[leaf-user] CD and NFS Support in Bering.
Hi, the thing is i would like to have a BOOTCD with Bering and have all my packages installed on a NFS server is that possible. And if it is, how? Regards Dennis. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] WISP and DiskOnChip
You need to add modules for DOC into initrd, and modify location of packages in syslinux.cfg. [EMAIL PROTECTED] wrote: Hello all, In my never-ending battle to get DOC support in EVERYTHING, I'm attempting to use WISP on a DOC. To get dachstein to boot, Charles custom compiled a kernel for me (I think) I never did get Bering to boot from DOC WISP generates a kernel panic due to it's inability to load any packages. What's the correct procedure for getting WISP to boot from a DOC? Load a driver at boot time? How? It should be supported by the MTD Driver as a /dev/fla device. I have one system running wisp, but that has a hard drive in it. Thanks for any assistance, Pat --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html -- Best Regards, Vladimir Systems Engineer (RHCE) --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Dachstein-CD eth3 / DMZ error
I am trying to setup a DMZ with a few extra ips I have. And I can't figure out where I went wrong. My interface configs look like this: eth0_IPADDR=66.93.80.54 eth0_MASKLEN=24 eth0_BROADCAST=255.255.255.0 # Use this to set the default route if required - ONLY one to be set. # routed or gated could be used to set this so only use if not running these. eth0_DEFAULT_GW=66.93.80.1 # Secondary IP addresses/networks on same wire - add them here eth0_IP_EXTRA_ADDRS=66.93.80.148 . eth1_IPADDR=192.168.65.254 eth1_MASKLEN=24 eth1_BROADCAST=192.168.65.255 eth2_IPADDR=192.168.2.254 eth2_MASKLEN=24 eth2_BROADCAST=192.168.2.255 (IPSec WAN interface) eth3_IPADDR=10.72.104.97 eth3_MASKLEN=28 eth3_BROADCAST=10.72.104.111 . INTERN_IF=eth1# Internal Interface INTERN_NET=192.168.65.0/24 10.72.104.96/28 INTERN_IP=192.168.65.254 # IP number of Internal Interface # (to allow forwarding to external IP) MASQ_SWITCH=YES # Masquerade internal network to outside # world - YES/NO DMZ_SWITCH=PRIVATE DMZ_IF=eth2 DMZ_NET=192.168.2.0/24 DMZ_SERVER0=tcp 66.93.80.148 www 192.168.2.1 www DMZ_SERVER1=tcp 66.93.80.148 ftp 192.168.2.1 ftp I also have this line in my ipfilter.conf to allow the eth3 net to get to the eth1 net just after the INTERN_xxx_SERVER lines: $IPCH -A forward -b -j ACCEPT -s 10.72.104.96/28 -d 192.168.65.0/24 Now here is the error I get when i run 'svi network reload'. I have tracked it down to the DMZ_SERVERx list. When I comment them out the error list shrinks. IP filters: /sbin/ipchains: can only specify ports for icmp, tcp or udp Try `/sbin/ipchains -h' or '/sbin/ipchains --help' for more information. /sbin/ipchains: invalid port/service `10.72.104.96/28' specified Try `/sbin/ipchains -h' or '/sbin/ipchains --help' for more information. /sbin/ipchains: invalid port/service `10.72.104.96/28' specified Try `/sbin/ipchains -h' or '/sbin/ipchains --help' for more information. /etc/init.d/network: [B/sbin/ipchains: not found firewall [IP Forwarding: ENABLED] And When I turn the DMZ=NO I have this error: Starting Network: [IP Always Defrag: ENABLED] IP filters: /etc/init.d/network: [B/sbin/ipchains: not found I've been staring at this for hours and can't figure out what is causing it. Thanks In advance Alec --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] IPSec doesn't found public interface
Thanks Erich and others, my CD problem is resolved now ! And, I don't know what ! I have probably modify something in one file, may be isolinux, that previously stroked my CD capacity... It is realy possible to overload the superfloppy, a contrario my previous e-mails. I apologyze myself to have left a doubt about this. This is due to my lack of knowledge about linux and ISO image. But, I have not be able to start correctly my Bering with IPSec. Always Pluto saying not found public interface (with a dynamic IP), and IPSec stoped each time. I have tested this : ipsec tncfg --attach --virtual ipsec0 --physical ppp0 and this have changed ipsec tncfg by aparently linking IPSec to PPP0, and if I ping PCs to other side of my tunnel, activity is seen at my ADSL modem