[leaf-user] start app
I'm having trouble figuring out how to add a script (which starts my own app) upon boot after the system and packages are in place. In a standard LINUX dist, I would probably put the script in a rc.local directory. What do I do on LEAF? I noticed that the rcx.d links are done dynamically on LEAF. This is where I would consider building a script (/etc/init.d), but how do I get it to execute on boot? I'm using the Bering LEAF distribution. I also noticed that in /etc/default there is a rcS file that speaks to a DYNARCD=yes instruction. If I say no to this, what happens? Could I then add a startup init.d script. If so, will / directories and all packages be installed by that time? thanks in advance, dave --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] backup problem
Using the LEAF Bering distribution with a rather large root.lrp (I updated he lib). when I back up root or initrd, the .lrp file has an extra / in front of all file entries - making reboot a problem! Other lrp backups are fine. Any one seen this problem? thanks, dave --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] backup problem
On Wed, 25 Sep 2002, Dave Yonovitz wrote: Using the LEAF Bering distribution with a rather large root.lrp (I updated he lib). when I back up root or initrd, the .lrp file has an extra / in front of all file entries - making reboot a problem! Other lrp backups are fine. Any one seen this problem? Yes. You probably have some storage media (such as your boot media) mounted but not included in /var/lib/lrpkg/root.exclude.list. Always unmount your boot media when backing up. --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] hostap_cs.o and hostap_plx.o
Hi, what's the difference between them ? bye --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: Bering -Sending mails to MAIL_ADMIN
I have been having lots of fun with LEAF-Bering (thanks guys), but there still remains one small issue I have not been able to resolve. I have configured the system to send emails on ping failure and space check but they do not seem to be sent. If I run the 'mail' command manually with mail -s subject email_address (which seems to be how multicron-p calls it) the command just hangs until I ^C it. That is by design. The hang is actually the mail command waiting for your message. Type something like $ mail -s test you@yourhost testing ^D and, if everything is configured correctly, you should get the message. Alternatively, $ mail -s test you@yourhost afile or $ echo testing | mail -s test you@yourhost should work too. It's been awhile since I have used or looked at multicron-p's pingcheck() or checkfreespace() . There hasn't been much discussion of them on-list lately, but it wouldn't surprise too much if they contain bugs. I get the impression they aren't used very often. Not sure both are still used, but as a heads-up, the SMTP server is defined in both /etc/lrp.conf and /etc/POSIXness.conf with different variable names. You may need to set both to get everything working properly. Do I need the qmail.lrp package, or is bering able to send mails as standard? Nope. For simple smtp client functionality, the POSIXness mail command should be sufficient. --Brad Thanks for the reply Brad. I had been terminating the text entry with Ctl D, but it did not terminate the mail process because it was hung over establishing an smtp session with the mail server. As I said in my post which crossed with yours, opening up the firewall to smtp did the trick, and I am happy to report that pingcheck does indeed work as advertised. I must say I am really impressed with this little distro. It is amazing what can be fitted on just two floppies (ssh and dnscache took me over the one floppy) Thanks derek --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] DnsCache
On 2002.09.24_21:26:59_+, Sean wrote: I'm using Dachstein. TinyDNS is on the CD. Guess I'll try to set it up. Thanks for the pointers! Another question: Is this a GOOD IDEA? It can be done, but should it be done? Depends on what you and your users needs. On some sites I worked on, they really want ad free pages (and some cencorship). Pages come up very fast, etc. etc. For that, they used specific apps cooperating with squid proxy (redirector), like squirm or squidguard. Junkbuster is another good alternative that comes to my mind that have that exact function. The benefit of using such apps is flexibility, among others. You can apply filters not just by domain names, but also path and filenames. Block URL containing /ads/ dir, for example. Another option to save bandwidth is to redirect user to local copies of frequent access files. On the other hand, some sites just don't want restricted accesses, even to speed their web experience, or their user bases are just too complex. Like ISP. Thanks, Sean HTH -- H. D. Lee --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] OT: Won't boot if headless
