RE: [leaf-user] 4 nics with Bering

2002-11-15 Thread Stephen Lee
Is there anyway of telling if the 4th nic has the same address as one of
the other ones in the message logs or do I have to physically swap cards
around to find out? dmesg only shows 3 nics detected, all with different
addresses.

Stephen

On Thu, 2002-11-14 at 23:09, Reginald R. Richardson wrote:
 Make sure that none of the NICS has the same i/o address..
 
 4 nics should be no problem
 
  -Original Message-
  From: Stephen Lee [mailto:splee;plexio.com] 
  Sent: Friday, November 15, 2002 03:48
  To: Leaf-user
  Subject: [leaf-user] 4 nics with Bering
  
  
  Hi,
  
  I've got 4 RTL8139c nics in a Bering 1.0rc2 box but only 3 
  are detected by the kernel. Is a boot time kernel parameter 
  required to detect the 4th nic? If yes then what is the 
  append parameter to use? BTW, PNP OS is off in the Bios.



---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



RE: [leaf-user] 4 nics with Bering

2002-11-15 Thread Reginald R. Richardson
Well, I think if u like hard work, that's the best way of doing it..

Or u can grab the NIC config software, and once u start it up, if u have
to cards that is conflicting it will tell u, that 2 cards are
conflicting, but then u have to go back to the procedure, of swapping
the card individualy to see which is which...

Are u using ISA or PCI cards (I would like to think that RTL8139 cards
are mostly PCI)

What u can do, is tell the bios that u don't have PnP software, and the
bios would automaticlly assign the IRQs...

But my best bet, do the NIC swapping one by one, then u'll see exactly
what's wrong..

Also while at it, make sure the NIC is inserted properly in the SLOT

 -Original Message-
 From: Stephen Lee [mailto:splee;plexio.com] 
 Sent: Friday, November 15, 2002 08:54
 To: Leaf-user
 Subject: RE: [leaf-user] 4 nics with Bering
 
 
 Is there anyway of telling if the 4th nic has the same 
 address as one of the other ones in the message logs or do I 
 have to physically swap cards around to find out? dmesg only 
 shows 3 nics detected, all with different addresses.
 
 Stephen
 
 On Thu, 2002-11-14 at 23:09, Reginald R. Richardson wrote:
  Make sure that none of the NICS has the same i/o address..
  
  4 nics should be no problem
  
   -Original Message-
   From: Stephen Lee [mailto:splee;plexio.com]
   Sent: Friday, November 15, 2002 03:48
   To: Leaf-user
   Subject: [leaf-user] 4 nics with Bering
   
   
   Hi,
   
   I've got 4 RTL8139c nics in a Bering 1.0rc2 box but only 3
   are detected by the kernel. Is a boot time kernel parameter 
   required to detect the 4th nic? If yes then what is the 
   append parameter to use? BTW, PNP OS is off in the Bios.
 
 
 
 ---
 This sf.net email is sponsored by: To learn the basics of securing 
 your web site with SSL, click here to get a FREE TRIAL of a Thawte 
 Server Certificate: http://www.gothawte.com/rd524.html
 --
 --
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
 


---
This sf.net email is sponsored by: To learn the basics of securing
your web site with SSL, click here to get a FREE TRIAL of a Thawte
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



Re: [leaf-user] Leaf LINCE

2002-11-15 Thread Jaime Nebrera Herrera
  Hi Sebastiano,

 am I wrong or somebody recently wrote about a future Leaf branch called
 LINCE?
 Can anybody give more details?
 I'm so curious

  I'm the Project Manager of LINCE release. We are just awaiting to solve a 
couple of problems with our CVS area to upload the iso image.

  LINCE is just a Bering distribution on steroids oriented to a Compact Flash 
(or Hard Disk) system. Bering is just wonderful but it lacks some features a 
professional firewall might need. BTW, is based on glibc 2.2

  For example we have done already:

  1) Easy installation of Bering or LINCE from a CD installer (its provided 
as an iso image). All Bering packages in a convenient place (the iso). 
  2) Most popular ethernet adapters by default loaded
  3) HTB QoS trough htbinit
  4) SQUID 2.4Stable6 configured to run in memory
  5) SMTP Proxy for Antivirus (FPROT done), antirelay or antispam (this one 
not done yet)
  6) POP3 transparent proxy for antivirus (FPROT)
  7) Web filter content (IP, URL, words, MIME, PICS)
  8) IPSec with FreeSWAN

  We dont know if all this will be released at the first moment, or just in 
future releases (first we need to try to sell them to other people :))) but 
they will come, specially if this community helps us getting some of that 
functionality done.

  All his is already there (excep IPSec we are working now) and runs without 
the need for a hard disk. The project idea is make a professional firewall 
with open software. All this features are not activated by default (dont 
activate anything you dont need) but they are installed in the Compact Flash 
for rapid deployment.

  Things we are planning to add in the near feature:

  1) Bridge functionality. Yes, this is done with Bering but we have never 
done it, need to learn how to do it.
  2) Proxy ARP - the same
  3) HTTP load balancer.- We are just awaiting somebody will pay us to do 
this :)
  4) SNORT, inline SNORT, high availability (heartbeat), 

  I think its just a great project, so keep in touch !! If you want to see 
more details of the project in spanish you can go to:

http://www.eneotecnologia.com/proyectos_lince.html

  We plan to live from improving this platform (somebody will pay us to add 
some functionality), giving support, selling preassambled systems (you can 
see great pictures of the box in 
http://www.eneotecnologia.com/soho_fotos.html) and so on, well you get the 
point.

  Thats all folks ! :) Regards.

BTW, we have to update to 1.0stable. Great jobs guys:) We were just using rc3 
with bugs solved.

-- 
Jaime Nebrera Herrera
[EMAIL PROTECTED]


---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



[leaf-user] How to add Cron on bering RC3

2002-11-15 Thread Thitiporn Pornpirunrak
Hi all
 I would like to add cron on bering RC3. I add my task in /etc/cron.d/multicron. I 
found that it doesn't work why. This is my multicron file.