output. But, if I type : ipsec setup --restart, nothing seems occur and I have the same error messages as Bering starting : no public interface founded. I plan to connect an IP traffic analyser to see what is outgoing... Some ideas ? Best Regards to all readers, François BERGERET, France. -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]De la part de Erich Titl Envoyé : lundi 5 août 2002 23:38 À : [EMAIL PROTECTED] Objet : RE: [leaf-user] IPSec doesn't found public interface Salut François François BERGERET wrote the following at 23:15 05.08.2002: Hi Chad ! Thanks in advance for your wondefull job. Is it possible to modify your actual cd image to increase the capacity that is only superfloppy image and no a 'normal' hard disk image ? I don't know how to insert IPSec in my actual CD because my requirements increase Bering floppy to more than 2 Mega Bytes and do the CD bugging at boot. So, I am waiting for a solution and, during this time, I use external supplementary modules and packages for IPSec loaded from the floppy. But I could prefer to have all the distro on the CD, of course... CD is more reliable ! Do you use isolinux or syslinux to boot your CD?Isolinux is not limited to any floppy size. regards Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Dachstein-CD eth3 / DMZ error
Now here is the error I get when i run 'svi network reload'. I have tracked it down to the DMZ_SERVERx list. When I comment them out the error list shrinks. IP filters: /sbin/ipchains: can only specify ports for icmp, tcp or udp Try `/sbin/ipchains -h' or '/sbin/ipchains --help' for more information. /sbin/ipchains: invalid port/service `10.72.104.96/28' specified Try `/sbin/ipchains -h' or '/sbin/ipchains --help' for more information. /sbin/ipchains: invalid port/service `10.72.104.96/28' specified Try `/sbin/ipchains -h' or '/sbin/ipchains --help' for more information. /etc/init.d/network: [B/sbin/ipchains: not found firewall [IP Forwarding: ENABLED] And When I turn the DMZ=NO I have this error: Starting Network: [IP Always Defrag: ENABLED] IP filters: /etc/init.d/network: [B/sbin/ipchains: not found I've been staring at this for hours and can't figure out what is causing it. Thanks In advance It's hard to say exactly what's wrong, but I think one (or more) of the files used to configure networking firewall rules has gotten corrupted...possibly a dos/unix EOL mis-match, or perhaps an incorrect/unrecognized eschape character sequence in a remote editor window (it sure looks like the [B got accidentally added before /sbin/ipchains, to create the last error above, and there could be other hidden problems). It looks like you've got the DMZ configuration variables set correctly, so I'd try running a DOS-unix EOL converter, looking through the configuration files manually, and/or possibly copying them from a fresh Dachstein image and re-configuring network.conf. FYI, files involved in setting up networking/firewalls, and hence possibly causing errors if corrupted include: /etc/init.d/network /etc/network.conf /etc/ipfilter.conf /etc/ipchains.* You can do the dos2unix conversion with your favorite tool/editor on a remote system (move files via ssh/scp/floppy/whatever), or directly on the firewall with sed (requires crafty shell quoting) or something like charconv (available from my site: http://lrp.steinkuehler.net/files/packages/Utilities/charconv ). Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bourne SHell prompt problems
On Fri, Jul 05, 2002 at 10:25:23AM -0500, Charles Steinkuehler wrote: I've tried about fifteen ways to get the prompt to look like this: [root@firewall /usr/sbin]# --- where /usr/sbin is a current working directory To get PWD as part of the prompt in ash, you have to intercept the cd command (and other commands that might change your directory)...details are available in the SF FAQ-o-matic: http://sourceforge.net/docman/display_doc.php?docid=5178group_id=13751 This is also a shell FAQ; look at http://www.faqs.org and look at the comp.unix.shell FAQ, question 2.4: How do I get the current directory into my prompt? Others have explained it already, but there you go anyway. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] libnsl.lrp found
