Re: [leaf-user] Bering RC3 updatetime script not working..
Hi Anders At 16:10 22/09/02 +0200, Anders Åkesson wrote: $ ps axc | grep [x]ntpd Put [ ] around xntpd. Again, haven't tested on ash, just on ksh. But presuming it is a sh compatible shell, it should work. W! :D Works like a charm. Seems that [x] makes all the difference. What does it do? (Trying to learn a bit about scripts..) This is all pretty much straight from a textbook I read recently - I'm not that clever :) It was presented as the standard way of stopping grep processes matching themselves in process lists generated by the ps command. [x]ntpd is a regular expression that only matches the string xntpd, but the entry the grep command generates in the `ps axc` list will be grep [x]ntpd, so won't match. cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering RC3: How to setup multiple ipsecs.
Hi all I have setup 3 firewalls as following: - _1___| FW1 |--- |___| | -- - | Router || FW3 |-3- -- - --- | _2__| FW2 |-- || I have some trouble according to setup the IPSEC across the network 1 to 3 AND 2 to 3 (pls see the picture). At this moment, it is work properly just only at the one time (1 to 3 OR 2 to 3). Anybody know how to setup at the same time kindly reply mail to me. Thanks in advance Chutima S. +,~wzf¢+,¦ì¢·o$áyyézW(ëhç¤ æ¯zxm¶ÿ¶§ÊþÇåy§î±êæj)b b²Ù^iû¬z¹b²Û,¢êÜyú+éÞ¶m¦Ïÿ+-²Ê.Ç¢¸ë+-³ùb²Ø§~åy§î±êÒDPÛiÿù^iúk¢7¶àþýÚýÚ©Úêÿvw_=Öf
Re: [leaf-user] Bering RC3: How to setup multiple ipsecs.
I have setup 3 firewalls as following: - _1___| FW1 |--- |___| | -- - | Router || FW3 |-3- -- - --- | _2__| FW2 |-- || I have some trouble according to setup the IPSEC across the network 1 to 3 AND 2 to 3 (pls see the picture). At this moment, it is work properly just only at the one time (1 to 3 OR 2 to 3). Anybody know how to setup at the same time kindly reply mail to me. Other than mentioning you're going to need at least two connection descriptions in /etc/ipsecc.conf (one for the 1-3 link, and one for the 2-3 link), I can't help you much with the limited information provided. You might try posting details of your ipsec.conf, the errors you get when trying to configure both links at the same time (if any), and other debugging info... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering RC3 updatetime script not working..
Hi Anders, * Anders kesson ([EMAIL PROTECTED]) [020923 05:10]: Works like a charm. Seems that [x] makes all the difference. What does it do? (Trying to learn a bit about scripts..) The [] are part of what's called shell filename expansion metacharacters in this context (not to be confused with regular expressions which also uses them.) The [] is what's called a character class. It's probably too much to explain in this mailing list but this should be enough for you to start a search on your own to learn more about them. Have fun and welcome to the world of scripting! ;) --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
Hello, My name is Johnnattanh My question is this if I want to my LRP/LEAF box advertise routing tables with certain protocol (RIP,OSPF,IS-IS,maybe IGRP or EIGRP) I have seen some modules but, I only have to load them and that's it or I can configure them in some configuration file. Thank you in advance for the help and thank you for this greatful project. Also someone knows where or if I can do a back to back connection between 2 ISDN boxes or connect 2 LRP/LEAF running ISDN in a serial link (I mean without have a ISDN switch of the telco between the two boxes) or the LRP can be used like an NT1 or NT2. _ Send and receive Hotmail on your mobile device: http://mobile.msn.com --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
Hello, My name is Johnnattanh My question is this if I want to my LRP/LEAF box advertise routing tables with certain protocol (RIP,OSPF,IS-IS,maybe IGRP or EIGRP) I have seen some modules but, I only have to load them and that's it or I can configure them in some configuration file. Thank you in advance for the help and thank you for this greatful project. Also someone knows where or if I can do a back to back connection between 2 ISDN boxes or connect 2 LRP/LEAF running ISDN in a serial link (I mean without have a ISDN switch of the telco between the two boxes) or the LRP can be used like an NT1 or NT2. _ Send and receive Hotmail on your mobile device: http://mobile.msn.com --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] (no subject)
