RE: [leaf-user] Bering log rotation - weblet view
You are quite right, I changed the group that savelog uses and now all is A OK! -Original Message- From: Troy Aden [mailto:Troy.Aden;WaveCom.CA] Sent: Sunday, November 03, 2002 8:41 PM To: 'Luis.F.Correia'; [EMAIL PROTECTED] Subject: RE: [leaf-user] Bering log rotation - weblet view Read the Bering Erratta page. There is a couple fixes for that there. Hope this helps. Troy -Original Message- From: Luis.F.Correia [mailto:Luis.F.Correia;seg-social.pt] Sent: November 3, 2002 2:11 PM To: [EMAIL PROTECTED] Subject: [leaf-user] Bering log rotation - weblet view Hi! This must sound strange from me but I have left my router on for over a day, which isn't normal for me (dial-up). This morning when I turned my main PC on and went to take a look at the messages, ppp.log and so on, I got the 'File not readable:kern.log' error. What is this? Some kind of permissions issue? Does it have to do with the log rotation? I am using Bering V1.0-rc3. Thanks! --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Via VT86C926 nic drivers
Hi I have a Via VT86C926 PCI network adapter, and not find his bering driver. I just looking in bering modules package. Where can find it ?? thanks roberto --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re:[leaf-user] Via VT86C926 nic drivers
I have a Via VT86C926 PCI network adapter, and not find his bering driver. I just looking in bering modules package. I think this is a ne2000 compatible card. Try to load 8390.o and ne.o (both provided on the Bering floppy) Jacques - SPECIAL ADSL L'ADSL Tiscali est à partir de 15,95 EUR/mois ! Plus modem ADSL et frais d'activation gratuits ! Pour profiter de cette offre, cliquez ici: http://register.tiscali.fr/adsl/ Offre soumise à conditions. --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Via VT86C926 nic drivers
That card is an ne2000 compatible, so you'll need to use 8390 then ne2k-pci cheers Julian At 09:00 04/11/02 -0300, Roberto Pereyra wrote: Hi I have a Via VT86C926 PCI network adapter, and not find his bering driver. I just looking in bering modules package. Where can find it ?? thanks roberto --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re:[leaf-user] Via VT86C926 nic drivers
Where can find it ?? Oops... I meant 8390.o and ne2k-pci.o. Both are on the floppy. Jacques - SPECIAL ADSL L'ADSL Tiscali est à partir de 15,95 EUR/mois ! Plus modem ADSL et frais d'activation gratuits ! Pour profiter de cette offre, cliquez ici: http://register.tiscali.fr/adsl/ Offre soumise à conditions. --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Re: possible GPLed e1000 module source (was: Intel PRO/1000 (e1000)module...)
Hello, here are some infos of the different distros we have currently installed on our production and test machines. (SuSE 7.3 - kernel 2.4.10 - e1000 3.1.23) SuSE 7.3 - kernel 2.4.16 - e1000 3.5.19 SuSE 8.0 - kernel 2.4.18 - e1000 4.2.4 Red Hat 7.3 - kernel 2.4.18 - e1000 4.1.7 Red Hat 8.0 - kernel 2.4.18 - e1000 4.3.2 Because these drivers are fairly old, I didn't try the ones from these distros. Instead I used the e1000 driver module (v4.3.15) mailed to me by Jacques Nilo (Thanks). If anyone needs this driver too, please drop me an email. Because this driver is now available under GPLv2 and can also be found in upcoming kernel releases, maybe the module will also be available in the next Bering release candidate. BTW, according to the sources/diffs of kernel-2.4.20-rc1, the e1000 driver v4.4.12 is included there, even newer version than the one on sourceforge. Stefan --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Problems getting an ip address with pump and dhclient
Hi all, I'm having some problems with dhcp setup. I have a Bering firewall, which works fine as far as I can test it (rc4). I'm trying to get an ip address from a cable provider (Blueyonder, UK). I'm using a two wireless access points in bridge mode to connect the LEAF box with the cable modem. I've tested this wrireless bridge with two different PCs, and it seems to work fine. I've registered the LEAF external nic mac address with Blueyonder, but I can't get any DHCP server response. I tried pump, then dhclient. When using pump, I thought maybe the mac address wasn't being sent, as the hw_address field was blank in the log. But, dhclient seems to send it fine (maybe they both do, and my problem lies elsewhere) The logs from pump and dhclient are below. Many thanks for any help. regards Dave Nov 4 15:00:37 firewall pumpd[2279]: PUMP: sending discover Nov 4 15:00:37 firewall pumpd[2279]: breq: opcode: 1 Nov 4 15:00:37 firewall pumpd[2279]: breq: hw: 1 Nov 4 15:00:37 firewall pumpd[2279]: breq: hwlength: 6 Nov 4 15:00:37 firewall pumpd[2279]: breq: hopcount: 0 Nov 4 15:00:37 firewall pumpd[2279]: breq: xid: 0x19df7856 Nov 4 15:00:37 firewall pumpd[2279]: breq: secs: 0 Nov 4 15:00:37 firewall pumpd[2279]: breq: flags: 0x Nov 4 15:00:37 firewall pumpd[2279]: breq: ciaddr: 0.0.0.0 Nov 4 15:00:37 firewall pumpd[2279]: breq: yiaddr: 0.0.0.0 Nov 4 15:00:37 firewall pumpd[2279]: breq: server_ip: 0.0.0.0 Nov 4 15:00:37 firewall pumpd[2279]: breq: bootp_gw_ip: 0.0.0.0 Nov 4 15:00:37 firewall pumpd[2279]: breq: hwaddr: Nov 4 15:00:37 firewall pumpd[2279]: breq: servername: Nov 4 15:00:37 firewall pumpd[2279]: breq: bootfile: Nov 4 15:00:37 firewall pumpd[2279]: breq: vendor: 0x63 0x53 0x82 0x63 Nov 4 15:00:37 firewall pumpd[2279]: breq: vendor: 53 1 0x01 Nov 4 15:00:37 firewall pumpd[2279]: breq: vendor: 0xff Nov 4 15:00:57 firewall pumpd[2279]: reject: xid: 0x19df7856 -- 0x64a663f2 Nov 4 15:00:57 firewall pumpd[2279]: PUMP: sending discover Nov 4 15:00:57 firewall pumpd[2279]: breq: opcode: 1 Nov 4 15:00:57 firewall pumpd[2279]: breq: hw: 1 Nov 4 15:00:57 firewall pumpd[2279]: breq: hwlength: 6 Nov 4 15:00:57 firewall pumpd[2279]: breq: hopcount: 0 Nov 4 15:00:57 firewall pumpd[2279]: breq: xid: 0x19df7842 Nov 4 15:00:57 firewall pumpd[2279]: breq: secs: 0 Nov 4 15:00:57 firewall pumpd[2279]: breq: flags: 0x Nov 4 15:00:57 firewall pumpd[2279]: breq: ciaddr: 0.0.0.0 Nov 4 15:00:57 firewall pumpd[2279]: breq: yiaddr: 0.0.0.0 Nov 4 15:00:57 firewall pumpd[2279]: breq: server_ip: 0.0.0.0 Nov 4 