[leaf-user] 1-to-1 NAT
I'm trying to configure a backup/replacement of a Sonicwall firewall which sits between our company LAN and an ADSL router. We have been allocated a range of IP addresses 212.107.213.9 (the adsl modem) 212.107.213.10 (firewall WAN interface) 212.107.213.11 (incoming email comes to this address) 212.107.213.12 (DMZ - not used yet) We run MS Exchange on the LAN server (192.168.175.1) - there is a 'one-to-one NAT' entry in the firewall which lets incoming mail through to the mail server (directs incoming traffic 212.107.213.11 192.168.175.1) I've sucessfully got the Dachstein LEAF Firewall (floppy disk) running and browsing pages across a test network with the external and internal interfaces set the same as the Sonicwall (213.107.212.10 and 192.168.175.9 respectively). I'm struggling to find how I can set a rule which would direct mail arriving at 212.107.213.11 to the mail server at 192.168.175.1. I've searched and read a fair bit, and this page sounds the most promising.? http://sourceforge.net/docman/display_doc.php?docid=10418group_id=13751 Can anyone tell me if I'm on the right track? I don't have alot of experience with Linux or firewalls yet - any help would be appreciated. Cheers, MW *** * the exact name of the LEAF distribution and version you are running: dachstein-v1.0.2-1680 * the exact kernel version you are running Linux firewall 2.2.19-3-LEAF #1 * the complete, exact output of ip addr show 1: lo: LOOPBACK,UP mtu 3924 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope global lo 2: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:60:08:5e:90:46 brd ff:ff:ff:ff:ff:ff inet 213.107.212.10/29 brd 213.107.212.15 scope global eth0 3: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:08:c7:39:af:07 brd ff:ff:ff:ff:ff:ff inet 192.168.175.9/24 brd 192.168.175.255 scope global eth1 * the complete, exact output of ip route show 213.107.212.8/29 dev eth0 proto kernel scope link src 213.107.212.10 192.168.175.0/24 dev eth1 proto kernel scope link src 192.168.175.9 default via 213.107.212.9 dev eth0 * the exact wording of any ping failure responses (there are some FAQ entries http://sourceforge.net/docman/display_doc.php?docid=4099group_id=13751 to help you). From the LEAF box, I can ping the WAN and LAN interfaces, and the machines attached to those interfaces. * The output fromipchains -nvL: Chain input (policy DENY: 0 packets, 0 bytes): pkts bytes target prot opttosa tosx ifname mark outsize sourcedestination ports 0 0 DENY icmp l- 0xFF 0x00 * 0.0.0.0/00.0.0.0/0 5 - * 0 0 DENY icmp l- 0xFF 0x00 * 0.0.0.0/00.0.0.0/0 13 - * 0 0 DENY icmp l- 0xFF 0x00 * 0.0.0.0/00.0.0.0/0 14 - * 0 0 DENY all l- 0xFF 0x00 eth0 0.0.0.0 0.0.0.0/0 n/a 0 0 DENY all l- 0xFF 0x00 eth0 255.255.255.255 0.0.0.0/0 n/a 0 0 DENY all l- 0xFF 0x00 eth0 127.0.0.0/8 0.0.0.0/0 n/a 0 0 DENY all l- 0xFF 0x00 eth0 224.0.0.0/4 0.0.0.0/0 n/a 0 0 DENY all l- 0xFF 0x00 eth0 10.0.0.0/8 0.0.0.0/0 n/a 0 0 DENY all l- 0xFF 0x00 eth0 172.16.0.0/120.0.0.0/0 n/a 0 0 DENY all l- 0xFF 0x00 eth0 192.168.0.0/16 0.0.0.0/0 n/a 0 0 DENY all l- 0xFF 0x00 eth0 0.0.0.0/80.0.0.0/0 n/a 0 0 DENY all l- 0xFF 0x00 eth0 128.0.0.0/16 0.0.0.0/0 n/a 0 0 DENY all l- 0xFF 0x00 eth0 191.255.0.0/16 0.0.0.0/0 n/a 0 0 DENY all l- 0xFF 0x00 eth0 192.0.0.0/24 0.0.0.0/0 n/a 0 0 DENY all l- 0xFF 0x00 eth0 223.255.255.0/24 0.0.0.0/0 n/a 0 0 DENY all l- 0xFF 0x00 eth0 240.0.0.0/4 0.0.0.0/0 n/a 0 0 DENY all l- 0xFF 0x00 eth0 192.168.175.0/24 0.0.0.0/0 n/a 0
RE: [leaf-user] LCDproc package for Bering
Works well. Thanks for your help. Did lrpkg -i lcd, then gave svi lcd start. Mohan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Luis.F.Correia Sent: 29 August 2002 03:46 To: [EMAIL PROTECTED] Subject: RE: [leaf-user] LCDproc package for Bering lrpkg -I not tested, probably not supported :) The proper syntax is inside the lcd's init script. try this after you've lrpkg -I it: svi lcd stop svi lcd start and see what's come up in the LCD. Note: This lcd driver is NOT for console work, only to display stats and such. For lcdproc usage, please visit www.lcdproc.org Note 2: the file I've uploaded is set up for my particular lcd device, which is 24x2. Please update lcdd.conf to reflect your device settings, usually 16x2 or 20x2. Please, pretty please try it my way. If it doesn't work my way, I promise I will look for it again, but not otherwise. Take care. -Original Message- From: S Mohan [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 28, 2002 8:12 PM To: 'Luis.F.Correia'; [EMAIL PROTECTED] Subject: RE: [leaf-user] LCDproc package for Bering No. I did a lrpkg -I lcd and then invoked lcdd from the command prompt. Many boards specify VGA/LCD in the output interface. Does this mean that a special output point for such LCD displays is available for such boards? I'm raising this question as I found one such entry in the lcd server conf too. Mohan. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Luis.F.Correia Sent: Wednesday, August 28, 2002 5:09 PM To: [EMAIL PROTECTED] Subject: RE: [leaf-user] LCDproc package for Bering Hum... That's strange. Have you included the provided lcd.lrp in syslinux.cfg? Can you show me the boot messages? -Original Message- From: S Mohan [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 28, 2002 9:38 AM To: Luis.F.Correia; [EMAIL PROTECTED] Subject: RE: [leaf-user] LCDproc package for Bering I downloaded this package and installed it. Invoking lcdd gave the following error: Invalid driver: curses Could not load driver curses There is no output driver Critical error: main.c:237, abort. Any pointers? Mohan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Luis.F.Correia Sent: 19 August 2002 22:24 To: [EMAIL PROTECTED] Subject: [leaf-user] LCDproc package for Bering Hi! As I replied earlier to a LCD related question, I have for compiled lcdproc from the stable branch. It is available for download at: http://www.geocities.com/lfcorreia/lcd.lrp.tgz http://www.geocities.com/lfcorreia/lcd.lrp.tgz Please remove the '.TGZ' extension as Geocities does not allow it. There are two main places to change config, one in the startup script for the client, lcdproc and other in the lcdd.conf file for the server. I know, I should have made a proper webpage but I have not had the time to properly activate my developer area... Vacation spoils a lot of things :) Luis Correia PGP Fingerprint: BC44 D7DA 5A17 F92A CA21 9ABE DFF0 3540 2322 21F6 Key Server: http://pgp.mit.edu http://pgp.mit.edu --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: Jabber - The world's fastest growing real-time communications platform! Don't just IM. Build it in! http://www.jabber.com/osdn/xim leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: Jabber - The world's fastest growing real-time communications platform! Don't just IM. Build it in! http://www.jabber.com/osdn/xim leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] LCDproc
I've got LCDproc working thanks to Luis' patience. Like he said, I do not seem to find documentation. What would the command line options for LCDproc be? Can I pipe a string thro' lcdproc to display it on the screen without having to write a program? Mohan --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Pump verbose logging.
