[leaf-user] Re: re sh-httpd perm Bug

[Dan Harkless]

[EMAIL PROTECTED] (Eric Wolzak) writes:
> What doesn't function anymore if the group of sh-
> httpd is adm are parts of the viewsys page: 
> the listing of the modules for example.

Gotcha.  I missed that -- thanks.

> This was the reason the wheel ( not wheels you are 
> right ;)) group was used.
> In the new release of weblet the modification to the  
> cron job assigning the logfiles to -g wheel is 
> allready done.

Thanks.  I've now fixed my LEAF systems to put sh-httpd back in wheel and
have /etc/cron.daily/multicron-d and /etc/cron.daily/savelog-sh-httpd use -g
wheel, and all appears to be working well, including the modules listing on
the viewsys page.

Of course weblet is still doing something I consider wrong -- it's saying
the firewall is in red light / "ERROR" mode just because it has "251 denied
or rejected packets".  Isn't this the whole point of a firewall, to deny and
reject those packets?  How is this an "ERROR"?  At worst, it should be at
"yellow alert".

--
Dan Harkless
[EMAIL PROTECTED]
http://harkless.org/dan/


---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Where is the lrpkg.cfg file?

[Dan Harkless]

"Brad Fritz" <[EMAIL PROTECTED]> writes:
> 
> On Mon, 29 Jul 2002 11:01:52 PDT you wrote:
> 
> > Also, what is this acronym he keeps using..."IIRC"??? Thank you.
> 
> http://www.acronymfinder.com/af-query.asp?acronym=IIRC

Wow, that's a really useful resource to have, Brad!  Thanks for posting that
link.  (Too bad about their obnoxious banner and popup ads, and
self-censorship on e.g. "FUBAR", though.)

BTW, they were missing a definition for "LEAF", but I submitted it.  ;^>

--
Dan Harkless
[EMAIL PROTECTED]
http://harkless.org/dan/


---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] traceroute through Bering firewall

[kimoppalfens]

>> 

>> Microsoft traceroute uses icmp whereas unix traceroute tends to use udp

>

>> ports in the range above 33000.

>

>Huh.  That's wild.  I didn't know UDP was useful for such things.  I'd've

>thought there'd have to be like a "tracerouted" listening to some UDP

>port(s) for it to work that way, whereas I thought the TCP/IP stack was

>responsible for responding to certain ICMP messages, and that ICMP's whole

>reason for being was things like ping and traceroute (and lower-level

>equivalents).


The unix traceroute is based on the fact that you will respond with
a package stating that nothing is listening on that port. That is
normal behaviour if you don't have a firewall DROPping the package.
A reject rule might make a unix traceroute already happy (not sure though).

As to making the traceroute from microsoft work, I am pretty sure it
involves some icmp rule being added, not sure what though. But default
bering only allows icmp type 8 in which is the echo request icmp
packet. Just testing by allowing all icmp in should confirm my suspicion
that it is an icmp related issue. Close it up afterwards again.

I will try and network monitor an microsoft traceroute and come back with
a better filtered solution.


Kim Oppalfens


>

>> I am not sure on the exact range used but 33434-33463 probably is correct.

>> 

>> So if the problem is reproducable by tracerouting from a win2k station

>

>> it is icmp related and not udp related.

>

>I see.  That explains why Russ Price and I were seeing different behavior

>than Tom Eastep.  Presumably the solution, then, would be to open up some

>"icmp" stuff in Shorewall, though I wouldn't hazard to guess what.

>

>Personally it doesn't really bother me that the first hop of traceroute

>always gets "* * *", now that I know it's to be expected.  (If the required

>Shorewall rule to fix it were easy, however, I'd probably go ahead and do

>so.)

>

>--

>Dan Harkless

>[EMAIL PROTECTED]

>http://harkless.org/dan/

>

>

>---

>This sf.net email is sponsored by: Dice - The leading online job board

>for high-tech professionals. Search and apply for tech jobs today!

>http://seeker.dice.com/seeker.epl?rel_code=31

>

>leaf-user mailing list: [EMAIL PROTECTED]

>https://lists.sourceforge.net/lists/listinfo/leaf-user

>SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] traceroute through Bering firewall

[Dan Harkless]

Kim Oppalfens <[EMAIL PROTECTED]> writes:
> 
> Microsoft traceroute uses icmp whereas unix traceroute tends to use udp 
> ports in the range above 33000.

Huh.  That's wild.  I didn't know UDP was useful for such things.  I'd've
thought there'd have to be like a "tracerouted" listening to some UDP
port(s) for it to work that way, whereas I thought the TCP/IP stack was
responsible for responding to certain ICMP messages, and that ICMP's whole
reason for being was things like ping and traceroute (and lower-level
equivalents).

> I am not sure on the exact range used but 33434-33463 probably is correct.
> 
> So if the problem is reproducable by tracerouting from a win2k station 
> it is icmp related and not udp related.

I see.  That explains why Russ Price and I were seeing different behavior
than Tom Eastep.  Presumably the solution, then, would be to open up some
"icmp" stuff in Shorewall, though I wouldn't hazard to guess what.

Personally it doesn't really bother me that the first hop of traceroute
always gets "* * *", now that I know it's to be expected.  (If the required
Shorewall rule to fix it were easy, however, I'd probably go ahead and do
so.)

--
Dan Harkless
[EMAIL PROTECTED]
http://harkless.org/dan/


---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Problems with Linksys Ethernet Card

[Patrick Teague]

Hello,

I have a Linksys 10BaseT/BNC Ethernet Combo card (I think it's LNE2, it's
definately PCI) I was hoping to use for my DSL connection.  So far the only
info on the appropriate drivers I've found has suggested using tulip.
However, tulip works fine to get my newer Linksys 10/100BaseT LAN Card to
work, but for some reason it can't detect the older one.  I've tried loading
tulip multiple times (having it listed 3 times, including various places
inside /etc/modules) but that doesn't work.  I've tried to have it load all
of the other network card modules listed under PCI ethernet cards & that
doesn't work (figured it wouldn't, but thought I'd try).

I've checked redhat & mandrake hardware listings, not sure if any of the
other distributions have hardware listings that might list the modules
required (mandrake sadly does not).  Working from 6-5 mon-sat doesn't help
either :)

thanks for the help :)

Patrick




---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Earthlink PPP connection info (was: Problem booting Bering RC3)

[Patrick Teague]

- Original Message -
From: "Brad Fritz" <[EMAIL PROTECTED]>
To: "Patrick Teague" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, July 26, 2002 11:02 AM
Subject: [leaf-user] Earthlink PPP connection info (was: Problem booting
Bering RC3)


>
> On Fri, 26 Jul 2002 04:19:45 CDT Patrick Teague wrote:
>
> > Where could I find information on how to get the PPP connection set up
for
> > my earthlink account?  It seems there's enough differences between
earthlink
> > & the compuserve example that earthlink won't let me stay connected very
> > long.
>
> Hmm.  I haven't looked at the compuserve example, but earthlink--at
> least the POPs I use--seem pretty typical.  Here's the PPP config I
> use for Earthlink on a Debian woody box...
> 

