RE: [leaf-user] 4 nics with Bering
Is there anyway of telling if the 4th nic has the same address as one of the other ones in the message logs or do I have to physically swap cards around to find out? dmesg only shows 3 nics detected, all with different addresses. Stephen On Thu, 2002-11-14 at 23:09, Reginald R. Richardson wrote: Make sure that none of the NICS has the same i/o address.. 4 nics should be no problem -Original Message- From: Stephen Lee [mailto:splee;plexio.com] Sent: Friday, November 15, 2002 03:48 To: Leaf-user Subject: [leaf-user] 4 nics with Bering Hi, I've got 4 RTL8139c nics in a Bering 1.0rc2 box but only 3 are detected by the kernel. Is a boot time kernel parameter required to detect the 4th nic? If yes then what is the append parameter to use? BTW, PNP OS is off in the Bios. --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] 4 nics with Bering
Well, I think if u like hard work, that's the best way of doing it.. Or u can grab the NIC config software, and once u start it up, if u have to cards that is conflicting it will tell u, that 2 cards are conflicting, but then u have to go back to the procedure, of swapping the card individualy to see which is which... Are u using ISA or PCI cards (I would like to think that RTL8139 cards are mostly PCI) What u can do, is tell the bios that u don't have PnP software, and the bios would automaticlly assign the IRQs... But my best bet, do the NIC swapping one by one, then u'll see exactly what's wrong.. Also while at it, make sure the NIC is inserted properly in the SLOT -Original Message- From: Stephen Lee [mailto:splee;plexio.com] Sent: Friday, November 15, 2002 08:54 To: Leaf-user Subject: RE: [leaf-user] 4 nics with Bering Is there anyway of telling if the 4th nic has the same address as one of the other ones in the message logs or do I have to physically swap cards around to find out? dmesg only shows 3 nics detected, all with different addresses. Stephen On Thu, 2002-11-14 at 23:09, Reginald R. Richardson wrote: Make sure that none of the NICS has the same i/o address.. 4 nics should be no problem -Original Message- From: Stephen Lee [mailto:splee;plexio.com] Sent: Friday, November 15, 2002 03:48 To: Leaf-user Subject: [leaf-user] 4 nics with Bering Hi, I've got 4 RTL8139c nics in a Bering 1.0rc2 box but only 3 are detected by the kernel. Is a boot time kernel parameter required to detect the 4th nic? If yes then what is the append parameter to use? BTW, PNP OS is off in the Bios. --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html -- -- leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Leaf LINCE
Hi Sebastiano, am I wrong or somebody recently wrote about a future Leaf branch called LINCE? Can anybody give more details? I'm so curious I'm the Project Manager of LINCE release. We are just awaiting to solve a couple of problems with our CVS area to upload the iso image. LINCE is just a Bering distribution on steroids oriented to a Compact Flash (or Hard Disk) system. Bering is just wonderful but it lacks some features a professional firewall might need. BTW, is based on glibc 2.2 For example we have done already: 1) Easy installation of Bering or LINCE from a CD installer (its provided as an iso image). All Bering packages in a convenient place (the iso). 2) Most popular ethernet adapters by default loaded 3) HTB QoS trough htbinit 4) SQUID 2.4Stable6 configured to run in memory 5) SMTP Proxy for Antivirus (FPROT done), antirelay or antispam (this one not done yet) 6) POP3 transparent proxy for antivirus (FPROT) 7) Web filter content (IP, URL, words, MIME, PICS) 8) IPSec with FreeSWAN We dont know if all this will be released at the first moment, or just in future releases (first we need to try to sell them to other people :))) but they will come, specially if this community helps us getting some of that functionality done. All his is already there (excep IPSec we are working now) and runs without the need for a hard disk. The project idea is make a professional firewall with open software. All this features are not activated by default (dont activate anything you dont need) but they are installed in the Compact Flash for rapid deployment. Things we are planning to add in the near feature: 1) Bridge functionality. Yes, this is done with Bering but we have never done it, need to learn how to do it. 2) Proxy ARP - the same 3) HTTP load balancer.- We are just awaiting somebody will pay us to do this :) 4) SNORT, inline SNORT, high availability (heartbeat), I think its just a great project, so keep in touch !! If you want to see more details of the project in spanish you can go to: http://www.eneotecnologia.com/proyectos_lince.html We plan to live from improving this platform (somebody will pay us to add some functionality), giving support, selling preassambled systems (you can see great pictures of the box in http://www.eneotecnologia.com/soho_fotos.html) and so on, well you get the point. Thats all folks ! :) Regards. BTW, we have to update to 1.0stable. Great jobs guys:) We were just using rc3 with bugs solved. -- Jaime Nebrera Herrera [EMAIL PROTECTED] --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] How to add Cron on bering RC3