Some motherboards (my Zeos 486 for example) have just a field that says keyboard where you can set enable/disable. For the longest time, I had no idea why you'd want to disable a keyboard (and how you'd re-enable it once it's disabled). Silly me. Disable the *search* for a keyboard on boot; if it's there, use it.if not, then the machine doesn't worry about it. Finally, if it is such a pain to get it to boot without a keyboard, why not get a compact one, plug it in and just set it aside? Changing motherboards seems extreme and expensive compared to a $10 compact, low-tech solution. Good Luck Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ewald Wasscher Sent: Tuesday, September 24, 2002 4:26 PM To: Warren Post Cc: leaf-user Subject: Re: [leaf-user] OT: Won't boot if headless On Tue, 2002-09-24 at 22:04, Warren Post wrote: This is a hardware problem, not a LEAF problem. But perhaps someone has faced this issue before. Now that I have sshd working on our Dachstein box I want to run it headless. Only now do I discover that it won't boot unless I plug a keyboard back in. As a workaround I've got an old keyboard that doesn't work very well plugged into the box, but that is both an inelegant solution and a temptation to idle fingers. And our frequent power outages mean that the box must reboot often and reliably. I suspect that the problem is hardwired and the only solution is to change the motherboard. (I see no BIOS settings that should affect the keyboard.) But somebody prove me wrong, please. In many bioses there is an option like Halt on: where you can choose if your machine should refuse booting if it has no keyboard, no videocard etc, or that it should boot without those. You should be able to find more information in the manual of the mainboard. For most mainboards the manual can be found at the manufacturer's website if you don't have it anymore. Ewald Wasscher --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] OT: Won't boot if headless
A quick and dirty solution, Why don't you create your own emulator? Take the old keyboard apart, all you need from it is the tiny pcb inside it, remove the rest, wrap the pcb in tape, and voila, your home-built keyboard emulator is ready to go... Sjaak I suspect that the problem is hardwired and the only solution is to change the motherboard. (I see no BIOS settings that should affect the keyboard.) But somebody prove me wrong, please. One solution would be to get one of those keyboard emulators. They're not cheap so maybe a used LEAF-compatible motherboard is the best bet. Have a look at these sites for some pricing on the emulators: http://www.blackbox.com and seach for Ghost emulators http://www.cadesigns.co.uk/dk1b.htm Stephen --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering without shorewall?
Hi Clint, * Clint Olson ([EMAIL PROTECTED]) [020924 19:48]: Seems to be working just fine. One oddity, any symbolic links I create /etc/rcS.d do not get backed up with the etc package, or any other package for that matter. To get this to work, I had to modify a script in /etc/init.d that already had a symbolic link from /etc/rcS.d to call my scripts. I chose to modify /etc/init.d/networking. You don't really make the sym links yourself and then backup. Look in the various /etc/init.d scripts and you'll notice a line like: RCDLINKS=2,S41 3,S41 6,K41 You should be able to figure out how it works from looking at the scripts and/or searching the archives for RCDLINKS. [snip] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] OT: Won't boot if headless
Hi Eric, In this context pcb means printed circuiit board The board where the keyboard encoder chip is usually a 40 connection chip. Some keyboards have a small pcb connected to the keyboard and the cable coming from the computer. I hope this helps. Larry Platzek [EMAIL PROTECTED] On Wed, 25 Sep 2002, Eric B Kiser wrote: Date: Wed, 25 Sep 2002 10:38:56 -0400 From: Eric B Kiser [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: [leaf-user] OT: Won't boot if headless Hi Sjaak, What is a pcb? Thanks, Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sjaak Aarnoutse Sent: Wednesday, September 25, 2002 8:51 AM To: [EMAIL PROTECTED] Subject: Re: [leaf-user] OT: Won't boot if headless A quick and dirty solution, Why don't