Re: [leaf-user] Bering RC-4 unexplainable holes in shorewall - long
Not being a Shorewall expert, I waited a while to see if someone who knows Shorewall would spot the problem just from the config files you posted. Not seeing any replies of that sort, let me suggest you post a more complete report, following the advice in the SR FAQ. Then people (like me) who do not know Shorewall can see the underlying iptables rulesets and, perhaps, identfy the source of some of your problems. One piece of what you wrote is especially perplexing, though, namely -- most disturbing is my ability to ping internal clients on both internal networks from the EXTERNAL network - even masq'd clients. I know the norfc1918 option on zone net will stop this but shouldn't the overall policy of net2all prevent this? This one needs a bit more explanation. Since the external connection is a PPPoE connection, just where are you doing this ping'ing *from*? From out on the Internet, pings to your private addresses should not get even close to your LANs; the ISP's routers should stop them before they ever encounter your rulesets. If you traceroute to these addresses, do they really prove to be on your LANs (or are you just able to ping *some* hosts with 192.168.17.d addresses)? In any case, a look at the underlying iptables rulesets will probably let us see where any problem is. At 10:27 PM 11/1/02 -0400, Jeff Clark wrote: I'm setting up a Bering rc-4 box with pppoe net access and two internal networks - not a DMZ just 2 seperate internal networks. I want traffic blocked between the internal networks and from the 2nd network to the net. I've set up 3 zones: net is pppoe through eth0 ofl is 192.168.17.0/24 on 192.168.17.254 thorugh eth1 onl is 192.168.170.0/24 on 192.168.170.253 through eth2 Offline and Online are arbitrary names only, referring only to what we call each network in the office...think of them as A and B. Offline is to be masq'd and Online is not - Online is actually to be completely isolated from the internet and Offline. Think of Online as Area 51 - it simply doesn't exist to anyone outside of the office - it will be connected to an ipsec tunnel after I get the rest of this setup working to connect to a remote facility. Here are my zone, ifaces, policy and rules: # cat /etc/shorewall/zones | grep -v # net Net Internet ofl Offline Offline network onl Online Online network TOH-FW-1: -root- # cat /etc/shorewall/interfaces | grep -v # net ppp0- routefilter ofl eth1- routestopped onl eth2- TOH-FW-1: -root- # cat /etc/shorewall/policy | grep -v '#' ofl net ACCEPT fw net ACCEPT net all DROPinfo all all REJECT info TOH-FW-1: -root- # cat /etc/shorewall/rules | grep -v '#' ACCEPT fwnet tcp 53 ACCEPT fwnet udp 53 ACCEPT net fwtcp 22 ACCEPT ofl fwtcp 22 ACCEPT ofl fwudp 53 ACCEPT ofl fwtcp 80 ACCEPT net fwtcp 37 # shorewall stop;shorewall start Processing /etc/shorewall/shorewall.conf ... Processing /etc/shorewall/params ... Stopping Shorewall...Processing /etc/shorewall/stop ... done. Processing /etc/shorewall/shorewall.conf ... Processing /etc/shorewall/params ... Starting Shorewall... Initializing... Determining Zones... Zones: net ofl onl Validating interfaces file... Validating hosts file... Validating Policy file... Determining Hosts in Zones... Net Zone: ppp0:0.0.0.0/0 Offline Zone: eth1:0.0.0.0/0 Online Zone: eth2:0.0.0.0/0 Deleting user chains... Creating input Chains... Configuring Proxy ARP Setting up NAT... Adding Common Rules Adding rules for DHCP Setting up Kernel Route Filtering... IP Forwarding Enabled Processing /etc/shorewall/tunnels... Processing /etc/shorewall/rules... Rule ACCEPT fw net tcp 53 added. Rule ACCEPT fw net udp 53 added. Rule ACCEPT net fw tcp 22 added. Rule ACCEPT ofl fw tcp 22 added. Rule ACCEPT ofl fw udp 53 added. Rule ACCEPT ofl fw tcp 80 added. Rule ACCEPT net fw tcp 37 added. Setting up ICMP Echo handling... Processing /etc/shorewall/policy... Policy ACCEPT for fw to net using chain fw2net Policy DROP for net to fw using chain net2all Policy REJECT for ofl to fw using chain all2all Policy ACCEPT for ofl to net using chain ofl2net Masqueraded Subnets and Hosts: To 0.0.0.0/0 from eth1 through ppp0 Processing /etc/shorewall/tos... Rule all all tcp - ssh 16 added. Rule all all tcp ssh - 16 added. Rule all all tcp - ftp 16 added. Rule all all tcp ftp - 16 added. Rule all all tcp ftp-data - 8 added. Rule all all tcp - ftp-data 8 added. Activating Rules... Processing /etc/shorewall/OUTPUT ... Processing /etc/shorewall/start ...