On Mon, Aug 05, 2002 at 12:48:13PM -0500, Russ Price wrote: I finally found a copy at http://leaf.sourceforge.net/devel/ddouthitt/packages/ Suggestion: we need a better way of indexing/cataloging LRP packages. That directory would be my package repository... That particular directory contains over 300 packages; cataloguing them is a very big job - though a worthy one. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
The firewall has been in place for some time working great. We recently began testing an internal mail server. It has been tested internally fine. It can also send mail externally fine. However, even though we have opened up the SMTP port everywhere in the firewall, when you send mail outside to the machine, sendmail gets it into the mail queue but then the message is deferred since it cannot talk back through the firewall. The error message reads (Deferred: Connection timed out with XXX.XXX.XXX.XXX.) where the XXX's are the firewall real-world IP address. The port forwarding is also set up on the SMTP port. We have checked through the config and found nothing that helps. Please advise. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] HOW TO ADD STATIC ROUTES TO BERING..
Someone who posted a reply earlier was right, in that seeing your routing table would be helpful to others who are trying to solve your problem. When I first started playing with static routes in Bering, I found that Bering was creating its own default routes based on the interfaces that were defined. I cheated my way around this a little by adding a line near the end of my /etc/init.d/network file that called a route script. The route script began by flushing all existing routes, and then defining my own. Bob Pocius From: Troy Aden [EMAIL PROTECTED] /mailarchive/message.php?msg_id=1925173 /mailarchive/message.php?msg_id=1925173 RE: HOW TO ADD STATIC ROUTES TO BERING.. /mailarchive/message.php?msg_id=1925173 2002-08-06 14:10 I managed to get the static routes added. But still no joy. Here is what my interfaces file looks like. SNIP # /etc/network/interfaces -- configuration file for LEAF network # J. Nilo, April 2002 # # Loopback interface. auto lo iface lo inet loopback # Step 1: configure external interface # uncomment/adjust one of the following 4 options # Option 1.1 (default): eth0 / dynamic IP from pump/dhclient #auto eth0 #iface eth0 inet dhcp # # Option 1.2: eth0 / Fixed IP (assumed to be 1.2.3.4). # (broadcast/gateway optional) auto eth0 iface eth0 inet static address 192.168.141.1 masklen 24 auto eth1 iface eth1 inet static address 192.168.142.1 masklen 24 auto eth2 iface eth2 inet static address 192.168.143.1 masklen 24 auto eth3 iface eth3 inet static address 192.168.147.1 masklen 24 broadcast 192.168.147.255 gateway 192.168.147.4 # # up ip route add 192.168.140.0/24 via 192.168.147.3 |true up ip route add 192.168.144.0/24 via 192.168.147.2 |true up ip route add 192.168.145.0/24 via 192.168.147.2 |true up ip route add 192.168.146.0/24 via 192.168.147.2 |true # END SNIP I see that all my interfaces come up fine at boot. I do a ip addr and all my NICs are up. I do a ip route show and all my routes appear to be up as well. But something is still interfering with the routes because I can't ping to the servers on our .147 subnet. I have removed shorewall.lrp from the disk because this is not a firewall it is a router only. This is where I suspect the problem is. As I recall there is a router/firewall switch in Dachstein. Is there a command that I should be entering in the interfaces file to tell this box that it is a router? Why is this not working? A couple footnotes to this, I have removed shorewall.lrp and ADDED ifconfig.lrp and dhcrelay.lrp. I am receiving no errors on boot up so I suspect I am just missing a command somewhere. Can someone please help me out. (Yes I have read the interfaces manpage but I did not read anything that explains how to do this.) Thanks in advance. Troy --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] (no subject) - internal mail server - not available to outside world