you create your own emulator? Take the old keyboard apart, all you need from it is the tiny pcb inside it, remove the rest, wrap the pcb in tape, and voila, your home-built keyboard emulator is ready to go... Sjaak I suspect that the problem is hardwired and the only solution is to change the motherboard. (I see no BIOS settings that should affect the keyboard.) But somebody prove me wrong, please. One solution would be to get one of those keyboard emulators. They're not cheap so maybe a used LEAF-compatible motherboard is the best bet. Have a look at these sites for some pricing on the emulators: http://www.blackbox.com and seach for Ghost emulators http://www.cadesigns.co.uk/dk1b.htm Stephen --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] A big snmp question
I'm not using the snmp.lrp package, I downloaded net-snmp 5.03 and built my own on a Debian system. net-snmp daemon seems to be working great with several managers as far as inquiry. When a manager makes a change to a rw variable such as system.contact.0, I cant find anywhere that change is saved to disk or logged. Therefore lost on reboot. Anyone know if or where these transactions are saved? Obviously, i'm snmp challenged. Believe me I'm not being lazy about reading the docs. They are simultaneously vast and brief. Thanks, if anyone can help. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] OT: Won't boot if headless
Ah, makes perfect sense now. Thanks, Larry. Regards, Eric -Original Message- From: Larry Platzek [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 25, 2002 11:12 AM To: Eric B Kiser Cc: [EMAIL PROTECTED] Subject: RE: [leaf-user] OT: Won't boot if headless Hi Eric, In this context pcb means printed circuiit board The board where the keyboard encoder chip is usually a 40 connection chip. Some keyboards have a small pcb connected to the keyboard and the cable coming from the computer. I hope this helps. Larry Platzek [EMAIL PROTECTED] On Wed, 25 Sep 2002, Eric B Kiser wrote: Date: Wed, 25 Sep 2002 10:38:56 -0400 From: Eric B Kiser [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: [leaf-user] OT: Won't boot if headless Hi Sjaak, What is a pcb? Thanks, Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sjaak Aarnoutse Sent: Wednesday, September 25, 2002 8:51 AM To: [EMAIL PROTECTED] Subject: Re: [leaf-user] OT: Won't boot if headless A quick and dirty solution, Why don't you create your own emulator? Take the old keyboard apart, all you need from it is the tiny pcb inside it, remove the rest, wrap the pcb in tape, and voila, your home-built keyboard emulator is ready to go... Sjaak I suspect that the problem is hardwired and the only solution is to change the motherboard. (I see no BIOS settings that should affect the keyboard.) But somebody prove me wrong, please. One solution would be to get one of those keyboard emulators. They're not cheap so maybe a used LEAF-compatible motherboard is the best bet. Have a look at these sites for some pricing on the emulators: http://www.blackbox.com and seach for Ghost emulators http://www.cadesigns.co.uk/dk1b.htm Stephen --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] DnsCache
H. D. Lee wrote: On 2002.09.24_21:26:59_+, Sean wrote: I'm using Dachstein. TinyDNS is on the CD. Guess I'll try to set it up. Thanks for the pointers! Another question: Is this a GOOD IDEA? It can be done, but should it be done? Depends on what you and your users needs. On some sites I worked on, they really want ad free pages (and some cencorship). Pages come up very fast, etc. etc. For that, they used specific apps cooperating with squid proxy (redirector), like squirm or squidguard. Junkbuster is another good alternative that comes to my mind that have that exact function. The benefit of using such apps is flexibility, ... I've seen a lot of that www.blahblahblah.org/ads/* too. In fact, I get more ads from creative urls than from doubleclick. The problem with filtering ads is that some big money companies that have a lot invested in their site, like financial ones, tie the loading of their pages into the successful loading of the ads and the responses the adserver gives. So when blocking doubleclick, sometimes your page will wait minutes to timeout and finish loading, if it even does. The users will function best if they can have some control of when/who to block ads from. If they can't adjust the rules that apply to them, a diverse user base will revolt against the best ad blocking software, perhaps. Donuts in the morning and pizza later on has been known to quash the rebellion. What I've found makes my surfing