[leaf-user] D-LINK DFE-690TXD
Hi folks does anyone know what pcmcia configuration is required for D-LINK DFE-690TXD, I found the the network driver is a 8139too. I could not find the necessary cs module to bind to. Thanks Erich THINK Püntenstrasse 39 8143 Stallikon mailto:erich.titl;think.ch PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] D-LINK DFE-690TXD
Hi Erich, * Erich Titl ([EMAIL PROTECTED]) [021102 09:00]: Hi folks does anyone know what pcmcia configuration is required for D-LINK DFE-690TXD, I found the the network driver is a 8139too. I could not find the necessary cs module to bind to. This is what I used as a reference: http://newton.physics.arizona.edu/~lapeyre/cardbus_DFE-690TXD/README --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] WISP partition questions
I've just started to play with WISP on a compact flash card. I've created a bootable WISP CF card but the process brought unexpected torment. It has left me with a few questions. ;-) Environment: 32Mb CF card in Silicon Kit IDE to CF adapter BIOS using CHS to see the CF card Torment: The CF card came out of a PocketPC and had files on it that I could see if I booted the WSIP hardware using a DOS floppy. In other words, it had a working partition on it. I found it impossible to create two partitions on this card using fdisk on a Win98 disk or using Partition Magic 6.0 or 7.0. After I'd fdised, all three tools misreported the the CF as having about 15Mb of free space after the first partition - even if the partition was 27Mb! When I ran syslinux.com -s c: against this card, I got no error but the system would hang on boot. In the end I formatted the card in a friend's PocketPC and then found it possible to copy the WISP files to it from the .zip file on the WISP downloads page at: http://sourceforge.net/project/showfiles.php?group_id=13751 I then made the CF bootable by booting a floppy and running syslinux -s c: against the CF card. Great! WISP now boots. But I'd like to create a second partition for WISP's read/write files... Now I looking at shoving an ancient Antec Descartes CF card reader/writer in a separate Linux box so I'm wondering if people have successfully partitioned and formatted the CF card for WISP using straightforward Linux fdisk and fdformat? Also, is the second partition to be DOS or minix or does it not matter? I've got an 8MB CF card so in theory I can dd the wisp-dist_2348_img_wdist.bin file on the LEAF downloads page. But... I can get this binary to yield its .img content. I've made it executable but executing it doesn't do anything. Is this a MacBinary? I'll bet I'm missing something else so I'm looking for a clue! I'll also be trying to work out how to get a RTL8019AS driver on to the CF but I reckon I'll be able to work that out on my own. I'm willing to contribute back to the WISP documentation of course. Thanks... Lee --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] D-LINK DFE-690TXD
Hi At 18:31 02.11.2002, JeeBak Kim wrote: Hi Erich, * Erich Titl ([EMAIL PROTECTED]) [021102 09:00]: Hi folks does anyone know what pcmcia configuration is required for D-LINK DFE-690TXD, I found the the network driver is a 8139too. I could not find the necessary cs module to bind to. This is what I used as a reference: http://newton.physics.arizona.edu/~lapeyre/cardbus_DFE-690TXD/README You are right, I need glasses Thanks Erich THINK Püntenstrasse 39 8143 Stallikon mailto:erich.titl;think.ch PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] OT: Cisco IGS Multiprotocol Router Bridge
Hi Gang, Does anyone have any interest in this piece of hardware? If so, it's yours for the cost of shipping. It has the serial and token ring connectors on the back, along with an aux and console port. I have no documentation and can not help you set it up. I don't have token ring at the house, and doubt I will be installing it anytime soon. If you know how to use it, and _can_ use it, drop me a private e-mail and we can go from there. Now back you your regularly scheduled program already in progress Thanks, Tony --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] D-LINK DFE-690TXD
Hi thanks for the info At 18:31 02.11.2002, JeeBak Kim wrote: Hi Erich, * Erich Titl ([EMAIL PROTECTED]) [021102 09:00]: Hi folks does anyone know what pcmcia configuration is required for D-LINK DFE-690TXD, I found the the network driver is a 8139too. I could not find the necessary cs module to bind to. This is what I used as a reference: http://newton.physics.arizona.edu/~lapeyre/cardbus_DFE-690TXD/README I believe all the necessary modules are available for bering. Could you please tell me what you used in the /etc/pcmcia/config.opts. I am probably binding to the wrong module (pcnet_cs) Thanks Erich THINK Püntenstrasse 39 8143 Stallikon mailto:erich.titl;think.ch PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] superformat followup..