#Periodic schedule for multicron. (Ping check, Space check, etc)
#Default: Every 15 minutes
*/15* * * * root/etc/multicron-p
*/10* * * * rootmy_script


 Please tell me why it doesn't work. Thanx you very 
much.N¬±ù޵隊X¬²š'²ŠÞu¼“¢Wš®{ay¶¬‰Ë(~ǜº¸§ƒ*.¯›²+^Â+aIܖ'$…êÞ¶ˆµ¡QDÑ 
è}¤ák^Iêïz°ž®ØŸ‰Æ­zm§ÿðÃ(¶°µç(›úÝçn!¶iey§î±êæj)bž   
b²Ù^iû¬z¹b²Û,¢êÜyú+éÞ¶m¦Ïÿ–+-²Ê.­ÇŸ¢¸ë–+-³ùb²Ø§~åy§î±êÒDP†Ûiÿù^iúk¢7œ¶Šàþ››ýÚýÚ™©Úêÿv‡w_=Öf


Re: [leaf-user] How to add Cron on bering RC3

2002-11-15 Thread Julian Church
Hi Thitiporn

At 17:08 15/11/02 +0700, Thitiporn Pornpirunrak wrote:

Hi all
 I would like to add cron on bering RC3. I add my task in 
/etc/cron.d/multicron. I found that it doesn't work why. This is my 
multicron file.

I think you may be editing the wrong file - try adding your task to 
/etc/crontab instead of /etc/cron.d/multicron.

cheers

Julian
--

[EMAIL PROTECTED]
www.ljchurch.co.uk



---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


Re: [leaf-user] 4 nics with Bering

2002-11-15 Thread Charles Steinkuehler
Stephen Lee wrote:

Is there anyway of telling if the 4th nic has the same address as one of
the other ones in the message logs or do I have to physically swap cards
around to find out? dmesg only shows 3 nics detected, all with different
addresses.


Take a look at your /proc filesystem:

/proc/pci contains the PCI cards found and addresses assigned to them. 
If all your cards do not appear here, there is zero chance that they 
will all be recognized by the driver.  Could one card be bad?

/proc/interrupts contains the interrupts assigned to various devices

/proc/ioports lists the I/O port ranges used by various configured devices

The above info can be combined with each card's physical MAC address 
(output by ip addr, along with the IP address) to see which cards are 
actually being seen by the system.

I'd suspect you either have a bad card, or it's possible the NIC driver 
will only support a maximum of 3 cards (although this would be somewhat 
unusual...I've heard of limits of 1 card and two cards, but not three 
cards, especially for PCI NICs).

--
Charles Steinkuehler
[EMAIL PROTECTED]




---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


RE: [leaf-user] Dachstein DNS Config - HELP!

2002-11-15 Thread Wrigglesworth, Colin
Spot on. I had bash.lrp loaded!

So this leads me on to asking if you could add an entry for bash on
you packages page at http://lrp.steinkuehler.net/Packages.htm
http://lrp.steinkuehler.net/Packages.htm  stating that installing the bash
package, therefore changing the default shell, can possibly break the
scripts in other packages. Quoting tinydns as an example.

I believe that the default shell /bin/sh should *always* be linked
to /bin/ash because it is the basis of the LEAF scripts. Installing bash.lrp
should not change this and that bash should be stated explicitly in scripts
where required.

My DNS is all up and running now, serving both the private network
and resolving hosts on the company network.

Thanks for the help.

Colin
-Original Message-
From:   Charles Steinkuehler [SMTP:[EMAIL PROTECTED]]

Wrigglesworth, Colin wrote:
 Didn't take me log to find out what the brain dead problem
istinydns
 isn't running. Why?...well I don't actually know but I'm sure this
has got
 something to do with it:
 
 # /etc/init.d/tinydns start
 /etc/init.d/tinydns start: UID: readonly variable
 #
 
 So what is causing this? It is tinydns 1.0.5a from the Dachstein
1.0.2 CD
 but I have also downloaded the same package from
 http://leaf.sourceforge.net/devel/jnilo/packages/tinydns.lrp
 http://leaf.sourceforge.net/devel/jnilo/packages/tinydns.lrp
with the
 same result.

Are you running bash by any chance?  If so, that's the problem...UID
is 
a read-only variable in bash, but ash doesn't support read-only
variables.

If this is the problem, a quick solution would be to change the
shell 
interpreter (first line of the shell script) to ash, ie:

change:
#!/bin/sh

to:
#!/bin/ash

-- 
Charles Steinkuehler
[EMAIL PROTECTED]



***
The information contained in this e-mail is confidential. It may also be legally 
privileged. It is intended only for the stated addressee(s) and access to it by any 
other person is unauthorised. If you are not an addressee, you must not disclose, 
copy, circulate or in any other way use or rely on the information contained in this 
e-mail. Such unauthorised use may be unlawful.

If you have received this e-mail in error, please inform RACAL INSTRUMENTS LTD. 
immediately by phoning +44 (0)1628 604455 (ask for the I.T. dept) and delete it and 
all copies from your system.
***



---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



Re: [leaf-user] 486DX with 8MB ram

2002-11-15 Thread Pawel Idzi
On Thu, 14 Nov 2002, Ashley wrote:

 INIT: cannot execute /sbin/getty

Hi!
I've the same problem with my 486 and... also with pentium mainboard but
with AMD K5 75 MHz processor (with 32MB RAM). I've heard that this chip is
not 100% comptatible with iPentium.

I'm also interested in Bering working on 486 machines, but I'm afraid that
Bering in his default floppy distro is only for 586 machines, because...

On Thu, 14 Nov 2002, Jeff Newmiller wrote:

  Is the kernel image built to support 486?
 
 Should work fine.

...this I got on my p120 with Bering 1.0rc4 from command: uname -a

Linux ruter 2.4.18 #6 Sun Oct 20 15:06:22 CEST 2002 i586 unknown

so this kernel is only for 586.