Yay, it works, but um...  any idea how to get it to redial or is the default
ppp.lrp in the Bering rc3 already set up to do that?

thanks for the help :)

Patrick




---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering - internet disappears, clues for newbie

[Tom Eastep]

On Mon, 29 Jul 2002, Tom Eastep wrote:

> ---
> 
> An RFC 1918 DNS server doesn't seem to be your problem.
> 

Er -- make that DHCP server

-Tom
-- 
Tom Eastep\ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ [EMAIL PROTECTED]



---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering - internet disappears, clues for newbie

[Tom Eastep]

On Mon, 29 Jul 2002, lbilyeu wrote:

> OK, I'm confused about what pump gives for statistics.
> 
> If my ISP is possibly using an RFC 1918 IP address on their DHCP server,
> shouldn't Pump list the Boot Server as such?
> 
> If Pump lists my renewal time as being ten (10) hours from now,
> and the expiration as being eleven (11) hours from now,
> shouldn't my system stay up for at least that long?
> 
> # pump -s
> Device eth0
>   IP: 65.34.116.16
>   Netmask: 255.255.254.0
>   Broadcast: 255.255.255.255
>   Network: 65.34.116.0
>   Boot server 65.32.2.175
---

An RFC 1918 DNS server doesn't seem to be your problem.

-Tom
-- 
Tom Eastep\ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ [EMAIL PROTECTED]



---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering - internet disappears, clues for newbie

[lbilyeu]

OK, I'm confused about what pump gives for statistics.

If my ISP is possibly using an RFC 1918 IP address on their DHCP server,
shouldn't Pump list the Boot Server as such?

If Pump lists my renewal time as being ten (10) hours from now,
and the expiration as being eleven (11) hours from now,
shouldn't my system stay up for at least that long?

# pump -s
Device eth0
IP: 65.34.116.16
Netmask: 255.255.254.0
Broadcast: 255.255.255.255
Network: 65.34.116.0
Boot server 65.32.2.175
Next server 0.0.0.0
Gateway: 65.34.116.1
Hostname: firewall
Domain: swfla.rr.com
Nameservers: 65.32.1.70 65.32.2.130
Renewal time: Tue Jul 30 10:24:47 2002
Expiration time: Tue Jul 30 11:54:47 2002



---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] re sh-httpd perm Bug

[Eric Wolzak]

Hello Dan, list

you wrote:  (Answer at the end , sorry (Copy and paste :) )

"Dan Harkless" <[EMAIL PROTECTED]> writes:
> In any case, doing a leaf-user archive search, it looks like one of the
> bugs I was going to report (sh-httpd should be in group 4 rather than 10,
> or it can't read log files after they get cycled) has already been
> discussed. Since the bug tracking isn't really used, though, it's not
> really possible to verify that this will be addressed in the successor to
> 1.0-rc3...

Actually, I just came across this page:


http://leaf.sourceforge.net/article.php?sid=43&mode=n
ested&order=0

which explains that sh-httpd was intentionally 
changed to GID 10 (which it
erroneously calls the "wheels" group, but that's 
"wheel", singular) in
1.0-rc3 to get weblet to work with the grsecurity-
patched kernel.

So it would appear that my above-mentioned fix of 
putting the group back to
4 (adm) isn't valid.  I'm curious why not, though.  
That's how my copy of
Bering is currently running (and I have rebooted 
since the change), and
weblet appears to be working fine.  What is it that 
wasn't working for the
authors until the sh-httpd group was changed to 
wheel?

If it _is_ necessary for sh-httpd to be in wheel, 
either the log-cycling
cron jobs (including the weblet-specific one) will 
need to be changed to
use -g wheel, or they'll need to be changed to use -m 
644 instead of -m
640.  This would seem to be a reasonable change, as 
the default (empty) log
files that come with Bering are indeed mode 644.  
They don't get changed to
mode 640 until the log cyclers run, and this disjoint 
seems undesirable.

--
Dan Harkless
[EMAIL PROTECTED]
http://harkless.org/dan/

--
What doesn't function anymore if the group of sh-
httpd is adm are parts of the viewsys page: 
the listing of the modules for example.
This was the reason the wheel ( not wheels you are 
right ;)) group was used.
In the new release of weblet the modification to the  
cron job assigning the logfiles to -g wheel is 
allready done.

Thanks for your feedback.

Eric Wolzak 
member of the bering crew.


---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] [ leaf-Support Requests-588245 ] Ducling VPN Setup

[noreply]

Support Requests item #588245, was opened at 2002-07-29 15:48
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=213751&aid=588245&group_id=13751

Category: None
Group: None
Status: Open
Priority: 5
Submitted By: Jeremy Perkins (djeremyperkins)
Assigned to: Nobody/Anonymous (nobody)
Summary: Ducling VPN Setup

Initial Comment:
I need help setting up a VPN box using the Ducling 
distribution - or point me to a well documented distro 
and I'll switch.

What I need to do is setup a VPN box for road warrior 
clients.  Documentation and assistance being available 
will be the deciding factors on my choice of disto.  I've 
read the article on Ducling from Linux Journal #93 and 
have a bootable disk with the static IP build, but I haven't 
been able to find the "bundled documentation" that 
seems to be the key to me understanding the next step.

Any pointers would be appreciated.

Jeremy

--

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=213751&aid=588245&group_id=13751


---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Motorola Surfboard/Charter Cable continued...

[Dr. Richard W. Tibbs]

Well, this is reassuring. For the record, we had a hiccup here in the 
Roanoke VA area that (probably) hosed the cable modem. I had to 
power-cycle the modem (and rebooted the Dach firewall) before 
connectivity was restored. The "muliple modems off-line" problem might 
be due to flaky head-end equipment, but in the case of this particular 
hiccup the online light was steady before I cycled it. I will look for 
that symptom as well, tho.
Thx.

Bruce Slade wrote:

> I also have the charter service, though not using leaf on it.  I have a
> linksys plugged into the cable modem.  The linksys receives the address
> via dhcp, with the linksys serving addresses to my internal network. 
> I'm out of the Kennewick, WA branch.  While not daily by any means (but
> very frequently), I have noticed that the charter network seems to fade
> away totally out of the blue.  When this has happened, I usually try to
> ping a known fixed IP down the road a ways, just to see if the charter
> dns servers are hosed, or if it is a network connection issue.  The
> greatest majority of the time it has been a network connection issue
> within the charter entity.  And when it has gone on for more than a few
> minutes I have called it in.  When I have been able to contact one of
> the good techs, it turns out that they show multiple cable modems off
> line, which points them back to something internal on their end.  A long
> story for which I appologize, but thought I would offer it in view of
> the questions and issues Dr. Tibbs refers to.
> 
> From what I have been told by multiple charter techs, they only use dhcp
> for home clients.  From my experience the "flakiness" is a result of
> network connection issues within charter, and not DNS issues.  DNS is
> usually the first indication of network connectivity issues, but from
> this end hasn't been the root cause of the connection problems.  When
> Dr. Tibbs starts having the DNS issues, watch the lights on the modem,
> and you will notice that the modem is really acting spazzy and that the
> "online" light will not be on steady.
> 
> Just my 25 cents to hopefully cast a little more light on the subject. 
> Dachstein isn't the only "firewall" that has issues on charter.
> 
> "Dr. Richard W. Tibbs" wrote:
> 
>>The LAN hosts are configured manually with the DNS servers from Charter.
>>Rather not do it this way, but I couldn't seem to get dnscache to serve
>>up names.   Hope to resolve this with a newer Dachstein or other leaf.
>>
>>Over 3 million boxes unpacked only a few thousand more
>>
>>Brad Fritz wrote:
>>
>>
>>>On Sun, 28 Jul 2002 09:39:48 EDT Dr. Richard W. Tibbs wrote:
>>>
>>>
>>>
The Dachstein
firewall has allowed access more-or-less continuously for several days
now, since the last reboot.  The "less" part has been that every so
often it appears that DNS service "goes away", that is hosts become
unreachable.  I can still ping the firewall's gateway addr
(192.168.1.254) during these periods.
The lease periods on the cable side of the firewall are 4-hour leases,
and the internal side of the firewall gives IP leases of 12 hours.