I finally got one floppy to format from superformat /dev/fd0u1680 Felt a great accomplishment. But, try do it again on several different floppies and I get problems from the very start Stops almost immeadiatly with lseek invalid argument, huh? just re-enter the command and it doesn't do that again. It trys and gives continuous end_request: I/O error, dev 02:00 (floppy), sector number upto and past as I type this sector 1383 and keeps going forever. Why does everthing with Linux have to be so damn complicated, infuriating and cryptic? Hell, I even try superformat /dev/fd0h1440, a normal floppy right, immeadiatly fails with: Verifying cylinder 0, head 0 Error, 5120 bytes remaining Verifying cylinder 0, head 1 lseek: Invalid argument Then immeaditly re-run the same command AND IT WORKS! Running thru to the end and printing: mformat -s18 -t80 -h2 -S2 -M512 a: Just love apps that fail and then run normally. -- Jeff [EMAIL PROTECTED] --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] superformat question
I am at wits end. I am trying to create a 1680 floppy for using Bering. I've done this before. I created several for eigerstien. I cann't get a floppy to format 1680! I've tried three different Linux systems. I even tried a 650Mhz Thunderbird with via chipset USING the floppy drive off of the leaf box. First all do numnerous reseeks while formatting and after going through all of that they all fail at track 68 with: Verifying cylinder 68, head 1 Error, 9216 bytes remaining. Command is superformat /dev/fd0u1680 Which goes through it's raw data check, etc. What am I doing wrong? Is there a Windows program that formats 1680? -- Jeff [EMAIL PROTECTED] --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] superformat question
www.winimage.com , or just download the bering self extracting executable, create a floppy then delete the files and copy yours on the floppy Regards, Etienne Charlier [EMAIL PROTECTED] - Original Message - From: Jeff [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, November 02, 2002 8:34 PM Subject: [leaf-user] superformat question I am at wits end. I am trying to create a 1680 floppy for using Bering. I've done this before. I created several for eigerstien. I cann't get a floppy to format 1680! I've tried three different Linux systems. I even tried a 650Mhz Thunderbird with via chipset USING the floppy drive off of the leaf box. First all do numnerous reseeks while formatting and after going through all of that they all fail at track 68 with: Verifying cylinder 68, head 1 Error, 9216 bytes remaining. Command is superformat /dev/fd0u1680 Which goes through it's raw data check, etc. What am I doing wrong? Is there a Windows program that formats 1680? -- Jeff [EMAIL PROTECTED] --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] superformat followup..
Jeff Jeff wrote the following at 21:12 02.11.2002: I finally got one floppy to format from superformat /dev/fd0u1680 Felt a great accomplishment. But, try do it again on several different floppies and I get problems from the very start Stops almost immeadiatly with lseek invalid argument, huh? just re-enter the command and it doesn't do that again. sounds like either floppy quality or hardware HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:erich.titl;think.ch PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] superformat question
I cann't get a floppy to format 1680! I've tried three different Linux systems. I even tried a 650Mhz Thunderbird with via chipset USING the floppy drive off of the leaf box. snip What am I doing wrong? I'm not sure...I don't use superformat. Is there a Windows program that formats 1680? Yes, winimage will do it, and I think there may be a few other utilities. You could also just cheat and just run one of the self-extracting 1680K disk images, then delete all the files :-) Also, since you're using bering (which is based on Dachstein), you might check and see if you have the backupdisk command available. I wrote this script to allow folks to easily backup their 1680K boot disks using the firewall itself (rather than requiring folks use a full linux disto or something like winimage). The script formats the floppy using: fdformat device where device is the desired high-capacity floppy device (such as fd0u1680). You might try the fdformat command on your bering system, and see if you get any better results. Otherwise, maybe you've got a batch of bad floppies? Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] WISP partition questions