15:00:57 firewall pumpd[2279]: breq: bootp_gw_ip: 0.0.0.0 Nov 4 15:00:57 firewall pumpd[2279]: breq: hwaddr: Nov 4 15:00:57 firewall pumpd[2279]: breq: servername: Nov 4 15:00:57 firewall pumpd[2279]: breq: bootfile: Nov 4 15:00:57 firewall pumpd[2279]: breq: vendor: 0x63 0x53 0x82 0x63 Nov 4 15:00:57 firewall pumpd[2279]: breq: vendor: 53 1 0x01 Nov 4 15:00:57 firewall pumpd[2279]: breq: vendor: 0xff Nov 4 15:01:09 firewall pumpd[2279]: reject: xid: 0x19df7842 -- 0x30cbf0de Nov 4 16:15:02 firewall dhclient: No working leases in persistent database - sleeping. Nov 4 16:16:25 firewall dhclient: Internet Software Consortium DHCP Client 2.0pl5 Nov 4 16:16:25 firewall dhclient: Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium. Nov 4 16:16:25 firewall dhclient: All rights reserved. Nov 4 16:16:25 firewall dhclient: Nov 4 16:16:25 firewall dhclient: Please contribute if you find this software useful. Nov 4 16:16:25 firewall dhclient: For info, please visit http://www.isc.org/dhcp-contrib.html Nov 4 16:16:25 firewall dhclient: Nov 4 16:16:26 firewall dhclient: Listening on LPF/eth0/00:c0:df:e6:9f:41 Nov 4 16:16:26 firewall dhclient: Sending on LPF/eth0/00:c0:df:e6:9f:41 Nov 4 16:16:26 firewall dhclient: Sending on Socket/fallback/fallback-net Nov 4 16:16:26 firewall dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8 Nov 4 16:16:34 firewall dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8 Nov 4 16:16:42 firewall dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 14 Nov 4 16:16:56 firewall dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 15 Nov 4 16:17:11 firewall dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 15 Nov 4 16:17:26 firewall dhclient: No DHCPOFFERS received. --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Need logging help.
Ray, I finally got time to do this 'right'.
If you want to take the time to look at it, cool,
there is certainly no urgency on my part.
I rearranged the firewall script a little, partly because
of one of your suggestions and it seems to be performing
very well. Now I have no idea where the New non SYNs are coming from.
I marked them in the log with !!! to make them a little easier to find.
There are 10 of them in aboyt 12 minutes.
I hope Lotus Notes didn't screw up the log too bad.
#!/bin/bash
#
# firewall_std ( firewall_tmp )
#
# Our Standard firewall with no services open
#
# The opening of sevices comes about from
# /var/www/cgi-bin/permits.rfg,services.rfg
# via firewtmp.py
[ /var/www/cgi-bin/sshconf.rfg ] . /var/www/cgi-bin/sshconf.rfg
[ /var/www/cgi-bin/firewall.rfg ] . /var/www/cgi-bin/firewall.rfg
[ /var/www/cgi-bin/log.rfg ] . /var/www/cgi-bin/log.rfg
# importing this file will give us the interface devices
[ /var/www/cgi-bin/conf.rfg ] . /var/www/cgi-bin/conf.rfg
# these will give us the address, the net
#the mask and the broadcast
# these might not agree with our conf file after
#network is run, so best to ask the system
XT_IF=`ip addr show $XT_DEVICE |grep inet| grep brd|awk '{print $2}' | \
awk -F / '{print $1}'`
XT_MASK=`ip addr show $XT_DEVICE |grep inet| grep brd|awk '{print $2}' | \
awk -F / '{print $2}'`
XT_BCAST=`ip addr show $XT_DEVICE |grep inet| grep brd|awk '{print $4}'`
IT_IF=`ip addr show $IT_DEVICE | grep inet | awk '{print $2}' | \
awk -F / '{print $1}'`
IT_MASK=`ip addr show $IT_DEVICE | grep inet | awk '{print $2}' | \
awk -F / '{print $2}'`
IT_BCAST=`ip addr show $IT_DEVICE | grep inet | awk '{print $4}'`
IT_NET=`ip route | grep proto | grep $IT_DEVICE|awk '{print $1}'`
XT_GW=`ip route | grep default via | awk '{print $3}'`
LOOPBACK=127.0.0.0/8
CLASSA=10.0.0.0/8
CLASSB=172.16.0.0/12
CLASSC=192.168.0.0/16
CLASSD_MULTI=224.0.0.0/4
CLASSE_RESERV=240.0.0.0/5
## get the DNS servers from the system
NSLIST=`cat /etc/resolv.conf|grep nameserver\
|awk '{printf (%s , $2) }'`
i=0
for NS in $NSLIST; do
eval DNS${i}=$NS
i=$(( $i + 1 ))
done
IPT=/sbin/iptables
# LOG MARTIANS ( kernel ?? i don't think so )
# echo 1 /proc/sys/net/ipv4/conf/all/log_martians
# TURN ON FORWARDING
echo 1 /proc/sys/net/ipv4/ip_forward
# Enable response to ping, handle in iptables
echo 0 /proc/sys/net/ipv4/icmp_echo_ignore_all
# Disable response to broadcasts ( Smurf attacks )
echo 1 /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# Disable redirects
echo 0 /proc/sys/net/ipv4/conf/all/accept_redirects
# Disable source routing
echo 0 /proc/sys/net/ipv4/conf/all/accept_source_route
# Bad error message protection
echo 1 /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
# INSERT HERE THE ALL OPEN OR ALL CLOSED RULE
# IF permits.rfg = 0 or 9
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -t nat -X
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT
### Let's always allow ping on the inside
$IPT -A INPUT -j ACCEPT -i $IT_DEVICE -p icmp --icmp-type 0
$IPT -A INPUT -j ACCEPT -i $IT_DEVICE -p icmp --icmp-type 8
### Let us reject Forwarding of NetBios Broadcasts to the outside
$IPT -A FORWARD -i $IT_DEVICE -s $IT_NET -p udp --dport 137:139 -j DROP
$IPT -A FORWARD -i $IT_DEVICE -s $IT_NET -p udp --dport 445 -j DROP
# INSERT PORT FORWARDS HERE
# WE HAVE TO ALLOW CONNECTIONS FOR THOSE PORTS
# BECAUSE WE DISALLOW THEM LATER
# INSERT HERE THE ALL OPEN OR ALL CLOSED RULE
# IF permits.rfg = 8
!!! Here is the section in question
# LOG and DISALLOW BAD TCP packets, NEW non connections
$IPT -A INPUT-p tcp ! --syn -m state --state NEW -j LOG --log-prefix IP New
non SYN:
$IPT -A FORWARD -p tcp ! --syn -m state --state NEW -j LOG --log-prefix IP New
non SYN:
$IPT -A INPUT-p tcp ! --syn -m state --state NEW -j DROP
$IPT -A FORWARD -p tcp ! --syn -m state --state NEW -j DROP
# INSERT LOGGING RULES
$IPT -A INPUT -i $XT_DEVICE -p tcp --syn -j LOG --log-prefix TCP LOG:
$IPT -A FORWARD -i $XT_DEVICE -p tcp --syn -j LOG --log-prefix TCP LOG:
$IPT -A INPUT -i $XT_DEVICE -p ! tcp -j LOG --log-prefix IP LOG:
$IPT -A FORWARD -i $XT_DEVICE -p ! tcp -j LOG --log-prefix IP LOG:
# ALLOW ALL replies to established connections
$IPT -A INPUT-m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
!!!
### Let's always deny access to internal net from outside
$IPT -A FORWARD -i $XT_DEVICE -d $IT_NET -j DROP