Hi, Just wondered if anyone knew how I could make Pump logging a bit less verbose. Thanks --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] ipsec509 packages configuration
is there any partiqular reason why i don't find a ipsec entry under the lrcfg packagemanegement when using ipsec509.lrp from this location ? http://leaf.sourceforge.net/devel/jnilo/bering/update/freeswan-1.98b/ i thought that ipsec509.lrp under bering don't require ipsec.lrp ? mvh Ronny Aasen Datapart AS --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] The 'shorewall' command
I have a tiny question regarding the 'shorewall' command: Some shorewall commands like 'shorewall stop' ,'shorewall restart' amog others are not executed when typed. Instead my must run the more extensive 'svi shorewall restart'.. I've tried looking in the shorewall script but I can't see the problem. Maybe Tom or someone else can shed som light on this? I'm running Bering rc-3 with Shorewall 1.3.5b.. /Anders --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] LCDproc
No, lcdproc has a protocol to create clients. Please go to www.lcdproc.org and read the docs. Meanwhile, here are the options available for lcdproc (the client): From the main.c source file [C]PU [M]emory [X]-load (load histogram) [T]ime/Date [A]bout (credits) [O]ld Timescreen big cloc[K] Old [U]ptime Screen [B]attery Status Cpu histogram [G]raph [S]ize of biggest programs [D]isk stats But... if you just type 'lcdproc' you'll get the same info. Mohan, please read the docs before posting! -Original Message- From: S Mohan [mailto:[EMAIL PROTECTED]] Sent: Friday, August 30, 2002 10:25 AM To: [EMAIL PROTECTED] Subject: [leaf-user] LCDproc I've got LCDproc working thanks to Luis' patience. Like he said, I do not seem to find documentation. What would the command line options for LCDproc be? Can I pipe a string thro' lcdproc to display it on the screen without having to write a program? Mohan --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] SST-DoM experiment
Dear Mike/Lynn/Brad: I soldered a jumper on my SST DoM. I expected it to give me a mounted as readonly filesystem message when it is mounted. It did not. I saved a file to that fs by piping output of ls to a file. That also went thro'. I was puzzled. I then tried an explicit sync - Module reported an error No DRQ after issuing write. Status error status=0x51 (DriveReady SeekComplete error) Status error status=0x04 (DriveStatusError) This make the drive read only but looks convoluted. Does it not? I removed the jumper and did a sync, it went thro' smoothly. I expected the system to report readonly at mount time like it does for write-protect floppies. Any other experiences? Mohan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of guitarlynn Sent: 30 August 2002 10:37 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] Webbased configuration combined reply to several posts and some ideas (at the bottom): On Thursday 29 August 2002 14:59, Charles Steinkuehler wrote: to leaf-devel. Is anyone ready to work on and/or discuss any sections of this??? I can commit to any updates/modifications to sh-httpd that may be required. I think it's possible to dramatically increase the CGI response of the existing sh-httpd when running CGI's, which would be a big help for a CGI driven admin interface. Great! I had JamesSturdevant send me his patched sh-httpd binary since several of us had major problems applying the diff he had posted. I can send it to you off-list. I haven't dug through it or done a diff myself, but the POST function does work per my testing. I can also help with architure, debugging, and (hopefully) crafty solutions to difficult scripting problems, but I can't commit to writing a major chunk of code due to current time constraints (although this may change suddenly if the company I work for suddenly craters :-/ ). I understand, I have a little more time once I finish roofing my house (within the weekend, I hope). I can distribute what testing code I have presently, but the architecture will definately need the be the first thing on the todo list. I have compiled the su-wrapper binary that will solve the write permissions problems as well. I'm presently working with SF on fixing my CVS access, as SF has blocked all SSH connections from my Desktop the last couple of days. :-((( BTW, I hope everything is still maintaning for you on the work end! *WACKY THOUGHT* - If we use sh-httpd as the web-server, and shell-script CGI's, would there be any benifit to wrapping the whole thing into a unified structure? In other words, create a custom script-based CGI interface, rather than trying to match standard CGI...something like a shell-script version of PHP. It could probably be faster/smaller than sticking with a conventional web-server/CGI approach, but would be less portable to other web servers. Something to think about. I hate to break any portability, but it would be a serious consideration being that Weblet would essentially be integrated and only LEAF style OS's would likely use it. It would also be a space saver on the floppy end. Good idea! *WACKY IDEA #2* I've been investigating forth, and will be working on a micro-controller based hygrometer project running forth on an Ateml AVR processor in the near future. I've been wanting access to a scripting language more powerful than shell-script on LEAF, and I think forth might fit the bill. It's possible to compile forth without *ANY* libc requirements, but with the ability to talk *DIRECTLY* to the kernel (so you could load libc and make calls to it, if you really wanted, and do pretty much anything you want...remember the irreplacable part of libc is essentially an interface between C programs and the kernel, the rest is just a bunch of standard routines to ma ke programmer's lives a bit easier). That's a lot of power for an interpreter that would probably weigh in at 10K to 20K Bytes, with code that can potentially run at near optimized C speeds (ie *WAY* faster than shell-script)! Good idea, but I don't know if any of us except Charles and David D are familiar with Forth. I think I wrote a hello world! program in Forth around 15 years ago, but I haven't retained any more about the language since then. It was a low-level language similar to machine language if I remember right. :-) I've wanted to code an initial bootstrap loader in forth for a while (something that would boot from CD/Floppy/whatever, and optionally swap out the kernel, allowing fancy boot-time configuration w/o having to re-burn a CD to set kernel options. The ability to make kernel calls from a script, w/o having any libc or /bin/sh dependencies is very cool for a boot-loader. I also think an available forth interpreter could potentially help the construction of a new packaging system as well as fancy CGI admin scripts. Maybe a few of us should spend some
[leaf-user] Re: Outdoor 802.11b to Ethernet Gateway / Brouter
One last point of note. Have the manufacturers ever stopped to ponder why they do not sell alot of broadcast equipment? PRICE! Every one of you are more concerned with coming up with the next proprietary OS for your hardware, that the RD costs skyrocket. I was pleased to see that ActionTec is one of the first to produce an open architecture AP running Linux. Someone finally got it. We WISP's would rather spend retail money developing a Linux based solution than using some proprietary crap. Why? Because we can do diagnostics on something we know. Who has time to learn some new OS when you are trying to build a company? We also are tired of manufacturers giving us the optimal conditions specs on their equipment. I have not heard of one WISP that operates in the environments you test in. You shaould also know that we are not your typical WISP. We do RD on developing products and solutions specifically for WISP's. We operate our own WISP. We use what we design in an actual real world environment. It's obvious that some manufacturers see the direction some of us are going with Linux, or your post wouldn't have landed on our list. To give you an example of our engineering style, we have a broadcast tower operating at 260ft. We acheive 6 mile ptmp links using an 8dbi smoke detector antenna at the client site WITHOUT an amp. We can get up to 14 miles using a 8dbi omni w/250mw amp. We have ptp links feeding repeater towers at 14 miles away getting the full 11mb with siganl levels around 51db, and SNR at 32 (both sides). Now, if your company or any other manufacturer and/or supplier can tell how we accomplish this, then they truly understand our space. To date, I have not found ONE that can even come close to figuring it out and that includes Agere! I must commend you for your tennacious spirit in defending your comany and the manufacturers in general. My opinions may never count for much, but someday just as Microsoft and others have learned, we have a new wonder drug. It's free and it's powerful. What is it? LINUX! Thomas Johnson CEO, Intechmedia Broadband (919)-639-7115 http://www.intechmedia.com - Original Message - From: Robert Wey [EMAIL PROTECTED] To: Thomas Johnson [EMAIL PROTECTED] Sent: Friday, August 30, 2002 6:16 AM Subject: Re: Outdoor 802.11b to Ethernet Gateway / Brouter Also as a point of note, I can buy a PC104 board and load it with my Linux system I have running and do exactly as the AirBridge does for about $300.And that's a RETAIL price for parts! And this includes the radio card, RF connection hardware for an antenna, a NEMA enclosure, mounting hardware, a POE power extractor with a voltage regulator, packaging and assembly labor costs? With manufacturers getting volume and wholesale discount pricing, there should be no reason for either a PTP or CPE device to retail over $300.00 COMPLETE. True enough generally speaking, but no single outdoor wireless unit is selling in 100s of thousands volume...OEMs combined. Indoor wireless like the Linksys equipment? Sure. A good example of high cost may perhaps be amplifiers. Some go for around $450.00, which seem exorbident. Consider however, they are not selling these like Bic lighters and are trying to get some return on RD, mfg'ing and marketing investment before the technology change renders them obsolete. 802.11g anyone? As popularity pics up, more OEMs will come to the game and competative economics will take over. Its no different than the high cost of color TVs back in the early 60's or, for that matter, PCs back in the 80's. The volume simply isn't there yet. It's just another excuse for companies to try and take advantage of unknowing WISP's and rape them on the cost of equipment and misinform them on how to design their system correctly. As long as they sell product, that's all they care about. One could say the same about WISP's taking advantage of unknowing customers and raping them for domain registering, bandwidth settings, and web hosting! An interesting debate no doubt and while I disagree on some issues, I do appreciate your feed back Regards, R. Wey DI Inc. --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering 1.0 rc3 / Reboot