On Thu, 14 Nov 2002, Homer Parker wrote:

 http://leaf.sourceforge.net/devel/jnilo/bdev.html

Maybe I will try later to compile kernel for Bering and for 486 but I'm
reflecting on this:

Are all of lrp packages in Bering standard distro optimized (compiled) for
i586 only?

If yes then installing Bering on 486 will be (for me) very hard thing. :]

-- 
Pawel Idzi
  http://lotnisko.net/pi/
  pi (at) lotnisko (dot) net



---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



[leaf-user] Upgrade rc4 to 1.0 Stable

2002-11-15 Thread Godfried Duodu
How does one upgrade RC4 to 1.o Stable running on a Hard drive and
maintain all the extra modules etc.. not found on the floppy?




---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



RE: [leaf-user] 486DX with 8MB ram

2002-11-15 Thread Reginald R. Richardson
Well, my Production router/firewall is a P-120, with 32Mb ram,

And my test one, for new releases, new pakages, is a Compaq deskpro 486
/66, and from version rc2 wroks perfect on it, without any problem, I
use the same identical copy of my production, and I have no problem with
it

 -Original Message-
 From: Pawel Idzi [mailto:pi;lotnisko.net] 
 Sent: Friday, November 15, 2002 15:38
 To: [EMAIL PROTECTED]
 Subject: Re: [leaf-user] 486DX with 8MB ram
 
 
 On Thu, 14 Nov 2002, Ashley wrote:
 
  INIT: cannot execute /sbin/getty
 
 Hi!
 I've the same problem with my 486 and... also with pentium 
 mainboard but with AMD K5 75 MHz processor (with 32MB RAM). 
 I've heard that this chip is not 100% comptatible with iPentium.
 
 I'm also interested in Bering working on 486 machines, but 
 I'm afraid that Bering in his default floppy distro is only 
 for 586 machines, because...
 
 On Thu, 14 Nov 2002, Jeff Newmiller wrote:
 
   Is the kernel image built to support 486?
  
  Should work fine.
 
 ...this I got on my p120 with Bering 1.0rc4 from command: uname -a
 
   Linux ruter 2.4.18 #6 Sun Oct 20 15:06:22 CEST 2002 i586 unknown
 
 so this kernel is only for 586.
 
 On Thu, 14 Nov 2002, Homer Parker wrote:
 
  http://leaf.sourceforge.net/devel/jnilo/bdev.html
 
 Maybe I will try later to compile kernel for Bering and for 
 486 but I'm reflecting on this:
 
 Are all of lrp packages in Bering standard distro optimized 
 (compiled) for i586 only?
 
 If yes then installing Bering on 486 will be (for me) very 
 hard thing. :]
 
 -- 
 Pawel Idzi
   http://lotnisko.net/pi/
   pi (at) lotnisko (dot) net
 
 
 
 ---
 This sf.net email is sponsored by: To learn the basics of securing 
 your web site with SSL, click here to get a FREE TRIAL of a Thawte 
 Server Certificate: http://www.gothawte.com/rd524.html
 --
 --
 leaf-user mailing list: [EMAIL PROTECTED] 
 https://lists.sourceforge.net/lists/listinfo/l eaf-user
 SR 
 FAQ: 
 http://leaf-project.org/pub/doc/docmanager/docid_1891.html
 


---
This sf.net email is sponsored by: To learn the basics of securing
your web site with SSL, click here to get a FREE TRIAL of a Thawte
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



Re: [leaf-user] Leaf LINCE

2002-11-15 Thread gart
So,
 After reading this, I'm a bit confused.  Is it a commercial or opensource 
product?

--Pat

On Fri, 15 Nov 2002, Jaime Nebrera Herrera wrote:

   Hi Sebastiano,
 
  am I wrong or somebody recently wrote about a future Leaf branch called
  LINCE?
  Can anybody give more details?
  I'm so curious
 
   I'm the Project Manager of LINCE release. We are just awaiting to solve a 
 couple of problems with our CVS area to upload the iso image.
 
   LINCE is just a Bering distribution on steroids oriented to a Compact Flash 
 (or Hard Disk) system. Bering is just wonderful but it lacks some features a 
 professional firewall might need. BTW, is based on glibc 2.2
 
   For example we have done already:
 
   1) Easy installation of Bering or LINCE from a CD installer (its provided 
 as an iso image). All Bering packages in a convenient place (the iso). 
   2) Most popular ethernet adapters by default loaded
   3) HTB QoS trough htbinit
   4) SQUID 2.4Stable6 configured to run in memory
   5) SMTP Proxy for Antivirus (FPROT done), antirelay or antispam (this one 
 not done yet)
   6) POP3 transparent proxy for antivirus (FPROT)
   7) Web filter content (IP, URL, words, MIME, PICS)
   8) IPSec with FreeSWAN
 
   We dont know if all this will be released at the first moment, or just in 
 future releases (first we need to try to sell them to other people :))) but 
 they will come, specially if this community helps us getting some of that 
 functionality done.
 
   All his is already there (excep IPSec we are working now) and runs without 
 the need for a hard disk. The project idea is make a professional firewall 
 with open software. All this features are not activated by default (dont 
 activate anything you dont need) but they are installed in the Compact Flash 
 for rapid deployment.
 
   Things we are planning to add in the near feature:
 
   1) Bridge functionality. Yes, this is done with Bering but we have never 
 done it, need to learn how to do it.
   2) Proxy ARP - the same
   3) HTTP load balancer.- We are just awaiting somebody will pay us to do 
 this :)
   4) SNORT, inline SNORT, high availability (heartbeat), 
 
   I think its just a great project, so keep in touch !! If you want to see 
 more details of the project in spanish you can go to:
 
 http://www.eneotecnologia.com/proyectos_lince.html
 
   We plan to live from improving this platform (somebody will pay us to add 
 some functionality), giving support, selling preassambled systems (you can 
 see great pictures of the box in 
 http://www.eneotecnologia.com/soho_fotos.html) and so on, well you get the 
 point.
 