# temporary for CM1,2,3
# $IPT -A INPUT -p tcp --dport 21560 -j ACCEPT
# $IPT -A INPUT -p tcp --dport 21563 -j ACCEPT
# ALLOW LOOPBACK
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT
# ENABLE NAT
if [ $MASQ = YES ]; then
$IPT -t nat -A POSTROUTING -o $XT_DEVICE -j SNAT --to-source $XT_IF
fi
# $IPT -t nat -A PREROUTING -p tcp -d $XT_IF2 --dport 22 \
# -j DNAT --to
Re: [leaf-user] Need logging help.
At 10:29 AM 11/4/02 -0600, [EMAIL PROTECTED] wrote: Ray, I finally got time to do this 'right'. If you want to take the time to look at it, cool, there is certainly no urgency on my part. Well, there is not all that much for me to look at, since (once again) you have not supplied the information I suggest including in the SR FAQ. Most of what is here is a firewall script you (or someone) wrote, and while I can struggle through it, doing so is much harder (and less certain to yield understanding) than reading the actual set of iptables rules the script generates ... especially when the script gets the network addresses from an external source, so lacks any information on them. I can offer a couple of small observations, and do, below (though commenting on them is hard since I don't know what relationships the various source and destination addresses have to your internal and external networks, and I no longer have your prior postings handy to check). I rearranged the firewall script a little, partly because of one of your suggestions and it seems to be performing very well. Now I have no idea where the New non SYNs are coming from. I marked them in the log with !!! to make them a little easier to find. [...] !!! Here is the section in question # LOG and DISALLOW BAD TCP packets, NEW non connections $IPT -A INPUT-p tcp ! --syn -m state --state NEW -j LOG --log-prefix IP New non SYN: $IPT -A FORWARD -p tcp ! --syn -m state --state NEW -j LOG --log-prefix IP New non SYN: $IPT -A INPUT-p tcp ! --syn -m state --state NEW -j DROP $IPT -A FORWARD -p tcp ! --syn -m state --state NEW -j DROP I would note here that taken by itself, the FORWARD-table rules will LOG and DROP all new-connection packets, not just ones originating on the external interface. Of course, prior rules in the table may ACCEPT some new connections (ideally, ones originating on the LAN), but as I said, this script form is too hard for me to work through to sort out the sequence of the ruleset. [...] !!Here is a New non SYN Nov 4 09:37:53 NLynxGW kernel: IP New non SYN: IN=eth0 OUT= MAC=00:04:e2:10:4a:68:00:e0:1e:5f:f4:69:08:00 SRC=56.0.78.82 DST=66.118.15.69 LEN=40 TOS=0x00 PREC=0x00 TTL=114 ID=64142 PROTO=TCP SPT=80 DPT=1230 WINDOW=0 RES=0x00 RST URGP=0 Well, I will guess here that this is an INPUT-table report (your intended rules do not readily distinguish INPUT- and FORWARD-table logging). The source IP address appears, from its associated FQN, to be a US Post Office Web server (postcalc1.usps.gov). I assume the destination port is your external IP address. You might look into who uses that server and for what, to figure out why it is trying to initiate an extra connection to your site. In any case, I'd guess from this log entry (and particularly from the fact that we do not see a FORWARD-table entry following it closely) that the -j DROP rule is working. [...] !!Here is a New non SYN Nov 4 09:38:23 NLynxGW kernel: IP New non SYN: IN=eth0 OUT= MAC=00:04:e2:10:4a:68:00:e0:1e:5f:f4:69:08:00 SRC=56.0.78.82 DST=66.118.15.69 LEN=40 TOS=0x00 PREC=0x00 TTL=114 ID=5647 PROTO=TCP SPT=80 DPT=1229 WINDOW=0 RES=0x00 RST URGP=0 Same thing, different packet ID number, so probably another INPUT-table logging from the same source. [...] !!Here is a New non SYN Nov 4 09:38:50 NLynxGW kernel: IP New non SYN: IN=eth0 OUT= MAC=00:04:e2:10:4a:68:00:e0:1e:5f:f4:69:08:00 SRC=56.0.78.69 DST=66.118.15.69 LEN=40 TOS=0x00 PREC=0x00 TTL=114 ID=37197 PROTO=TCP SPT=80 DPT=1233 WINDOW=0 RES=0x00 RST URGP=0 Same as the first two, except a different USPS server (ircalc-a.usps.gov). [...] !!Here is a New non SYN Nov 4 09:39:20 NLynxGW kernel: IP New non SYN: IN=eth0 OUT= MAC=00:04:e2:10:4a:68:00:e0:1e:5f:f4:69:08:00 SRC=56.0.78.69 DST=66.118.15.69 LEN=40 TOS=0x00 PREC=0x00 TTL=114 ID=42857 PROTO=TCP SPT=80 DPT=1232 WINDOW=0 RES=0x00 RST URGP=0 Same thing again. [...] !!Here is a New non SYN Nov 4 09:41:24 NLynxGW kernel: IP New non SYN: IN=eth0 OUT=eth1 SRC=209.119.238.78 DST=192.168.1.7 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=36350 PROTO=TCP SPT=3729 DPT=25 WINDOW=0 RES=0x00 RST URGP=0 This one is stranger, since its destination is a non-routable address. And I cannot do a reverse lookup on 209.119.238.78. Without more info about your setup, I cannot say anything useful here. [...] !!Here is a New non SYN Nov 4 09:44:53 NLynxGW kernel: IP New non SYN: IN=eth1 OUT=eth0 SRC=192.168.1.133 DST=207.229.152.40 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=61696 DF PROTO=TCP SPT=1035 DPT=80 WINDOW=8383 RES=0x00 ACK FIN URGP=0 Yes, but this time (and this is true for a bunch of the ones that follow this one in your report) the source interface is eth1, which I assume is an internal (LAN or DMZ) interface. LAN hosts are *supposed* to initiate connections through the firewall. In the example above, it appears that someone on your LAN is trying to connect to a Web site at Akamei
Re: [leaf-user] Problems getting an ip address with pump and dhclient
