[leaf-user] [ leaf-Support Requests-668950 ] UML - Probs starting Bering
Support Requests item #668950, was opened at 2003-01-16 09:43 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=668950group_id=13751 Category: Release/Branch: Bering Group: None Status: Open Priority: 5 Submitted By: Mathias Leinmueller (mleinmueller) Assigned to: Mike Noyes (mhnoyes) Summary: UML - Probs starting Bering Initial Comment: Hi, I am trying to run Bering in UML. UML itself works when I try it with root_woody_fs. When starting Bering (built according to http://leaf.sourceforge.net/devel/jnilo/uml05.html) I get the errors below. Could anybody give me a hint how to solve the problem? Thanks. Mat Linux version 2.4.19-5um ([EMAIL PROTECTED]) (gcc version 2.96 2731 (Red Hat Linux 7.1 2.96-81)) #2 Mon Sep 16 15:41:15 EDT 2002 On node 0 totalpages: 8192 zone(0): 8192 pages. zone(1): 0 pages. zone(2): 0 pages. Kernel command line: ubd0=Bering_fs initrd=initrd.lrp root=/dev/ram0 init=/linuxrc boot=/dev/ubd0:minix PKGPATH=/dev/ubd0 devfs=nomount LRP=root,etc,local,log,modules,shorwall Calibrating delay loop... 68.48 BogoMIPS Memory: 29788k available Dentry cache hash table entries: 4096 (order: 3, 32768 bytes) Inode cache hash table entries: 2048 (order: 2, 16384 bytes) Mount-cache hash table entries: 512 (order: 0, 4096 bytes) Buffer-cache hash table entries: 1024 (order: 0, 4096 bytes) Page-cache hash table entries: 8192 (order: 3, 32768 bytes) Checking for host processor cmov support...No Checking for host processor xmm support...No Checking that ptrace can change system call numbers...OK Checking that host ptys support output SIGIO...No, enabling workaround Checking that host ptys support SIGIO on close...No, enabling workaround POSIX conformance testing by UNIFIX Linux NET4.0 for Linux 2.4 Based upon Swansea University Computer Society NET3.039 Initializing RT netlink socket Starting kswapd VFS: Diskquotas version dquot_6.4.0 initialized Journalled Block Device driver loaded devfs: v1.12a (20020514) Richard Gooch ([EMAIL PROTECTED]) devfs: boot_options: 0x0 Installing knfsd (copyright (C) 1996 [EMAIL PROTECTED]). pty: 256 Unix98 ptys configured RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize loop: loaded (max 8 devices) Universal TUN/TAP device driver 1.5 (C)1999-2002 Maxim Krasnyansky SCSI subsystem driver Revision: 1.00 NET4: Linux TCP/IP 1.0 for NET4.0 IP Protocols: ICMP, UDP, TCP IP: routing cache hash table of 512 buckets, 4Kbytes TCP: Hash tables configured (established 2048 bind 2048) NET4: Unix domain sockets 1.0/SMP for Linux NET4.0. Initializing software serial port version 1 mconsole (version 2) initialized on /root/.uml/YccNSi/mconsole Partition check: ubda: unknown partition table UML Audio Relay Initializing stdio console driver RAMDISK: Compressed image found at block 0 Freeing initrd memory: 401k freed FAT: bogus logical sector size 0 UMSDOS: msdos_read_super failed, mount aborted. FAT: bogus logical sector size 0 FAT: bogus logical sector size 0 Kernel panic: VFS: Unable to mount root fs on 01:00 -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=668950group_id=13751 --- This SF.NET email is sponsored by: A Thawte Code Signing Certificate is essential in establishing user confidence by providing assurance of authenticity and code integrity. Download our Free Code Signing guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0028en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering ip_conntrack_max on a 21Port, heavy loaded router
Hi all I just noticed that the 2.4. Kernel shipped with Bering does add a conntrack entry for each routed connection. Please note that I really mean plain routing, NOT NAT/MASQ'ing. This router is a 21Port (100Mbit) with ~200 clients. This router is NOT going to be used to connect these ~200 clients (which are distributed over the 21 interfaces) to the internet! It doesn't do *any* masqing/NATing, it only does plain ethernet to ethernet routing. This router is not *yet* in productive application. Now my question: As I described above, the 2.4. Kernel seems to add an entry to /proc/net/ip_conntrack for each connection running over the router (e.g. if a client on eth1 wants to talk with a server on eth5). /proc/sys/net/ipv4/ip_conntrack_max is currently set to 32768 (I didn't do anything, seems to be an auto-value). May I run into problems with this setup if every of these 200 clients are gonna talk with our servers? What does the value 32768 mean? Max. size of the conntrack table in bytes? Max. # of entries in the table? Is there a way to disable conntracking but still using iptables commands to restrict traffic between the interfaces? Or is the value 32768 big enough anyway? Google says that I may increase this value according to the amount of memory installed in the router. The router got 512MB RAM... Any ideas? Thank you for your answer So long -- Sandro Minola | LEAF Developer (http://leaf.sourceforge.net) mailto:[EMAIL PROTECTED] | mailto:[EMAIL PROTECTED] http://www.minola.ch| http://leaf.sourceforge.net/devel/sminola --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] RE: Bering ip_conntrack_max on a 21Port, heavy loaded router