Howdy Johnnattanh, The LRP mailing lists are virtually unused. Just wanted to let you know before you got your hopes up about getting a response from that arena. Hello, My name is Johnnattanh My question is this if I want to my LRP/LEAF box advertise routing tables with certain protocol (RIP,OSPF,IS-IS,maybe IGRP or EIGRP) I would recommend using zebra.lrp it is based on zebra-0.92 and supports bgp, ospf, and rip. I have had problems running it on the LEAF Bering distro but I know of people that have used it with the LEAF Oxygen distro with great success. EIGRP is a cisco specific protocol. The only way to play with this is to play with cisco. There is a sourceforge project that is currently working on IS-IS support for zebra but apparently it is still rather buggy and is only available as a patch or series of patches to the main zebra source. IGRP is just plain old and doesn't really compare to any of the more modern OSPF, IS-IS, EIGRP. I have seen some modules but, I only have to load them and that's it or I can configure them in some configuration file. Yes, they must be configured. I would recommend joining the zebra mailing list at zebra.org if you are going to work with it. One word of warning though, the zebra mailing list can be caustic. There is usually nothing warm, fuzzy, or even polite about it. Generally, though, if you show that you have done your homework you can get the answers you need out of them. Thank you in advance for the help and thank you for this greatful project. Also someone knows where or if I can do a back to back connection between 2 ISDN boxes or connect 2 LRP/LEAF running ISDN in a serial link (I mean without have a ISDN switch of the telco between the two boxes) or the LRP can be used like an NT1 or NT2. Nope, you would have to have something in between. Tens of thousands of dollars just for an emulator, IIRC. Good luck, Eric _ Send and receive Hotmail on your mobile device: http://mobile.msn.com --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] PPTP client
I'd like to have the Bering gateway at my remote facility initiate a PPTP connection to Poptop running at the main office, so that both of the users at the remote facility can use intranet services at the main office. http://leaf.sourceforge.net/devel/jnilo/bupppoa.html doesn't give me much information about the PPTP client configuration. I've installed the pptp.lrp file, and referenced it in syslinux.cfg, but there's no configuration option for it (although the backup screen provides the option to back it up). Can someone please point me to documentation on the pptp.lrp PPTP _client_ configuration? The official pptpclient documentation and mailing list (http://pptpclient.sourceforge.net) all reference the pptp-command perl script, which is obviously unavailable for LEAF Bering. There's no comprehensive listing of which files need to be created / modified, and what they should contain. Any assistance is greatly appreciated! Cheers, Scott --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] PPTP client
Scott Merrill wrote: I'd like to have the Bering gateway at my remote facility initiate a PPTP connection to Poptop running at the main office, so that both of the users at the remote facility can use intranet services at the main office. http://leaf.sourceforge.net/devel/jnilo/bupppoa.html doesn't give me much information about the PPTP client configuration. I've installed the pptp.lrp file, and referenced it in syslinux.cfg, but there's no configuration option for it (although the backup screen provides the option to back it up). Can someone please point me to documentation on the pptp.lrp PPTP _client_ configuration? The official pptpclient documentation and mailing list (http://pptpclient.sourceforge.net) all reference the pptp-command perl script, which is obviously unavailable for LEAF Bering. There's no comprehensive listing of which files need to be created / modified, and what they should contain. Any assistance is greatly appreciated! http://www.shorewall.net/PPTP.htm -Tom -- Tom Eastep\ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Can't ssh from local network
ssh is running on our Dachstein box, but I can't access it. When I try to ssh into the Dachstein box on a workstation on the local network, PuTTY chokes with Connection closed by remote host. PuTTY's log says nothing useful, but the /var/log/auth.log on the Dachstein box contains this line corresponding to my every ssh attempt: sshd [number_changes]: fatal: mmap (65536): Invalid argument We're using Dachstein 1.0.2 with the following configuration: * Our local network is 192.168.0.0, not Dachstein's default 192.168.1.0. * Dachstein's DHCP is turned off to not interfere with our local network's preexisting DHCP server. * Booting from a hard disk, not a floppy. I notice lots of DENY references to 192.168.0.x in /etc/ipfilter.conf, and suspect this to be the problem, but don't know enough to deal with this intelligently. Yes, ssh is running (so says ps) and privilege separation is implemented. With the exception of this issue, the Dachstein box is working perfectly. Thanks Charles and everyone! -- Warren Post, Voluntario Naciones Unidas Departamento de Informática Municipalidad de Santa Rosa de Copán, Honduras http://www.santarosahistorica.net/ --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Can't ssh from local network