Hi all I would like to add cron on bering RC3. I add my task in /etc/cron.d/multicron. I found that it doesn't work why. This is my multicron file. #Periodic schedule for multicron. (Ping check, Space check, etc) #Default: Every 15 minutes */15* * * * root/etc/multicron-p */10* * * * rootmy_script Please tell me why it doesn't work. Thanx you very much.N¬±ùÞµéX¬²'²Þu¼¢W®{ay¶¬Ë(~Ǻ¸§*.¯²+^Â+aIÜ'$ êÞ¶µ¡QDÑ è}¤ák^Iêïz°®ØÆzm§ÿðÃ(¶°µç(úÝçn!¶iey§î±êæj)b b²Ù^iû¬z¹b²Û,¢êÜyú+éÞ¶m¦Ïÿ+-²Ê.Ç¢¸ë+-³ùb²Ø§~åy§î±êÒDPÛiÿù^iúk¢7¶àþýÚýÚ©Úêÿvw_=Öf
Re: [leaf-user] How to add Cron on bering RC3
Hi Thitiporn At 17:08 15/11/02 +0700, Thitiporn Pornpirunrak wrote: Hi all I would like to add cron on bering RC3. I add my task in /etc/cron.d/multicron. I found that it doesn't work why. This is my multicron file. I think you may be editing the wrong file - try adding your task to /etc/crontab instead of /etc/cron.d/multicron. cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] 4 nics with Bering
Stephen Lee wrote: Is there anyway of telling if the 4th nic has the same address as one of the other ones in the message logs or do I have to physically swap cards around to find out? dmesg only shows 3 nics detected, all with different addresses. Take a look at your /proc filesystem: /proc/pci contains the PCI cards found and addresses assigned to them. If all your cards do not appear here, there is zero chance that they will all be recognized by the driver. Could one card be bad? /proc/interrupts contains the interrupts assigned to various devices /proc/ioports lists the I/O port ranges used by various configured devices The above info can be combined with each card's physical MAC address (output by ip addr, along with the IP address) to see which cards are actually being seen by the system. I'd suspect you either have a bad card, or it's possible the NIC driver will only support a maximum of 3 cards (although this would be somewhat unusual...I've heard of limits of 1 card and two cards, but not three cards, especially for PCI NICs). -- Charles Steinkuehler [EMAIL PROTECTED] --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Dachstein DNS Config - HELP!
Spot on. I had bash.lrp loaded! So this leads me on to asking if you could add an entry for bash on you packages page at http://lrp.steinkuehler.net/Packages.htm http://lrp.steinkuehler.net/Packages.htm stating that installing the bash package, therefore changing the default shell, can possibly break the scripts in other packages. Quoting tinydns as an example. I believe that the default shell /bin/sh should *always* be linked to /bin/ash because it is the basis of the LEAF scripts. Installing bash.lrp should not change this and that bash should be stated explicitly in scripts where required. My DNS is all up and running now, serving both the private network and resolving hosts on the company network. Thanks for the help. Colin -Original Message- From: Charles Steinkuehler [SMTP:[EMAIL PROTECTED]] Wrigglesworth, Colin wrote: Didn't take me log to find out what the brain dead problem istinydns isn't running. Why?...well I don't actually know but I'm sure this has got something to do with it: # /etc/init.d/tinydns start /etc/init.d/tinydns start: UID: readonly variable # So what is causing this? It is tinydns 1.0.5a from the Dachstein 1.0.2 CD but I have also downloaded the same package from http://leaf.sourceforge.net/devel/jnilo/packages/tinydns.lrp http://leaf.sourceforge.net/devel/jnilo/packages/tinydns.lrp with the same result. Are you running bash by any chance? If so, that's the problem...UID is a read-only variable in bash, but ash doesn't support read-only variables. If this is the problem, a quick solution would be to change the shell interpreter (first line of the shell script) to ash, ie: change: #!/bin/sh to: #!/bin/ash -- Charles Steinkuehler [EMAIL PROTECTED] *** The information contained in this e-mail is confidential. It may also be legally privileged. It is intended only for the stated addressee(s) and access to it by any other person is unauthorised. If you are not an addressee, you must not disclose, copy, circulate or in any other way use or rely on the information contained in this e-mail. Such unauthorised use may be unlawful. If you have received this e-mail in error, please inform RACAL INSTRUMENTS LTD. immediately by phoning +44 (0)1628 604455 (ask for the I.T. dept) and delete it and all copies from your system. *** --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] 486DX with 8MB ram
On Thu, 14 Nov 2002, Ashley wrote: INIT: cannot execute /sbin/getty Hi! I've the same problem with my 486 and... also with pentium mainboard but with AMD K5 75 MHz processor (with 32MB RAM). I've heard that this chip is not 100% comptatible with iPentium. I'm also interested in Bering working on 486 machines, but I'm afraid that Bering in his default floppy distro is only for 586 machines, because... On Thu, 14 Nov 2002, Jeff Newmiller wrote: Is the kernel image built to support 486? Should work fine. ...this I got on my p120 with Bering 1.0rc4 from command: uname -a Linux ruter 2.4.18 #6 Sun Oct 20 15:06:22 CEST 2002 i586 unknown so this kernel is only for 586. On Thu, 14 Nov 2002, Homer Parker wrote: http://leaf.sourceforge.net/devel/jnilo/bdev.html Maybe I will try later to compile kernel for Bering and for 486 but I'm reflecting on this: Are all of lrp packages in Bering standard distro optimized (compiled) for i586 only? If yes then installing Bering on 486 will be (for me) very hard thing. :] -- Pawel Idzi http://lotnisko.net/pi/ pi (at) lotnisko (dot) net --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Upgrade rc4 to 1.0 Stable