Hello, I'm using bering 1.0 rc3. When I launch the command : reboot The firewall executes successfully several commands and the displays Rebooting... Restarting System... but nothing happens... and the firewall doesn't reboot. If I use Dachstein on the same computer, the command reboot is successful... Any idea ? Thanks. Blaise --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] ipsec509 packages configuration
Hi Ronny, I think you have this backwards. From what I understand, you only need the IPSec.lrp and not the IPSec509.lrp unless you're planning to use SSH-Sentinel or the built-in Windows IPSec client, in which case you'll need the IPSec509.lrp to enable x.509 certificate support. To do this, load both ipsec.lrp *AND* ipsec509.lrp and make sure ipsec509 is listed *AFTER* ipsec in the lrpkg.cfg file, for everything to work properly. Here's a link you might find handy, too. http://www.natecarlson.com/include/showpage.php?cat=linuxpage=ipsec-x50 9 Cheers, Craig --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering 1.0 rc3 / Reboot
I think the command is: shutdown -r now Isn't it??? Craig --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ipsec509 packages configuration
On Fri, 2002-08-30 at 14:40, Craig wrote: Hi Ronny, I think you have this backwards. From what I understand, you only need the IPSec.lrp and not the IPSec509.lrp unless you're planning to use SSH-Sentinel or the built-in Windows IPSec client, in which case you'll need the IPSec509.lrp to enable x.509 certificate support. To do this, load both ipsec.lrp *AND* ipsec509.lrp and make sure ipsec509 is listed *AFTER* ipsec in the lrpkg.cfg file, for everything to work properly. Here's a link you might find handy, too. http://www.natecarlson.com/include/showpage.php?cat=linuxpage=ipsec-x50 9 Did i forget to mention i am using bering rc3 where ipsec509 is (suposed to be) a standalone package.. also note its the 98b mvh Ronny Aasen Datapart AS --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Mailing logs from Bering
I'm having trouble getting Bering 1.0-rc3 to mail me it's logs everyday. I used to have Dachstein email my logs everyday, and so I'd thought I'd have Bering do the same. So I changed /etc/multicron-p's rotatelogs to look like this: rotatelogs () { case $prog in *-d ) LOGFILES=$lrp_LOGS_DAILY ;; *-w ) LOGFILES=$lrp_LOGS_WEEKLY ;; *-m ) LOGFILES=$lrp_LOGS_MONTHLY ;; * ) return 1 ;; esac cd /var/log for LOG in $LOGFILES; do if [ -f $LOG ]; then savelog -g adm -m 640 -u root -c ${lrp_LOGS_DEPTH:-4} $L mail -s $LOG [EMAIL PROTECTED] /var/log/$LOG.0 fi done svi sysklogd reload } which worked on DS. However, it doesn't work on Bering. In fact, it doesn't even work from the command line: : -root- # mail -s messages [EMAIL PROTECTED] /var/log/messages.0 nc: connect: Connection refused Error: Unknown response. RSET 0: Aborting due to connection error Killing child processes: 1327 19012 /etc/lrp.conf has this: # Host SMTP server for the 'mail' command. If blank the host 'mail' is used. lrp_MAIL_SERVER=192.168.100.20 # Email address to use for notices and alerts. If blank alerts won't be sent. lrp_MAIL_ADMIN=[EMAIL PROTECTED] But I see nothing in the logs on my mailserver (which is indeed at the above IP). Thoughts? -- PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF Member, LEAF Project http://leaf.sourceforge.netAIM: MikeLeone Public Key - http://www.mike-leone.com/~turgon/turgon-public-key.asc Some days you're the pigeon; some days you're the statue. Random Thought: -- --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Mailing logs from Bering
Have you checked shorewall configuration? You might need to add something there. -Original Message- From: Michael Leone [mailto:[EMAIL PROTECTED]] Sent: Friday, August 30, 2002 2:05 PM To: [EMAIL PROTECTED] Subject: [leaf-user] Mailing logs from Bering I'm having trouble getting Bering 1.0-rc3 to mail me it's logs everyday. I used to have Dachstein email my logs everyday, and so I'd thought I'd have Bering do the same. So I changed /etc/multicron-p's rotatelogs to look like this: rotatelogs () { case $prog in *-d ) LOGFILES=$lrp_LOGS_DAILY ;; *-w ) LOGFILES=$lrp_LOGS_WEEKLY ;; *-m ) LOGFILES=$lrp_LOGS_MONTHLY ;; * ) return 1 ;; esac cd /var/log for LOG in $LOGFILES; do if [ -f $LOG ]; then savelog -g adm -m 640 -u root -c ${lrp_LOGS_DEPTH:-4} $L mail -s $LOG [EMAIL PROTECTED] /var/log/$LOG.0 fi done svi sysklogd reload } which worked on DS. However, it doesn't work on Bering. In fact, it doesn't even work from the command line: : -root- # mail -s messages [EMAIL PROTECTED] /var/log/messages.0 nc: connect: Connection refused Error: Unknown response. RSET 0: Aborting due to connection error Killing child processes: 1327 19012 /etc/lrp.conf has this: # Host SMTP server for the 'mail' command. If blank the host 'mail' is used. lrp_MAIL_SERVER=192.168.100.20 # Email address to use for notices and alerts. If blank alerts won't be sent. lrp_MAIL_ADMIN=[EMAIL PROTECTED] But I see nothing in the logs on my mailserver (which is indeed at the above IP). Thoughts? -- PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF Member, LEAF Project http://leaf.sourceforge.netAIM: MikeLeone Public Key - http://www.mike-leone.com/~turgon/turgon-public-key.asc Some days you're the pigeon; some days you're the statue. Random Thought: -- --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Dachstein CD
It's sure not a common problem, and there arn't really enough details to try to debug a wierd problem. When you try to add or change any of the packages on the CD, are you burning a new CD, or using lrpkg.cfg and pkgpath.cfg on a floppy? What exactly are you changing? Does the initial ISO image load all packages properly if you don't modify anything? Yes, each time I am burning a new CD Yes, am using lrpkg.cfg and pkgpath.cfg on the floppy I works fine if I use your original CD with no changes. The porblem starts if I add a LRP to the CD (re-burn a new CD). Doesn't seem to matter if it is listed in lrpkg.cfg or not. The irq timeout error you're reporting sounds like it's potentially a low-level software or hardware error. Are you using any particularly ancient hardware (motherboard, BIOS, CD-ROM, IDE-Controller)? Do you get the same results if you boot on a more recent system? Conversly, are you perhaps using a motherboard that's really new, with some advanced UDMA-133 chipset or anything? Hardware is a Dell PI 133, but has tried it on PII and same problem occurs (errors generated may be different), but the end result is that it appears as though it can't read the CD. I am using NERO to burn a CDRW. I am beginning to wonder if perhaps the NERO software is doing/not doing something.. --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] LEAF Newbie - Questions reguarding 4501 Bering install
Hi Matt, You mentioned that you had emBSD running on the 4501 previously. I have a few questions for you. What is your opinion of emBSD? What made you decide to try out LEAF? Do you have a comparative opinion? If so, what do you think? Thanks, Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Matt Stockdale Sent: Thursday, August 29, 2002 6:35 PM To: [EMAIL PROTECTED] Subject: Re: [leaf-user] LEAF Newbie - Questions reguarding 4501 Bering install As is usual, I got it working all of 15 seconds after I sent this out. Turns out I shouldn't have fdisked it, just used mkdosfs /dev/hde Matt On Thu, Aug 29, 2002 at 06:09:36PM -0400, Matt Stockdale wrote: I've searched the archives to some extent, but I couldn't find anything relevant.. If however, I missed something, please point me in the right direction.. I'm attempting to install Bering rc3 onto a CF card, which will go into my soekris 4501. I'm using RedHat 7.2 running on my IBM thinkpad (which has a CF adapter built into it) to place the files on the CF. However, the 4501 just refuses to boot it. I've followed the instructions at http://www.franzdoodle.com/bering/net4501_cf.txt, and also the very similar set at http://www.mail-archive.com/leaf-cvs-commits@lists.sourceforge.net/msg00074. html. I wasn't sure how the CF was supposed to be made bootable as listed in the franzdoodle docs, there was no mention of running syslinux on the CF (which I did anyways), and I even tried adding serial 0 19200 to the top of syslinux.cfg, to see if it was even booting syslinux, which is doesn't appear to be. the CF I'm using is a Transcend 32mb that worked fine w/ emBSD. I used linux fdisk to partition it w/ 1 partition, spanning the whole CF, of type FAT16 (hde1), and made the partition bootable. I copied all the files over from the floppy image, replaced the kernel w/ one I compiled (2.4.19) w/ serial support and serial console support built in, copied over the ide and natsemi modules, and edited added the ttyS0 getty to inittab and securetty.. Any idea where I can start troubleshooting? Thanks, Matt -- --- Matt StockdaleSr. Network Engineer - logicworks.net [EMAIL PROTECTED]Dura lex, sed lex --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html -- --- Matt StockdaleSr. Network Engineer - logicworks.net [EMAIL PROTECTED]Dura lex, sed lex --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Mailing logs from Bering