What does the value 32768 mean? Max. size of the conntrack table in bytes? Max. # of entries in the table? I just found out that this value means the number (#) of connections. And it's currently not set to 32768 (as I misleadingly wrote), it's set to 32760. http://www.sns.ias.edu/~jns/security/iptables/iptables_conntrack.html says that this is the default value for a 512MB RAM machine. So it seems that my router can handle 32760 simultaneous connections. Do you think this is enough for 200 clients and 20 servers? Exact setup: -- | LAN| |~100 clients| |~20 servers | -- | | - --- |Router |---|Firewall|---|Internet| - --- | |[...] | | - |about 20 small networks connected to the router | |~100 clients| -- As you see, there are about 100 clients which are using the router only for internet access and about 100 which are using the router to access our servers AND the internet. What do you think? -- Sandro Minola --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Anyone willing to share a Bering image with ide support ?
Does anyone have a Bering image with ide support included in it ? My target hardware doesn't have a floppy drive or cdrom and I do not have any real linux machines. I use VMWare to do any linux related work and unforunetly VMWare doesn't support 1.68 size floppies. If I could get a Bering image with ide then I would just dd it to my CF card and I would be good to go. --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Anyone willing to share a Bering image with idesupport ?
David, I made a stock Bering image for you including ide support, I had to remove the ppp.lrp package to get enough room. You can download it at http://www.netvantix.com/leaf/images/bering_1_0_stable_ide.imz Since you primarily use windoze I created the image with WinImage for your convenience. I did not modify the syslinux.cfg to boot from /dev/hda1 just in case you want to boot from the Bering disk the first time. Best, Steve On Thu, 2003-01-16 at 10:12, David Ondzes wrote: Does anyone have a Bering image with ide support included in it ? My target hardware doesn't have a floppy drive or cdrom and I do not have any real linux machines. I use VMWare to do any linux related work and unforunetly VMWare doesn't support 1.68 size floppies. If I could get a Bering image with ide then I would just dd it to my CF card and I would be good to go. --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Netmeeting and IP Telephony behind Dachstein
Roger, Here is a quote from one of Charles's earlier posts on the subject I don't work a lot with h323, but I think you need the following: 1) Make sure you're loading the ip_masq_h323.o module in /etc/modules 2) To be able to recieve calls, you need to port-forward some ports from the firewall to the internal system you want to be able to recieve calls. With Dachstein, you'll want something like: INTERN_SERVERS=tcp_${EXTERN_IP}_1720_10.31.32.67_1720 tcp_${EXTERN_IP}_1503_10.31.32.67_1503 More information can be found on various linux masquerading pages, and the home-page of the h323 masquerading patch: http://www.coritel.it/projects/nat/index.html You might also want to check into running a proxy...either a socks proxy (if supported by your h323 client), or a h323 proxy, like openh323proxy: http://openh323proxy.sourceforge.net/ Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) Best, Steve On Wed, 2003-01-15 at 10:12, Roger E McClurg wrote: I got Netmeeting working fine using the ip_masq_h323 module and the proper firewall and port forwarding rules. H.323 telephony still is unidirectional (outbound only). A document from Micro$oft says that inbound telephony requires the dynamic forwarding of random UDP ports between 1024 and 65535. Not something we can easily do with Dachstein. Has anyone gotten H.323 IP telephony working through Dachstein (or any of the mountains)? If so, how did you do it? --- This SF.NET email is sponsored by: Take your first step towards giving your online business a competitive advantage. Test-drive a Thawte SSL certificate - our easy online guide will show you how. Click here to get started: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Current Source for DLink - DFE-570TX ???
