is broad enough to allow requests from your internal lan. The default of 192.168 should be fine. 2. svi dnscache start to make sure dnscache has been started 3. ps | grep dnscache to verify it's really running 4. cat /proc/net/udp and look for a line that starts 53: FE14A8C0: to verify it's listening for UDP traffic on port 53 of 192.168.20.254 (assuming that's the correct address for internal interface) 5. Test name resolution from the firewall using dnscache. Temporarily comment out all nameserver lines in /etc/resolv.conf and add one that reads nameserver 192.168.20.254 Run tail -f /var/log/syslog followed by ping www.google.com or similar on the firewall (so there are fewer firewall rules to worry about and see if www.google.com resolves. If so, dnscache is probably working fine make sure your shorewall rules permit access from your internal hosts. If not, was there any output in /var/log/syslog that indicates shorewall is blocking requests to the root name servers? (I'm assuming you are using the default resolving config rather than forwarding requests to your ISP's DNS server(s)). 6. If it were me and #1-5 didn't offer any insight, I would probably break out tcpdump.lrp and start watching packets on the internal interface (tcpdump -n -i eth1 port 53) to make sure DNS requests were being sent properly to dnscache. Things get slightly trickier if you're running daemontools too because, IIRC, they introduce additional configuration files to limit access to the daemon, here dnscache. The dnscache binary probably won't be running (and show up in a ps) most of the time either. I would need to dig through /etc/init.d/dnscache and the daemontools docs (http://cr.yp.to/daemontools.html) to offer much more help, and unfortunately I don't have enough time to do so at the moment. I did notice MULTI=0 in my (Bering RC2) version of /etc/init.d/dnscache though. It appears that disables logging, so you may want to investigate more closely and try setting it to 1. Hope that's enough to get you started. --Brad --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html