How does one upgrade RC4 to 1.o Stable running on a Hard drive and maintain all the extra modules etc.. not found on the floppy? --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] 486DX with 8MB ram
Well, my Production router/firewall is a P-120, with 32Mb ram, And my test one, for new releases, new pakages, is a Compaq deskpro 486 /66, and from version rc2 wroks perfect on it, without any problem, I use the same identical copy of my production, and I have no problem with it -Original Message- From: Pawel Idzi [mailto:pi;lotnisko.net] Sent: Friday, November 15, 2002 15:38 To: [EMAIL PROTECTED] Subject: Re: [leaf-user] 486DX with 8MB ram On Thu, 14 Nov 2002, Ashley wrote: INIT: cannot execute /sbin/getty Hi! I've the same problem with my 486 and... also with pentium mainboard but with AMD K5 75 MHz processor (with 32MB RAM). I've heard that this chip is not 100% comptatible with iPentium. I'm also interested in Bering working on 486 machines, but I'm afraid that Bering in his default floppy distro is only for 586 machines, because... On Thu, 14 Nov 2002, Jeff Newmiller wrote: Is the kernel image built to support 486? Should work fine. ...this I got on my p120 with Bering 1.0rc4 from command: uname -a Linux ruter 2.4.18 #6 Sun Oct 20 15:06:22 CEST 2002 i586 unknown so this kernel is only for 586. On Thu, 14 Nov 2002, Homer Parker wrote: http://leaf.sourceforge.net/devel/jnilo/bdev.html Maybe I will try later to compile kernel for Bering and for 486 but I'm reflecting on this: Are all of lrp packages in Bering standard distro optimized (compiled) for i586 only? If yes then installing Bering on 486 will be (for me) very hard thing. :] -- Pawel Idzi http://lotnisko.net/pi/ pi (at) lotnisko (dot) net --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html -- -- leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/l eaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Leaf LINCE
So, After reading this, I'm a bit confused. Is it a commercial or opensource product? --Pat On Fri, 15 Nov 2002, Jaime Nebrera Herrera wrote: Hi Sebastiano, am I wrong or somebody recently wrote about a future Leaf branch called LINCE? Can anybody give more details? I'm so curious I'm the Project Manager of LINCE release. We are just awaiting to solve a couple of problems with our CVS area to upload the iso image. LINCE is just a Bering distribution on steroids oriented to a Compact Flash (or Hard Disk) system. Bering is just wonderful but it lacks some features a professional firewall might need. BTW, is based on glibc 2.2 For example we have done already: 1) Easy installation of Bering or LINCE from a CD installer (its provided as an iso image). All Bering packages in a convenient place (the iso). 2) Most popular ethernet adapters by default loaded 3) HTB QoS trough htbinit 4) SQUID 2.4Stable6 configured to run in memory 5) SMTP Proxy for Antivirus (FPROT done), antirelay or antispam (this one not done yet) 6) POP3 transparent proxy for antivirus (FPROT) 7) Web filter content (IP, URL, words, MIME, PICS) 8) IPSec with FreeSWAN We dont know if all this will be released at the first moment, or just in future releases (first we need to try to sell them to other people :))) but they will come, specially if this community helps us getting some of that functionality done. All his is already there (excep IPSec we are working now) and runs without the need for a hard disk. The project idea is make a professional firewall with open software. All this features are not activated by default (dont activate anything you dont need) but they are installed in the Compact Flash for rapid deployment. Things we are planning to add in the near feature: 1) Bridge functionality. Yes, this is done with Bering but we have never done it, need to learn how to do it. 2) Proxy ARP - the same 3) HTTP load balancer.- We are just awaiting somebody will pay us to do this :) 4) SNORT, inline SNORT, high availability (heartbeat), I think its just a great project, so keep in touch !! If you want to see more details of the project in spanish you can go to: http://www.eneotecnologia.com/proyectos_lince.html We plan to live from improving this platform (somebody will pay us to add some functionality), giving support, selling preassambled systems (you can see great pictures of the box in http://www.eneotecnologia.com/soho_fotos.html) and so on, well you get the point. Thats all folks ! :) Regards. BTW, we have to update to 1.0stable. Great jobs guys:) We were just using rc3 with bugs solved. --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] 4 nics with Bering
Maybe you do not have enough free interrupts! When the machine boots, can you see the BIOS message that identifies all detected devices? How many network devices do you see? -Original Message- From: Stephen Lee [mailto:splee;plexio.com] Sent: Friday, November 15, 2002 2:48 AM To: Leaf-user Subject: [leaf-user] 4 nics with Bering Hi, I've got 4 RTL8139c nics in a Bering 1.0rc2 box but only 3 are detected by the kernel. Is a boot time kernel parameter required to detect the 4th nic? If yes then what is the append parameter to use? BTW, PNP OS is off in the Bios. Thanks, Stephen --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] thttpd