   Thats all folks ! :) Regards.
 
 BTW, we have to update to 1.0stable. Great jobs guys:) We were just using rc3 
 with bugs solved.
 
 



---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



RE: [leaf-user] 4 nics with Bering

2002-11-15 Thread Luis.F.Correia
Maybe you do not have enough free interrupts!

When the machine boots, can you see the BIOS message that
identifies all detected devices?

How many network devices do you see?

-Original Message-
From: Stephen Lee [mailto:splee;plexio.com] 
Sent: Friday, November 15, 2002 2:48 AM
To: Leaf-user
Subject: [leaf-user] 4 nics with Bering


Hi,

I've got 4 RTL8139c nics in a Bering 1.0rc2 box but only 3 are detected by
the kernel. Is a boot time kernel parameter required to detect the 4th nic?
If yes then what is the append parameter to use? BTW, PNP OS is off in the
Bios.

Thanks,
Stephen



---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



Re: [leaf-user] thttpd

2002-11-15 Thread C. Dummy
Thank you very much. Where should I set static IP for this computer 
192.168.1.203.. Editing file /etc/hosts and puting 192.168.1.203 instead 
of 192.168.1.254 would be enough?

Thanks for help
Andrey

Charles Steinkuehler wrote:

C. Dummy wrote:


Hi I'm running Dachstein 1.02 with pppoe and  with printer 
server(protocol RAW port 9100). I'd like to put thttpd server on 
192.168.1.203 box behind lrp box. I know I have to edit network.conf 
on lrp box to allow traffic to web server on 192.168.1.203. My 
question is what packages I should load to 192.168.1.203 except 
thttpd and  www-data to get this box running on static IP 
192.168.1.203 and to not  run as another  router. Is there any simple 
way to edit network.conf and ipfilter.conf to achieve this? Should I 
remove ipfilter.conf from this box ? Did anybody tried to do anything 
like that if yes can someone direct me to some readme?  I don't need 
dhclient, dhcpd, dnscache and weblet I think. Charles site shows only 
how to do that right on lrp box.
Thanks for help


To run Dachstein as a basic server system, you only need the core 
packages: root, etc, local, modules, and ramlog (log on earlier 
versions).

To prevent any firewall rules from loading, simply set 
IPFILTER_SWITCH=none in /etc/network.conf.

You'll probably also want to set IF_AUTO=eth0 as well, since you'll 
likely only have a single NIC.





---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


Re: [leaf-user] IPSec tunnels

2002-11-15 Thread Charles Steinkuehler
Homer Parker wrote:

Firewall A

3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:30:1b:09:d3:ee brd ff:ff:ff:ff:ff:ff
inet 64.216.xxx.xxx/xx brd 64.216.105.127 scope global eth0
4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:40:f4:5e:e1:57 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.2/24 brd 10.0.0.255 scope global eth1
5: eth2: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:02:e3:15:c9:11 brd ff:ff:ff:ff:ff:ff
inet 10.0.1.254/24 brd 10.0.1.255 scope global eth2
14: ipsec0: NOARP,UP mtu 16260 qdisc pfifo_fast qlen 10
link/ether 00:30:1b:09:d3:ee brd ff:ff:ff:ff:ff:ff
inet 64.216.xxx.xxx/xx brd 64.216.105.127 scope global ipsec0
15: ipsec1: NOARP mtu 0 qdisc noop qlen 10
link/ipip 
(The person using the other tunnel is currently out of town, and has the
firewall shut off)


# ip route
64.216.xxx.0/25 dev eth0  proto kernel  scope link  src 64.216.xxx.xxx 
64.216.xxx.0/25 dev ipsec0  proto kernel  scope link  src 64.216.xxx.xxx
10.0.0.0/24 dev eth1  proto kernel  scope link  src 10.0.0.2 
10.0.1.0/24 dev eth2  proto kernel  scope link  src 10.0.1.254 
192.168.2.0/24 via 64.216.xxx.zzz dev ipsec0 
192.168.1.0/24 via 64.216.xxx.zzz dev ipsec0 
default via 64.216.xxx.yyy dev eth0 


	Firewall A is at the office. Secret has a couple of people working on
stuff Private has no access to, but Secret can see the file server on
Private. Firewall A needs to be in Secret, Firewall B needs to be in
Private. Everything works as I want, but there is a poetential race
condition if the firewall reboots, conectivity lost, whatever. The
connection that was ipsec0 may end up ipsec1 if it's second to get a
connection. I'm looking through the docs, as I thought I saw something
about an interface option for ipsec.conf, but I'm thinking it was for what
interface to allow tunnels to bind to. Would that also allow me to specify
the tunnel name (ipsec0, etc) in the area where I set up the connection as
well? I'm needing to make sure that upon reconnection, that everyone gets
the right tunnel. Thanks!

Um...there should be no race condition in the assignment of ipsecN 
interface numbering.  This is done by the ipsec software.  Normally, 
there is a single ipsec logical interface, bound to your external, 
upstream interface...multiple tunnels can use the same virtual ipsec 
interface (for instance, it looks you have two tunnels established 
already: 192.168.2.0/24  192.168.1.0/24).  If for some reason you have 
IPSec tunnels that leave your router on more than one physical interface 
(rare, but possible), you will have multiple ipsec? interfaces, but 
AFAIK, there is no way to automatically create this sort of setup.  If 
there is (perhaps %defaultroute is more sophisticated than I am aware), 
and you're worried about which I/F is assigned to which ipsec? virtual 
interface, just hard-code it in your ipsec.conf file, ie:

interfaces=ipsec0=eth1 ipsec1=ppp0

...as described in the ipsec.conf man page:
http://leaf.steinkuehler.net/devel/cstein/Packages/man/IPSec1.91/manpage.d/ipsec.conf.5.html

--
Charles Steinkuehler
[EMAIL PROTECTED]




---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


Re: [leaf-user] Leaf LINCE

2002-11-15 Thread Jaime Nebrera Herrera
  Hi,

  After reading this, I'm a bit confused.  Is it a commercial or opensource
 product?