At 05:03 PM 11/4/02 +, Dave Anderson wrote: Hi all, I'm having some problems with dhcp setup. I have a Bering firewall, which works fine as far as I can test it (rc4). I'm trying to get an ip address from a cable provider (Blueyonder, UK). I'm using a two wireless access points in bridge mode to connect the LEAF box with the cable modem. I've tested this wrireless bridge with two different PCs, and it seems to work fine. Does seems to work fine mean that these two different PCs are able to get DHCP leases from your ISP? Or do you have a lesser standard for work fine? If the second, there are a couple of other things to try (aside from the test I imply in the first, if you can do it). 1. If you connect the LEAF host, does it too work fine ... that is, do successfully whatever the 2 PCs do successfully in your tests? 2. If you connect the LEAF host directly (that is, via a UTP-based NIC and a suitable cable ... I don't know if the cable modem requires a normal or crossover cable) to the cable modem, is it able to get a DHCP lease from the ISP? From what you have told us, we (and you) do not really know where in the overall setup the point of failure is (unless, of course, seems to work fine did mean the first of the two possibilities I indicate). These tests should let you pin that down. I've registered the LEAF external nic mac address with Blueyonder, but I can't get any DHCP server response. I tried pump, then dhclient. When using pump, I thought maybe the mac address wasn't being sent, as the hw_address field was blank in the log. But, dhclient seems to send it fine (maybe they both do, and my problem lies elsewhere) The logs from pump and dhclient are below. The other thing to check is whether whichever firewall package you are using is set to allow DHCP replies, particularly ones that come from non-routable IP addresses (many ISPs use 10.b.c.d addresses for DHCP servers), to enter your router. Does your firewall package log any DROPs associated with DHCP responses? I've deleted the logs since they don't suggest anything to me, other than confirming that you get no lease responses. [rest deleted] -- ---Never tell me the odds! Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] --- --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] bandwidth manager with htb
Hi again I have now, this message when shorewall start: RTNETLINK answers= Not such file or directory Is this a important error or only a warning. thanks roberto On Fri, Nov 01, 2002 at 01:55:39PM +0100, Kim Oppalfens wrote: Probably not, Added the list back to the conversation (use reply all when replying thanks). Depends on what you are trying to do. But I would gamble that since you started from htb init you will probably need : cls_fw.o or cls_u32.o Sch_htb.o off course Sch_sfq.o Sch_prio.o Sch_ingress.o And yes you need to add those to /etc/modules Kim Oppalfens -Original Message- From: Roberto Pereyra [mailto:leaf;gualeguaychu.gov.ar] Sent: vrijdag 1 november 2002 13:24 To: [EMAIL PROTECTED] Subject: Re: [leaf-user] bandwidth manager with htb Thanks all again ! another question: To tc and bandwidth manager works fine I must copy all the modules that have: bering_1.0r4_modules.tgz file under the /2.4.18/kernel/net/sched in my bering /lib/modules directory ?? It's rigth ?? I need do it ?? These are seventeen files. I must too write all the modules names in the module configuration file ?? Excuse my poor english I spanish speaker. thanks roberto On Tue, Oct 29, 2002 at 12:25:19PM +0100, [EMAIL PROTECTED] wrote: No problem. Is it working as expected? Kim -- Original Message -- Date: Tue, 29 Oct 2002 08:22:31 -0300 To: [EMAIL PROTECTED] Subject: Re: [leaf-user] bandwidth manager with htb From: [EMAIL PROTECTED] (Roberto Pereyra) thanks Kim roberto On Mon, Oct 28, 2002 at 02:42:54PM +0100, [EMAIL PROTECTED] wrote: insert the contents of htb.init in the tcstart file in the shorewall directory Kim Oppalfens -- Original Message -- To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] (Roberto Pereyra) Subject: [leaf-user] bandwidth manager with htb Date: Mon, 28 Oct 2002 10:08:17 -0300 Hi I have the tc complied commands with htb.init from http://freshmeat.net/proyects/htb.init for my network bandwidth manager. (htb.init compile) Where I must to insert it ?? There works with shorewall ?? I run the lastest bering version. thanks a lot roberto pereyra ? Where I must insert it ?? --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf -- -- leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf --- - leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] weird log message udp500
Anyone care to look at this? I am seeing something really weird in my log about every 40 seconds: Nov 4 13:30:24 NLynxGW kernel: IP LOG: IN=eth0 OUT= MAC=00:04:e2:10:4a:68:00:e0:1e:5f:f4:69:08:00 SRC=63.121.22.5 DST=66.118.15.69 LEN=56 TOS=0x00 PREC=0x00 TTL=117 ID=44044 PROTO=ICMP TYPE=3 CODE=3 [SRC=66.118.15.69 DST=63.121.22.5 LEN=204 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=UDP SPT=500 DPT=500 LEN=184 ] Does the second part of the message, enclosed in [ ] refer to encapsulation, or is this the source mesage which the echo reply is responding to? And why upd 500? I have a bunch of IPSec connections defined, but not with any of these addresses. The regularity is also a mystery to me. --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Fw: cable modem and loosing the connection
Hi! I'm getting mad with this problem... I've got cable modem which provides me a connection to i-net. And I wont to use Dachstein/Bering router to share the net. Probably one of the standard using of this distro :-). I connected everything, configured modules, network cards, ... and try to connect. Everything was fine (I've got DHCP leased succesful and I was able to broswe the net - also at internal network, also directly from the router). But after a while (5-30min) the connection suddenly stops. Modem is stil blinking and I can ping router from local network (but ONLY the router, I losted the connection out). But from the router I can't ping out If I restart Dachstein/Bering router, it can't lease new IP and the only way how to solve it is restart the cable modem! I tried to change pump lease time (shorter and longer) but without success. Everytime it screwes up after this period of time (10min in average). I really don't know what shall I do. I'm now thinking about completely disable the firewall function and set routing (with masqurade) for ALL trafic. Does somebody have any idea how to solve this problem? I can send also some LOG files. Thanks a lot, Vasek. --- Odchoz zprva neobsahuje viry. Zkontrolovno antivirovm systmem AVG (http://www.grisoft.cz). Verze: 6.0.408 / Virov bze: 230 - datum vydn: 24.10.2002 --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] bandwidth manager with htb