First we need to know what distro of LEAF are you using. Second, I believe that within the network.conf there is a segment that describes having an internal mail server, and allowing connections to make it back to it. I haven't currently done this, but it will be something I am working on. In my future situation, I plan to run the mail and web server of the same box. I'll be following this thread for my own knowledge as well... Joey -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Craig Heil Sent: Friday, August 09, 2002 2:19 PM To: [EMAIL PROTECTED] Subject: [leaf-user] (no subject) The firewall has been in place for some time working great. We recently began testing an internal mail server. It has been tested internally fine. It can also send mail externally fine. However, even though we have opened up the SMTP port everywhere in the firewall, when you send mail outside to the machine, sendmail gets it into the mail queue but then the message is deferred since it cannot talk back through the firewall. The error message reads (Deferred: Connection timed out with XXX.XXX.XXX.XXX.) where the XXX's are the firewall real-world IP address. The port forwarding is also set up on the SMTP port. We have checked through the config and found nothing that helps. Please advise. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Dachstein-CD eth3 / DMZ error
I managed to get the 'IP filters: /etc/init.d/network: [B/sbin/ipchains: not found' error gone by replacing the ipfilter.conf and networks file with new ones. but am still have the invalid port service error.before I redo a new network.conf does this bug still exist?? Re: [Leaf-user] 4 NIC LRP -Dachstein CD- only one internal IP forwards to internet http://www.mail-archive.com/leaf-user@lists.sourceforge.net/msg05123.html Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Charles Steinkuehler Sent: Friday, August 09, 2002 1:19 PM To: Alec Miller; [EMAIL PROTECTED] Subject: Re: [leaf-user] Dachstein-CD eth3 / DMZ error Now here is the error I get when i run 'svi network reload'. I have tracked it down to the DMZ_SERVERx list. When I comment them out the error list shrinks. IP filters: /sbin/ipchains: can only specify ports for icmp, tcp or udp Try `/sbin/ipchains -h' or '/sbin/ipchains --help' for more information. /sbin/ipchains: invalid port/service `10.72.104.96/28' specified Try `/sbin/ipchains -h' or '/sbin/ipchains --help' for more information. /sbin/ipchains: invalid port/service `10.72.104.96/28' specified Try `/sbin/ipchains -h' or '/sbin/ipchains --help' for more information. /etc/init.d/network: [B/sbin/ipchains: not found firewall [IP Forwarding: ENABLED] And When I turn the DMZ=NO I have this error: Starting Network: [IP Always Defrag: ENABLED] IP filters: /etc/init.d/network: [B/sbin/ipchains: not found I've been staring at this for hours and can't figure out what is causing it. Thanks In advance It's hard to say exactly what's wrong, but I think one (or more) of the files used to configure networking firewall rules has gotten corrupted...possibly a dos/unix EOL mis-match, or perhaps an incorrect/unrecognized eschape character sequence in a remote editor window (it sure looks like the [B got accidentally added before /sbin/ipchains, to create the last error above, and there could be other hidden problems). It looks like you've got the DMZ configuration variables set correctly, so I'd try running a DOS-unix EOL converter, looking through the configuration files manually, and/or possibly copying them from a fresh Dachstein image and re-configuring network.conf. FYI, files involved in setting up networking/firewalls, and hence possibly causing errors if corrupted include: /etc/init.d/network /etc/network.conf /etc/ipfilter.conf /etc/ipchains.* You can do the dos2unix conversion with your favorite tool/editor on a remote system (move files via ssh/scp/floppy/whatever), or directly on the firewall with sed (requires crafty shell quoting) or something like charconv (available from my site: http://lrp.steinkuehler.net/files/packages/Utilities/charconv ). Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: SMTP problem (was: [leaf-user] (no subject))