experience reasonably calm is disabling javascript from opening windows I don't request, using Mozilla's preferences, Advanced -- Windows and Scripting. On the other hand, some sites just don't want restricted accesses, even to speed their web experience, or their user bases are just too complex. Like ISP. Or an .edu. And on the subject of dnscache and loading it up, people often wonder about extending the TTL, time to live, of the cached data so that the entry is available for longer. How bout a week? Well it turns out to be a bad idea apparently, because the whole DNS scheme is centered around timeouts on the order of a 1/2 hour, at least the responses you get from various servers are. It's rare to see it over 3hrs. Now you can set a TTL on your cache, but there's TTLs on each entry that came with the entry, and the TTL that came with the entry takes precedent over the global value you can set on your cache. Your 1 week TTL you placed on the cache will never get a chance to get used, becuase the 1/2 hr - 3 hr TTL entry on each data will expire them long before a week ever rolls around. It's better this way so that when a server at some ip address goes down, it's dns entry can be changed to point to a new ip address, and basically nobody will cache the old address for more than 3 hrs. But you guys knew that already, I'm sure. And finally, you can increase the size of your dnscache to greater than the 2 MB that's set aside for it in your conf files. I still haven't found a way to determine my cache size on the fly. So I never know if it's near 2MB. If I was handling a busy site, it might be something to think about. Those djbutils become more useful then. Regards, Matthew --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] A big snmp question
http://sourceforge.net/mail/?group_id=12694 [EMAIL PROTECTED] wrote: I'm not using the snmp.lrp package, I downloaded net-snmp 5.03 and built my own on a Debian system. net-snmp daemon seems to be working great with several managers as far as inquiry. When a manager makes a change to a rw variable such as system.contact.0, I cant find anywhere that change is saved to disk or logged. Therefore lost on reboot. Anyone know if or where these transactions are saved? Obviously, i'm snmp challenged. Believe me I'm not being lazy about reading the docs. They are simultaneously vast and brief. Thanks, if anyone can help. -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Babulal Matrimonial Classifieds
Dear Readers, I would like to introduce the new match-making site that has just been created. http://www.babulal.com/ The most unique feature about this site is, it is just for Gujarati speaking US residents only. This feature is the first of its kind. We thought it is important because similarities in dharma, poshaak and khorak (religion, dress and food), are essential ingredients to create a successful marriage. The other most important thing is, this site is absolutely free. There are no fees for members registration or contacting members. We need your cooperation to make this site a success for the community. Please participate if you are a candidate and / or forward this to your friends and relatives (Gujarati speaking US residents only). If you are not Gujarati speaking US resident and / or need to be removed from this mailing list please email your REMOVE request to [EMAIL PROTECTED] Babulal Classifieds http://www.babulal.com/ --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] LEAF PPTP client
Thanks, Tom, for pointing me toward your PPTP documentation. I copied your config files pretty much verbatim (except the connection and cron scripts), and then manually tried to connect to my Poptop server with: pptp POPTOP IP user username noauth I see that it connects for a bit. 'ps a' lists the pptp and pppd processes; 'ip addr' shows the ppp0 link -- although it does _not_ have an IP address assigned. After a couple of minutes the connection drops. Nothing shows up in the LEAF /var/log/syslog. Here's what shows up in the Poptop server logs: Sep 25 17:15:44 flg2 pptpd[15636]: CTRL: Starting call (launching pppd, opening GRE) Sep 25 17:15:44 flg2 pppd[15637]: pppd 2.4.1 started by root, uid 0 Sep 25 17:15:44 flg2 pppd[15637]: Using interface ppp1 Sep 25 17:15:44 flg2 pppd[15637]: Connect: ppp1 -- /dev/pts/1 Sep 25 17:15:44 flg2 pptpd[15636]: GRE: xmit failed from decaps_hdlc: Operation not permitted Sep 25 17:15:44 flg2 pptpd[15636]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Sep 25 17:15:44 flg2 pptpd[15636]: CTRL: Client 24.208.187.129 control connection finished Sep 25 17:15:44 