As Kim suggested, copy any modules you plan on using into the /lib/modules/ directory. I use the following modules: cls_fw.o, Sch_htb.o and Sch_sfq.o. Once the files are there, add the modules to the /etc/modules file. Exclude the .o extension. I believe you need to backup modules.lrp and etc.lrp. Cheers, Todd Roberto Pereyra wrote: Hi again I have now, this message when shorewall start: RTNETLINK answers= Not such file or directory Is this a important error or only a warning. thanks roberto On Fri, Nov 01, 2002 at 01:55:39PM +0100, Kim Oppalfens wrote: Probably not, Added the list back to the conversation (use reply all when replying thanks). Depends on what you are trying to do. But I would gamble that since you started from htb init you will probably need : cls_fw.o or cls_u32.o Sch_htb.o off course Sch_sfq.o Sch_prio.o Sch_ingress.o And yes you need to add those to /etc/modules Kim Oppalfens -Original Message- From: Roberto Pereyra [mailto:leaf;gualeguaychu.gov.ar] Sent: vrijdag 1 november 2002 13:24 To: [EMAIL PROTECTED] Subject: Re: [leaf-user] bandwidth manager with htb Thanks all again ! another question: To tc and bandwidth manager works fine I must copy all the modules that have: bering_1.0r4_modules.tgz file under the /2.4.18/kernel/net/sched in my bering /lib/modules directory ?? It's rigth ?? I need do it ?? These are seventeen files. I must too write all the modules names in the module configuration file ?? Excuse my poor english I spanish speaker. thanks roberto On Tue, Oct 29, 2002 at 12:25:19PM +0100, [EMAIL PROTECTED] wrote: No problem. Is it working as expected? Kim -- Original Message -- Date: Tue, 29 Oct 2002 08:22:31 -0300 To: [EMAIL PROTECTED] Subject: Re: [leaf-user] bandwidth manager with htb From: [EMAIL PROTECTED] (Roberto Pereyra) thanks Kim roberto On Mon, Oct 28, 2002 at 02:42:54PM +0100, [EMAIL PROTECTED] wrote: insert the contents of htb.init in the tcstart file in the shorewall directory Kim Oppalfens -- Original Message -- To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] (Roberto Pereyra) Subject: [leaf-user] bandwidth manager with htb Date: Mon, 28 Oct 2002 10:08:17 -0300 Hi I have the tc complied commands with htb.init from http://freshmeat.net/proyects/htb.init for my network bandwidth manager. (htb.init compile) Where I must to insert it ?? There works with shorewall ?? I run the lastest bering version. thanks a lot roberto pereyra ? Where I must insert it ?? --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Fw: cable modem and loosing the connection
You say you are using a Dachstein/Bering router. SInce Dachstein and Bering are quite different (though both are LEAF variants), it is hard to know from this what exactly you have in your setup. If you really are mixing Dach and Bering components, the possibility of a conflict between them should come as no surprise. So, here is what I suggest you do. Run these diagnostics (or equivalents, if your hybrid system lacks these specific comamnds) both right after you get your initial DHCP lease and right after the router ceases to route: ip link show ip addr show netstat -nr ipchains -Lnv -OR- iptables -Lnv Also see how long you are getting your DHCP lease assignments for; some ISPs these days are using nonsensically brief lease assignments, with renewals refused (so your address changes frequently) as a way of interfering with customer behaviors that they like to call abuse (but which usually just refers to people who try actually to *use* the bandwidth that the ISPs claim to be *selling* to them). I forget the file to check for this info, but it is probably in /etc/dhcp or some similarly-named directory. My *guess*, from what you have told us, is that your DHCP lease is expiring, and an error occurs when getting the new one. Possible errors are (a) that whichever firewall package you are using blocks DHCP lease requests, or replies, after the initial lease is granted; (b) you get a new DHCP lease but the firewall does not update, so it has the wrong external IP address in all its rules. The failure if you restart is a bit puzzling (assuming you mean a power-down reboot), but it may indicate that you did not release some old lease, so the ISP will not assign you a new one ... it is diccifult to say for sure with so little info about your connection. At 09:56 PM 11/4/02 +0100, Vaclav Bouse wrote: Hi! I'm getting mad with this problem... I've got cable modem which provides me a connection to i-net. And I wont to use Dachstein/Bering router to share the net. Probably one of the standard using of this distro :-). I connected everything, configured modules, network cards, ... and try to connect. Everything was fine (I've got DHCP leased succesful and I was able to broswe the net - also at internal network, also directly from the router). But after a while (5-30min) the connection suddenly stops. Modem is stil blinking and I can ping router from local network (but ONLY the router, I losted the connection out). But from the router I can't ping out If I restart Dachstein/Bering router, it can't lease new IP and the only way how to solve it is restart the cable modem! I tried to change pump lease time (shorter and longer) but without success. Everytime it screwes up after this period of time (10min in average). I really don't know what shall I do. I'm now thinking about completely disable the firewall function and set routing (with masqurade) for ALL trafic. Does somebody have any idea how to solve this problem? I can send also some LOG files. -- ---Never tell me the odds! Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] --- --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Fw: cable modem and loosing the connection
Hello Vaclav, Monday, November 04, 2002, 3:56:27 PM, you wrote: VB network, also directly from the router). But after a while (5-30min) the VB [snip] VB lease new IP and the only way how to solve it is restart the cable modem! It looks like you are forcing cable modem to full duplex connection. AFAIK - there is no cable or DSL modems supporting full duplex on ethernet side. And yes - from my expirience - it (full duplex) will works until it jammed by havy traffic. As for me it works even faster than half duplex, but not so long. Try to force ethernet interface wich is connected to modem in half duplex, or at least auto mode. -- Best regards, Alexmailto:alecsey;rogers.com --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] bandwidth manager with htb