Lee Kimber wrote about [leaf-user] WISP partition questions: But I'd like to create a second partition for WISP's read/write files... Now I looking at shoving an ancient Antec Descartes CF card reader/writer in a separate Linux box so I'm wondering if people have successfully partitioned and formatted the CF card for WISP using straightforward Linux fdisk and fdformat? Yes. No need for fdformat though. Also, is the second partition to be DOS or minix or does it not matter? It would be minix, but what you set as partition type shouldn't matter. I've got an 8MB CF card so in theory I can dd the wisp-dist_2348_img_wdist.bin file on the LEAF downloads page. But... I can get this binary to yield its .img content. I've made it executable but executing it doesn't do anything. Is this a MacBinary? I'll bet I'm missing something else so I'm looking for a clue! Wait, this *is* an image. In other words, it's already extracted and ready to be dd'ed. :-) I'll also be trying to work out how to get a RTL8019AS driver on to the CF but I reckon I'll be able to work that out on my own. What is the usual Linux driver for it? ne2k-pci? -- Best Regards, Vladimir Systems Engineer (RHCE) --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] superformat question
On Saturday, November 2, 2002, at 01:34 PM, Jeff wrote: I am at wits end. I am trying to create a 1680 floppy for using Bering. I've done this before. I created several for eigerstien. If you've done this before, using the same machine, same floppy drive, etc, then it's almost certainly a bad set of floppies. I once had a run of 11 bad floppies in a row -- seems there's something about the larger disk format that just makes some floppies unhappy. My solution was to stop trying to reuse the old floppies that I dug out from under desks and behind radiators and just buy a fresh box of them -- didn't have any problems with those. Try it with a fresh disk, if that doesn't work, try it in a different machine with a fresh disk. . . though from the sound of it, it sure sounds like a couple of flaky floppies -- and generally, if the floppy's bad, it's bad. You can't just re-run superformat or fdformat and hope that it will work the next time around. good luck, -arif --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] WISP partition questions
Wait, this *is* an image. In other words, it's already extracted and ready to be dd'ed. :-) Ho ho! That caught me out nicely! ;-) I'll also be trying to work out how to get a RTL8019AS driver on to the CF but I reckon I'll be able to work that out on my own. What is the usual Linux driver for it? ne2k-pci? This is an ISA card so I'm guessing it is ne. The card is set up and has a non-conflicting IRQ but WISP is not finding it on boot. -- Best Regards, Vladimir Systems Engineer (RHCE) --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] bering and tinydns
hi, i'm toying with the idea of using a bering box ( p100 32M ram) with tinydns to be used for a public dns server. there will probably not be any client machines or servers behind this box. is anyone doing this?(i did not find much on this in the archives) any gotchas if someone is doing this now? thanks, brett __ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering RC-4 unexplainable holes in shorewall - long
--On Friday, November 01, 2002 10:27:51 PM -0400 Jeff Clark [EMAIL PROTECTED] wrote: My problems begin with the fact that shorewall does show a REJECT policy for the onl network with the all2all chain even though it appears to establish one - I cannot ftp or ssh from ofl to onl or access the net from ofl. The grammer and logic in the above paragraph defy words. I have absolutely no idea what you are trying to say. However, I can ping freely between the networks and most disturbing is my ability to ping internal clients on both internal networks from the EXTERNAL network - even masq'd clients. I know the norfc1918 option on zone net will stop this but shouldn't the overall policy of net2all prevent this? Pinging and overall policy are two different things in Shorewall. Most users (probably irrationally) expect to be able to ping even when they want to prevent establishment of any other type of connection -- they see 'ping' as the magic bullet that proves connectivity. In order to drive down the number of posts that say whine I can't ping /whine I implemented a shorewall.conf variable called FORWARDPING. If set to Yes, this variable causes icmp echo requests to be accepted in the FORWARD chain prior to the application of POLICY. FORWARDPING=Yes is the default value -- if you don't like it, you can of course set it to No. -Tom -- Tom Eastep\ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED] --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering RC4 + hostap_cs.o