Thank you very much. Where should I set static IP for this computer 192.168.1.203.. Editing file /etc/hosts and puting 192.168.1.203 instead of 192.168.1.254 would be enough? Thanks for help Andrey Charles Steinkuehler wrote: C. Dummy wrote: Hi I'm running Dachstein 1.02 with pppoe and with printer server(protocol RAW port 9100). I'd like to put thttpd server on 192.168.1.203 box behind lrp box. I know I have to edit network.conf on lrp box to allow traffic to web server on 192.168.1.203. My question is what packages I should load to 192.168.1.203 except thttpd and www-data to get this box running on static IP 192.168.1.203 and to not run as another router. Is there any simple way to edit network.conf and ipfilter.conf to achieve this? Should I remove ipfilter.conf from this box ? Did anybody tried to do anything like that if yes can someone direct me to some readme? I don't need dhclient, dhcpd, dnscache and weblet I think. Charles site shows only how to do that right on lrp box. Thanks for help To run Dachstein as a basic server system, you only need the core packages: root, etc, local, modules, and ramlog (log on earlier versions). To prevent any firewall rules from loading, simply set IPFILTER_SWITCH=none in /etc/network.conf. You'll probably also want to set IF_AUTO=eth0 as well, since you'll likely only have a single NIC. --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] IPSec tunnels
Homer Parker wrote: Firewall A 3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:30:1b:09:d3:ee brd ff:ff:ff:ff:ff:ff inet 64.216.xxx.xxx/xx brd 64.216.105.127 scope global eth0 4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:40:f4:5e:e1:57 brd ff:ff:ff:ff:ff:ff inet 10.0.0.2/24 brd 10.0.0.255 scope global eth1 5: eth2: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:02:e3:15:c9:11 brd ff:ff:ff:ff:ff:ff inet 10.0.1.254/24 brd 10.0.1.255 scope global eth2 14: ipsec0: NOARP,UP mtu 16260 qdisc pfifo_fast qlen 10 link/ether 00:30:1b:09:d3:ee brd ff:ff:ff:ff:ff:ff inet 64.216.xxx.xxx/xx brd 64.216.105.127 scope global ipsec0 15: ipsec1: NOARP mtu 0 qdisc noop qlen 10 link/ipip (The person using the other tunnel is currently out of town, and has the firewall shut off) # ip route 64.216.xxx.0/25 dev eth0 proto kernel scope link src 64.216.xxx.xxx 64.216.xxx.0/25 dev ipsec0 proto kernel scope link src 64.216.xxx.xxx 10.0.0.0/24 dev eth1 proto kernel scope link src 10.0.0.2 10.0.1.0/24 dev eth2 proto kernel scope link src 10.0.1.254 192.168.2.0/24 via 64.216.xxx.zzz dev ipsec0 192.168.1.0/24 via 64.216.xxx.zzz dev ipsec0 default via 64.216.xxx.yyy dev eth0 Firewall A is at the office. Secret has a couple of people working on stuff Private has no access to, but Secret can see the file server on Private. Firewall A needs to be in Secret, Firewall B needs to be in Private. Everything works as I want, but there is a poetential race condition if the firewall reboots, conectivity lost, whatever. The connection that was ipsec0 may end up ipsec1 if it's second to get a connection. I'm looking through the docs, as I thought I saw something about an interface option for ipsec.conf, but I'm thinking it was for what interface to allow tunnels to bind to. Would that also allow me to specify the tunnel name (ipsec0, etc) in the area where I set up the connection as well? I'm needing to make sure that upon reconnection, that everyone gets the right tunnel. Thanks! Um...there should be no race condition in the assignment of ipsecN interface numbering. This is done by the ipsec software. Normally, there is a single ipsec logical interface, bound to your external, upstream interface...multiple tunnels can use the same virtual ipsec interface (for instance, it looks you have two tunnels established already: 192.168.2.0/24 192.168.1.0/24). If for some reason you have IPSec tunnels that leave your router on more than one physical interface (rare, but possible), you will have multiple ipsec? interfaces, but AFAIK, there is no way to automatically create this sort of setup. If there is (perhaps %defaultroute is more sophisticated than I am aware), and you're worried about which I/F is assigned to which ipsec? virtual interface, just hard-code it in your ipsec.conf file, ie: interfaces=ipsec0=eth1 ipsec1=ppp0 ...as described in the ipsec.conf man page: http://leaf.steinkuehler.net/devel/cstein/Packages/man/IPSec1.91/manpage.d/ipsec.conf.5.html -- Charles Steinkuehler [EMAIL PROTECTED] --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Leaf LINCE
Hi, After reading this, I'm a bit confused. Is it a commercial or opensource product? It a commercial quality opensourced project. That is, we want to mimic the best functionality around but keep it as opensource as possible. Of course, some parts of it are closed source, antivirus, but the hook to the antivirus engine is opensource. The difference is we plan to provide support and sell it already installed in a great hardware. Also, we plan to make custom development, say you want us to add HTTP load balancing with session control. We need to to debote company resources to such a task and will charge you for that, but then provide it for free to the community. Of course, not everything is money. As part of our apport to the great Leaf project we will privide quite a bit of functionallity allready in the first image. We have made an easy Bering (or Lince) installer, we have added htbinit for QoS, we provide those lurky modifications you need to install it right away