Luis.F.Correia said: Have you checked shorewall configuration? You might need to add something there. Well, I do have shorewall configured to let thru SMTP, from the outside: /etc/shorewall/rules: # ACCEPT fwnet tcp 53 ACCEPT fwnet udp 53 # # Accept SSH connections from the local network for administration # ACCEPT loc fw tcp 22 DNATnet loc:192.168.100.20 tcp ssh,ftp,http,smtp,pop-3,imap2 # Bering specific rules: # allow loc to fw udp/53 for dnscache to work # allow loc to fw tcp/80 for weblet to work # ACCEPT loc fwudp 53 ACCEPT loc fwtcp 80 I can send email out from other machines on the local LAN thru 192.168.100.20. Will I need a special Shorewall rule to allow SMTP out from the fw to a host on the LAN? -Original Message- From: Michael Leone [mailto:[EMAIL PROTECTED]] Sent: Friday, August 30, 2002 2:05 PM To: [EMAIL PROTECTED] Subject: [leaf-user] Mailing logs from Bering I'm having trouble getting Bering 1.0-rc3 to mail me it's logs everyday. I used to have Dachstein email my logs everyday, and so I'd thought I'd have Bering do the same. So I changed /etc/multicron-p's rotatelogs to look like this: rotatelogs () { case $prog in *-d ) LOGFILES=$lrp_LOGS_DAILY ;; *-w ) LOGFILES=$lrp_LOGS_WEEKLY ;; *-m ) LOGFILES=$lrp_LOGS_MONTHLY ;; * ) return 1 ;; esac cd /var/log for LOG in $LOGFILES; do if [ -f $LOG ]; then savelog -g adm -m 640 -u root -c ${lrp_LOGS_DEPTH:-4} $L mail -s $LOG [EMAIL PROTECTED] /var/log/$LOG.0 fi done svi sysklogd reload } which worked on DS. However, it doesn't work on Bering. In fact, it doesn't even work from the command line: : -root- # mail -s messages [EMAIL PROTECTED] /var/log/messages.0 nc: connect: Connection refused Error: Unknown response. RSET 0: Aborting due to connection error Killing child processes: 1327 19012 /etc/lrp.conf has this: # Host SMTP server for the 'mail' command. If blank the host 'mail' is used. lrp_MAIL_SERVER=192.168.100.20 # Email address to use for notices and alerts. If blank alerts won't be sent. lrp_MAIL_ADMIN=[EMAIL PROTECTED] But I see nothing in the logs on my mailserver (which is indeed at the above IP). Thoughts? -- PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF Member, LEAF Project http://leaf.sourceforge.netAIM: MikeLeone Public Key - http://www.mike-leone.com/~turgon/turgon-public-key.asc Some days you're the pigeon; some days you're the statue. Random Thought: -- --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html -- PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF Member, LEAF Project http://leaf.sourceforge.netAIM: MikeLeone Public Key - http://www.mike-leone.com/~turgon/turgon-public-key.asc Some days you're the pigeon; some days you're the statue. Random Thought: -- --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Mailing logs from Bering
Well, I'm not a shorewall expert... but i think you might need something like this: ACCEPT fwloctcp 25 Please check shorewall documentation@ www.shorewall.net I did not test this or use it, so I may be wrong. -Original Message- From: Michael Leone [mailto:[EMAIL PROTECTED]] Sent: Friday, August 30, 2002 2:24 PM To: [EMAIL PROTECTED] Subject: RE: [leaf-user] Mailing logs from Bering Luis.F.Correia said: Have you checked shorewall configuration? You might need to add something there. Well, I do have shorewall configured to let thru SMTP, from the outside: /etc/shorewall/rules: # ACCEPT fwnet tcp 53 ACCEPT fwnet udp 53 # # Accept SSH connections from the local network for administration # ACCEPT loc fw tcp 22 DNATnet loc:192.168.100.20 tcp ssh,ftp,http,smtp,pop-3,imap2 # Bering specific rules: # allow loc to fw udp/53 for dnscache to work # allow loc to fw tcp/80 for weblet to work # ACCEPT loc fwudp 53 ACCEPT loc fwtcp 80 I can send email out from other machines on the local LAN thru 192.168.100.20. Will I need a special Shorewall rule to allow SMTP out from the fw to a host on the LAN? -Original Message- From: Michael Leone [mailto:[EMAIL PROTECTED]] Sent: Friday, August 30, 2002 2:05 PM To: [EMAIL PROTECTED] Subject: [leaf-user] Mailing logs from Bering I'm having trouble getting Bering 1.0-rc3 to mail me it's logs everyday. I used to have Dachstein email my logs everyday, and so I'd thought I'd have Bering do the same. So I changed /etc/multicron-p's rotatelogs to look like this: rotatelogs () { case $prog in *-d ) LOGFILES=$lrp_LOGS_DAILY ;; *-w ) LOGFILES=$lrp_LOGS_WEEKLY ;; *-m ) LOGFILES=$lrp_LOGS_MONTHLY ;; * ) return 1 ;; esac cd /var/log for LOG in $LOGFILES; do if [ -f $LOG ]; then savelog -g adm -m 640 -u root -c ${lrp_LOGS_DEPTH:-4} $L mail -s $LOG [EMAIL PROTECTED] /var/log/$LOG.0 fi done svi sysklogd reload } which worked on DS. However, it doesn't work on Bering. In fact, it doesn't even work from the command line: : -root- # mail -s messages [EMAIL PROTECTED] /var/log/messages.0 nc: connect: Connection refused Error: Unknown response. RSET 0: Aborting due to connection error Killing child processes: 1327 19012 /etc/lrp.conf has this: # Host SMTP server for the 'mail' command. If blank the host 'mail' is used. lrp_MAIL_SERVER=192.168.100.20 # Email address to use for notices and alerts. If blank alerts won't be sent. lrp_MAIL_ADMIN=[EMAIL PROTECTED] But I see nothing in the logs on my mailserver (which is indeed at the above IP). Thoughts? -- PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF Member, LEAF Project http://leaf.sourceforge.netAIM: MikeLeone Public Key - http://www.mike-leone.com/~turgon/turgon-public-key.asc Some days you're the pigeon; some days you're the statue. Random Thought: -- --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 -- -- leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 -- -- leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html -- PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF Member, LEAF Project http://leaf.sourceforge.netAIM: MikeLeone Public Key - http://www.mike-leone.com/~turgon/turgon-public-key.asc Some days you're the pigeon; some days you're the statue. Random Thought: -- --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ:
Re: [leaf-user] ipsec509 packages configuration
On 30 Aug 2002 11:34:12 +0200 Ronny Aasen [EMAIL PROTECTED] wrote: is there any partiqular reason why i don't find a ipsec entry under the lrcfg packagemanegement when using ipsec509.lrp from this location ? http://leaf.sourceforge.net/devel/jnilo/bering/update/freeswan-1.98b/ i thought that ipsec509.lrp under bering don't require ipsec.lrp ? Well, there is definitely _something_ wrong with the x509 version of the package, since all of the files in the var/lib/lrpkg dir have the name ipsec.* instead of ipsec509.* (and because the x509 certificate file isn't listed in the ipsec.list file, they will not get backed up properly; add etc/x509cert.der), but I still think you should have a menu item for ipsec alone. I don't have a router currently set up to check it out, unfortunately. I think that this is not a release package, but I could be wrong. It will be fixed by the time it is released, I'm sure. I am working on another release, but it may have some additional patch goodies that are not behaving under slink, so it is slow going. It will alos have bug fixes for all of my silly ppp issues. -- Chad Carr [EMAIL PROTECTED] --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Mailing logs from Bering
On Fri, 30 Aug 2002 09:24:09 -0400 Michael wrote: Luis.F.Correia said: Have you checked shorewall configuration? You might need to add something there. Well, I do have shorewall configured to let thru SMTP, from the outside: /etc/shorewall/rules: [snip non-smtp rules] DNATnet loc:192.168.100.20 tcp ssh,ftp,http,smtp,pop-3,imap2 I can send email out from other machines on the local LAN thru 192.168.100.20. Will I need a special Shorewall rule to allow SMTP out from the fw to a host on the LAN? Yes. One that allows from the firewall zone to the mail server, e.g. ACCEPT fwloc:192.168.100.20 tcp smtp --Brad --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Dachstein CD
When you try to add or change any of the packages on the CD, are you burning a new CD, or using lrpkg.cfg and pkgpath.cfg on a floppy? What exactly are you changing? Does the initial ISO image load all packages properly if you don't modify anything? Yes, each time I am burning a new CD Yes, am using lrpkg.cfg and pkgpath.cfg on the floppy I works fine if I use your original CD with no changes. The porblem starts if I add a LRP to the CD (re-burn a new CD). Doesn't seem to matter if it is listed in lrpkg.cfg or not. snip Hardware is a Dell PI 133, but has tried it on PII and same problem occurs (errors generated may be different), but the end result is that it appears as though it can't read the CD. I am using NERO to burn a CDRW. I am beginning to wonder if perhaps the NERO software is doing/not doing something.. It sure sounds like you're not getting a good CD-Image. I found it impossible to create bootable CD's with Adaptec/Roxio EZ-CD Creator (it doesn't think a syslinux'd disk is bootable...apparently it only likes MSDOS boot disks), and I found Nero cumbersome to use for bootable CD's (and I couldn't get NERO to output a plain ISO image, so I had to burn the disk, then read it on a linux system to make an ISO). If at all possible, you should use the mkisofs command listed in the README file on a linux system to create new CD images...if this is not possible, maybe some folks on the NERO list can help you get your settings right. The mkisofs command I use is: mkisofs -b bootdisk.bin -r -J -f -o outputfile -V volume name path/CD-Contents/ The switches are: -ffollow symbolic links...this probably isn't imporant in NERO (windows doesn't even *HAVE* symbolic links!), and simply allows me to symlink the modules directory to avoid having a copy in each CD directory taking up space on my HDD -r Add Rock Ridge extensions, with uid gid = 0 -JGenerate Joliet directory records -b bootdisk.binUse bootdisk.bin as the El Torito boot image (aka floppy emulation) -Vspecify the volume ID -ospecify the output file name If you can successfully get Nero to emulate the behavior of mkisofs with these switches, you should have a working disk image. *WARNING* While I have in the past used Nero to make bootable images, I don't think I've tried to do this since putting the un-compressed modules directory directly on the CD...I'm not sure Nero can make a CD that will work with the current setup of loading modules directly from the CD (various potential problems with long-filenames, permissions, etc. when compared to simply loading a bunch of 8.3 named LRP files at boot-time). I suggest using CD-RW's, and talking to some folks more familiar with Nero if you can't use mkisofs. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Mailing logs from Bering