>>>  So possible explanations include
>>>
>>>
1) temporary lease "fumbling" every 4 hours.
2) flaky, overloaded DNS servers at Charter (what a surprise...)


>>>If you're running DNS cache on the router and the LAN hosts are
>>>using it, the answer to #2 is probably no.  dnscache should start
>>>with the root name servers and work their way down to resolve
>>>names.  Charter's DNS servers should be bypassed completely unless
>>>you're resolving a name for which those DNS servers are
>>>authoritative.  The exception is if you explicitely configure it
>>>to forward all queries or certain domains to Charter's DNS servers.
>>>(I've been jumping around in leaf-user postings, so forgive me if
>>>you indicated you are using such a setting in an earlier posting.)
>>>
>>>
>>>
Let me pursue a more recent Dachstein (or maybe Bering?) and see if the
problem persists.


>>>Good idea.
>>>
>>>--Brad
>>>
>>>
>>>
>>>---
>>>This sf.net email is sponsored by:ThinkGeek
>>>Welcome to geek heaven.
>>>http://thinkgeek.com/sf
>>>
>>>leaf-user mailing list: [EMAIL PROTECTED]
>>>https://lists.sourceforge.net/lists/listinfo/leaf-user
>>>SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
>>>
>>>
>>---
>>This sf.net email is sponsored by: Dice - The leading online job board
>>for high-tech professionals. Search and apply for tech jobs today!
>>http://seeker.dice.com/seeker.epl?rel_code=31
>>
>>leaf-user mailing list: [EMAIL PROTECTED]
>>https://lists.sourceforge.net/lists/listinfo/leaf-user
>>SR FAQ: http://leaf-project.org/pub/doc/docmanager

Re: [leaf-user] Linux firewalling rules, Dachstein

[eroger01]

In an unusual stroke of brilliance, I decided to call our service provider
and ask them to turn NATing off.  I'm waiting to hear back from them. 
Depending on what they say, I may be free and clear.
I have, however, gone back and undone that thing you told me to undo.

If they turn off NATing, I will undo the last few changes I've made, and
then the configuration should be pretty straightforward.
All I need for them to do is let my firewall have a public IP, right?

Thanks!

Eric Rogers
NOMM




---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Using ifconfig with Dachstein

[Brad Fritz]

On Mon, 29 Jul 2002 11:49:20 PDT Craig wrote:

> Hi folks,
> Let me start over. I'm using the Dachstein 1.0.2 CD which, I see, has
> the ifconfig.lrp module already on it. How do I get the ifconfig module
> to load upon start-up??? Do I- a.)Simply edit an existing "config" file?
> (Which file, and how do I find/edit it?) b.)Need to create an lrpkg.cfg
> file (How do I do that?). Thank you.

This thread

http://sourceforge.net/search/?type_of_search=mlists&forum_id=5483&group_id=13751&words=adding+to+syslinux.cfg+on+dcd&Search=Search&exact=1

with the subject "Adding to syslinux.cfg on DCD" in the leaf-user
list archive should have lots of valuable information for you.  It
talks about lrpkg.cfg vs. syslinux.cfg and how to burn new ISO
images if you change either and want to boot off CD-ROM rather than
a floppy.

--Brad



---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Where are the "config" files?

[Francois BERGERET]

Oups !

Sorry Craig,

The lrpkg.cfg is at the CD or floppy root !

I hope this more complete...

Best Regards
Francois BERGERET


---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Linux firewalling rules, Dachstein

[Michael D. Schleif]

[EMAIL PROTECTED] wrote:
> 
> > [2] Modify the Dachstein firewall rules accept this private network
> > from the router.  To do this, you will need to create a file:
> > /etc/ipchains.input in which you need add this line:
> >
> >   $IPCH -I input -j ACCEPT -p all -s 0/0 -d 192.168.50.0/24 -i
> >   $EXTERN_IF
> >
> > Also, create a file: /etc/ipchains.output in which you need add this
> > line:
> >
> >   $IPCH -I output -j ACCEPT -p all -s 0/0 -d 192.168.50.0/24 -i
> > $EXTERN_IF
> >
> > At the moment, I cannot remember whether or not else is required; but,
> > carefully review /etc/ipfilter.conf and you will find these:
> >
> >   $IPCH -A input -j DENY -p all -s 0/0 -d 192.168.0.0/16 -i $EXTERN_RIF
> >   $IPCH -A output -j DENY -p all -s 0/0 -d 192.168.0.0/16 -i $EXTERN_RIF
> >
> 
> I added the lines above to /etc/ipchains.output and /etc/ipchains.input,
> and now I can ping the router,

Originally, you said, "I can't ping, or, it seems, otherwise communicate
with, our ISP's on site router, or anything beyond it on the net."

So, this is progress ;>

> BUT I still can't reach the internet.
> I also changed those two lines above in /etc/ipfilter.conf to read
> "ACCEPT" where they said "DENY" (was that the right thing to do?), but
> doing that had no effect.

Un-do this.

> I'm one step closer, but not there yet...any more good *guesses* ;-)  ?

Please, publish the output of these commands:

ip addr

ip route

Also, publish *all* known configuration for the router.

It would seem that some gateway configuration is incorrect . . .

-- 

Best Regards,

mds
mds resource
888.250.3987

Dare to fix things before they break . . .

Our capacity for understanding is inversely proportional to how much we
think we know.  The more I know, the more I know I don't know . . .


---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Where is the lrpkg.cfg file?

[Francois BERGERET]

Hi Craig,

You must create yours with ae editor, for example.

You can have one on your CD - if you have a bootable CD - or HD,
for normal use, and you can have another one on an extra floppy,
with your test environment (other params in your packages and 
modules).

You can have different modules and packages pointed by your 
second lrpkg.cfg, if necessary.

Following mine on CD :

root,etc,local,modules,ppp,pppoe,keyboard,shorwall,dnscache,weblet

Following mine on floppy :

root,etc,local,modules,ppp,pppoe,keyboard,shorwall,dnscache,weblet,ipsec,mawk

You can see that I have IPSec lauched by my floppy version.
When I will be happy with my new params, I will burn another CD to
avoid the floppy.