You might want to post your tcstart file, we might be able to tell You what is going on based on that. My first guess is that you failed to load a necessary scheduling module. But without your actual script it is hard to guess which one. Kim -Original Message- From: Roberto Pereyra [mailto:leaf;gualeguaychu.gov.ar] Sent: maandag 4 november 2002 20:58 To: Kim Oppalfens Cc: 'Roberto Pereyra'; [EMAIL PROTECTED] Subject: Re: [leaf-user] bandwidth manager with htb Hi again I have now, this message when shorewall start: RTNETLINK answers= Not such file or directory Is this a important error or only a warning. thanks roberto On Fri, Nov 01, 2002 at 01:55:39PM +0100, Kim Oppalfens wrote: Probably not, Added the list back to the conversation (use reply all when replying thanks). Depends on what you are trying to do. But I would gamble that since you started from htb init you will probably need : cls_fw.o or cls_u32.o Sch_htb.o off course Sch_sfq.o Sch_prio.o Sch_ingress.o And yes you need to add those to /etc/modules Kim Oppalfens -Original Message- From: Roberto Pereyra [mailto:leaf;gualeguaychu.gov.ar] Sent: vrijdag 1 november 2002 13:24 To: [EMAIL PROTECTED] Subject: Re: [leaf-user] bandwidth manager with htb Thanks all again ! another question: To tc and bandwidth manager works fine I must copy all the modules that have: bering_1.0r4_modules.tgz file under the /2.4.18/kernel/net/sched in my bering /lib/modules directory ?? It's rigth ?? I need do it ?? These are seventeen files. I must too write all the modules names in the module configuration file ?? Excuse my poor english I spanish speaker. thanks roberto On Tue, Oct 29, 2002 at 12:25:19PM +0100, [EMAIL PROTECTED] wrote: No problem. Is it working as expected? Kim -- Original Message -- Date: Tue, 29 Oct 2002 08:22:31 -0300 To: [EMAIL PROTECTED] Subject: Re: [leaf-user] bandwidth manager with htb From: [EMAIL PROTECTED] (Roberto Pereyra) thanks Kim roberto On Mon, Oct 28, 2002 at 02:42:54PM +0100, [EMAIL PROTECTED] wrote: insert the contents of htb.init in the tcstart file in the shorewall directory Kim Oppalfens -- Original Message -- To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] (Roberto Pereyra) Subject: [leaf-user] bandwidth manager with htb Date: Mon, 28 Oct 2002 10:08:17 -0300 Hi I have the tc complied commands with htb.init from http://freshmeat.net/proyects/htb.init for my network bandwidth manager. (htb.init compile) Where I must to insert it ?? There works with shorewall ?? I run the lastest bering version. thanks a lot roberto pereyra ? Where I must insert it ?? --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf -- -- leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf - -- - leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] cable modem and loosing the connection
I wanted to say that I tried to use both distibutions: Dachstein and Bering (and not together :-)). (And I still don't know which one I should use.) Andi in BOTH distros I found this problem. At the and of this file I'm sending all logs, which I made during my tests. Sorry for this disorder, but I haven't that cable-modem at home (it's located at my friend's flat in the same house). I haven't done any changes in routing (I've just configured network interfaces) at the original configuration. But as I wrote: If I restarted computer (roter), it DOESN'T solve this problem. ONLY possible solution is restart cable modem (power off them for a while or press small button on it's back side). After that it's possible to get new lease after restart. And what about the idea from Alex Ryabtsev, that it could be with full-duplex mode? I'm not sure in which mode the card is and i can check it now, because I haven't this card at home just now. And I've just downloaded new version of Bering, but I've founded some strange things there (like upper-case commands and strange editor). Shoud i use Bering or Dachstein for this applicaton? Thanks, Vasek. Here are some logs from Dachstein: -- Dachstein LEAF Firewall :: Interfaces :: 1: lo: mtu 3924 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope global lo 2: eth0: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:20:18:64:8e:7e brd ff:ff:ff:ff:ff:ff inet 62.245.70.229/24 brd 62.245.70.255 scope global eth0 3: eth1: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:40:33:da:f7:8b brd ff:ff:ff:ff:ff:ff inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1 :: Routes :: Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth1 62.245.70.0 0.0.0.0 255.255.255.0 U 0 00 eth0 0.0.0.0 62.245.70.1 0.0.0.0 UG0 00 eth0 and .. --- Oct 13 20:32:26 M7r3f5 dhclient: ip length 328 disagrees with bytes received 332. Oct 13 20:32:26 M7r3f5 dhclient: accepting packet with data after udp payload. Oct 13 20:32:26 M7r3f5 dhclient: DHCPOFFER from 10.0.255.1 Oct 13 20:32:28 M7r3f5 dhclient: DHCPREQUEST on eth0 to 255.255.255.255 port 67 Oct 13 20:32:28 M7r3f5 dhclient: ip length 328 disagrees with bytes received 332. Oct 13 20:32:28 M7r3f5 dhclient: accepting packet with data after udp payload. Oct 13 20:32:28 M7r3f5 dhclient: DHCPACK from 10.0.255.1 Oct 13 20:32:33 M7r3f5 dhclient: bound to 62.24.66.141 -- renewal in 6600 seconds. Oct 14 00:15:48 M7r3f5 dhclient: DHCPREQUEST on eth0 to 62.24.64.9 port 67 Oct 14 00:15:48 M7r3f5 dhclient: DHCPACK from 62.24.64.9 Oct 14 00:15:49 M7r3f5 dhclient: bound to 62.24.66.141 -- renewal in 6600 seconds. - I dont know, why is here DHCPACK from 10.0.255.1 and later DHCPACK from 62.24.64.9. ?? ?? And why is the adress 10.0.255. I think it should be reserved for internal networks. ??? *** In Bearing distro I found in log: (!!!) Oct 14 23:13:05 firewall kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC= SRC=192.168.1.254 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=8128 DF PROTO=UDP SPT=68 DPT=67 LEN=556 (Why is SRC=192.168.1.254 on eth0??? This is IP of my router at internal network!) Oct 14 23:13:05 firewall kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT=eth0 SRC=10.0.255.1 DST=62.245.70.176 LEN=328 TOS=0x00 PREC=0x00 TTL=62 ID=29104 PROTO=UDP SPT=67 DPT=68 LEN=308 Oct 14 23:13:05 firewall root: The /etc/shorewall/pump script