Brad Fritz said: 192.168.100.20. Will I need a special Shorewall rule to allow SMTP out from the fw to a host on the LAN? Yes. One that allows from the firewall zone to the mail server, e.g. ACCEPT fwloc:192.168.100.20 tcp smtp Yes, that works. I thought it might be that, but didn't want to mess around with it without checking first. Thanks, Brad. Perhaps the next rc of Bering would have an option Do you want logs mailed to you, and if so, then add the mail line, and the shorewall rule. -- PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF Member, LEAF Project http://leaf.sourceforge.netAIM: MikeLeone Public Key - http://www.mike-leone.com/~turgon/turgon-public-key.asc Some days you're the pigeon; some days you're the statue. Random Thought: -- --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Mailing logs from Bering
Hi Michael At 09:04 30/08/02 -0400, Michael Leone wrote: I'm having trouble getting Bering 1.0-rc3 to mail me it's logs everyday. snip mail -s $LOG [EMAIL PROTECTED] /var/log/$LOG. The line I have in crontab to do (more or less) what you're doing is: mail -s Daily firewall log report to [EMAIL PROTECTED] /var/log/messages.0 So I think you're missing the to keyword. The line in your script should be: mail -s $LOG to [EMAIL PROTECTED] /var/log/$LOG.0 cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LEAF Newbie - Questions reguarding 4501 Bering install
Actually, it didn't work w/ /dev/hde1. the 4501 won't boot it normally, you have to manually enter a boot 80:1 command.. Kind of a hassle. but, I have it up and running just fine w/ /dev/hde. On Thu, Aug 29, 2002 at 09:22:14PM -0700, Jeff Newmiller wrote: On Thu, 29 Aug 2002, Matt Stockdale wrote: As is usual, I got it working all of 15 seconds after I sent this out. Turns out I shouldn't have fdisked it, just used mkdosfs /dev/hde Hopefully you used mkdosfs /dev/hde1. --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html -- --- Matt StockdaleSr. Network Engineer - logicworks.net [EMAIL PROTECTED]Dura lex, sed lex --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Mailing logs from Bering
Julian Church said: Hi Michael So I think you're missing the to keyword. The line in your script should be: mail -s $LOG to [EMAIL PROTECTED] /var/log/$LOG.0 No, the to is unecessary; mail will work without it. My problem was that Shorewall was blocking SMTP traffic from the firewall out to other hosts. -- PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF Member, LEAF Project http://leaf.sourceforge.netAIM: MikeLeone Public Key - http://www.mike-leone.com/~turgon/turgon-public-key.asc Some days you're the pigeon; some days you're the statue. Random Thought: -- --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LEAF Newbie - Questions reguarding 4501 Bering install
I had to move away from emBSD because it has bugs when interacting w/ either the 4501 or the natsemi ethernet onboard specifically. When I had a lot of open connections through NAT (edonkey2000, winmx, etc), the ethernet would just stop responding, and the box would eventually lock up. You could bring it back by running a tcpdump on the interface (?!?!?! you could even tell it to just capture a single packet. I don't know if it was flushing buffers or something, but it did the trick). For the unit to be usable as a firewall, I had to run tcpdumps once a minute, across all the interfaces, which impacted performance pretty severly. Also, I work for an ISP, and we've been forced to move all of our firewalls to linux because OpenBSD fails so miserably under any sort of real load in every version 3.0 release. (and older versions 2.7, 2.8, etc. The only version we've found to be stable is 2.9-CURRENT) As far as LEAF goes, It's a little early for me to have much of an opinion, but I have to say, except for the bugs, working w/ emBSD was so much better. No mucking about w/ packages, it just ran w/ ufs right on the CF. SSH and SCP by default. It's not an entirely fair comparison, of course, because LEAF needs to be able to have basic functionality on just a single floppy. I mainly chose leaf because none of the other mini-linux distros that I could fit on a 32mb CF card seemed very polished. I'm going to continue to play w/ bering, I'm also toying w/ the idea of getting a larger flash card (128,192, or 256Mb perhaps) and just doing a normal redhat (or more likely debian, which has a far smaller minimum footprint, although I never really liked it) and install to the CF, or, just getting a Mini-ITX case and Mobo and using a regular hard drive. Matt On Fri, Aug 30, 2002 at 09:27:52AM -0400, Eric B Kiser wrote: Hi Matt, You mentioned that you had emBSD running on the 4501 previously. I have a few questions for you. What is your opinion of emBSD? What made you decide to try out LEAF? Do you have a comparative opinion? If so, what do you think? Thanks, Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Matt Stockdale Sent: Thursday, August 29, 2002 6:35 PM To: [EMAIL PROTECTED] Subject: Re: [leaf-user] LEAF Newbie - Questions reguarding 4501 Bering install As is usual, I got it working all of 15 seconds after I sent this out. Turns out I shouldn't have fdisked it, just used mkdosfs /dev/hde Matt On Thu, Aug 29, 2002 at 06:09:36PM -0400, Matt Stockdale wrote: I've searched the archives to some extent, but I couldn't find anything relevant.. If however, I missed something, please point me in the right direction.. I'm attempting to install Bering rc3 onto a CF card, which will go into my soekris 4501. I'm using RedHat 7.2 running on my IBM thinkpad (which has a CF adapter built into it) to place the files on the CF. However, the 4501 just refuses to boot it. I've followed the instructions at http://www.franzdoodle.com/bering/net4501_cf.txt, and also the very similar set at http://www.mail-archive.com/leaf-cvs-commits@lists.sourceforge.net/msg00074. html. I wasn't sure how the CF was supposed to be made bootable as listed in the franzdoodle docs, there was no mention of running syslinux on the CF (which I did anyways), and I even tried adding serial 0 19200 to the top of syslinux.cfg, to see if it was even booting syslinux, which is doesn't appear to be. the CF I'm using is a Transcend 32mb that worked fine w/ emBSD. I used linux fdisk to partition it w/ 1 partition, spanning the whole CF, of type FAT16 (hde1), and made the partition bootable. I copied all the files over from the floppy image, replaced the kernel w/ one I compiled (2.4.19) w/ serial support and serial console support built in, copied over the ide and natsemi modules, and edited added the ttyS0 getty to inittab and securetty.. Any idea where I can start troubleshooting? Thanks, Matt -- --- Matt StockdaleSr. Network Engineer - logicworks.net [EMAIL PROTECTED]Dura lex, sed lex --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html -- --- Matt StockdaleSr. Network Engineer - logicworks.net [EMAIL PROTECTED]Dura lex, sed lex --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
[leaf-user] Mailing logs from Bering
Hi folks, One of the things I enjoy so much about this newsgroup is all of the information one gleans from some of you people! Having said that, could someone explain to me...why would you WANT to have your log files e-mailed to you??? What are trying to really achieve (i.e., what are you looking for)??? Thank you, have a great weekend! Craig --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LEAF Newbie - Questions reguarding 4501 Bering install
On Fri, 30 Aug 2002 10:35:00 -0400 Matt wrote: [ thoughts on emBSD and Bering snipped ] Thank you for sharing your experiences, Matt. It's interesting to read about the differences and the things you liked or disliked about each distribution. I'm going to continue to play w/ bering, I'm also toying w/ the idea of getting a larger flash card (128,192, or 256Mb perhaps) and just doing a normal redhat (or more likely debian, which has a far smaller minimum footprint, although I never really liked it) and install to the CF, or, just getting a Mini-ITX case and Mobo and using a regular hard drive. Something to be aware of (if you aren't already) is that CF cards are typically limited to a finite number of write (or is it read/ write?) cycles. If you load a full distro on a CF card, you may want to put /tmp, /var and any other partions that get heavy usage on a ramdisk. --Brad --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LEAF Newbie - Questions reguarding 4501 Bering install
On Fri, Aug 30, 2002 at 10:06:30AM -0500, Brad Fritz wrote: Something to be aware of (if you aren't already) is that CF cards are typically limited to a finite number of write (or is it read/ write?) cycles. If you load a full distro on a CF card, you may want to put /tmp, /var and any other partions that get heavy usage on a ramdisk. Just write, I believe. The number I've heard is ~10,000 writes. Matt -- --- Matt StockdaleSr. Network Engineer - logicworks.net [EMAIL PROTECTED]Dura lex, sed lex --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Mailing logs from Bering