  It a commercial quality opensourced project. That is, we want to mimic the 
best functionality around but keep it as opensource as possible. Of course, 
some parts of it are closed source, antivirus, but the hook to the 
antivirus engine is opensource.

  The difference is we plan to provide support and sell it already installed 
in a great hardware. Also, we plan to make custom development, say you want 
us to add HTTP load balancing with session control. We need to to debote 
company resources to such a task and will charge you for that, but then 
provide it for free to the community.

  Of course, not everything is money. As part of our apport to the great Leaf 
project we will privide quite a bit of functionallity allready in the first 
image. We have made an easy Bering (or Lince) installer, we have added 
htbinit for QoS, we provide those lurky modifications you need to install it 
right away in a hard disk, and so on. As we hope this will catch some 
attention in this list, and as new features are developed by the community we 
will release more code ourselves.

  Also, if our business model succeeds, we plan to donate money and 
resources to this great community. Say hosting space, hardware, $$$, 
whatever. This way we will just thank in a clear way those efforts done in 
Leaf.

  If you know coyotelinux is more or less the same stuff but with a big 
difference, we wont restrict the downloading. Once a feature has been 
developed and payed for (say in money, say in other functionality) we will 
release more code into the public sourceforge area. FE, we might be 
interested in zebra integration. We could do it ourselves, or somebody could 
provide it (I dont care if that coder is getting paid or not for his job). 
In exchange we will release a new feature, and so on.

  So if the community really involves itself in developing and testing we 
will provide much code than if they just wait and wait. We have already 
devoted a 3 month period of coding from my partner and friend. He has 
implemented all the points I said in a prior email, we are just eager to make 
them public as this project evolves, but dont expect us to make ALL public 
the first time. We had such a experience with our local LUG and was really 
frustating to see a 0 code contribution when you gave them quite a bit of 
resources.

  Thanks in advance.

-- 
Jaime Nebrera Herrera
[EMAIL PROTECTED]


---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



[leaf-user] Re: [LRP] How to add Cron on bering RC3

2002-11-15 Thread Dave Cinege
On Friday 15 November 2002 5:08, Thitiporn Pornpirunrak wrote:
 Hi all
  I would like to add cron on bering RC3. I add my task in
 /etc/cron.d/multicron. I found that it doesn't work why. This is my
 multicron file.

It's better practise to create a new file from your script.

 */10* * * * rootmy_script

Did you restart cron? `svi cron restart`

-- 
The time is now 22:48 (Totalitarian)  -  http://www.ccops.org/



---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



Re: [leaf-user] ICQ direct connection

2002-11-15 Thread Vaclav Bouse
Hi!
I used recomended Socks5 package from Dachstein on my router Bering, but I
think it doesn't work.
I still can not configure ICQ to using proxy. Any idea?

- Original Message -
From: Charles Steinkuehler [EMAIL PROTECTED]
To: Vaclav Bouse [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Wednesday, November 13, 2002 8:04 PM
Subject: Re: [leaf-user] ICQ direct connection


 Use a Socks proxy.  The socks proxy provided with Dachstein-CD
 (socks5.lrp) is only 54K, and should run fine with Bering:


http://leaf.steinkuehler.net/devel/cstein/files/diskimages/dachstein-CD/CD-C
ontents/socks5.lrp

 --
 Charles Steinkuehler
 [EMAIL PROTECTED]

 Vaclav Bouse wrote:
  Hi.
  I don't know how to set-up how to do that porting. And if it's better
way to
  use proxy, does exist a smaller version, because squid is to large - i
don't
  have enough space on my bearing flppy. Maybe use hard-disk in the
router-PC,
  but it's loosing the magic of one-floppy distro.
 
  Thanks, Vasek.
  Dky, Vaek ;-)
 
  You need to use proxy like squid is, or port maping to map ICQ ports
from
  internal address directly to ports on outgoing external address.
 
  Regards. Litin
 
   And another question: Is it possible to use ICQ through Bering router?
I
   suppose that I need somethink
   like ICQ module to masquarade, but I'm not sure in this problematic.
Or
  is
   it possible to set only the ICQ?
   Normal connections of ICQ works OK, but I can'T establish direct
  connection
   (chat / voice call)
 
   Thanks for every advice!
 
   Vasek Bouse.

 
  ---
  Odchoz zprva neobsahuje viry.
  Zkontrolovno antivirovm systmem AVG (http://www.grisoft.cz).
  Verze: 6.0.417 / Virov bze: 233 - datum vydn: 8.11.2002





---
Odchoz zprva neobsahuje viry.
Zkontrolovno antivirovm systmem AVG (http://www.grisoft.cz).
Verze: 6.0.417 / Virov bze: 233 - datum vydn: 8.11.2002



---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



RE: [leaf-user] Bering v1.0-stable released !

2002-11-15 Thread Matt Russell
I agree. I think a lot of us take a lot (if not most) of what they do for
granted. I also think a lot of us are glad we didn't have to drop a few G's
on cisco hardware, not to mention the almost immediate help we get with any
question...


thanks!



-Original Message-
From: [EMAIL PROTECTED]
[mailto:leaf-user-admin;lists.sourceforge.net]On Behalf Of Eric B Kiser
Sent: Thursday, November 14, 2002 9:55 PM
To: [EMAIL PROTECTED]
Subject: RE: [leaf-user] Bering v1.0-stable released !


Great job guys, thanks for all your hard work.

Most respectfully,
Eric Kiser

-Original Message-
From: [EMAIL PROTECTED]
[mailto:leaf-user-admin;lists.sourceforge.net]On Behalf Of Jacques Nilo
Sent: Thursday, November 14, 2002 5:53 PM
To: [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: [leaf-user] Bering v1.0-stable released !


Finally, it's out. All the details are here:
http://leaf.sourceforge.net/article.php?sid=63

We will probably take a rest for a while :-)

Enjoy!