At 03:18 PM 8/9/02 -0400, Craig Heil wrote: The firewall has been in place for some time working great. We recently began testing an internal mail server. It has been tested internally fine. It can also send mail externally fine. However, even though we have opened up the SMTP port everywhere in the firewall, when you send mail outside to the machine, sendmail gets it into the mail queue but then the message is deferred since it cannot talk back through the firewall. The error message reads (Deferred: Connection timed out with XXX.XXX.XXX.XXX.) where the XXX's are the firewall real-world IP address. The port forwarding is also set up on the SMTP port. We have checked through the config and found nothing that helps. Please advise. We need a bit more detail to be able to help. First, what version of LEAF are you using? Second, are you using its default firewalling or one of the drop-in firewall options? And am I correct in assuming that your LAN is NAT'd? Third, you say you have opened up the SMTP port everywhere in the firewall but that your internal SMTP server is failing because it cannot talk back through the firewall. Given the error message you quote, the reasonable inference is that the second of your two statements is correct, which suggests that the first is wrong. So ... *how* did you open the SMTP port? Fourth, might your ISP be the actual culprit here? I've heard of (but not actually seen) ISPs that block incoming traffic to port 25 at their customers' IP addresses, in order to force the customers to use the ISP's mail servers as (POP3 or IMAP) relays. Finally, could you take another shot at explaining the circumstances under which the SMTP server fails to deliver? I read what you wrote to mean that if somebody tries to send an email to [EMAIL PROTECTED], where yourdomaim.com resolves to the IP address of your firewall, then the message gets stuck in the MTA (e.g., sendmail) queue of the sending machine (or whatever it uses as a relay for outgoing mail). That is, the sendmail you refer to is -NOT- the MTA you are running on your mail server. But that interpretation involves a lot of reading between the lines, so your confirming or correcting it would be worth while. -- ---Never tell me the odds! Ray Olszewski -- Han Solo Palo Alto, California, USA[EMAIL PROTECTED] --- --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Dachstein-CD eth3 / DMZ error
I managed to get the 'IP filters: /etc/init.d/network: [B/sbin/ipchains: not found' error gone by replacing the ipfilter.conf and networks file with new ones. but am still have the invalid port service error.before I redo a new network.conf does this bug still exist?? Re: [Leaf-user] 4 NIC LRP -Dachstein CD- only one internal IP forwards to internet http://www.mail-archive.com/leaf-user@lists.sourceforge.net/msg05123.htm l Yes, I believe this bug still exists (at least it's still in the latest Dachstein release I'm running)...good job finding this on the mailing list...I'd forgotten about that bug, and my development server with the todo bug lists is still off-line after my big office move at the end of last month : Anyway, if you want to continue to use a private DMZ (your other option would be Static-NAT or Proxy-ARP), you can play guinea pig and try the following... You'll need to change the DMZ_reverse_masq procedure in /etc/ipfilter.conf...it's got the only reference to INTERN_IF in the whole file, so it's easy to find. Find the following lines which provide reverse-masquerading for port-forwarded DMZ connections when accessed from the internal network: # For internal connections $IPCH -A forward -j MASQ -p $1 -s $DMZ_NET $DST_PORT \ -d $INTERN_NET -i $INTERN_IF Change to the following to support multiple internal networks: # For internal connections for NET in $INTERN_NET; do $IPCH -A forward -j MASQ -p $1 -s $DMZ_NET $DST_PORT \ -d $NET done; unset NET This change should allow multiple internal networks with a private DMZ. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Dachstein-CD eth3 / DMZ error