Simple: You are an admin which has 2+ Leaf routers to monitor and have no time to login in each of them everyday to check the logs. More: you also have to admin a series of NT/2000 servers which require much attention and care :) So, you have, globally, two choices: Either you have a global syslog server where all the logs of all your servers are gathered there, Or you receive the logs by mail. Ah! one other thing, if the ramdisk gets full because there are a lot of logs, the firewall stops. -Original Message- From: Craig [mailto:[EMAIL PROTECTED]] Sent: Friday, August 30, 2002 4:03 PM To: LEAF Subject: [leaf-user] Mailing logs from Bering Hi folks, One of the things I enjoy so much about this newsgroup is all of the information one gleans from some of you people! Having said that, could someone explain to me...why would you WANT to have your log files e-mailed to you??? What are trying to really achieve (i.e., what are you looking for)??? Thank you, have a great weekend! Craig --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ipsec509 packages configuration
On Friday 30 August 2002 04:34, Ronny Aasen wrote: is there any partiqular reason why i don't find a ipsec entry under the lrcfg packagemanegement when using ipsec509.lrp from this location ? http://leaf.sourceforge.net/devel/jnilo/bering/update/freeswan-1.98b/ i thought that ipsec509.lrp under bering don't require ipsec.lrp ? Your thinking is correct, it should show up in the lrcfg package menu. Sounds like the package isn't loading, what have you done to load it? You do need the ipsec.o module as well with Bering. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Mailing logs from Bering
Craig said: Hi folks, One of the things I enjoy so much about this newsgroup is all of the information one gleans from some of you people! Having said that, could someone explain to me...why would you WANT to have your log files e-mailed to you??? What are trying to really achieve (i.e., what are you looking for)??? Thank you, have a great weekend! The same reason you look at any logs - spot suspicious activity, trends, problems, etc. If I have them emailed to me, I can keep copies, print them, use them as evidence of disallowed user activity, if need be, etc. Why SSH in, and use an editor/pager, when they will come to you? Why WOULDN'T you want them emailed to you? :-) -- PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF Member, LEAF Project http://leaf.sourceforge.netAIM: MikeLeone Public Key - http://www.mike-leone.com/~turgon/turgon-public-key.asc Some days you're the pigeon; some days you're the statue. Random Thought: -- --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] SST-DoM experiment
On Friday 30 August 2002 05:25, S Mohan wrote: Dear Mike/Lynn/Brad: I soldered a jumper on my SST DoM. I expected it to give me a mounted as readonly filesystem message when it is mounted. It did not. I saved a file to that fs by piping output of ls to a file. That also went thro'. I was puzzled. I then tried an explicit sync - Module reported an error No DRQ after issuing write. Status error status=0x51 (DriveReady SeekComplete error) Status error status=0x04 (DriveStatusError) This make the drive read only but looks convoluted. Does it not? I removed the jumper and did a sync, it went thro' smoothly. I expected the system to report readonly at mount time like it does for write-protect floppies. Any other experiences? It is because the module/kernel/BIOS is expecting write access to the device. Possibly change fstab/mtab in the /etc/ and initrc /etc/ directory to r instead or rw would eliminate the error. I've actually made an IDE HD disk read-only with the same error message, but it ran fine after receiving the errorit is just not what the system expects. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Mailing logs from Bering
Hi Michael At 10:18 30/08/02 -0400, Michael Leone wrote: Julian Church said: I think you're missing the to keyword. The line in your script should be: No, the to is unecessary; mail will work without it. My problem was that Shorewall was blocking SMTP traffic from the firewall out to other hosts. Thanks for the clarification, and sorry for the misleading info. Cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] ipsec509 packages configuration
Hi folks, I want to make sure that I understand this conversation- Are you saying that to use IPSec functionality you really don't even need to use the IPSec.lrp package...that all you really need is the IPSec509.lrp??? Craig --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] LEAF Newbie - Questions reguarding 4501 Bering install
Thanks allot for getting back so quickly. I certainly hope you stick it out with us. Your insight was appreciated,' Eric -Original Message- From: Matt Stockdale [mailto:[EMAIL PROTECTED]] Sent: Friday, August 30, 2002 10:35 AM To: Eric B Kiser Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] LEAF Newbie - Questions reguarding 4501 Bering install I had to move away from emBSD because it has bugs when interacting w/ either the 4501 or the natsemi ethernet onboard specifically. When I had a lot of open connections through NAT (edonkey2000, winmx, etc), the ethernet would just stop responding, and the box would eventually lock up. You could bring it back by running a tcpdump on the interface (?!?!?! you could even tell it to just capture a single packet. I don't know if it was flushing buffers or something, but it did the trick). For the unit to be usable as a firewall, I had to run tcpdumps once a minute, across all the interfaces, which impacted performance pretty severly. Also, I work for an ISP, and we've been forced to move all of our firewalls to linux because OpenBSD fails so miserably under any sort of real load in every version 3.0 release. (and older versions 2.7, 2.8, etc. The only version we've found to be stable is 2.9-CURRENT) As far as LEAF goes, It's a little early for me to have much of an opinion, but I have to say, except for the bugs, working w/ emBSD was so much better. No mucking about w/ packages, it just ran w/ ufs right on the CF. SSH and SCP by default. It's not an entirely fair comparison, of course, because LEAF needs to be able to have basic functionality on just a single floppy. I mainly chose leaf because none of the other mini-linux distros that I could fit on a 32mb CF card seemed very polished. I'm going to continue to play w/ bering, I'm also toying w/ the idea of getting a larger flash card (128,192, or 256Mb perhaps) and just doing a normal redhat (or more likely debian, which has a far smaller minimum footprint, although I never really liked it) and install to the CF, or, just getting a Mini-ITX case and Mobo and using a regular hard drive. Matt On Fri, Aug 30, 2002 at 09:27:52AM -0400, Eric B Kiser wrote: Hi Matt, You mentioned that you had emBSD running on the 4501 previously. I have a few questions for you. What is your opinion of emBSD? What made you decide to try out LEAF? Do you have a comparative opinion? If so, what do you think? Thanks, Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Matt Stockdale Sent: Thursday, August 29, 2002 6:35 PM To: [EMAIL PROTECTED] Subject: Re: [leaf-user] LEAF Newbie - Questions reguarding 4501 Bering install As is usual, I got it working all of 15 seconds after I sent this out. Turns out I shouldn't have fdisked it, just used mkdosfs /dev/hde Matt On Thu, Aug 29, 2002 at 06:09:36PM -0400, Matt Stockdale wrote: I've searched the archives to some extent, but I couldn't find anything relevant.. If however, I missed something, please point me in the right direction.. I'm attempting to install Bering rc3 onto a CF card, which will go into my soekris 4501. I'm using RedHat 7.2 running on my IBM thinkpad (which has a CF adapter built into it) to place the files on the CF. However, the 4501 just refuses to boot it. I've followed the instructions at http://www.franzdoodle.com/bering/net4501_cf.txt, and also the very similar set at http://www.mail-archive.com/leaf-cvs-commits@lists.sourceforge.net/msg00074. html. I wasn't sure how the CF was supposed to be made bootable as listed in the franzdoodle docs, there was no mention of running syslinux on the CF (which I did anyways), and I even tried adding serial 0 19200 to the top of syslinux.cfg, to see if it was even booting syslinux, which is doesn't appear to be. the CF I'm using is a Transcend 32mb that worked fine w/ emBSD. I used linux fdisk to partition it w/ 1 partition, spanning the whole CF, of type FAT16 (hde1), and made the partition bootable. I copied all the files over from the floppy image, replaced the kernel w/ one I compiled (2.4.19) w/ serial support and serial console support built in, copied over the ide and natsemi modules, and edited added the ttyS0 getty to inittab and securetty.. Any idea where I can start troubleshooting? Thanks, Matt -- --- Matt StockdaleSr. Network Engineer - logicworks.net [EMAIL PROTECTED]Dura lex, sed lex --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --
RE: [leaf-user] Mailing logs from Bering
An admin could also be running some sort of script or program against the mail - possibly a perl script, or something of the like, in order to enter the info into a database, or just to alert the IT dept of possible intrusion attempts coming from certain IP addresses. S From: Luis.F.Correia [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: [leaf-user] Mailing logs from Bering Date: Fri, 30 Aug 2002 16:09:57 +0100 Simple: You are an admin which has 2+ Leaf routers to monitor and have no time to login in each of them everyday to check the logs. More: you also have to admin a series of NT/2000 servers which require much attention and care :) So, you have, globally, two choices: Either you have a global syslog server where all the logs of all your servers are gathered there, Or you receive the logs by mail. Ah! one other thing, if the ramdisk gets full because there are a lot of logs, the firewall stops. -Original Message- From: Craig [mailto:[EMAIL PROTECTED]] Sent: Friday, August 30, 2002 4:03 PM To: LEAF Subject: [leaf-user] Mailing logs from Bering Hi folks, One of the things I enjoy so much about this newsgroup is all of the information one gleans from some of you people! Having said that, could someone explain to me...why would you WANT to have your log files e-mailed to you??? What are trying to really achieve (i.e., what are you looking for)??? Thank you, have a great weekend! Craig --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html _ Send and receive Hotmail on your mobile device: http://mobile.msn.com --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ipsec509 packages configuration