in a hard disk, and so on. As we hope this will catch some attention in this list, and as new features are developed by the community we will release more code ourselves. Also, if our business model succeeds, we plan to donate money and resources to this great community. Say hosting space, hardware, $$$, whatever. This way we will just thank in a clear way those efforts done in Leaf. If you know coyotelinux is more or less the same stuff but with a big difference, we wont restrict the downloading. Once a feature has been developed and payed for (say in money, say in other functionality) we will release more code into the public sourceforge area. FE, we might be interested in zebra integration. We could do it ourselves, or somebody could provide it (I dont care if that coder is getting paid or not for his job). In exchange we will release a new feature, and so on. So if the community really involves itself in developing and testing we will provide much code than if they just wait and wait. We have already devoted a 3 month period of coding from my partner and friend. He has implemented all the points I said in a prior email, we are just eager to make them public as this project evolves, but dont expect us to make ALL public the first time. We had such a experience with our local LUG and was really frustating to see a 0 code contribution when you gave them quite a bit of resources. Thanks in advance. -- Jaime Nebrera Herrera [EMAIL PROTECTED] --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: [LRP] How to add Cron on bering RC3
On Friday 15 November 2002 5:08, Thitiporn Pornpirunrak wrote: Hi all I would like to add cron on bering RC3. I add my task in /etc/cron.d/multicron. I found that it doesn't work why. This is my multicron file. It's better practise to create a new file from your script. */10* * * * rootmy_script Did you restart cron? `svi cron restart` -- The time is now 22:48 (Totalitarian) - http://www.ccops.org/ --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ICQ direct connection
Hi! I used recomended Socks5 package from Dachstein on my router Bering, but I think it doesn't work. I still can not configure ICQ to using proxy. Any idea? - Original Message - From: Charles Steinkuehler [EMAIL PROTECTED] To: Vaclav Bouse [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, November 13, 2002 8:04 PM Subject: Re: [leaf-user] ICQ direct connection Use a Socks proxy. The socks proxy provided with Dachstein-CD (socks5.lrp) is only 54K, and should run fine with Bering: http://leaf.steinkuehler.net/devel/cstein/files/diskimages/dachstein-CD/CD-C ontents/socks5.lrp -- Charles Steinkuehler [EMAIL PROTECTED] Vaclav Bouse wrote: Hi. I don't know how to set-up how to do that porting. And if it's better way to use proxy, does exist a smaller version, because squid is to large - i don't have enough space on my bearing flppy. Maybe use hard-disk in the router-PC, but it's loosing the magic of one-floppy distro. Thanks, Vasek. Dky, Vaek ;-) You need to use proxy like squid is, or port maping to map ICQ ports from internal address directly to ports on outgoing external address. Regards. Litin And another question: Is it possible to use ICQ through Bering router? I suppose that I need somethink like ICQ module to masquarade, but I'm not sure in this problematic. Or is it possible to set only the ICQ? Normal connections of ICQ works OK, but I can'T establish direct connection (chat / voice call) Thanks for every advice! Vasek Bouse. --- Odchoz zprva neobsahuje viry. Zkontrolovno antivirovm systmem AVG (http://www.grisoft.cz). Verze: 6.0.417 / Virov bze: 233 - datum vydn: 8.11.2002 --- Odchoz zprva neobsahuje viry. Zkontrolovno antivirovm systmem AVG (http://www.grisoft.cz). Verze: 6.0.417 / Virov bze: 233 - datum vydn: 8.11.2002 --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering v1.0-stable released !
I agree. I think a lot of us take a lot (if not most) of what they do for granted. I also think a lot of us are glad we didn't have to drop a few G's on cisco hardware, not to mention the almost immediate help we get with any question... thanks! -Original Message- From: [EMAIL PROTECTED] [mailto:leaf-user-admin;lists.sourceforge.net]On Behalf Of Eric B Kiser Sent: Thursday, November 14, 2002 9:55 PM To: [EMAIL PROTECTED] Subject: RE: [leaf-user] Bering v1.0-stable released ! Great job guys, thanks for all your hard work. Most respectfully, Eric Kiser -Original Message- From: [EMAIL PROTECTED] [mailto:leaf-user-admin;lists.sourceforge.net]On Behalf Of Jacques Nilo Sent: Thursday, November 14, 2002 5:53 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [leaf-user] Bering v1.0-stable released ! Finally, it's out. All the details are here: http://leaf.sourceforge.net/article.php?sid=63 We will probably take a rest for a while :-) Enjoy! Jacques Eric --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] ipsec Bering
Hi all, I have a problem with the last distro Bering-rc4 and ipsec.lrp package. I try to conect with a road-warrior and every seems ok (SA established) except that the /var/log/auth.log mention a problem with the impossibility to write the route add for the IP of my road warrior. I follow all steps explain in the users guide from the Bering web page. If someone can help me. Thanks in advance. Stéphane --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering v1.0-stable released !