OK, That change seems to have removed the /sbin/ipchains: invalid port/service `10.72.104.96/28' error I am getting this error now: IP filters: /sbin/ipchains: can only specify ports for icmp, tcp or udp Try `/sbin/ipchains -h' or '/sbin/ipchains --help' for more information. and these denys: Packet log: forward DENY eth2 PROTO=6 10.72.104.98:1559 192.168.2.1:80 Packet log: forward DENY eth2 PROTO=6 192.168.65.12:3590 192.168.2.1:80 when I type in the URL to the host in the DMZ. I am guessing I have misconfig in the network.conf that blocks traffic into the DMZ from the eth0_IP_EXTRA_ADDRS? (which I never figured out from the start) Thanks again, Alec -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Charles Steinkuehler Sent: Friday, August 09, 2002 4:01 PM To: Alec Miller; [EMAIL PROTECTED] Subject: Re: [leaf-user] Dachstein-CD eth3 / DMZ error I managed to get the 'IP filters: /etc/init.d/network: [B/sbin/ipchains: not found' error gone by replacing the ipfilter.conf and networks file with new ones. but am still have the invalid port service error.before I redo a new network.conf does this bug still exist?? Re: [Leaf-user] 4 NIC LRP -Dachstein CD- only one internal IP forwards to internet http://www.mail-archive.com/leaf-user@lists.sourceforge.net/msg05123.htm l Yes, I believe this bug still exists (at least it's still in the latest Dachstein release I'm running)...good job finding this on the mailing list...I'd forgotten about that bug, and my development server with the todo bug lists is still off-line after my big office move at the end of last month : Anyway, if you want to continue to use a private DMZ (your other option would be Static-NAT or Proxy-ARP), you can play guinea pig and try the following... You'll need to change the DMZ_reverse_masq procedure in /etc/ipfilter.conf...it's got the only reference to INTERN_IF in the whole file, so it's easy to find. Find the following lines which provide reverse-masquerading for port-forwarded DMZ connections when accessed from the internal network: # For internal connections $IPCH -A forward -j MASQ -p $1 -s $DMZ_NET $DST_PORT \ -d $INTERN_NET -i $INTERN_IF Change to the following to support multiple internal networks: # For internal connections for NET in $INTERN_NET; do $IPCH -A forward -j MASQ -p $1 -s $DMZ_NET $DST_PORT \ -d $NET done; unset NET This change should allow multiple internal networks with a private DMZ. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Dachstein-CD eth3 / DMZ error
oh, and I started out from scratch with a new network.conf too. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Charles Steinkuehler Sent: Friday, August 09, 2002 4:01 PM To: Alec Miller; [EMAIL PROTECTED] Subject: Re: [leaf-user] Dachstein-CD eth3 / DMZ error I managed to get the 'IP filters: /etc/init.d/network: [B/sbin/ipchains: not found' error gone by replacing the ipfilter.conf and networks file with new ones. but am still have the invalid port service error.before I redo a new network.conf does this bug still exist?? Re: [Leaf-user] 4 NIC LRP -Dachstein CD- only one internal IP forwards to internet http://www.mail-archive.com/leaf-user@lists.sourceforge.net/msg05123.htm l Yes, I believe this bug still exists (at least it's still in the latest Dachstein release I'm running)...good job finding this on the mailing list...I'd forgotten about that bug, and my development server with the todo bug lists is still off-line after my big office move at the end of last month : Anyway, if you want to continue to use a private DMZ (your other option would be Static-NAT or Proxy-ARP), you can play guinea pig and try the following... You'll need to change the DMZ_reverse_masq procedure in /etc/ipfilter.conf...it's got the only reference to INTERN_IF in the whole file, so it's easy to find. Find the following lines which provide reverse-masquerading for port-forwarded DMZ connections when accessed from the internal network: # For internal connections $IPCH -A forward -j MASQ -p $1 -s $DMZ_NET $DST_PORT \ -d $INTERN_NET -i $INTERN_IF Change to the following to support multiple internal networks: # For internal connections for NET in $INTERN_NET; do $IPCH -A forward -j MASQ -p $1 -s $DMZ_NET $DST_PORT \ -d $NET done; unset NET This change should allow multiple internal networks with a private DMZ. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] WISP and DiskOnChip