Hi folks, I want to make sure that I understand this conversation- Are you saying that to use IPSec functionality you really don't even need to use the IPSec.lrp package...that all you really need is the IPSec509.lrp??? YES. if and only if you are usin Bering ipsec packages (1.97 or 1.98b) If you are using Dachstein you need to load both packages Jacques --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ipsec509 packages configuration
On Friday 30 August 2002 10:29, Craig wrote: Hi folks, I want to make sure that I understand this conversation- Are you saying that to use IPSec functionality you really don't even need to use the IPSec.lrp package...that all you really need is the IPSec509.lrp??? For Chad Carr's scripted ipsec509 from the Bering/jnilo section, the ipsec is built-in. If you are using Charles' ipsec509, you will need to load Charles' ipsec package first. These packages are not the same. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] full /var/log partition (was: Mailing logs from Bering)
Minor but important clarification... On Fri, 30 Aug 2002 16:09:57 +0100 Luis wrote: Ah! one other thing, if the ramdisk gets full because there are a lot of logs, the firewall stops. If that happens, it is a bug and should be reported. Bering and recent versions of Dachstein mount /var/log on its own partition. If that partition fills, logging will stop but the firewall should continue to route and otherwise function normally. I have inadvertently tested that scenario a few times and have yet to have a LEAF firewall stop working. I have had old Eigerstein versions (w/o a separate log partition) automatically reboot during heavy logging. --Brad --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] [long] boot media write protection and change detection (was: Are there other Soekris...)
On Monday 26 August 2002 02:31, S Mohan wrote: Went thro' cramfs documentation and creation methodology in www.handhelds.org howto. If this can create a ro filesystem which can never be made rw, is it not better than mounting a tmpfs as ro which can be changed to rw by a hacker? To write things such as logs and dhcp leases, some part of the system much be rw. A compromised box can be made to symlink to a file that the hacker could put on the rw partition. Software protection will never be as safe as hardware protection. This idea is fine, but the issues that each type appoach are different and cramfs can only be used where _no_ writing is ever necessary or desired. Just FYI, WISP-Dist uses CramFS for binaries, so they are read-only. However, a knowledgeable hacker would still be able to find the location of the parent MS-DOS partition and tamper it, however it is a very tricky task if you want to be unnoticed. This is cool, but does it prevent placement of a hostile binary in an alternate location and symlinking it to override the original??? If I'm not wrong, /dev requires rw. Why not declare as a separate partion in linuxrc when generating /dev directory? Locate mount and df in directories that are not in the path so that the hacker cannot get to it easily. In lrcfg, during backup, mount the device as rw, backup and then mount it back as ro. In Linux, EVERYTHING is a device. This would prevent sending information to anything including the console shoot even /dev/null is a device. Probably obvious to everyone here, but with all the emphasis on write-protected boot media lately, it might be worth mentioning that hardware write-protected boot media is only good if you detect when unauthorized changes are made to the (writable) ramdisk. It's not much good to have a clean boot image if you don't know to reboot and restore it. True. One approach to increasing protection afforded by the write- protected boot media would be to run the firewall in a nearly halted state as described in SysAdmin at although that approach has significant limitations...like not being able to run sshd for remote administration. Or write logs, or get a dhcp lease, or run dns-cache, or (possibly) use ipmasq/iptables. IIRC, only the kernel runs at runlevel 6. IMO, it would be really cool to augment the security of write-protected boot media with an integrity checking system. Possibly one that computes file checksums and compares them to known good checksums. Like Tripwire or AIDE I guess, although I haven't used either of those tools yet. Such a system would also make me feel more comfortable running compact flash LEAF boxen without boot media write protection. David D. indicated he was looking at incorporating something along these lines. I do not know if he has actually attempted an implementation though. snip Does anyone see flaws with the described approach that I have overlooked? Would anyone like to offer suggestions for improvements? It would be too hard to say w/o attempting it. It sounds like a good place to start with anyway! -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] RE: full /var/log partition (was: Mailing logs from Bering)
You're right, my mistake :) Since Bering uses TMPFS, the limit is the available memory, not a hang. Again, I'm sorry. -Original Message- From: Brad Fritz [mailto:[EMAIL PROTECTED]] Sent: Friday, August 30, 2002 4:44 PM To: Luis.F.Correia Cc: [EMAIL PROTECTED] Subject: full /var/log partition (was: Mailing logs from Bering) Minor but important clarification... On Fri, 30 Aug 2002 16:09:57 +0100 Luis wrote: Ah! one other thing, if the ramdisk gets full because there are a lot of logs, the firewall stops. If that happens, it is a bug and should be reported. Bering and recent versions of Dachstein mount /var/log on its own partition. If that partition fills, logging will stop but the firewall should continue to route and otherwise function normally. I have inadvertently tested that scenario a few times and have yet to have a LEAF firewall stop working. I have had old Eigerstein versions (w/o a separate log partition) automatically reboot during heavy logging. --Brad --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] SST-DoM experiment
Seeing as the DOM should be seen as an IDE drive (if I'm not mistaken), I doubt that there would be any code in the IDE driver to determine whether the drive is write protected or not - as this isn't part of the IDE specification. S From: S Mohan [EMAIL PROTECTED] To: guitarlynn [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: [leaf-user] SST-DoM experiment Date: Fri, 30 Aug 2002 15:55:54 +0530 Dear Mike/Lynn/Brad: I soldered a jumper on my SST DoM. I expected it to give me a mounted as readonly filesystem message when it is mounted. It did not. I saved a file to that fs by piping output of ls to a file. That also went thro'. I was puzzled. I then tried an explicit sync - Module reported an error No DRQ after issuing write. Status error status=0x51 (DriveReady SeekComplete error) Status error status=0x04 (DriveStatusError) This make the drive read only but looks convoluted. Does it not? I removed the jumper and did a sync, it went thro' smoothly. I expected the system to report readonly at mount time like it does for write-protect floppies. Any other experiences? Mohan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of guitarlynn Sent: 30 August 2002 10:37 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] Webbased configuration combined reply to several posts and some ideas (at the bottom): On Thursday 29 August 2002 14:59, Charles Steinkuehler wrote: to leaf-devel. Is anyone ready to work on and/or discuss any sections of this??? I can commit to any updates/modifications to sh-httpd that may be required. I think it's possible to dramatically increase the CGI response of the existing sh-httpd when running CGI's, which would be a big help for a CGI driven admin interface. Great! I had JamesSturdevant send me his patched sh-httpd binary since several of us had major problems applying the diff he had posted. I can send it to you off-list. I haven't dug through it or done a diff myself, but the POST function does work per my testing. I can also help with architure, debugging, and (hopefully) crafty solutions to difficult scripting problems, but I can't commit to writing a major chunk of code due to current time constraints (although this may change suddenly if the company I work for suddenly craters :-/ ). I understand, I have a little more time once I finish roofing my house (within the weekend, I hope). I can distribute what testing code I have presently, but the architecture will definately need the be the first thing on the todo list. I have compiled the su-wrapper binary that will solve the write permissions problems as well. I'm presently working with SF on fixing my CVS access, as SF has blocked all SSH connections from my Desktop the last couple of days. :-((( BTW, I hope everything is still maintaning for you on the work end! *WACKY THOUGHT* - If we use sh-httpd as the web-server, and shell-script CGI's, would there be any benifit to wrapping the whole thing into a unified structure? In other words, create a custom script-based CGI interface, rather than trying to match standard CGI...something like a shell-script version of PHP. It could probably be faster/smaller than sticking with a conventional web-server/CGI approach, but would be less portable to other web servers. Something to think about. I hate to break any portability, but it would be a serious consideration being that Weblet would essentially be integrated and only LEAF style OS's would likely use it. It would also be a space saver on the floppy end. Good idea! *WACKY IDEA #2* I've been investigating forth, and will be working on a micro-controller based hygrometer project running forth on an Ateml AVR processor in the near future. I've been wanting access to a scripting language more powerful than shell-script on LEAF, and I think forth might fit the bill. It's possible to compile forth without *ANY* libc requirements, but with the ability to talk *DIRECTLY* to the kernel (so you could load libc and make calls to it, if you really wanted, and do pretty much anything you want...remember the irreplacable part of libc is essentially an interface between C programs and the kernel, the rest is just a bunch of standard routines to ma ke programmer's lives a bit easier). That's a lot of power for an interpreter that would probably weigh in at 10K to 20K Bytes, with code that can potentially run at near optimized C speeds (ie *WAY* faster than shell-script)! Good idea, but I don't know if any of us except Charles and David D are familiar with Forth. I think I wrote a hello world! program in Forth around 15 years ago, but I haven't retained any more about the language since then. It was a low-level language similar to machine language if I remember right. :-) I've wanted to code an initial bootstrap loader in forth for a while (something that would boot from CD/Floppy/whatever,