I am working on creating a laptop based wireless access point. I have purchased two prismII based wlan cards (Engenius NL-2511CD PLUS - 200Mw!) and cannot get the AP drivers loaded. I am getting an error that the CardServices release does not match when I run insmod hostap_cs (after I have already loaded the 3 other hostap modules: hostap_crypt.o, hostap_crypt_wep.o and hostap.o). As far as I can tell, this is an incompatible combination. I am using the pcmcia.lrp from the latest area of the package repository for Bering and the modules that come with Bering RC4. My thought is that I need a version of the pcmcia.lrp that matches what the hostap_cs.o is built for. I tried to use the pcmcia.lrp package from RC3, but that suffers from the same problem along with not matching the release version for pcnet_cs.o either The PCMCIA service is working since my Ethernet adapter is a PCMCIA card (pcnet_cs.o) and it seems work under RC4. Eventually, I will be switching to the wisp-dist as soon as my CF to SFF-IDE flash adapter arrives in the mail, but since wisp-dist is also based on Bering, I will probably have the same problem. Any ideas on how to solve the problem? Any tips on how to bring up the wlan0 interface after the drivers are loaded would be a help too. I'm sure that will be my next hurdle. Thanks. --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] bering and tinydns
i'm toying with the idea of using a bering box ( p100 32M ram) with tinydns to be used for a public dns server. there will probably not be any client machines or servers behind this box. is anyone doing this?(i did not find much on this in the archives) any gotchas if someone is doing this now? I was doing something similar with LRP and bind for a while, but I've migrated to bind 9.x, which won't gracefully compile with the older libc used by LEAF distos, so I've moved DNS to RedHat based servers (I'm using lots of the new 9.x features, including multiple views, which is kind of akward to setup with tinydns). Other than issues you might run into with using tinydns vs the more standard bind, there are no particular gotcha's with using LEAF for a thin server OS. Although mainly used for routers firewalls, the nothing but the basics mentality works just as well for small, dedicated servers. Just remember you don't have emacs, perl, etc., but for something like a DNS server, you probably don't need that anyway. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] bering and tinydns
On 2002.11.02_17:39:26_+, Brett wrote: i'm toying with the idea of using a bering box ( p100 32M ram) with tinydns to be used for a public dns server. What did you refer to as public dns server? is it going to serve your dns data (tinydns)? or is it going to be a resolver that used by public to query dns data (dnscache)? there will probably not be any client machines or servers behind this box. ok. is anyone doing this?(i did not find much on this in the archives) any gotchas if someone is doing this now? Yes, if you have no client machine or server behind the box, that means one interface (NIC) is enough it. No gotchas, if you follow the documentation, both Bering and the official http://cr.yp.to/djbdns.html. FYI, the latter has been revamped lately, please check often because djb is updating the documentation very much daily. For basic installation, it have been there and proven helpful. thanks, brett -- H. D. Lee http://www.dutnux.com --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] bering and tinydns
this is to serve dns data with tinydns. i have it up and running, but was curious if this was a good project for leaf. so far the responses have said it is thanks, brett --- H. D. Lee [EMAIL PROTECTED] wrote: On 2002.11.02_17:39:26_+, Brett wrote: i'm toying with the idea of using a bering box ( p100 32M ram) with tinydns to be used for a public dns server. What did you refer to as public dns server? is it going to serve your dns data (tinydns)? or is it going to be a resolver that used by public to query dns data (dnscache)? there will probably not be any client machines or servers behind this box. ok. is anyone doing this?(i did not find much on this in the archives) any gotchas if someone is doing this now? Yes, if you have no client machine or server behind the box, that means one interface (NIC) is enough it. No gotchas, if you follow the documentation, both Bering and the official http://cr.yp.to/djbdns.html. FYI, the latter has been revamped lately, please check often because djb is updating the documentation very much daily. For basic installation, it have been there and proven helpful. thanks, brett -- H. D. Lee http://www.dutnux.com --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html __ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Need help getting Intel PRO/100 S Desktop Adapterrecognized.