Wonderful works Jaques :) , keep on it and congratulation for the good stable LEAF OS. Btw, i always get this messages when i'm trying to d/l the stable release: Could not read file. Go back. Nov 15, 2002 15:28 What's happen? hari-huhui On Sat, 16 Nov 2002 09:15:01 +1100 David Fisher [EMAIL PROTECTED] wrote: On Sat, 16 Nov 2002 08:37, Troy Aden wrote: I have to chime in here as well. I am most grateful for the efforts made developing this. Congratulations, certainly, but where do you get it? It doesn't seem to have hit the mirrors yet. -- David Quidquid latine dictum sit, altum sonatur. --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html === Selama Bulan Suci Ramadhan, ikuti Netkuis Ramadhan, Lomba Design E-Card, Opini Berhadiah hanya di www.plasa.com === --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] IPSec tunnels
On Fri, 15 Nov 2002 11:00:55 -0600 Charles Steinkuehler [EMAIL PROTECTED] wrote Um...there should be no race condition in the assignment of ipsecN interface numbering. This is done by the ipsec software. Normally, Ok, maybe I don't understand the tunneling as well as I thought I did... I'll wait till the 2nd tunnel returns from his trip, and see how it works out... Thanks! Now, back to trying to figure out Opportunistic Encryption.. ;) --- Homer Parker http://www.homershut.net telnet://bbs.homershut.net msg11039/pgp0.pgp Description: PGP signature
Re: [leaf-user] 486DX with 8MB ram
On Friday 15 November 2002 08:37, Pawel Idzi wrote: On Thu, 14 Nov 2002, Ashley wrote: INIT: cannot execute /sbin/getty Hi! I've the same problem with my 486 and... also with pentium mainboard but with AMD K5 75 MHz processor (with 32MB RAM). I've heard that this chip is not 100% comptatible with iPentium. I'm also interested in Bering working on 486 machines, but I'm afraid that Bering in his default floppy distro is only for 586 machines, because... I don't believe the stock Bering kernel supports a non-FPU processor (SX). There are alternate kernels available for Dachstein to run on SX's on Charles' site. The 8M of Ram will need modification to work on, which is possible but not preferred as long as you load minimal packages and log Ramdisk. If there is a i586 kernel floating around, I am sure it is a mistake and should be located/corrected. I can't say that I can remember anyone having problems with a K5 chip, but that could also be a (remote) possibility as well. We need some more information on your exact hardware to be of much more help. There has been some good suggestions thus far. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Bering Download Problems (was Re: [leaf-user] Bering v1.0-stablereleased !)
On Sat, 16 Nov 2002, hari-nuryadi wrote: Wonderful works Jaques :) , keep on it and congratulation for the good stable LEAF OS. Btw, i always get this messages when i'm trying to d/l the stable release: Could not read file. Go back. Nov 15, 2002 15:28 What's happen? a) You failed to tell what actions you took to arrive at this error. Please learn to be more precise in your questions... failing to do so often leads to many false leads for those attempting to help you, and putting them through that shows a lack of respect for their time. b) I followed his link and downloaded from Pheonix, AZ (http://prdownloads.sourceforge.net/leaf/Bering_1.0-stable_img_bering_1680.bin?use_mirror=easynews) and succeeded. c) I have actually encountered a similar error when I reviewed his documentation file http://leaf.sourceforge.net/devel/jnilo/bidownmod.html and attempted to download the modules file using the here link at the bottom of the page. Apparently a space is inserted between the tar. and the gz that prevents the link from working as-is, though you can copy the link, edit it, and paste that into your browser as a workaround. If your approach was different, please specify how you arrived at this error so we can duplicate it. --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] LaBrea
Hi I'm running Dachstein 1.02 with pppoe and with printer server(protocol RAW port 9100).. I have installed LaBrea. I edited both files in /etc listing my used network adresses. When I boot lrp box I get message: P-lookupnet(eth0): SIOCGIFADDR:eth0:cannot assign requested address I tried to look in geocrawler but there is not to much about LaBrea there? Anybody has any idea how to fix that? Andrey Thanks for help --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Simple autofw problem