Ah, I have forgotten : you must change the original isolinux.cfg to suppress
the previous suite of packages loaded. Following mine (on CD) :

display syslinux.dpy
timeout 0
default linux initrd=initrd.lrp init=/linuxrc root=/dev/ram0 boot=/dev/cdrom:iso9660 
PKGPATH=/dev/cdrom:iso9660,/dev/fd0u1680:msdos

As this, packages from CD are first loaded, but overwrited by floppy versions.
You can play with the order of loading as explained in the very good Jacques NILO's 
user manual ;)

I hope my english not too hard to understand, good luck !

Francois BERGERET,
in France.


-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]De la part de Craig
Envoye : lundi 29 juillet 2002 20:02
A : LEAF
Objet : [leaf-user] Where is the lrpkg.cfg file?


Hi folks,
Where is the lrpkg.cfg file? In order to be able to use the ifconfig.lrp
module from my Dachstein CD(and ifconfig commands), Erich told me
specify the module to load upon start-up, to edit this file...but I
don't know how to find it. Also, what is this acronym he keeps
using..."IIRC"??? Thank you.

Craig




---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Using ifconfig with Dachstein

[Troy Aden]

Is there a version of dhrelay.lrp and ifconfig.lrp that will work with
BERING? 

Thanks in advance.

 -Original Message-
From:   Erich Titl [mailto:[EMAIL PROTECTED]] 
Sent:   Monday, July 29, 2002 1:26 PM
To: [EMAIL PROTECTED]
Subject:Re: [leaf-user] Using ifconfig with Dachstein

Hi Craig

Craig wrote the following at 20:49 29.07.2002:
>Hi folks,
>Let me start over. I'm using the Dachstein 1.0.2 CD which, I see, has
>the ifconfig.lrp module already on it. How do I get the ifconfig module
>to load upon start-up??? Do I- a.)Simply edit an existing "config" file?
>(Which file, and how do I find/edit it?) b.)Need to create an lrpkg.cfg
>file (How do I do that?). Thank you.

b) is your friend

please read

http://lrp.steinkuehler.net/Packages/LRP-CD.htm

for all info about the CD distribution

cheers
Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16



---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code1

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code1

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Using ifconfig with Dachstein

[Erich Titl]

Hi Craig

Craig wrote the following at 20:49 29.07.2002:
>Hi folks,
>Let me start over. I'm using the Dachstein 1.0.2 CD which, I see, has
>the ifconfig.lrp module already on it. How do I get the ifconfig module
>to load upon start-up??? Do I- a.)Simply edit an existing "config" file?
>(Which file, and how do I find/edit it?) b.)Need to create an lrpkg.cfg
>file (How do I do that?). Thank you.

b) is your friend

please read

http://lrp.steinkuehler.net/Packages/LRP-CD.htm

for all info about the CD distribution

cheers
Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16



---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code1

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Add another network to bering

[Guitar Player]

Charles,

Sorry for making it more confusing, but here's a picture of what I have:

__
| |
|Internet|
|  (256k frac T) |
||
 ||
 ||
  ___||
| Dachstein- LRP  |
|   static IP |
|   12.x.x.x  |
| |
|__192.168.0.1|
||_
 internal net  __| |
 192.168.0.x   __| Clients 192.168.0.x |
||   |_|
  __||___
|   INA Card|
| 192.168.0.2   |
|   |
|___|
 ||
 ||
  Point to Point
128k frac T
 ||
  ___||__
| INA Card  |
| 192.168.1.1   |
|___|
 ||
 ||
   internal net  
   192.168.1.0 __|   |
   __| Clients 192.168.1.0   |
 |___|

The INA cards are basically routers put in by a phone company that does our 
phone system because the point to point t line carries 128 of data and the 
rest for phone to another location. I can connect to every computer/server 
across the point to point line from the 192.168.1.0 network except the 
Dachstein box. I hope I didn't confuse it even more:)

Thanks,
Kev


>From: "Charles Steinkuehler" <[EMAIL PROTECTED]>
>To: "Guitar Player" <[EMAIL PROTECTED]>, 
><[EMAIL PROTECTED]>
>Subject: Re: [leaf-user] Add another network to bering
>Date: Sat, 27 Jul 2002 13:25:03 -0500
>
> > Thanks for the help! I was reading something about Bering while I was
>typing
> > and that's why I have Bering in the Subject. I really am using
>Dachstein, so
> > I'll try the things you mentioned. There are actually 2 computers on
>the
> > 192.168.2.0 network with a small hub to an INA card (something that
>the
> > phone company put in and has 192.168.2.1) then accross the t line to
>another
> > INA card (192.168.1.2) to a switch which the dachstein box
>(192.168.1.1) is
> > in also. Is there a way to do it without adding a nic for the
>192.168.2.0
> > network? If not I can add it. Hope this helps my bad description in my
>first
> > post.
>
>Um...the description above is confusing me even more than your previous
>post.  I could take a WAG at what you're trying to describe, but that
>would probably only confuse things even more.  Try creating an ascii-art
>diagram of your network, and a clear description of exactly what you're
>trying to accomplish.  You don't have to use "network-eese", if you
>don't know the terms, but provide as much detail as possible.
>
>Remember, all I (or anyone else on the list who might want to help) know
>about your network is what you put in your e-mail.  For instance, what
>is the INA card you're referring to?  Is it something that plugs into
>one of your computers, or is it stand-alone?  Is "t line" your telephone
>line, implying the INA card is some sort of home-network (ie
>non-ethernet) interface, or something else entirely?
>
>Charles Steinkuehler
>http://lrp.steinkuehler.net
>http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)




_
Chat with friends online, try MSN Messenger: http://messenger.msn.com



---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Using ifconfig with Dachstein

[Craig]

Hi folks,
Let me start over. I'm using the Dachstein 1.0.2 CD which, I see, has
the ifconfig.lrp module already on it. How do I get the ifconfig module
to load upon start-up??? Do I- a.)Simply edit an existing "config" file?
(Which file, and how do I find/edit it?) b.)Need to create an lrpkg.cfg
file (How do I do that?). Thank you.

Craig




---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Simplify FW and ping question

[Ray Olszewski]

At 10:25 AM 7/29/02 -0700, Webmaster - Mars Society wrote:
>Setup - BeringRC3. Multiple dedicated IP's connected via Cablemodem. DMZ and
>MASQ'd net
>
>Question 1
[...]
Question 2
>   When a server is masq'd and dnat'd, how can you tell if ping is hitting
>the original ethernet port, or the final server?

Depends on who "you" are.

If you are the end that is pinging, there is no way to know (putting aside 
fancy tools used by crackers, an area I'm not knowledgeable about). All a 
ping is supposed to tell you is that some host responds to that address, 
not any details of what host it is.

If you are the end being pinged ... in the normal course of events, no 
records are kept of ping replies, you you are still out of luck. But if the 
server in question is running firewalling, you can set it to log icmp 
packets, which will let you know if the ping requests actually reach it. 
Or, on the firewall, you can log icmp packets that get forwarded. (At least 
these things are true of Linux servers and firewalls; since you don't say 
what OS your server is running, YMMV at that end.)