is called with arg up eth0 62.245.70.176 (Mayby some request from provider... ?) ?? and also: Oct 14 23:13:05 firewall pumpd[23772]: PUMP: got lease Oct 14 23:13:05 firewall pumpd[23772]: intf: device: eth0 Oct 14 23:13:05 firewall pumpd[23772]: intf: set: 416 Oct 14 23:13:05 firewall pumpd[23772]: intf: bootServer: 62.24.64.9 Oct 14 23:13:05 firewall pumpd[23772]: intf: reqLease: 43200 Oct 14 23:13:05 firewall pumpd[23772]: intf: ip: 62.245.70.176 Oct 14 23:13:05 firewall pumpd[23772]: intf: next server: 62.24.64.9 Oct 14 23:13:05 firewall pumpd[23772]: intf: netmask: 255.255.255.0 Oct 14 23:13:05 firewall pumpd[23772]: intf: gateway: 62.245.70.1 Oct 14 23:13:05 firewall pumpd[23772]: intf: dnsServers[0]: 62.24.64.2 Oct 14 23:13:05 firewall pumpd[23772]: intf: dnsServers[1]: 62.24.64.3 Oct 14 23:13:05 firewall pumpd[23772]: intf: numDns: 2 Oct 14 23:13:05 firewall pumpd[23772]: intf: domain: mistral.cz Oct 14 23:13:05 firewall pumpd[23772]: intf: broadcast: 62.245.70.255 Oct 14 23:13:05 firewall pumpd[23772]: intf: network: 62.245.70.0 *** That's all. *** Thanks again
Re: [leaf-user] cable modem and loosing the connection
A few thoughts ... 1. Your DHCP lease is 6600 seconds (110 minutes), much longer than the 5-10 minutes you say it takes for the problem to start. Oct 14 00:15:49 M7r3f5 dhclient: bound to 62.24.66.141 -- renewal in 6600 seconds. This does not endorse my earlier guess about what your problem is; you should investigate the duplexing suggestion that Alex made before pursuing this level any further. 2. I assume you are sending us a mix of reports for different runs, since the external IP addresses are so different. In contrast to the external address you report being assigned above, you later report this external interface and network: 2: eth0: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:20:18:64:8e:7e brd ff:ff:ff:ff:ff:ff inet 62.245.70.229/24 brd 62.245.70.255 scope global eth0 ... and ... Kernel IP routing table [...] 62.245.70.0 0.0.0.0 255.255.255.0 U 0 00 eth0 0.0.0.0 62.245.70.1 0.0.0.0 UG0 00 eth0 Although it is not an immediate concern (see item 1), in general it is bad practice to assemble a report by combining bits and pieces from different times, without explanation. 3. You ask ... I dont know, why is here DHCPACK from 10.0.255.1 and later DHCPACK from 62.24.64.9. ?? ?? And why is the adress 10.0.255. I think it should be reserved for internal networks. ??? I am slightly puzzled as to why you are getting offers from different DHCP servers at (considerably) different times, but this question is better put to your (as yet unnamed, to us) ISP than to us. I'll *guess* that the private-address server makes the initial offers because it somehow authenticates the MAC addresses, then the public address makes later offers to avoid crashing into firewalls that block private addresses on the external interface (pretty clever, actually, for an ISP, if that is what they are doing). As a general matter, it is not at all unusual for an ISP to use a 10.b.c.d address for a DHCP server. It works very nicely, actually, since they want to limit the scope of the server to their own netwotk anyway, making a private address an ideal choice. 4. Next, you ask: In Bearing distro I found in log: (!!!) Oct 14 23:13:05 firewall kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC= SRC=192.168.1.254 DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=64 ID=8128 DF PROTO=UDP SPT=68 DPT=67 LEN=556 (Why is SRC=192.168.1.254 on eth0??? This is IP of my router at internal network!) This is a common default IP address for firewalling routers, so the correspondence is likely just to be a coincidence. Since this is a DHCP broadcast packet (from the DHCP client port to the DHCP server port), it is probably just another user on the cable-modem network requesting a DHCP lease. 5. Finally, you ask: Oct 14 23:13:05 firewall kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT=eth0 SRC=10.0.255.1 DST=62.245.70.176 LEN=328 TOS=0x00 PREC=0x00 TTL=62 ID=29104 PROTO=UDP SPT=67 DPT=68 LEN=308 Oct 14 23:13:05 firewall root: The /etc/shorewall/pump script is called with arg up eth0 62.245.70.176 This one could be contributing to your problem, -IF- at this point your external interface has address 62.245.70.176 (hard to know, since you're other pieces already mention *two* other external IP addresses at different times). If this is your external address, then what you are seeing here (the first log line) is Shorewall blocking a reply from a DHCP server to your DHCP client ... it is probably followed shortly by a loss of connectivity (either because you lose your external-address setting or because you keep it but the ISP will no longer route it ... which way it fails depends on details you haven't told us). The second log line is like nothing I've seen before and I do not know either what generated it or what it means. This, BTW, is the problem I suggested you might have in my prior message. At 11:41 PM 11/4/02 +0100, Vaclav Bouse wrote: I wanted to say that I tried to use both distibutions: Dachstein and Bering (and not together :-)). (And I still don't know which one I should use.) Andi in BOTH distros I found this problem. At the and of this file I'm sending all logs, which I made during my tests. Sorry for this disorder, but I haven't that cable-modem at home (it's located at my friend's flat in the same house). I haven't done any changes in routing (I've just configured network interfaces) at the original configuration. But as I wrote: If I restarted computer (roter), it DOESN'T solve this problem. ONLY possible solution is restart cable modem (power off them for a while or press small button on it's back side). After that it's possible to get new lease after restart. And what about the idea from Alex Ryabtsev, that it could be with full-duplex mode? I'm not sure in which mode the card is and i can check it now, because I haven't this card at home just now. And I've just
[leaf-user] ftp connection freezes lrp box