flg2 kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=POPTOP IP DST=24.208.187.129 LEN=61 TOS=0x00 PREC=0x00 TTL=64 ID=45769 DF PROTO=47 Sep 25 17:15:44 flg2 pppd[15637]: Modem hangup Sep 25 17:15:44 flg2 pppd[15637]: Connection terminated. Sep 25 17:15:44 flg2 pppd[15637]: Exit. Sep 25 17:15:46 flg2 kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:a0:cc:60:3c:2d:00:4f:4e:09:27:4b:08:00 SRC=24.208.187.129 DST=POPTOP IP LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=36117 DF PROTO=47 The GRE: xmit failed from decaps_hdlc bit is new, as is the Shorewall hit -- I've never seen a PPTP client get caught in the packet filters before. Both LEAF and the Poptop server have the following entries in /etc/shorewall/rules: ACCEPT net FW 47 - ACCEPT net FW tcp 1723 ACCEPT FW net 47 - ACCEPT FW net tcp 1723 Where should I start diagnosing this? Thanks in advance! -Scott --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] OOT: DnsCache
Hi Matthew, On 2002.09.25_09:39:35_+, Matthew Schalit wrote: I've seen a lot of that www.blahblahblah.org/ads/* too. In fact, I get more ads from creative urls than from doubleclick. That's why I mention the other options of ad filtering on the previous reply. The problem with filtering ads is that some big money companies that have a lot invested in their site, like financial ones, tie the loading of their pages into the successful loading of the ads and the responses the adserver gives. So when blocking doubleclick, sometimes your page will wait minutes to timeout and finish loading, if it even does. Can you explain the methods they used to enforce this? I haven't seen anything about this so far. When using the dnscache method, the address of doubleclick is directed to localhost, which hopefully will reject the packets instead of dropping them. This will result in immediate Connection refused reply. For redirector, usually an administrator will redirect the URLs to local server, fetching a tiny 1x1 pixel blank image. It also takes a very short time. My guess is they are using JavaScript or anything of a kind to check that. Can you confirm that and explain a bit? The users will function best if they can have some control of when/who to block ads from. If they can't adjust the rules that apply to them, a diverse user base will revolt against the best ad blocking software, perhaps. Donuts in the morning and pizza later on has been known to quash the rebellion. Agree. In a diverse user base environment, choosing this is sometimes not an option. If the environment is at a big company, the policy have to decide about this. If the policy decided to be flexible, there would be some methods of authentication to know that an authenticated user preferences. This has to be done because the preferences will always be on the server side. Presuming a client browser will never have an option to disable banner. I may be wrong on this presumption. Now, if this flexibility would be implemented on an ISP, where you can't have strict policy, it is much more difficult to enforce this. It is absolutely not an option to have a user authenticated before he/she can browse. Not the mention the trouble and delay introduced when implementing one on a cache proxy. What I've found makes my surfing experience reasonably calm is disabling javascript from opening windows I don't request, using Mozilla's preferences, Advanced -- Windows and Scripting. Opera's preferences on JavaScript popup: 1. Accept popup. 2. Reject popup. 3. Open popup window in the background. Easily switching between 2 and 3 would be very nice. Not that I wanted some ad, but sometimes a popup is really not an ad. Or an .edu. Yes, I wonder how I can miss this one. *g* And on the subject of dnscache and loading it up, people often wonder about extending the TTL, time to live, of the cached data so that the entry is available for longer. How bout a week? Well it turns out to be a bad idea apparently, because the whole DNS scheme is centered around timeouts on the order of a 1/2 hour, at least the responses you get from various servers are. It's rare to see it over 3hrs. Now you can set a TTL on your cache, but there's TTLs on each entry that came with the entry, and the TTL that came with the entry takes precedent over the global value you can set on your cache. Your 1 week TTL you placed on the cache will never get a chance to get used, becuase the 1/2 hr - 3 hr TTL entry on each data will expire them long before a week ever rolls around. It's better this way so that when a server at some ip address goes down, it's dns entry can be changed to point to a