Hello-- I know this is a RTFM kind of question, but I have been struggling with this for a couple of days now. I am running a dachstein(i believe) firewall, using ipchains. I need to forward ports 6000-6999/udp from my external interface (eth0) to one host on my internal network (192.168.1.9). When I run tcpdump on the external interface, I see these packets on the wire, however, when I run tcpdump on an internal box (in promiscuous mode), I don't see any traffic. If I bypass the firewall, all is well, so I know its a problem with my forwarding of the range of UDP ports. I believe the problem lies somewhere in my ipchains statement. Can someone take a look and tell me if I am missing something here? Thanks. Relevant parts of /etc/network.conf: EXTERN_UDP_PORTS=0/0_domain 0/0_6000:6999 INTERN_PS2_SERVER=192.168.1.9 Relevant parts of /etc/ipfilter.conf (added right after other forwarding 'if' statements): ~ if [ -n $INTERN_PS2_SERVER ] ; then $IPCH -A input -s 0.0.0.0/0 -d $INTERN_PS2_SERVER 6000:6999 -p udp -j ACCEPT $IPMASQADM autofw -A -v -r udp 6000 6999 -h $INTERN_PS2_SERVER fi Output of ipchains -L -n |grep 6000 ~ # ipchains -L -n |grep 6000 ACCEPT udp -- 0.0.0.0/0192.168.1.9 * - 6000:6999 ACCEPT udp -- 0.0.0.0/00.0.0.0/0 * - 6000:6999 Output of tcpdump -i eth0 | grep \.6... (to filter on range): ~ 20:26:14.406460 pcp01120514pcs.flshng01.mi.comcast.net.6565 66-108-7-175.nyc.rr.com.61717: udp 4 20:26:17.446460 dy251162.resnet.uky.edu.6091 66-108-7-175.nyc.rr.com.61487: udp 4 20:26:19.406460 pcp01120514pcs.flshng01.mi.comcast.net.6565 66-108-7-175.nyc.rr.com.61717: udp 4 20:26:24.396460 pcp01120514pcs.flshng01.mi.comcast.net.6565 66-108-7-175.nyc.rr.com.61717: udp 4 20:26:27.446460 dy251162.resnet.uky.edu.6091 66-108-7-175.nyc.rr.com.61487: udp 4 Any ideas? Help would be appreciated. Billy _ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] 486DX with 8MB ram
* Pawel Idzi ([EMAIL PROTECTED]) [021115 18:05]: On Thu, 14 Nov 2002, Ashley wrote: INIT: cannot execute /sbin/getty Hi! I've the same problem with my 486 and... also with pentium mainboard but with AMD K5 75 MHz processor (with 32MB RAM). I've heard that this chip is not 100% comptatible with iPentium. I'm also interested in Bering working on 486 machines, but I'm afraid that Bering in his default floppy distro is only for 586 machines, because... Default Bering works fine on my 486 (IBM ThinkPad 755CSE 486 DX/4.) Here is some output from Bering rc3... should upgrade now that 1.0 stable is out but rc3 has been rock stable as-is for me since I first installed it ;). firewall: -root- # uname -a Linux firewall 2.4.18 #4 Sun Jun 9 09:46:15 CEST 2002 i486 unknown firewall: -root- # cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 4 model : 8 model name : 486 DX/4 stepping: 0 fdiv_bug: no hlt_bug : no f00f_bug: no coma_bug: no fpu : yes fpu_exception : yes cpuid level : 1 wp : yes flags : fpu vme bogomips: 49.76 --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-639240 ] internet sharing with 56k modem
Support Requests item #639240, was opened at 2002-11-16 17:38 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=639240group_id=13751 Category: Release/Branch: Oxygen Group: None Status: Open Priority: 5 Submitted By: magic freeman (kiwispaniol) Assigned to: Mike Noyes (mhnoyes) Summary: internet sharing with 56k modem Initial Comment: Does LEAF (Oxygen) or others versions, supports internet sharing with Dialup (56kmodem) Cheers -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=639240group_id=13751 --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Simple autofw problem
On Friday 15 November 2002 19:53, billy jacobs wrote: Comments inline ;-) EXTERN_UDP_PORTS=0/0_domain 0/0_6000:6999 INTERN_PS2_SERVER=192.168.1.9 OK, you've opened the 6000-6999 udp port range. Relevant parts of /etc/ipfilter.conf (added right after other forwarding 'if' statements): ~ if [ -n $INTERN_PS2_SERVER ] ; then $IPCH -A input -s 0.0.0.0/0 -d $INTERN_PS2_SERVER 6000:6999 -p udp -j ACCEPT $IPMASQADM autofw -A -v -r udp 6000 6999 -h $INTERN_PS2_SERVER fi OK, the port range is forwarded to 192.168.1.9 address. Output of ipchains -L -n |grep 6000 ~ # ipchains -L -n |grep 6000 ACCEPT udp -- 0.0.0.0/0192.168.1.9 * - 6000:6999 ACCEPT udp -- 0.0.0.0/00.0.0.0/0 * - 6000:6999 The changes appear to be active. Output of tcpdump -i eth0 | grep \.6... (to filter on range): ~ 20:26:14.406460 pcp01120514pcs.flshng01.mi.comcast.net.6565 66-108-7-175.nyc.rr.com.61717: udp 4 20:26:17.446460 dy251162.resnet.uky.edu.6091 66-108-7-175.nyc.rr.com.61487: udp 4 20:26:19.406460 pcp01120514pcs.flshng01.mi.comcast.net.6565 66-108-7-175.nyc.rr.com.61717: udp 4 20:26:24.396460 pcp01120514pcs.flshng01.mi.comcast.net.6565 66-108-7-175.nyc.rr.com.61717: udp 4 20:26:27.446460 dy251162.resnet.uky.edu.6091 66-108-7-175.nyc.rr.com.61487: udp 4 Ok, your blocking udp 4. This port is not opened much less forwarded. I'm not sure how this applies to your added configuration. Any ideas? Help would be appreciated. It would help if we had any idea what you are attempting to forward service wise. I'm not clear on what you are attempting to show with the tcpdump. Have you loaded the autofw module? More information is requested so we can atleast make a guess at what the problem may be. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ipsec Bering