--
---"Never tell me the 
odds!"--
Ray Olszewski-- Han Solo
Palo Alto, California, USA  [EMAIL PROTECTED]
---



---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Linux firewalling rules, Dachstein

[eroger01]

> [2] Modify the Dachstein firewall rules accept this private network
> from the router.  To do this, you will need to create a file:
> /etc/ipchains.input in which you need add this line:
>
>   $IPCH -I input -j ACCEPT -p all -s 0/0 -d 192.168.50.0/24 -i
>   $EXTERN_IF
>
> Also, create a file: /etc/ipchains.output in which you need add this
> line:
>
>   $IPCH -I output -j ACCEPT -p all -s 0/0 -d 192.168.50.0/24 -i
> $EXTERN_IF
>
> At the moment, I cannot remember whether or not else is required; but,
> carefully review /etc/ipfilter.conf and you will find these:
>
>   $IPCH -A input -j DENY -p all -s 0/0 -d 192.168.0.0/16 -i $EXTERN_RIF
>   $IPCH -A output -j DENY -p all -s 0/0 -d 192.168.0.0/16 -i $EXTERN_RIF
>

I added the lines above to /etc/ipchains.output and /etc/ipchains.input,
and now I can ping the router, BUT I still can't reach the internet.
I also changed those two lines above in /etc/ipfilter.conf to read
"ACCEPT" where they said "DENY" (was that the right thing to do?), but
doing that had no effect.
I'm one step closer, but not there yet...any more good *guesses* ;-)  ?

Eric Rogers
NOMM




---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Where is the lrpkg.cfg file?

[Brad Fritz]

On Mon, 29 Jul 2002 11:01:52 PDT you wrote:

> Also, what is this acronym he keeps using..."IIRC"??? Thank you.

http://www.acronymfinder.com/af-query.asp?acronym=IIRC

--Brad



---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] including version numbers in help requests (was: Using ifconfig?)

[Brad Fritz]

On Mon, 29 Jul 2002 19:47:14 +0200 Erich Titl wrote:

> Craig
> 
> Craig wrote the following at 17:59 29.07.2002:
> >Hi folks,
> >I'm confused. My Dachstein CD already has an ifconfig.lrp file on it. Do
> >I need a different ifconfig.lrp module? Why doesn't the one I have work?
> >Thanks.
> 
> Sorry, a was not aware you had the CD version, you may have to specify
> which modules to load to the ramdisk, IIRC this is in the the lrpkg.cfg
> file on your floppy.

This is probably a good time to remind users submitting help requests
of the "How do I request help?" FAQ at
  http://leaf-project.org/pub/doc/docmanager/docid_1891.html
(also linked in the tagline on every posting) and its first bullet:

   ALWAYS include this information:

   * the exact name of the LEAF distribution and version you are
 running.

This is just one of several recent threads missing that information.
It is much easier to provide accurate troubleshooting assistance if
the distribution and version are included.  That statement is even
more true as the number of LEAF variants and versions increases, as
it has so quickly over the last few months.

[Climbing down from soapbox; thanks for listening.]

--Brad



---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Where is the lrpkg.cfg file?

[Craig]

Hi folks,
Where is the lrpkg.cfg file? In order to be able to use the ifconfig.lrp
module from my Dachstein CD(and ifconfig commands), Erich told me
specify the module to load upon start-up, to edit this file...but I
don't know how to find it. Also, what is this acronym he keeps
using..."IIRC"??? Thank you.

Craig




---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Using ifconfig?

[Brad Fritz]

On Mon, 29 Jul 2002 12:42:02 EDT George Georgalis wrote:

> On Mon, Jul 29, 2002 at 08:59:20AM -0700, Craig wrote:
> >Hi folks,
> >I'm confused. My Dachstein CD already has an ifconfig.lrp file on it. Do
> >I need a different ifconfig.lrp module? Why doesn't the one I have work?
> >Thanks.
> >
> >Craig
> 
> cannot help you with that, have not used the module.
> 
> Are you sure it's being loaded by defining it as part of LRP=... in your
> syslinux.cfg file?
> 
> if so try 
> 
> find / -name ipconfig

Just to add a few tidbits to already good suggestions from George...

"lrpkg -l" will list loaded modules.  ifconfig should show up if
it is loaded.  To load a single module without rebooting, you can
mount the medium that has the package, change to it's directory,
and issue a "lrpkg -i packagename".  For your cdrom setup, a

   mount -t iso9660 /dev/cdrom /mnt
   cd /mnt
   lrpkg -i ifconfig
   umount /mnt

(untested) will probably do it.  If you're using v1.0.1 or earlier,
you may need to replace "cdrom" with "hdX1" where X is a, b, c or d,
depending on what IDE interface your CD-ROM is installed on.

--Brad



---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Using ifconfig?

[Erich Titl]

Craig

Craig wrote the following at 17:59 29.07.2002:
>Hi folks,
>I'm confused. My Dachstein CD already has an ifconfig.lrp file on it. Do
>I need a different ifconfig.lrp module? Why doesn't the one I have work?
>Thanks.

Sorry, a was not aware you had the CD version, you may have to specify 
which modules to load to the ramdisk, IIRC this is in the the lrpkg.cfg 
file on your floppy.

HTH

Erich



THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16



---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code1

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Where are the "config" files?

[Craig]

Hi folks,
>From an earlier post, it was recommended for me to check the
"syslinux.cfg" file, but I don't have any idea where to find this file!
Once I know which directory it's within, to edit it do I simply type-
ae syslinux.cfg or???... Can I find and edit "config" files from the
main Dachstein menu? Is that easier???

Thank you,
Craig




---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Simplify FW and ping question

[Webmaster - Mars Society]

Setup - BeringRC3. Multiple dedicated IP's connected via Cablemodem. DMZ and
MASQ'd net

Question 1
  I can't seem to reach the DMZ boxes. What is the simplest ruleset to do
the following:

CABLEMODEM - [eth0 fw 1.1.1.1 -> eth2 192.168.10.254] ---> [192.168.10.244
HOST]

 [ eth3 192.168.2.254]> [Windows MASQ'd net]

Yukky ASCII art shows eth0 is connected via hub to cable modem and has a
dedicated IP. The IP (1.1.1.1) should appear to be an INTERNET server
(192.168.10.244), connected to eth2(192.168.10.254). A windows net is also
masqueraded out the same connection.

I believe there will be 2 MASQ entries:
eth0192.168.2.0/24
eth0192.168.10.244 1.1.1.1

and 1 rules entry:
DNATnet dmz:192.168.50.244 all - - 1.1.1.1

What else is needed?

Question 2
  When a server is masq'd and dnat'd, how can you tell if ping is hitting
the original ethernet port, or the final server?

thanks
harold miller


--
This message has been scanned for viruses and
dangerous content by NW.NET's MailScanner, and is
believed to be clean.



---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Using ifconfig?

[George Georgalis]

On Mon, Jul 29, 2002 at 08:59:20AM -0700, Craig wrote:
>Hi folks,
>I'm confused. My Dachstein CD already has an ifconfig.lrp file on it. Do
>I need a different ifconfig.lrp module? Why doesn't the one I have work?
>Thanks.
>
>Craig

cannot help you with that, have not used the module.