Whence did you get ssh[d].lrp? This is an issue that I've encountered with mmap enabled on some, but not all, dachstein boxen; which is supposedly attributable to 2.2x kernels . . . Warren Post wrote: ssh is running on our Dachstein box, but I can't access it. When I try to ssh into the Dachstein box on a workstation on the local network, PuTTY chokes with Connection closed by remote host. PuTTY's log says nothing useful, but the /var/log/auth.log on the Dachstein box contains this line corresponding to my every ssh attempt: sshd [number_changes]: fatal: mmap (65536): Invalid argument We're using Dachstein 1.0.2 with the following configuration: * Our local network is 192.168.0.0, not Dachstein's default 192.168.1.0. * Dachstein's DHCP is turned off to not interfere with our local network's preexisting DHCP server. * Booting from a hard disk, not a floppy. I notice lots of DENY references to 192.168.0.x in /etc/ipfilter.conf, and suspect this to be the problem, but don't know enough to deal with this intelligently. Yes, ssh is running (so says ps) and privilege separation is implemented. With the exception of this issue, the Dachstein box is working perfectly. Thanks Charles and everyone! -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering RC3: How to setup multiple ipsecs.
HI Chutima, I am tempting this for 5 firewalls without success. I have never been able to start a VPN between only two boxes ! I am waiting for any help from Chad who has Bering IPSec in charge. Is it possible to have a post with your params (shorewall, and IPSec) ? This could be help me a little. You can send them directly to my adress, if you want or through this list. Thanks in advance, Francois BERGERET, France. -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]De la part de Chutima Subsirin Envoyé : lundi 23 septembre 2002 14:50 À : [EMAIL PROTECTED] Cc : Thitiporn; Chutima S. Objet : [leaf-user] Bering RC3: How to setup multiple ipsecs. Hi all I have setup 3 firewalls as following: - _1___| FW1 |--- |___| | -- - | Router || FW3 |-3- -- - --- | _2__| FW2 |-- || I have some trouble according to setup the IPSEC across the network 1 to 3 AND 2 to 3 (pls see the picture). At this moment, it is work properly just only at the one time (1 to 3 OR 2 to 3). Anybody know how to setup at the same time kindly reply mail to me. Thanks in advance Chutima S. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Shorewall-1.3.8 DNAT
Jason Taylor wrote: I'm trying to redirect port 24 to 25 for a single IP. My rules file line is: DNAT loc dmz:10.10.1.1:25 tcp 24 - 10.10.1.1 It appears that this rule is useless because the original destination IP matches the destination IP. I'd like to understand why it's useless, but maybe it's just how the shorewall code processes things. I've been racking my brain a bit on this one. It's an interesting desire, especially because I wrote one of the original firewalls used on lrps, before the days of LEAF, and never tried this. Leaving off the - 10.10.1.1 portion does redirect all tcp traffic from loc destined for port 24 as expected. You mean like this? DNAT loc dmz:10.10.1.1:25 tcp 24 - - However, I would still like to have it dropped unless destined for this particular host. That seems easy enough. Just put another line right above the one that you've got that works like this: REJECT loc dmz:!10.10.1.1 tcp 24- - DNATloc dmz:10.10.1.1:25 tcp 24- - Let me know if this works. I'm digging around for another nic to setup a dmz to test this, but I may get sidetracked by the new puppy. regards, matthew --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Shorewall-1.3.8 DNAT
Matthew Schalit wrote: That seems easy enough. Just put another line right above the one that you've got that works like this: REJECT loc dmz:!10.10.1.1 tcp 24- - DNATloc dmz:10.10.1.1:25 tcp 24- - Let me know if this works. I'm digging around for another nic to setup a dmz to test this, but I may get sidetracked by the new puppy. The firewall script available from the 1.3.8 Errata allows the following to work correctly: DNATloc dmz:10.10.1.1:25tcp 24 - 10.10.1.1 The problem was that Shorewall was only generating the nat table mapping if the original and server IP addresses were different. The new code generates this mapping if the ports are different as well. -Tom -- Tom Eastep\ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Can't ssh from local network