On Friday 15 November 2002 16:55, Stef wrote: Hi all, I have a problem with the last distro Bering-rc4 and ipsec.lrp package. I try to conect with a road-warrior and every seems ok (SA established) except that the /var/log/auth.log mention a problem with the impossibility to write the route add for the IP of my road warrior. I follow all steps explain in the users guide from the Bering web page. What is the exact error message? If the Road-warrior ip is in the rfc1918 addressing, it probably won't work. An ipsec barf would be extremely useful to locating any and virtually all possible problems. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] thttpd behind lrp
I'm trying to put thttpd behind lrp box on ip 192.168.1.203. I made lrp floppy with etc,ifconfig,local,modules,ramlog,root,thttpd and www-data packages. I edited syslinux.cfg so all packages load no errors and problems. I edited network.conf CONFIG_DNS=YES IF_AUTO=eth0 eth0_IPADDR=192.168.1.203 eth0_MASKLEN=24 eth0_DEFAULT_GW=192.168.1.254 eth1_IPADDR= eth1_MASKLEN= IPFILTER_SWITCH=none EXTERN_DHCP=NO INTERN_WWW_SERVER=192.168.1.203# Internal WWW server to make available When I boot the floppy I don't get any errors and I can ping machines on LAN no problem. Thttpd and www-data are original files from packages(no changes made) I can't see anything from LAN using http://192.168.1.203(connecting... and nothing no message it just dies) or http://ip.binded.to.lrp.box(the connection was refused when attempting to contact ip.binded.to.lrp.box) can't see anything from outside either(the page cannot be displayed). Where is the problem? Thanks for help. I'm complete newbie with setting up web server sorry if this sounds silly. Andrey P.S.Ifconfig inet addr:192.168.1.203 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCASTRUNNING MULTICAST MTU:1500 Metric:1 --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Leaf LINCE
On Friday 15 November 2002 02:18, Jaime Nebrera Herrera wrote: I'm the Project Manager of LINCE release. We are just awaiting to solve a couple of problems with our CVS area to upload the iso image. LINCE is just a Bering distribution on steroids oriented to a Compact Flash (or Hard Disk) system. Bering is just wonderful but it lacks some features a professional firewall might need. BTW, is based on glibc 2.2 Great! The WP'ed SST dom would also be a great option (or CD-ROM). I'll love to check it out! For example we have done already: 1) Easy installation of Bering or LINCE from a CD installer (its provided as an iso image). All Bering packages in a convenient place (the iso). 2) Most popular ethernet adapters by default loaded 3) HTB QoS trough htbinit 4) SQUID 2.4Stable6 configured to run in memory 5) SMTP Proxy for Antivirus (FPROT done), antirelay or antispam (this one not done yet) 6) POP3 transparent proxy for antivirus (FPROT) 7) Web filter content (IP, URL, words, MIME, PICS) 8) IPSec with FreeSWAN Out of curiousity, do you really feel the http/smtp/pop proxy should be on the firewall? I understand many people would love this option, but to many people (especially for enterprise installations) this would seem to be akin to sending invitations to hackers by filtering on the firewall. We dont know if all this will be released at the first moment, or just in future releases (first we need to try to sell them to other people :))) but they will come, specially if this community helps us getting some of that functionality done. I'm sure many of us would contribute when and if we have the time! Things we are planning to add in the near feature: 1) Bridge functionality. Yes, this is done with Bering but we have never done it, need to learn how to do it. 2) Proxy ARP - the same There are many of us using both of these options. The proxy-arp is easy to test if you don't mind opening the server to the internet less securely IMHO. The bridge option simply uses the box as a hub. It can be used to tie together tp-10/100, bnc, fiber, etc..., however tp-to-tp testing would be adaquate. 3) HTTP load balancer.- We are just awaiting somebody will pay us to do this :) 4) SNORT, inline SNORT, high availability (heartbeat), David D/Oxygen has a snort package available, though I have not used it personally. We plan to live from improving this platform (somebody will pay us to add some functionality), giving support, selling preassambled systems (you can see great pictures of the box in http://www.eneotecnologia.com/soho_fotos.html) and so on, well you get the point. Many of us are doing this, in various degree's. Best of luck to succeeding in your project, I hope to someday do the same successfully! -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html