Jacques  Eric



---
This sf.net email is sponsored by: To learn the basics of securing
your web site with SSL, click here to get a FREE TRIAL of a Thawte
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This sf.net email is sponsored by: To learn the basics of securing
your web site with SSL, click here to get a FREE TRIAL of a Thawte
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



[leaf-user] ipsec Bering

2002-11-15 Thread Stef
Hi all,

I have a problem with the last distro Bering-rc4 and ipsec.lrp package.

I try to conect with a road-warrior and every seems ok (SA established) 
except that the /var/log/auth.log mention a problem with the 
impossibility to write the route add for the IP of my road warrior.
I follow all steps explain in the users guide from the Bering web page.

If someone can help me.

Thanks in advance.

Stéphane



---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


Re: [leaf-user] Bering v1.0-stable released !

2002-11-15 Thread hari-nuryadi
Wonderful works Jaques :) , keep on it and congratulation 
for the good stable LEAF OS.
Btw, i always get this messages when i'm trying to d/l the 
stable release:

Could not read file. 

Go back.

Nov 15, 2002 15:28

What's happen?

hari-huhui


On Sat, 16 Nov 2002 09:15:01 +1100
 David Fisher [EMAIL PROTECTED] wrote:
On Sat, 16 Nov 2002 08:37, Troy Aden wrote:

I have to chime in here as well. I am most grateful for 
the efforts
made developing this.

Congratulations, certainly, but where do you get it?  It 
doesn't seem to 
have hit the mirrors yet.



--
David

Quidquid latine dictum sit, altum sonatur.




---
This sf.net email is sponsored by: To learn the basics of 
securing 
your web site with SSL, click here to get a FREE TRIAL of 
a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: 
http://leaf-project.org/pub/doc/docmanager/docid_1891.html

===
Selama Bulan Suci Ramadhan, ikuti Netkuis Ramadhan, Lomba Design E-Card, Opini Berhadiah hanya di www.plasa.com
===


---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


Re: [leaf-user] IPSec tunnels

2002-11-15 Thread Homer Parker
On Fri, 15 Nov 2002 11:00:55 -0600 Charles Steinkuehler
[EMAIL PROTECTED] wrote

 Um...there should be no race condition in the assignment of ipsecN 
 interface numbering.  This is done by the ipsec software.  Normally, 

Ok, maybe I don't understand the tunneling as well as I thought I did...
I'll wait till the 2nd tunnel returns from his trip, and see how it works
out... Thanks! Now, back to trying to figure out Opportunistic
Encryption.. ;)

--- 
Homer Parker

http://www.homershut.net
telnet://bbs.homershut.net




msg11039/pgp0.pgp
Description: PGP signature


Re: [leaf-user] 486DX with 8MB ram

2002-11-15 Thread guitarlynn
On Friday 15 November 2002 08:37, Pawel Idzi wrote:
 On Thu, 14 Nov 2002, Ashley wrote:
  INIT: cannot execute /sbin/getty

 Hi!
 I've the same problem with my 486 and... also with pentium mainboard
 but with AMD K5 75 MHz processor (with 32MB RAM). I've heard that
 this chip is not 100% comptatible with iPentium.

 I'm also interested in Bering working on 486 machines, but I'm afraid
 that Bering in his default floppy distro is only for 586 machines,
 because...

I don't believe the stock Bering kernel supports a non-FPU processor
(SX). There are alternate kernels available for Dachstein to run on
SX's on Charles' site. The 8M of Ram will need modification to work 
on, which is possible but not preferred as long as you load minimal 
packages and log Ramdisk. If there is a i586 kernel floating around,
I am sure it is a mistake and should be located/corrected. I can't say
that I can remember anyone having problems with a K5 chip, but that
could also be a (remote) possibility as well.

We need some more information on your exact hardware to be of much
more help. There has been some good suggestions thus far.
-- 

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!


---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



Bering Download Problems (was Re: [leaf-user] Bering v1.0-stablereleased !)

2002-11-15 Thread Jeff Newmiller
On Sat, 16 Nov 2002, hari-nuryadi wrote:

 Wonderful works Jaques :) , keep on it and congratulation 
 for the good stable LEAF OS.
 Btw, i always get this messages when i'm trying to d/l the 
 stable release:
 
 Could not read file. 
 
 Go back.
 
 Nov 15, 2002 15:28
 
 What's happen?

a) You failed to tell what actions you took to arrive at this
error. Please learn to be more precise in your questions... failing to do
so often leads to many false leads for those attempting to help you, and
putting them through that shows a lack of respect for their time.

b) I followed his link and downloaded from Pheonix, AZ
(http://prdownloads.sourceforge.net/leaf/Bering_1.0-stable_img_bering_1680.bin?use_mirror=easynews)
and succeeded.

c) I have actually encountered a similar error when I reviewed his
documentation file http://leaf.sourceforge.net/devel/jnilo/bidownmod.html
and attempted to download the modules file using the here link at the
bottom of the page.  Apparently a space is inserted between the tar. and
the gz that prevents the link from working as-is, though you can copy
the link, edit it, and paste that into your browser as a workaround.

If your approach was different, please specify how you arrived at this
error so we can duplicate it.

---
Jeff NewmillerThe .   .  Go Live...
DCN:[EMAIL PROTECTED]Basics: ##.#.   ##.#.  Live Go...
  Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/BatteriesO.O#.   #.O#.  with
/Software/Embedded Controllers)   .OO#.   .OO#.  rocks...2k
---



---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



[leaf-user] LaBrea

2002-11-15 Thread C. Dummy
Hi I'm running Dachstein 1.02 with pppoe and  with printer 
server(protocol RAW port 9100).. I have installed LaBrea. I edited both 
files in /etc listing my used network adresses. When I boot lrp box I 
get message:
P-lookupnet(eth0): SIOCGIFADDR:eth0:cannot assign requested address
I tried to look in geocrawler but there is not to much about LaBrea 
there?  Anybody has any idea how to fix that?
Andrey
Thanks for help



---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


[leaf-user] Simple autofw problem

2002-11-15 Thread billy jacobs

Hello--

I know this is a RTFM kind of question, but I have been struggling with this 
for a couple of days now.  I am running a dachstein(i believe) firewall, 
using ipchains.  I need to forward ports 6000-6999/udp from my external 
interface (eth0) to one host on my internal network (192.168.1.9).  When I 
run tcpdump on the external interface, I see these packets on the wire, 
however, when I run tcpdump on an internal box (in promiscuous mode), I 
don't see any traffic.  If I bypass the firewall, all is well, so I know its 
a problem with my forwarding of the range of UDP ports.  I believe the 
problem lies somewhere in my ipchains statement.