Are you sure it's being loaded by defining it as part of LRP=... in your
syslinux.cfg file?

if so try 

find / -name ipconfig

// George

-- 
GEORGE GEORGALIS, System Admin/Architectcell: 347-451-8229 
Security Services, Web, Mail,mailto:[EMAIL PROTECTED] 
File, Print, DB and DNS Servers.   http://www.galis.org/george 



---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Using ifconfig?

[Craig]

Hi folks,
I'm confused. My Dachstein CD already has an ifconfig.lrp file on it. Do
I need a different ifconfig.lrp module? Why doesn't the one I have work?
Thanks.

Craig




---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Motorola Surfboard/Charter Cable continued...

[Bruce Slade]

I also have the charter service, though not using leaf on it.  I have a
linksys plugged into the cable modem.  The linksys receives the address
via dhcp, with the linksys serving addresses to my internal network. 
I'm out of the Kennewick, WA branch.  While not daily by any means (but
very frequently), I have noticed that the charter network seems to fade
away totally out of the blue.  When this has happened, I usually try to
ping a known fixed IP down the road a ways, just to see if the charter
dns servers are hosed, or if it is a network connection issue.  The
greatest majority of the time it has been a network connection issue
within the charter entity.  And when it has gone on for more than a few
minutes I have called it in.  When I have been able to contact one of
the good techs, it turns out that they show multiple cable modems off
line, which points them back to something internal on their end.  A long
story for which I appologize, but thought I would offer it in view of
the questions and issues Dr. Tibbs refers to.

>From what I have been told by multiple charter techs, they only use dhcp
for home clients.  From my experience the "flakiness" is a result of
network connection issues within charter, and not DNS issues.  DNS is
usually the first indication of network connectivity issues, but from
this end hasn't been the root cause of the connection problems.  When
Dr. Tibbs starts having the DNS issues, watch the lights on the modem,
and you will notice that the modem is really acting spazzy and that the
"online" light will not be on steady.

Just my 25 cents to hopefully cast a little more light on the subject. 
Dachstein isn't the only "firewall" that has issues on charter.

"Dr. Richard W. Tibbs" wrote:
> 
> The LAN hosts are configured manually with the DNS servers from Charter.
> Rather not do it this way, but I couldn't seem to get dnscache to serve
> up names.   Hope to resolve this with a newer Dachstein or other leaf.
> 
> Over 3 million boxes unpacked only a few thousand more
> 
> Brad Fritz wrote:
> 
> > On Sun, 28 Jul 2002 09:39:48 EDT Dr. Richard W. Tibbs wrote:
> >
> >
> >>The Dachstein
> >>firewall has allowed access more-or-less continuously for several days
> >>now, since the last reboot.  The "less" part has been that every so
> >>often it appears that DNS service "goes away", that is hosts become
> >>unreachable.  I can still ping the firewall's gateway addr
> >>(192.168.1.254) during these periods.
> >>The lease periods on the cable side of the firewall are 4-hour leases,
> >>and the internal side of the firewall gives IP leases of 12 hours.
> >>
> >   So possible explanations include
> >
> >>1) temporary lease "fumbling" every 4 hours.
> >>2) flaky, overloaded DNS servers at Charter (what a surprise...)
> >>
> >
> > If you're running DNS cache on the router and the LAN hosts are
> > using it, the answer to #2 is probably no.  dnscache should start
> > with the root name servers and work their way down to resolve
> > names.  Charter's DNS servers should be bypassed completely unless
> > you're resolving a name for which those DNS servers are
> > authoritative.  The exception is if you explicitely configure it
> > to forward all queries or certain domains to Charter's DNS servers.
> > (I've been jumping around in leaf-user postings, so forgive me if
> > you indicated you are using such a setting in an earlier posting.)
> >
> >
> >>Let me pursue a more recent Dachstein (or maybe Bering?) and see if the
> >>problem persists.
> >>
> >
> > Good idea.
> >
> > --Brad
> >
> >
> >
> > ---
> > This sf.net email is sponsored by:ThinkGeek
> > Welcome to geek heaven.
> > http://thinkgeek.com/sf
> > 
> > leaf-user mailing list: [EMAIL PROTECTED]
> > https://lists.sourceforge.net/lists/listinfo/leaf-user
> > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
> >
> 
> ---
> This sf.net email is sponsored by: Dice - The leading online job board
> for high-tech professionals. Search and apply for tech jobs today!
> http://seeker.dice.com/seeker.epl?rel_code=31
> 
> leaf-user mailing list: [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] RE: Ethernet card config - Bering

[Brooke, Thomas]

I've got Bering rc3 set up with a single D-Link DFE-530TX+ (and a serial
modem).

I couldn't find rtl8139 in the Bering modules collection (downloaded
archive, not
on-line), and the rtl8139.o as supplied with the NIC didn't work.  I don't
have a
LEAF development box to build the source against, so I tried the other 8139
modules
that come with Bering: 8139cp and 8139too; only the latter worked.

The related modules I use are:

pci-scan
mii
8139too

Don't know if this will help or not.  And I have no clue as to why things 
seem to be working "half-way" for you.

-- Thom Brooke

>I'm having a problem I think is related to ethernet card configuration.
>
>My LEAF distribution is Bering_1.0-rc3 configured per chapter 4 of the
users
>guide for PPPoE.
>
>Output of "uname -a" is:
>
>Linux firewall 2.4.18 #4 Sun Jun 9 09:46:15 CEST 2002 i586 unknown
>
>
>My 2 ethernet cards are both D-Link DFE-530TX+, which are PCI cards.
>Relevant lines in /etc/modules are:
>
># /etc/modules: kernel modules to load at boot time.
>#
>
>-- snip 


---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering - internet disappears, clues for newbie

[Tom Eastep]

On Sun, 28 Jul 2002, lbilyeu wrote:

> > Can you dump
> > ipchains -t nat -vnL
> > and
> > ipchains -vnL
> 
> #
> ipchains: not found
> 
> Bering1.0 rc3, after a random time period, the internet disappears from 
> eth0.
> I have to reboot Bering and
> power-cycle the cable modem as well.
> 
> pump -s  gives me addresses outside of RFC1918 (65.34.x.x), so I don't 
> think that is the problem.
> The Renewal/expiration for my DHCP lease is for tomorrow.
> 
> What logs/dumps should I be examining for Bering rc3 diagnosis?
> 

/var/log/messages looking for "Shorewall" messages that refer to UDP ports 
67 and 68. If the message includes the string "rfc1918" then your ISP may 
be using an RFC 1918 IP address on their DHCP server and renewal is being 
blocked. The solution is to remove "norfc1918" from the entry for your 
external interface in /etc/shorewall/interfaces (note: there are other 
solutions but that one is the most foolproof).

If the messages don't include "rfc1918" then you may not have "dhcp" 
specified as an option for your external interface in 
/etc/shorewall/interfaces.

-Tom
-- 
Tom Eastep\ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ [EMAIL PROTECTED]



---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Using ifconfig?

[George Georgalis]

Try these... (the default is 'show')
ip addr
ip route
ip link
ip help
ip addr help
etc... I know the help is not easy, but it's all there

I bring up my interfaces something like this...