[EMAIL PROTECTED] wrote: The PCI bus is scanned properly under RedHat 7.2 and works fine. I don't think that is it. In fact the dmesg output looks ok to me and is almost the same under redhat and bering rc4, except for the PCI stuff that is. I have disabled the realtek card. OK, I have a wild idea based on a troubling experience I had two weeks ago. Oracle has just created bug 2652798 on their Oracle Lite product. I had two identical servers at work. One had more memory than the other. The Compaq server with less memory displayed the Mobile Server webtogo site in Oracle Lite properly. The production server with over 1405MB would not serve the webtogo site up. Apache just hung on the page. Go figure! I lost a week on the project until I took some memory out. :-( I don't have time to try it now plus I'd have to try the Bering distribution, but my ECS board below has sockets for both PC 133 and PC2100 memory. PC2100 memory is faster, and perhaps requires a different bus architecturally in the kernel. (That's was the best speed increase in a computer that I have seen in awhile when I switched from PC133 to PC2100 on this mother board. YaDa YaDA.) So my proposal is to try and boot Bering on this mother board presuming it would fail to recognize the Ethernet cards. Switch back to PC133 and boot Bering again presuming it would recognize the Ethernet cards. If this proves to be true, then perhaps there are kernel options to recognize PC2100 and the newer PC2700 memory. Perhaps Red Hat has compiled them into the kernel? Perhaps Bering would have to compile them in? (H PC2700 memory bus speeds at 333MHZ. What a concept!?) On Fri, 01 Nov 2002 20:39:16 -0700 Greg Morgan [EMAIL PROTECTED] wrote: Jeff Greer wrote: It would appear to be a CPU issue. I am running an AMD 1700+ with 128MB DDR 2100 RAM. For what its worth many of these boards have lots of on-board extras. My Elitegroup ECS K7S5A, which sounds like yours has both a reltec ethernet and AMR devices onboard. I disabled them. Ummm...I go for cheap any more on component, which the ECS falls under. So far I've had no problems. Any chance the PCI bus is bad on the motherboard? Greg Morgan --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering RC-4 unexplainable holes in shorewall - long
- Original Message - From: Tom Eastep [EMAIL PROTECTED] To: Jeff Clark [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Saturday, November 02, 2002 10:22 PM Subject: Re: [leaf-user] Bering RC-4 unexplainable holes in shorewall - long --On Friday, November 01, 2002 10:27:51 PM -0400 Jeff Clark [EMAIL PROTECTED] wrote: My problems begin with the fact that shorewall does show a REJECT policy for the onl network with the all2all chain even though it appears to establish one - I cannot ftp or ssh from ofl to onl or access the net from ofl. The grammer and logic in the above paragraph defy words ^^^ I have seen far worse on this list that didn't solicit a comment such as this=-) My question was why does the output of 'shorewall start' not list all zone-to-zone policies? For example, in my original post I stated that I've create 2 internal zones, 'ofl' and 'onl'. I have not created any policies or rules to allow traffic between 'ofl' and 'onl'. Therefore I would expect to see output from 'shorewall start' such as: Policy REJECT for ofl to onl using chain all2all Policy REJECT for onl to ofl using chain all2all As shown in the original post, these policies are not listed. Further testing at the time showed me that traffic such as ftp or ssh are indeed rejected between the 2 zones 'onl' and 'ofl'. Further testing today has shown me that 'shorewall start' only shows policies between zones if the zones are referenced in a rule. This all makes sense to me now and renders the above question pointless, unless I'm way off here, in which case please feel free to correct me. There is still the question of pinging between networks that are isolated by policy, which is discussed below. However, I can ping freely between the networks and most disturbing is my ability to ping internal clients on both internal networks from the EXTERNAL network - even masq'd clients. I know the norfc1918 option on zone net will stop this but shouldn't the overall policy of net2all prevent this? Pinging and overall policy are two different things in Shorewall. Most users (probably irrationally) expect to be able to ping even when they want to prevent establishment of any other type of connection -- they see 'ping' as the magic bullet that proves connectivity. I agree with you here. If one is preventing ALL connections between networks then there is no need to ping between those networks - ping within the network or from the gateway only. In order to drive down the number of posts that say whine I can't ping /whine I implemented a shorewall.conf variable called FORWARDPING. If set to Yes, this variable causes icmp echo requests to be accepted in the FORWARD chain prior to the application of POLICY. FORWARDPING=Yes is the default value -- if you don't like it, you can of course set it to No. I've since re-read Tom's excellent doc's (after a long break) and FORWARDPING slapped me square in the forehead. FORWARDPING is now set to no. ( I knew I was missing something horrendously obvious but that's what happens after 10 or 12 hours of working on this stuff without stepping away for a while =-) ) I have now solved my problem of isolating the two networks from each other, including pinging, with filterping and FORWARDPING set to no. Filterping on an interface does have a side affect of preventing machines on that network from pinging that interface if you do not ACCEPT traffic from that zone to fw. However this is easily overcome by adding the a rule to ACCEPT icmp from that zone to fw:ip.of.that.ethx/32 Okay, it's 2 am again and I'm rambling...again. Lessons learned are: (a) if you can't get something to work that should work, take a break every now and then or you'll end up screwing it up worse, and (b) if you're going to criticize someone's grammar, spell it correctly (just kidding!!!Please no flames!) =-) --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