new ip address, and basically nobody will cache the old address for more than 3 hrs. But you guys knew that already, I'm sure. TTL is not an issue for the OP. Because the dnscache will always consult local and private content DNS server. When TLL is short, the caching dns will query the local content dns again. Or am I missing your point here? And finally, you can increase the size of your dnscache to greater than the 2 MB that's set aside for it in your conf files. I still haven't found a way to determine my cache size on the fly. So I never know if it's near 2MB. If I was handling a busy site, it might be something to think about. Those djbutils become more useful then. You can adjust dnscache cache on the fly: http://cr.yp.to/djbdns/faq/cachex.html#cachesize To determine your optimal cache size while running, you have to monitor your cache motion: http://cr.yp.to/djbdns/faq/cachex.html#cachemotion Regards, Matthew -- H. D. Lee --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED]
Re: [leaf-user] LEAF PPTP client
Scott Merrill wrote: Thanks, Tom, for pointing me toward your PPTP documentation. I copied your config files pretty much verbatim (except the connection and cron scripts), and then manually tried to connect to my Poptop server with: pptp POPTOP IP user username noauth I see that it connects for a bit. 'ps a' lists the pptp and pppd processes; 'ip addr' shows the ppp0 link -- although it does _not_ have an IP address assigned. After a couple of minutes the connection drops. Nothing shows up in the LEAF /var/log/syslog. Here's what shows up in the Poptop server logs: Sep 25 17:15:44 flg2 pptpd[15636]: CTRL: Starting call (launching pppd, opening GRE) Sep 25 17:15:44 flg2 pppd[15637]: pppd 2.4.1 started by root, uid 0 Sep 25 17:15:44 flg2 pppd[15637]: Using interface ppp1 Sep 25 17:15:44 flg2 pppd[15637]: Connect: ppp1 -- /dev/pts/1 Sep 25 17:15:44 flg2 pptpd[15636]: GRE: xmit failed from decaps_hdlc: Operation not permitted Sep 25 17:15:44 flg2 pptpd[15636]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6) Sep 25 17:15:44 flg2 pptpd[15636]: CTRL: Client 24.208.187.129 control connection finished Sep 25 17:15:44 flg2 kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=POPTOP IP DST=24.208.187.129 LEN=61 TOS=0x00 PREC=0x00 TTL=64 ID=45769 DF PROTO=47 Sep 25 17:15:44 flg2 pppd[15637]: Modem hangup Sep 25 17:15:44 flg2 pppd[15637]: Connection terminated. Sep 25 17:15:44 flg2 pppd[15637]: Exit. Sep 25 17:15:46 flg2 kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:a0:cc:60:3c:2d:00:4f:4e:09:27:4b:08:00 SRC=24.208.187.129 DST=POPTOP IP LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=36117 DF PROTO=47 The GRE: xmit failed from decaps_hdlc bit is new, as is the Shorewall hit -- I've never seen a PPTP client get caught in the packet filters before. Both LEAF and the Poptop server have the following entries in /etc/shorewall/rules: ACCEPT net FW 47 - ACCEPT net FW tcp 1723 ACCEPT FW net 47 - ACCEPT FW net tcp 1723 Where should I start diagnosing this? Find out why ACCEPT net FW 47 - doesn't give you an error since the firewall zone is 'fw' (not FW). Seriously: If eth0 is your internet interface then you CAN'T have an ACCEPT rule for net-fw for protocol 47 and still be seeing the Shorewall messages you show above... -Tom -- Tom Eastep\ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] SUMMARY: Bering LEAF Intermittent downtime
I thought some of you might find the results of my problem interesting. I went out to the client's on Monday and looked over everything. There were some interesting things in the logs, but not enough to tell me what was causing the problem. After rebuilding the LEAF router, everything worked fine - for about 2 hours. Then, out of the blue, it stopped working. I found the source of the problem through a bit of luck. I hadn't enabled SSH and was too lazy to walk back to where the router was, so I launched a web browser to check things out (I had weblet loaded). Rather than see the LEAF web interface, a WebRamp screen came up. I asked the person in charge if their ISDN modem was connected to the network - I remembered the WebRamp screen from when I helped them make some configuration changes in the past. Sure enough, it was! It turned out that he trained a few people to unplug and plug back in the power to the ISDN modem if they were having problems (prior to the switch to the cable modem). Unfortunately, he left the ISDN modem in the wire closet and just unplugged it. Apparently, when they first started experiencing unrelated problems with the cable connection, someone went in the