# first bring everything down...
d=`ip -o link show | cut -d: -f2`
for i in $d ; do
ip addr flush $i
ip link set $i down
done

# then bring up each interface like so...
ip link set lo up
ip link set eth0 up
ip addr add 127.0.0.1/8 label lodev lo
ip addr add 192.168.0.1/24  label eth0  dev eth0
ip route add 0/0via 12.34.56.78 table main # use your GW

Not sure how to ppp/chat with the ip command.

// George

On Mon, Jul 29, 2002 at 04:18:51PM +0200, Erich Titl wrote:
>Craig
>
>IIRC Dachstein by default does not have ifconfig but the iproute2 command 
>suite, e.g. you have to use ip.
>There is a ifconfig.lrp module at 
>http://leaf.sourceforge.net/devel/cstein/Packages/ifconfig.htm
>
>HTH
>
>Erich
>
>At 16:04 29.07.2002, you wrote:
>>Hi everyone,
>>How do I, or I should say, WHERE do I run the ifconfig command from???
>>I've tried just logging in to Dachstein, and changing to the sbin
>>directory and nothing works. Hmmph, I'm stumped! Thank you, have a great
>>week.
>>
>>Craig
>>
>>
>>
>>
>>---
>>This sf.net email is sponsored by: Dice - The leading online job board
>>for high-tech professionals. Search and apply for tech jobs today!
>>http://seeker.dice.com/seeker.epl?rel_code=31
>>
>>leaf-user mailing list: [EMAIL PROTECTED]
>>https://lists.sourceforge.net/lists/listinfo/leaf-user
>>SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
>
>THINK
>Püntenstrasse 39
>8143 Stallikon
>mailto:[EMAIL PROTECTED]
>PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16
>
>
>
>---
>This sf.net email is sponsored by: Dice - The leading online job board
>for high-tech professionals. Search and apply for tech jobs today!
>http://seeker.dice.com/seeker.epl?rel_code1
>
>leaf-user mailing list: [EMAIL PROTECTED]
>https://lists.sourceforge.net/lists/listinfo/leaf-user
>SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
>

-- 
GEORGE GEORGALIS, System Admin/Architectcell: 347-451-8229 
Security Services, Web, Mail,mailto:[EMAIL PROTECTED] 
File, Print, DB and DNS Servers.   http://www.galis.org/george 



---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code1

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Using ifconfig?

[Erich Titl]

Craig

IIRC Dachstein by default does not have ifconfig but the iproute2 command 
suite, e.g. you have to use ip.
There is a ifconfig.lrp module at 
http://leaf.sourceforge.net/devel/cstein/Packages/ifconfig.htm

HTH

Erich

At 16:04 29.07.2002, you wrote:
>Hi everyone,
>How do I, or I should say, WHERE do I run the ifconfig command from???
>I've tried just logging in to Dachstein, and changing to the sbin
>directory and nothing works. Hmmph, I'm stumped! Thank you, have a great
>week.
>
>Craig
>
>
>
>
>---
>This sf.net email is sponsored by: Dice - The leading online job board
>for high-tech professionals. Search and apply for tech jobs today!
>http://seeker.dice.com/seeker.epl?rel_code=31
>
>leaf-user mailing list: [EMAIL PROTECTED]
>https://lists.sourceforge.net/lists/listinfo/leaf-user
>SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16



---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code1

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Using ifconfig?

[Craig]

Hi everyone,
How do I, or I should say, WHERE do I run the ifconfig command from???
I've tried just logging in to Dachstein, and changing to the sbin
directory and nothing works. Hmmph, I'm stumped! Thank you, have a great
week.

Craig




---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Motorola Surfboard/Charter Cable continued...

[Dr. Richard W. Tibbs]

The LAN hosts are configured manually with the DNS servers from Charter.
Rather not do it this way, but I couldn't seem to get dnscache to serve 
up names.   Hope to resolve this with a newer Dachstein or other leaf.

Over 3 million boxes unpacked only a few thousand more

Brad Fritz wrote:

> On Sun, 28 Jul 2002 09:39:48 EDT Dr. Richard W. Tibbs wrote:
> 
> 
>>The Dachstein 
>>firewall has allowed access more-or-less continuously for several days 
>>now, since the last reboot.  The "less" part has been that every so 
>>often it appears that DNS service "goes away", that is hosts become 
>>unreachable.  I can still ping the firewall's gateway addr 
>>(192.168.1.254) during these periods.
>>The lease periods on the cable side of the firewall are 4-hour leases, 
>>and the internal side of the firewall gives IP leases of 12 hours.
>>
>   So possible explanations include
> 
>>1) temporary lease "fumbling" every 4 hours.
>>2) flaky, overloaded DNS servers at Charter (what a surprise...)
>>
>  
> If you're running DNS cache on the router and the LAN hosts are
> using it, the answer to #2 is probably no.  dnscache should start
> with the root name servers and work their way down to resolve
> names.  Charter's DNS servers should be bypassed completely unless
> you're resolving a name for which those DNS servers are
> authoritative.  The exception is if you explicitely configure it
> to forward all queries or certain domains to Charter's DNS servers.
> (I've been jumping around in leaf-user postings, so forgive me if
> you indicated you are using such a setting in an earlier posting.)
> 
> 
>>Let me pursue a more recent Dachstein (or maybe Bering?) and see if the 
>>problem persists.
>>
> 
> Good idea.
> 
> --Brad
> 
> 
> 
> ---
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> 
> leaf-user mailing list: [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
> 





---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] traceroute through Bering firewall

[Dan Harkless]

Tom Eastep <[EMAIL PROTECTED]> writes:
> On Tue, 23 Jul 2002, Russ Price wrote:
> > In other words:
> > 
> >ACCEPT  loc   fwudp 33434-33463
[...]
> Or if you use the proper syntax for a port range (:) 
> then iptables will be happy.
> 
> > In any case, whether I open one port on the local side or thirty, the 
> > first hop of the traceroute fails.
> 
> I can't reproduce this problem

It happens with my Bering 1.0-rc3 machine as well (doing the tracer[ou]t[e]
from a Win2K box on my LAN).  Putting:

ACCEPT  loc   fwudp 33434:33463

in /etc/shorewall/rules and restarting shorewall doesn't help (although I
personally have to plead ignorance as to why that would be a potential
solution -- I thought traceroute used ICMP).

> -- are you seeing any Shorewall messages in your log?

Not in my logs.  Last thing in there is the message saying that "Shorewall
Restarted".


--
Dan Harkless
[EMAIL PROTECTED]
http://harkless.org/dan/


---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering - internet disappears, clues for newbie

[George Georgalis]

On Sun, Jul 28, 2002 at 11:03:08PM -0400, lbilyeu wrote:
>> Can you dump
>> ipchains -t nat -vnL
>> and
>> ipchains -vnL
>
>#
>ipchains: not found
>
>Bering1.0 rc3, after a random time period, the internet disappears from 
>eth0.
>I have to reboot Bering and
>power-cycle the cable modem as well.
>

Yes, per my other response the command should be iptables...

iptables -t nat -vnL > zz
iptables --vnL >> zz

add this too...
ip addr >> zz

Then send/copy the zz file over to the list. I'm thinking your DHCP
lease is changing faster than your firewall rules. It would probably work
fine to turn on anti-spoofing and masq everything from the LAN net to
0/0.