[leaf-user] ssh error
I recently switched out a Dachstein floppy firewall with a Dachstein CD firewall. The major difference between the two firewalls was the addition of ssh on the new one running DCD. My problem is any attempt to ssh to a WAN client ends in a server refused a secure connection error. I can ssh to the firewall itself from any LAN computer and I can ssh to a remote host from the firewall itself fine. It appears as if the firewall is not forwarding the ssh request packets to the WAN boxes. I have been unable to find the same error in the archives and since I am initiating the connection on the LAN, the connection should be using a non-priviledged port. Is there anyone else that has run into this error and/or has someone come up with a better solution than simply eliminating ssh on the firewall??? TIA -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ssh error
I recently switched out a Dachstein floppy firewall with a Dachstein CD firewall. The major difference between the two firewalls was the addition of ssh on the new one running DCD. My problem is any attempt to ssh to a WAN client ends in a server refused a secure connection error. I can ssh to the firewall itself from any LAN computer and I can ssh to a remote host from the firewall itself fine. It appears as if the firewall is not forwarding the ssh request packets to the WAN boxes. I have been unable to find the same error in the archives and since I am initiating the connection on the LAN, the connection should be using a non-priviledged port. Is there anyone else that has run into this error and/or has someone come up with a better solution than simply eliminating ssh on the firewall??? The above is very strange...you shouldn't have any problems connecting via ssh to a remote machine just because you run ssh on the firewall. I run ssh on all my Dachstein-CD boxes, and can ssh to either the firewall or various remote hosts with no problems. Can you really connect with exactly the same setup, excpet for Dachstein-floppy instead of Dachstein-CD as your firewall? With the error you report, I'd suspect something more like: - Remote server is refusing connections on port-22 (ssh) - Remote server only accepts ssh-V2, and you're running ssh-V1 - Remote server configured to only allow connections authenticated by public key - Incorrect username/password embedded in some gui ssh client ...or similar issues, unless of course, you manually added some REDIRECT rules to the ipchains ruleset or something :-) Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] SST-DoM experiment
Moved discussion to leaf-hardware. On Fri, 2002-08-30 at 03:25, S Mohan wrote: Dear Mike/Lynn/Brad: I soldered a jumper on my SST DoM. I expected it to give me a mounted as readonly filesystem message when it is mounted. It did not. I saved a file to that fs by piping output of ls to a file. That also went thro'. I was puzzled. I then tried an explicit sync - Module reported an error No DRQ after issuing write. Status error status=0x51 (DriveReady SeekComplete error) Status error status=0x04 (DriveStatusError) This make the drive read only but looks convoluted. Does it not? I removed the jumper and did a sync, it went thro' smoothly. I expected the system to report readonly at mount time like it does for write-protect floppies. Any other experiences? Mohan -- Mike Noyes [EMAIL PROTECTED] http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ssh error
On Friday 30 August 2002 13:06, Charles Steinkuehler wrote: The above is very strange...you shouldn't have any problems connecting via ssh to a remote machine just because you run ssh on the firewall. I run ssh on all my Dachstein-CD boxes, and can ssh to either the firewall or various remote hosts with no problems. Got it (finally!). The NOMASQ_DEST variable was set for ssh in network.conf. I wonder when I set that option The new firewall is a spare 1U box I made that was lying around w/o a CF reader figured it might be more convient since the ISP was down for a while. I keep thinking I know how to troubleshoot my own system. Thanks again Charles! -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Mailing logs from Bering
Julian Church said: Hi Michael Hi! At 10:18 30/08/02 -0400, Michael Leone wrote: Julian Church said: I think you're missing the to keyword. The line in your script should be: No, the to is unecessary; mail will work without it. My problem was that Shorewall was blocking SMTP traffic from the firewall out to other hosts. Thanks for the clarification, and sorry for the misleading info. Oh, no problem. Thanks for trying to help. -- PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF Member, LEAF Project http://leaf.sourceforge.netAIM: MikeLeone Public Key - http://www.mike-leone.com/~turgon/turgon-public-key.asc Some days you're the pigeon; some days you're the statue. Random Thought: -- --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Dachstein CD
Tx I'll give it a try tonight and report back my findings.. When you try to add or change any of the packages on the CD, are you burning a new CD, or using lrpkg.cfg and pkgpath.cfg on a floppy? What exactly are you changing? Does the initial ISO image load all packages properly if you don't modify anything? Yes, each time I am burning a new CD Yes, am using lrpkg.cfg and pkgpath.cfg on the floppy I works fine if I use your original CD with no changes. The porblem starts if I add a LRP to the CD (re-burn a new CD). Doesn't seem to matter if it is listed in lrpkg.cfg or not. snip Hardware is a Dell PI 133, but has tried it on PII and same problem occurs (errors generated may be different), but the end result is that it appears as though it can't read the CD. I am using NERO to burn a CDRW. I am beginning to wonder if perhaps the NERO software is doing/not doing something.. It sure sounds like you're not getting a good CD-Image. I found it impossible to create bootable CD's with Adaptec/Roxio EZ-CD Creator (it doesn't think a syslinux'd disk is bootable...apparently it only likes MSDOS boot disks), and I found Nero cumbersome to use for bootable CD's (and I couldn't get NERO to output a plain ISO image, so I had to burn the disk, then read it on a linux system to make an ISO). If at all possible, you should use the mkisofs command listed in the README file on a linux system to create new CD images...if this is not possible, maybe some folks on the NERO list can help you get your settings right. The mkisofs command I use is: mkisofs -b bootdisk.bin -r -J -f -o outputfile -V volume name path/CD-Contents/ The switches are: -ffollow symbolic links...this probably isn't imporant in NERO (windows doesn't even *HAVE* symbolic links!), and simply allows me to symlink the modules directory to avoid having a copy in each CD directory taking up space on my HDD -r Add Rock Ridge extensions, with uid gid = 0 -JGenerate Joliet directory records -b bootdisk.binUse bootdisk.bin as the El Torito boot image (aka floppy emulation) -Vspecify the volume ID -ospecify the output file name If you can successfully get Nero to emulate the behavior of mkisofs with these switches, you should have a working disk image. *WARNING* While I have in the past used Nero to make bootable images, I don't think I've tried to do this since putting the un-compressed modules directory directly on the CD...I'm not sure Nero can make a CD that will work with the current setup of loading modules directly from the CD (various potential problems with long-filenames, permissions, etc. when compared to simply loading a bunch of 8.3 named LRP files at boot-time). I suggest using CD-RW's, and talking to some folks more familiar with Nero if you can't use mkisofs. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Mailing logs from Bering
Hi Michael Michael Leone wrote the following at 17:52 30.08.2002: I could have them log to my home mail machine. Again, tho - why? You would need no mail process... I get everything I need this way. I have my work machines all go to a central logserver. cheers Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ssh error
Lynn guitarlynn wrote the following at 19:56 30.08.2002: I recently switched out a Dachstein floppy firewall with a Dachstein CD firewall. The major difference between the two firewalls was the addition of ssh on the new one running DCD. My problem is any attempt to ssh to a WAN client ends in a server refused a secure connection error. I can ssh to the firewall itself from any LAN computer and I can ssh to a remote host from the firewall itself fine. It appears as if the firewall is not forwarding the ssh request packets to the WAN boxes. I have been unable to find the same error in the archives and since I am initiating the connection on the LAN, the connection should be using a non-priviledged port. Is there anyone else that has run into this error and/or has someone come up with a better solution than simply eliminating ssh on the firewall??? I believe you are barking up the wrong tree. Unless you do some fancy port forwarding I don't see how the presence of ssh on the firewall should prevent you from passing a ssh connection through it. I have been running a floppy based box including ssh exactly the way you want to. cheers Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html