Can someone take a look and tell me if I am missing something here?

Thanks.

Relevant parts of /etc/network.conf:

EXTERN_UDP_PORTS=0/0_domain 0/0_6000:6999
INTERN_PS2_SERVER=192.168.1.9

Relevant parts of /etc/ipfilter.conf (added right after other forwarding 
'if' statements):
~
if [ -n $INTERN_PS2_SERVER ] ; then
  $IPCH -A input -s 0.0.0.0/0 -d $INTERN_PS2_SERVER 6000:6999 -p udp -j 
ACCEPT
  $IPMASQADM autofw -A -v -r udp 6000 6999 -h $INTERN_PS2_SERVER
fi

Output of ipchains -L -n |grep 6000
~
# ipchains -L -n |grep 6000
ACCEPT udp  --  0.0.0.0/0192.168.1.9   * -   
6000:6999
ACCEPT udp  --  0.0.0.0/00.0.0.0/0 * -   
6000:6999

Output of tcpdump -i eth0 | grep \.6...  (to filter on range):
~
20:26:14.406460 pcp01120514pcs.flshng01.mi.comcast.net.6565  
66-108-7-175.nyc.rr.com.61717: udp 4
20:26:17.446460 dy251162.resnet.uky.edu.6091  
66-108-7-175.nyc.rr.com.61487: udp 4
20:26:19.406460 pcp01120514pcs.flshng01.mi.comcast.net.6565  
66-108-7-175.nyc.rr.com.61717: udp 4
20:26:24.396460 pcp01120514pcs.flshng01.mi.comcast.net.6565  
66-108-7-175.nyc.rr.com.61717: udp 4
20:26:27.446460 dy251162.resnet.uky.edu.6091  
66-108-7-175.nyc.rr.com.61487: udp 4


Any ideas?  Help would be appreciated.

Billy


_
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail



---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


Re: [leaf-user] 486DX with 8MB ram

2002-11-15 Thread JeeBak Kim
* Pawel Idzi ([EMAIL PROTECTED]) [021115 18:05]:
 On Thu, 14 Nov 2002, Ashley wrote:
 
  INIT: cannot execute /sbin/getty
 
 Hi!
 I've the same problem with my 486 and... also with pentium mainboard but
 with AMD K5 75 MHz processor (with 32MB RAM). I've heard that this chip is
 not 100% comptatible with iPentium.
 
 I'm also interested in Bering working on 486 machines, but I'm afraid that
 Bering in his default floppy distro is only for 586 machines, because...

Default Bering works fine on my 486 (IBM ThinkPad 755CSE 486 DX/4.)
Here is some output from Bering rc3... should upgrade now that 1.0
stable is out but rc3 has been rock stable as-is for me since I
first installed it ;).

firewall: -root-
# uname -a
Linux firewall 2.4.18 #4 Sun Jun 9 09:46:15 CEST 2002 i486 unknown

firewall: -root-
# cat /proc/cpuinfo
processor   : 0
vendor_id   : GenuineIntel
cpu family  : 4
model   : 8
model name  : 486 DX/4
stepping: 0
fdiv_bug: no
hlt_bug : no
f00f_bug: no
coma_bug: no
fpu : yes
fpu_exception   : yes
cpuid level : 1
wp  : yes
flags   : fpu vme
bogomips: 49.76


---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



[leaf-user] [ leaf-Support Requests-639240 ] internet sharing with 56k modem

2002-11-15 Thread noreply
Support Requests item #639240, was opened at 2002-11-16 17:38
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detailatid=213751aid=639240group_id=13751

Category: Release/Branch: Oxygen
Group: None
Status: Open
Priority: 5
Submitted By: magic freeman (kiwispaniol)
Assigned to: Mike Noyes (mhnoyes)
Summary: internet sharing with 56k modem 

Initial Comment:

Does LEAF (Oxygen) or others versions, supports 
internet sharing with Dialup (56kmodem)

Cheers

--

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detailatid=213751aid=639240group_id=13751


---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



Re: [leaf-user] Simple autofw problem

2002-11-15 Thread guitarlynn
On Friday 15 November 2002 19:53, billy jacobs wrote:

Comments inline  ;-)

 EXTERN_UDP_PORTS=0/0_domain 0/0_6000:6999
 INTERN_PS2_SERVER=192.168.1.9

OK, you've opened the 6000-6999 udp port range.


 Relevant parts of /etc/ipfilter.conf (added right after other
 forwarding 'if' statements):
 ~
 if [ -n $INTERN_PS2_SERVER ] ; then
$IPCH -A input -s 0.0.0.0/0 -d $INTERN_PS2_SERVER 6000:6999 -p udp
 -j ACCEPT
$IPMASQADM autofw -A -v -r udp 6000 6999 -h $INTERN_PS2_SERVER
 fi

OK, the port range is forwarded to 192.168.1.9 address.


 Output of ipchains -L -n |grep 6000
 ~
 # ipchains -L -n |grep 6000
 ACCEPT udp  --  0.0.0.0/0192.168.1.9   *
 - 6000:6999
 ACCEPT udp  --  0.0.0.0/00.0.0.0/0 *
 - 6000:6999

The changes appear to be active.