# Turn on reverse path filtering
# Since we don't have any asymmetric routing, we can simply turn on
# anti-spoofing for all interfaces.
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f; done

iptables -t nat -A POSTROUTING -s $192.168.0.0/24 -o ppp0 -j $M
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0  --state NEW -j ACCEPT


>pump -s  gives me addresses outside of RFC1918 (65.34.x.x), so I don't 
>think that is the problem.
>The Renewal/expiration for my DHCP lease is for tomorrow.
>
>What logs/dumps should I be examining for Bering rc3 diagnosis?

I haven't looked at pump logs in a while, but I suspect it's changing 
the IP when you loose functionality.

// George

-- 
GEORGE GEORGALIS, System Admin/Architectcell: 347-451-8229 
Security Services, Web, Mail,mailto:[EMAIL PROTECTED] 
File, Print, DB and DNS Servers.   http://www.galis.org/george 



---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Anyone compiled nsupdate for LEAF?

[Dan Harkless]

Jacques Nilo <[EMAIL PROTECTED]> writes:
> > Has anyone ever compiled the nsupdate tool (from the BIND distro -- see
> > ) for Bering (or other LEAF/LRP variants)?  I searched
> > the mailing list archives and didn't find any mentions of this...
>
> Here you are. Give it a try (untested) and let us know.
> The package is here:
> http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/nsupdate.lrp
> The doc is here:
> http://leaf.sourceforge.net/devel/jnilo/manpages/nsupdate.html

Merci beaucoup, Jacques!  I really appreciate that!

The nsupdate executable you compiled works great, and I've written an
/etc/network/if-up.d/ifup_nsupdate script that automatically does a
TSIG-signed DNS update whenever the appropriate interface (e.g. ppp0 in the
PPP/PPPoE case) comes up.

I made the script general-purpose so that it would be of use to others
besides myself, and I've made a new nsupdate.lrp that includes it and
related files.  I submitted the new version via the web interface (request
ID 587970).  Hopefully you can write over the current

with this.

When that's done, one of us should make an announcement to leaf-announce as
to the availability of the package.

In the meantime, if anyone just wants to take a look at the ifup_nsupdate
script alone (it should also work on a non-LEAF Linux box), it's also
available at:

http://harkless.org/dan/software/ifup_nsupdate

--
Dan Harkless
[EMAIL PROTECTED]
http://harkless.org/dan/


---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering - internet disappears, clues for newbie

[George Georgalis]

On Sun, Jul 28, 2002 at 07:46:55PM -0700, Tom Eastep wrote:
>On Sun, 28 Jul 2002, George Georgalis wrote:
>
>> 
>> Do you mean if you reboot it, it works again? Can you dump 
>> ipchains -t nat -vnL 
>> and
>> ipchains -vnL
>> 
>> to the list? Post again if you have trouble with this...
>> 
>
>George -- the poster is running Bering so dumping ipchains isn't 
>relevant.

Yes, well I meant iptables,
iptables -t nat -vnL > zz
iptables --vnL >> zz


>Also, it is unlikely that his iptables configuration is spontaneously 
>changing itself after it has been running for a while

But it sounds like it's not keeping up with his DHCP lease so I wanted
to see how the rules are.

// George


-- 
GEORGE GEORGALIS, System Admin/Architectcell: 347-451-8229 
Security Services, Web, Mail,mailto:[EMAIL PROTECTED] 
File, Print, DB and DNS Servers.   http://www.galis.org/george 



---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [Leaf-devel] Re: [leaf-user] Bering: PPTP server updated (pptpd.lrp)

[Dan Harkless]

Mike Noyes <[EMAIL PROTECTED]> writes:
> On Sat, 2002-07-27 at 22:48, Jacques Nilo wrote:
> > Le Dimanche 28 Juillet 2002 01:55, Dan Harkless a écrit :
> > > Jacques Nilo <[EMAIL PROTECTED]> writes:
> > > Isn't this the kind of thing that should be sent to the leaf-announce
> > > mailing list?
[...]
> > I agree. There use to be a time where the traffic on leaf-user was not that 
> > big. But time have changed.
[...]
> Jacques,
> The reason for the announce list has always been: News and important
> changes in the project are announced here. (Announcements, Developer
> news, Security advisories)
> http://leaf-project.org/mod.php?mod=userpage&menu=12&page_id=5
> 
> Everyone,
> Announcements should be posted on our leaf-announce list, and/or posted
^^
> on our phpWebSite. Please don't cross post announcements to leaf-user.

Um, that "and/or" worries me a bit.  I hope important things like security
advisories, bugfix updates, and the like are always posted to
leaf-announce.  Not "_or_ posted on our phpWebSite".

A "pull" medium like a website is not appropriate as the only conduit for
important announcements like that, as not everyone has time to continually
check the website.

That's what "push" media like announcement email lists are for.

--
Dan Harkles
[EMAIL PROTECTED]
http://harkless.org/dan/


---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering - internet disappears, clues for newbie

[peter vander kleut]

- Original Message -
From: "peter vander kleut" <[EMAIL PROTECTED]>
To: "lbilyeu" <[EMAIL PROTECTED]>
Sent: Monday, July 29, 2002 10:34 AM
Subject: Re: [leaf-user] Bering - internet disappears, clues for newbie


> I've had a similar problem, which turned out to be a fault at the ISP
side,
> their routet (first hop from your external interface) would check dhcp
> leases with their dhcp server if their dhcp server was down you would
> get any pages/mail etc. it was possible to ping ip's on your subnet but
> nothing beyond that. You said you could ping your firewall, is that the
> internal or the external networkcard?
> if you can ping both and ping hosts on your (local external) subnet, but
not
> the next hop router (your.ext.net.1) then it could be a problem at the ISP
>
> Peter vander Kleut
>
>
>
> - Original Message -
> From: "lbilyeu" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, January 01, 1970 7:46 PM
> Subject: [leaf-user] Bering - internet disappears, clues for newbie
>
>
> > I'm using Bering 1.0 rc3 with roadrunner cable modem.
> >
> > My system initially works just fine.
> > I can access the outside net from my NAT users.
> > I can also login to the firewall and ping an external Domain as well as
> > a direct address on the internet at large.
> >
> > After a while, the outside internet just disappears.
> > I can still contact Bering/Weblet, and ping the firewall from the
> > internal network.
> > Ping attempts to a domain from the firewall machine to the internet at
> > large now return nothing.
> > Attempting to ping an external address directly also returns nothing.
> > pump -s says my DHCP lease is still good until tomorrow.
> >
> > Any suggestions?
> >
> > thanks...
> >
> >
> >
> > ---
> > This sf.net email is sponsored by:ThinkGeek
> > Welcome to geek heaven.
> > http://thinkgeek.com/sf
> > 
> > leaf-user mailing list: [EMAIL PROTECTED]
> > https://lists.sourceforge.net/lists/listinfo/leaf-user
> > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
>




---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html