I downloaded ssh.lrp and sshd.lrp from: http://leaf.sourceforge.net/dev/jnilo/packages/openssh-3.4p1/ I forgot to mention in my original message that I have, of course, read the openssh LEAF/LRP user's guide (also in jnilo's directory) and searched this list for previous references to ssh problems. -- Warren Post, Voluntario Naciones Unidas Departamento de Informática Municipalidad de Santa Rosa de Copán, Honduras http://www.santarosahistorica.net/ Michael D. Schleif wrote: Whence did you get ssh[d].lrp? This is an issue that I've encountered with mmap enabled on some, but not all, dachstein boxen; which is supposedly attributable to 2.2x kernels . . . --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Can't ssh from local network
Warren Warren Post wrote the following at 22:38 23.09.2002: I downloaded ssh.lrp and sshd.lrp from: http://leaf.sourceforge.net/dev/jnilo/packages/openssh-3.4p1/ I am not sure if this sshd is suitable for your Dachstein release. IIRC Jacques is concerned mainly with Bering related software. It may be possible to run userland programs across releases but I am afraid you may be on the wrong track. The only sshd I could find for Dachstein is in the CD contents directory. http://leaf.sourceforge.net/devel/cstein/files/diskimages/dachstein-CD/CD-Contents/ I believe this is still the old (small, less secure) sshd, I know it is working on Dachstein, because I used it with putty myself. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Can't ssh from local network
On Mon, 23 Sep 2002 23:34:25 +0200 Erich Titl wrote: The only sshd I could find for Dachstein is in the CD contents directory. http://leaf.sourceforge.net/devel/cstein/files/diskimages/dachstein-CD/CD-Contents/ I believe this is still the old (small, less secure) sshd, I know it is working on Dachstein, because I used it with putty myself. Michael Schleif has packaged openssh v3.4p1. It is available from http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/devel/helices/ . I have only used it with Bering, but I am fairly certain Michael uses it with Dachstein. You may want to give it whirl. --Brad --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Can't ssh from local network - SOLVED
Erich Titl wrote: Warren Warren Post wrote the following at 22:38 23.09.2002: I downloaded ssh.lrp and sshd.lrp from: http://leaf.sourceforge.net/dev/jnilo/packages/openssh-3.4p1/ I am not sure if this sshd is suitable for your Dachstein release. IIRC Jacques is concerned mainly with Bering related software. It may be possible to run userland programs across releases but I am afraid you may be on the wrong track. The only sshd I could find for Dachstein is in the CD contents directory. http://leaf.sourceforge.net/devel/cstein/files/diskimages/dachstein-CD/CD-Contents/ I believe this is still the old (small, less secure) sshd, I know it is working on Dachstein, because I used it with putty myself. HTH Erich That fixed it, thank you! I overwrote my original sshd.lrp with the sshd.lrp on the link you provided and generated a new key. No problem. -- Warren Post, Voluntario Naciones Unidas Departamento de Informática Municipalidad de Santa Rosa de Copán, Honduras http://www.santarosahistorica.net/ --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Can't ssh from local network - SOLVED
On Mon, 23 Sep 2002 16:57:29 CST Warren Post wrote: Erich Titl wrote: The only sshd I could find for Dachstein is in the CD contents directory. http://leaf.sourceforge.net/devel/cstein/files/diskimages/dachstein-CD/CD-C ontents/ I believe this is still the old (small, less secure) sshd, I know it is working on Dachstein, because I used it with putty myself. HTH Erich That fixed it, thank you! I overwrote my original sshd.lrp with the sshd.lrp on the link you provided and generated a new key. No problem. Just a heads-up. There have been several sshd vulnerabilities and fixes since 3.0p1 at the above link was released. If you use it instead of the new 3.4p1 that Michael has made available, I would strongly suggest, if you haven't already, that you set your firewall rules to only allow ssh connections from trusted hosts or networks. (Doing so is a good idea anyway.) I get several ssh probes every day on otherwise quiet networks. There are definitely people who are curious what version of sshd you're running. I don't suppose all of them have the best of intentions. --Brad --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html