 Output of tcpdump -i eth0 | grep \.6...  (to filter on range):
 ~
 20:26:14.406460 pcp01120514pcs.flshng01.mi.comcast.net.6565 
 66-108-7-175.nyc.rr.com.61717: udp 4
 20:26:17.446460 dy251162.resnet.uky.edu.6091 
 66-108-7-175.nyc.rr.com.61487: udp 4
 20:26:19.406460 pcp01120514pcs.flshng01.mi.comcast.net.6565 
 66-108-7-175.nyc.rr.com.61717: udp 4
 20:26:24.396460 pcp01120514pcs.flshng01.mi.comcast.net.6565 
 66-108-7-175.nyc.rr.com.61717: udp 4
 20:26:27.446460 dy251162.resnet.uky.edu.6091 
 66-108-7-175.nyc.rr.com.61487: udp 4

Ok, your blocking udp 4. This port is not opened much less forwarded.
I'm not sure how this applies to your added configuration.

 Any ideas?  Help would be appreciated.

It would help if we had any idea what you are attempting to forward
service wise. I'm not clear on what you are attempting to show with
the tcpdump. Have you loaded the autofw module?

More information is requested so we can atleast make a guess
at what the problem may be.
-- 

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!


---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



Re: [leaf-user] ipsec Bering

2002-11-15 Thread guitarlynn
On Friday 15 November 2002 16:55, Stef wrote:
 Hi all,

 I have a problem with the last distro Bering-rc4 and ipsec.lrp
 package.

 I try to conect with a road-warrior and every seems ok (SA
 established) except that the /var/log/auth.log mention a problem with
 the impossibility to write the route add for the IP of my road
 warrior. I follow all steps explain in the users guide from the
 Bering web page.

What is the exact error message?
If the Road-warrior ip is in the rfc1918 addressing, it probably won't
work. An ipsec barf would be extremely useful to locating any and
virtually all possible problems. 
-- 

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!


---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



[leaf-user] thttpd behind lrp

2002-11-15 Thread C. Dummy
I'm trying to put thttpd behind lrp box on ip 192.168.1.203. I made lrp 
floppy with etc,ifconfig,local,modules,ramlog,root,thttpd and www-data 
packages. I edited syslinux.cfg so all packages load no errors and 
problems. I edited network.conf
CONFIG_DNS=YES
IF_AUTO=eth0
eth0_IPADDR=192.168.1.203
eth0_MASKLEN=24
eth0_DEFAULT_GW=192.168.1.254
eth1_IPADDR=
eth1_MASKLEN=
IPFILTER_SWITCH=none
EXTERN_DHCP=NO
INTERN_WWW_SERVER=192.168.1.203# Internal WWW server to make available

When I boot the floppy I don't get any errors and I can ping machines on 
LAN no problem. Thttpd and www-data are original files from packages(no 
changes made) I can't see anything from LAN using 
http://192.168.1.203(connecting... and nothing no message it just dies) 
or http://ip.binded.to.lrp.box(the connection was refused when 
attempting to contact
ip.binded.to.lrp.box) can't see anything from outside either(the page 
cannot be displayed). Where is the problem?
Thanks for help. I'm complete newbie with setting  up web server sorry 
if  this sounds silly.
Andrey
P.S.Ifconfig
inet addr:192.168.1.203  Bcast:192.168.1.255  Mask:255.255.255.0
UP BROADCASTRUNNING MULTICAST MTU:1500 Metric:1




---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


Re: [leaf-user] Leaf LINCE

2002-11-15 Thread guitarlynn
On Friday 15 November 2002 02:18, Jaime Nebrera Herrera wrote:

   I'm the Project Manager of LINCE release. We are just awaiting to
 solve a couple of problems with our CVS area to upload the iso image.

   LINCE is just a Bering distribution on steroids oriented to a
 Compact Flash (or Hard Disk) system. Bering is just wonderful but it
 lacks some features a professional firewall might need. BTW, is based
 on glibc 2.2

Great! The WP'ed SST dom would also be a great option (or CD-ROM).
I'll love to check it out!


   For example we have done already:

   1) Easy installation of Bering or LINCE from a CD installer (its
 provided as an iso image). All Bering packages in a convenient place
 (the iso). 2) Most popular ethernet adapters by default loaded
   3) HTB QoS trough htbinit
   4) SQUID 2.4Stable6 configured to run in memory
   5) SMTP Proxy for Antivirus (FPROT done), antirelay or antispam
 (this one not done yet)
   6) POP3 transparent proxy for antivirus (FPROT)
   7) Web filter content (IP, URL, words, MIME, PICS)
   8) IPSec with FreeSWAN

Out of curiousity, do you really feel the http/smtp/pop proxy should
be on the firewall? I understand many people would love this option,
but to many people (especially for enterprise installations) this would
seem to be akin to sending invitations to hackers by filtering on the
firewall.

   We dont know if all this will be released at the first moment, or
 just in future releases (first we need to try to sell them to other
 people :))) but they will come, specially if this community helps us
 getting some of that functionality done.

I'm sure many of us would contribute when and if we have the time!


   Things we are planning to add in the near feature:

   1) Bridge functionality. Yes, this is done with Bering but we have
 never done it, need to learn how to do it.
   2) Proxy ARP - the same

There are many of us using both of these options. The proxy-arp is
easy to test if you don't mind opening the server to the internet less
securely IMHO. The bridge option simply uses the box as a hub. It
can be used to tie together tp-10/100, bnc, fiber, etc..., however
tp-to-tp testing would be adaquate.


   3) HTTP load balancer.- We are just awaiting somebody will pay us
 to do this :)
   4) SNORT, inline SNORT, high availability (heartbeat), 

David D/Oxygen has a snort package available, though I have
not used it personally.


   We plan to live from improving this platform (somebody will pay
 us to add some functionality), giving support, selling preassambled
 systems (you can see great pictures of the box in
 http://www.eneotecnologia.com/soho_fotos.html) and so on, well you
 get the point.

Many of us are doing this, in various degree's. Best of luck to
succeeding in your project, I hope to someday do the same 
successfully!
-- 

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!


---
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html