wire closet and plugged the ISDN modem back in - which had the same IP address as the internal NIC in the LEAF router. We removed the ISDN modem from the wiring closet and haven't experienced any downtime since. This leads me to another question: Why is another machine able to steal the IP address like that with Linux? Even Windoze prevents this from happening and just gives you an annoying popup to let you know someone else just connected with the same IP. Thanks especially to Ray Olszewski and Brad Fritz for their help! -sr - Original Message - From: Ray Olszewski [EMAIL PROTECTED] To: sr [EMAIL PROTECTED]; LEAF [EMAIL PROTECTED] Sent: Friday, September 20, 2002 9:02 PM Subject: Re: [leaf-user] Bering LEAF Intermittent downtime Sorry I dragged you through that initial review. It's clear from your replies that you've worked on this more than I realized from reading your first message. Still, I am having trouble understanding what you wrote. It *appears* that you are saying that when an outage occurs, you *can* ping the ISP's gateway from the LEAF router, but you *cannot* ping it from a LAN client. I get that from this combination of responses: 4. During the failure times, if you log into the LEAF router, can you ping [...] the gateway IP address? Yes ... and ... Basically, we can't ping anything external, including the ISPs gateway or DNS servers. The ISP claims that the cable modem has been up for over two weeks and he was running constant pings today and said there was 1% packet loss. However, we can't ping their gateway - at least not from and internal machine - I'll have to check if I can ping it from the router. Now I may still be minunderstanding you ... but this part is important to get exactly right. Specifically, during an outage, can the router itself ping the ISP's gateway? If is can, but the LAN clients cannot, then the problem lies somewhere in the interaction between the LAN clients and the LEAF router. Where? Well, the fact that the clients do not lose contect with the router itself (or, I presume, one another) rules out a lot of possibilities on the LAN side (including failure of the eth1 interface). If the ISP can regularly ping the router's external interface, that rules out any problems at that end (including failure of the eth0 interface). Almost the only thing in between these two interfaces is the Linux kernel itself -- most directly its iptables ruleset, as configured by Shorewall. I'm no Shorewall expert, so I'll leave it to Tom to suggest any possibilities here. All I can think to suggest is that you examine your logs (in /var/log/) for any kernel messages from iptables. OTOH, if I have misunderstood you and the router *cannot* ping the ISP's gateway at these times, then we need to understand why your ISP thinks it *can* ping you. On that score ... if we are talking about close-by pings, the 1% packet loss the ISP reports seeing is quite a lot. A system with negligible packet loss normally, and 3 5-minute outages during a day, would *average* 1% packet loss over the day. So I hope the ISP was doing a more exact test than this summary conveys. (I mention this concern because I have way too much experience with ISP sloppiness to trust ambiguous replies from ISPs.) More to the point, what is he pinging? Your external IP address (the one on the LEAF router)? If so, is his experience consistent with yours -- that is, if he pings you, and no other traffic is running, do the RX and TX packet count increase on the external interface? Or does the ISP ping some address on the interface it provides (the cable modem itself)? If that device has an IP address, can the router ping it? Even more to the point, where is the ISP pinging
[leaf-user] wisp-dist: The /proc/net/prism2/wlan device is duplicate when using two wlan cards
wisp-dist: The /proc/net/prism2/wlan device is duplicate when using two wlan cards On build 2341 - I have installed two wlan cards ( TT 100mW ) and when I go to the /proc/net/prism2 directory, I find two 'wlan0' entries. I am thinking it should show a wlan0 and a wlan1. Is this a bug or am I misreading? --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] wisp-dist: The /proc/net/prism2/wlan device is duplicate when using two wlan cards
wisp-dist: The /proc/net/prism2/wlan device is duplicate when using two wlan cards On build 2341 - I have installed two wlan cards ( TT 100mW ) and when I go to the /proc/net/prism2 directory, I find two 'wlan0' entries. I am thinking it should show a wlan0 and a wlan1. Is this a bug or am I misreading? --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html