Thanks for the reply. Would you happen to make it available on a website or ftp someplace? It should be part of the standard 2.4 kernel by now. --Pat On Fri, 9 Aug 2002, Vladimir I. wrote: You need to add modules for DOC into initrd, and modify location of packages in syslinux.cfg. [EMAIL PROTECTED] wrote: Hello all, In my never-ending battle to get DOC support in EVERYTHING, I'm attempting to use WISP on a DOC. To get dachstein to boot, Charles custom compiled a kernel for me (I think) I never did get Bering to boot from DOC WISP generates a kernel panic due to it's inability to load any packages. What's the correct procedure for getting WISP to boot from a DOC? Load a driver at boot time? How? It should be supported by the MTD Driver as a /dev/fla device. I have one system running wisp, but that has a hard drive in it. Thanks for any assistance, Pat --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering 1.0rc3 - RoadRunnerCable, connection suddenly fails
swfla.rr.com == aka == timewarner/roadrunner cable I'm using the default setup on the Bering_1.0rc3 floppy1680 image ---except I went ahead and removed norfc1918 from /etc/shorewall/interfaces' eth0 Initially the users connected behind the firewall are able to use services, then after a random amount of time the internet dissapears. The internal network can still reach weblet on the firewall, but all requests NAT to the internet fail. From the firewall/Bering box itself, pump -s says I still have valid lease, but it sure doesn't act like it. If I issue shorewall stop, svi networking stop, power cycle the modem, svi networking start, shorewall start, svi networking restart; the connection to the internet at large is restored. It doesn't appear to be a physical ISP failure, because I can do this immediately after the disconnect. I can also reboot bering powercycle the modem and get immediate connection. The disconnect appears after a random amount of time, sometimes a few minutes, sometimes after more that 12 hours. eth0 is outside - connected to the rr cablemodem eth1 is inside - connected to hub eth2 is unused what follows are via the firewall/bering box console. uname= Linux firewall 2.4.18 #4 Sun Jun 9 09:46:15 CEST 2002 i486 unknown ip addr show === 1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:00:c5:04:db:e8 brd ff:ff:ff:ff:ff:ff inet 65.34.117.132/23 brd 255.255.255.255 scope global eth0 4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:40:f6:f4:e5:d4 brd ff:ff:ff:ff:ff:ff inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1 5: eth2: BROADCAST,MULTICAST mtu 1500 qdisc noop qlen 100 link/ether 00:40:33:90:fc:3a brd ff:ff:ff:ff:ff:ff ip route show == 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254 65.34.116.0/23 dev eth0 proto kernel scope link src 65.34.117.132 default via 65.34.116.1 dev eth0 pump -s= Device eth0 IP: 65.34.117.132 Netmask: 255.255.254.0 Broadcast: 255.255.255.255 Network: 65.34.116.0 Boot server 65.32.2.175 Next server 0.0.0.0 Gateway: 65.34.116.1 Hostname: firewall Domain: swfla.rr.com Nameservers: 65.32.1.70 65.32.2.130 Renewal time: Sat Aug 10 05:29:08 2002 Expiration time: Sat Aug 10 06:59:08 2002 netstat -nr- netstat: not found traceroute: not found ping a FQN that will normally respond never responds, have to kill process. I am not getting info back from the nameserver. All pings that follow are to numerical addresses x.x.x.x see pump -s section above for appropriate address numbers These ping(s) will succeed when firewall is first booted. ping one, then the other nameserver- never responds, have to kill process. 100% packet loss ping gateway- never responds, have to kill process. 100% packet loss ping bootserver/DHCPserver-- never responds, have to kill process. 100% packet loss ping address outside ISP that normally responds- never responds, have to kill process. 100% packet loss iptables -nvL=== Chain INPUT (policy DROP 2 packets, 144 bytes) pkts bytes target prot opt in out source destination 560 52190 ACCEPT ah -- lo * 0.0.0.0/0 0.0.0.0/0 565 160K eth0_inah -- eth0 * 0.0.0.0/0 0.0.0.0/0 373 24430 eth1_inah -- eth1 * 0.0.0.0/0 0.0.0.0/0 0 0 common ah -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOGah -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:' 0 0 reject ah -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 7434 5349K eth0_fwd ah -- eth0 * 0.0.0.0/0 0.0.0.0/0 6112 758K eth1_fwd ah -- eth1 * 0.0.0.0/0 0.0.0.0/0 0 0 common ah -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOGah -- * * 0.0.0.0/0