I'm operating a 386 SX-40 with 8 megs of ram and 2 isa nics (1 NE1000 compatible and 1 3com EtherLink III) on Charles Steinkuehler's Eigerstein 2.2.19-small image with the Eiger-386-noFPU kernel to serve as a masquerading firewall for 3 Windows XP workstations which generally seems to work fairly well (for HTTP connections, etc)... What confused me was the fact that whenever I tried to open an FTP connection to any host outside the LAN I ended up locking up the router; I guess that this problem might be related to low memory but I am not sure... --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ftp connection freezes lrp box
At 02:06 AM 11/5/02 +0100, Christopher Kuemmel wrote: I'm operating a 386 SX-40 with 8 megs of ram and 2 isa nics (1 NE1000 compatible and 1 3com EtherLink III) on Charles Steinkuehler's Eigerstein 2.2.19-small image with the Eiger-386-noFPU kernel to serve as a masquerading firewall for 3 Windows XP workstations which generally seems to work fairly well (for HTTP connections, etc)... What confused me was the fact that whenever I tried to open an FTP connection to any host outside the LAN I ended up locking up the router; I guess that this problem might be related to low memory but I am not sure... It's always tempting to blame this sort of problem on inadequate hardware. But if you've configured the software correctly for this wimpy a CPU and this little RAM, then an ftp transfer shouldn't overwhelm it. So let me ask a few clarifying questions. 1. When you say freezes and locks up, do you mean that literally? That is, the router completely stops functioning ... won't respond to pings, won't do any routing of other protocols, won't respond to login attempts, won't update screens of console or remote logins? Needs a hardware (reset button or power-cycle) reboot? Or are you describing a problem specific to the ftp transfer only? 2. Might the logs be filling up the RAM disk? Just before you start an ftp transfer, what does free report about memory and what does df report about the RAM disk? 3. Is the problem specific to ftp transfers, or will similar freezes occur with other protocols that make traffic volume similarly high (like http downloads or scp transfers)? 4. You say the problem occurs whenever I tried to open an FTP connection. Do you mean it happens before the transfer actually begins? If so, do you have the ip-masq_ftp module loaded? If yes ... how large a value are you using for whenever? (That is, how many different ftp servers has this problem occurred with?) 5. I'm assuming that the external connection is over a circuit that is relatively slow -- DS-1 speed or lower, much lower than the LAN. Is this correct? -- ---Never tell me the odds! Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] --- --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] weird log message udp500
On Mon, 4 Nov 2002 [EMAIL PROTECTED] wrote: Anyone care to look at this? I am seeing something really weird in my log about every 40 seconds: Nov 4 13:30:24 NLynxGW kernel: IP LOG: IN=eth0 OUT= MAC=00:04:e2:10:4a:68:00:e0:1e:5f:f4:69:08:00 SRC=63.121.22.5 DST=66.118.15.69 LEN=56 TOS=0x00 PREC=0x00 TTL=117 ID=44044 PROTO=ICMP TYPE=3 CODE=3 [SRC=66.118.15.69 DST=63.121.22.5 LEN=204 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=UDP SPT=500 DPT=500 LEN=184 ] Does the second part of the message, enclosed in [ ] refer to encapsulation, or is this the source mesage which the echo reply is responding to? And why upd 500? I have a bunch of IPSec connections defined, but not with any of these addresses. The regularity is also a mystery to me. If you haven't googled this, you should. When I did, one interesting hit I saw was http://cert.uni-stuttgart.de/archive/incidents/2000/12/msg00117.html, which indicates that this could be a Microsoft-ism related to client surfing activity. --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Re: possible GPLed e1000 module source (was: Intel PRO/1000 (e1000)module...)
Stefan Engel wrote: Because these drivers are fairly old, I didn't try the ones from Depending on the libraries compiled with the drivers of your various distributions, my idea of borrowing the driver from one of them and using it on Bering might not have worked. these distros. Instead I used the e1000 driver module (v4.3.15) mailed to me by Jacques Nilo (Thanks). If anyone needs this driver too, please drop me an email. Because this driver is now available under GPLv2 and can also be found in upcoming kernel releases, maybe the module will also be available in the next Bering release candidate. BTW, according to Hopefully Jacques will place it in his development area for download. the sources/diffs of kernel-2.4.20-rc1, the e1000 driver v4.4.12 is included there, even newer version than the one on sourceforge. This concurs with an email Intel sent back to me. The sourceforge site was put up as an annoucement. Development on the e1000 driver is handled on the NetDev mail list([EMAIL PROTECTED]) or through this Intel address ([EMAIL PROTECTED]). Snickerthe scyld.com site updated their website with this at http://www.scyld.com/network/#gigabit. # Intel Pro/1000 Gigabit. Contact Intel directly for the Linux driver for their gigabit card. They have a e1000 driver distributed under license terms that have changed over time. Greg Morgan --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Freeswan on bering rc3, connection established but cannot communicatebetween subnets
I am using freeswan 1.97 on bering rc3 == MY SHOREWALL CONFIG == In /etc/shorewall/tunnels TYPE ZONE GATEWAY GATEWAY ZONE ipsec net ipsec/left endpoint /etc/shorewall/zones ZONE DISPLAY COMMENTS vpn VPN Remote Subnet /etc/shorewall/interfaces ZONE INTERFACE BROADCAST OPTIONS vpn ipsec0 /etc/shorewall/policy SOURCE DEST POLICY LOG LEVEL loc vpn ACCEPT vpn loc ACCEPT My network is setup like this, 192.168.3.0/24 (right) subnet | Leaf firewall (cable modem dhcp) (right) | Gateway for firewall (rightnexthop) | | | internet | | | Snapgear default gateway (left nexthop) | | Snapgear box (running some version of freeswan) (left, endpoint) | 10.1.1.0/24 (left) subnet I can establish a connection using pre-shared keys, but I cannot ping or telnet from either side. Please cc: to [EMAIL PROTECTED] Let me know if there is any more info I can give. -gabe --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