Re: [leaf-user] Bering 1.0rc3 - RoadRunnerCable, connection suddenlyfails
What NIC driver are you using? I had the same behavior when I moved from Dachstein to Bering. The DS driver appeared to work, but would randomly drop the connection. Probably not recompiled for the Bering's kernel/compiler. Harry Kitt lbilyeu wrote: swfla.rr.com == aka == timewarner/roadrunner cable I'm using the default setup on the Bering_1.0rc3 floppy1680 image ---except I went ahead and removed norfc1918 from /etc/shorewall/interfaces' eth0 Initially the users connected behind the firewall are able to use services, then after a random amount of time the internet dissapears. The internal network can still reach weblet on the firewall, but all requests NAT to the internet fail. From the firewall/Bering box itself, pump -s says I still have valid lease, but it sure doesn't act like it. If I issue shorewall stop, svi networking stop, power cycle the modem, svi networking start, shorewall start, svi networking restart; the connection to the internet at large is restored. It doesn't appear to be a physical ISP failure, because I can do this immediately after the disconnect. I can also reboot bering powercycle the modem and get immediate connection. The disconnect appears after a random amount of time, sometimes a few minutes, sometimes after more that 12 hours. eth0 is outside - connected to the rr cablemodem eth1 is inside - connected to hub eth2 is unused what follows are via the firewall/bering box console. uname= Linux firewall 2.4.18 #4 Sun Jun 9 09:46:15 CEST 2002 i486 unknown ip addr show === 1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:00:c5:04:db:e8 brd ff:ff:ff:ff:ff:ff inet 65.34.117.132/23 brd 255.255.255.255 scope global eth0 4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:40:f6:f4:e5:d4 brd ff:ff:ff:ff:ff:ff inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1 5: eth2: BROADCAST,MULTICAST mtu 1500 qdisc noop qlen 100 link/ether 00:40:33:90:fc:3a brd ff:ff:ff:ff:ff:ff ip route show == 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254 65.34.116.0/23 dev eth0 proto kernel scope link src 65.34.117.132 default via 65.34.116.1 dev eth0 pump -s= Device eth0 IP: 65.34.117.132 Netmask: 255.255.254.0 Broadcast: 255.255.255.255 Network: 65.34.116.0 Boot server 65.32.2.175 Next server 0.0.0.0 Gateway: 65.34.116.1 Hostname: firewall Domain: swfla.rr.com Nameservers: 65.32.1.70 65.32.2.130 Renewal time: Sat Aug 10 05:29:08 2002 Expiration time: Sat Aug 10 06:59:08 2002 netstat -nr- netstat: not found traceroute: not found ping a FQN that will normally respond never responds, have to kill process. I am not getting info back from the nameserver. All pings that follow are to numerical addresses x.x.x.x see pump -s section above for appropriate address numbers These ping(s) will succeed when firewall is first booted. ping one, then the other nameserver- never responds, have to kill process. 100% packet loss ping gateway- never responds, have to kill process. 100% packet loss ping bootserver/DHCPserver-- never responds, have to kill process. 100% packet loss ping address outside ISP that normally responds- never responds, have to kill process. 100% packet loss iptables -nvL=== Chain INPUT (policy DROP 2 packets, 144 bytes) pkts bytes target prot opt in out source destination 560 52190 ACCEPT ah -- lo * 0.0.0.0/0 0.0.0.0/0 565 160K eth0_inah -- eth0 * 0.0.0.0/0 0.0.0.0/0 373 24430 eth1_inah -- eth1 * 0.0.0.0/0 0.0.0.0/0 0 0 common ah -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOGah -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:' 0 0 reject ah -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 7434 5349K
Re: [leaf-user] WISP and DiskOnChip
On Fri, 9 Aug 2002 [EMAIL PROTECTED] wrote: Thanks for the reply. Would you happen to make it available on a website or ftp someplace? It should be part of the standard 2.4 kernel by now. There are a whole passel of mtd drivers in the Bering_1.0-rc3_modules_2.4.18.tar.gz file. I don't know if they have been used for Bering yet... Note that I am pretty sure these are the open source versions... not the proprietary ones developed by MTD which have wear-leveling algorithms built-in. --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