Does anybody have a current US source for the DLink - DFE-570TX 4 port Tulip based card ? This card doesn't seem to be made anymore, and the inventory is drying up. Anyone using any other 4 port cards with LEAF ? Doug --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] ipsec vs ipsec509
Hy I´m setting up a VPN conection with ipsec.lrp. I also seen a ipsec509.lrp module. In few words, what is the main difference between ipsec.lrp and ipsec509.lrp? Regards Heriberto Ahora podés usar Yahoo! Messenger desde tu celular. Aprendé cómo hacerlo en Yahoo! Móvil: http://ar.mobile.yahoo.com/sms.html --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ipsec vs ipsec509
Hello Heriberto Hy I´m setting up a VPN conection with ipsec.lrp. I also seen a ipsec509.lrp module. In few words, what is the main difference between ipsec.lrp and ipsec509.lrp? The ipsec.lrp is the freeswan package. The ipsec509 is the same package patched for the use of certificates to identify. Regards Eric Wolzak member of the bering Crew Regards Heriberto Ahora podés usar Yahoo! Messenger desde tu celular. Aprendé cómo hacerlo en Yahoo! Móvil: http://ar.mobile.yahoo.com/sms.html --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Dhcp relay - Howto?
Hi all, I wish to know more about dhcp relay??? exist how i put a leaf (Bering more specific) box to do the dhcp relay??? There's a package?? Or it's some config? Thanks! =) Ps: With the recent advisory for dhcpd, the leaf dhcpd server is affected by the vulnerability?? or better, what's the version of the dhcpd in dhcpd.lrp package? Samuel Abreu _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] My Dachstein not quite up and running
Two things: 1) Is this bad or normal: Jan 16 15:23:05 Nimrod kernel: The PCI BIOS has not enabled the device at 0/48! Updating PCI command 0003-0007. Jan 16 15:23:05 Nimrod kernel: eth0: RealTek RTL8139 Fast Ethernet at 0xfe00, IRQ 9, 00:90:47:01:98:80. Jan 16 15:23:05 Nimrod kernel: The PCI BIOS has not enabled the device at 0/56! Updating PCI command 0003-0007. Jan 16 15:23:05 Nimrod kernel: eth1: RealTek RTL8139 Fast Ethernet at 0xfc00, IRQ 10, 00:90:47:01:a0:7a. 2) I'm trying to get Dachstein up and running and it doesn't seem to want to work. I set it up as described at lrp.steinkuehler.net/files/diskimages/dachstein/readme.txt and home.attbi.com/~srlohman/linux/firewall/ds-contents.html (the linux primer section of the second site is where it told me the command to unmount a floppy is unmount, not umount, BTW). So far I've gotten through the initial setup sections, and the section on static external IP (internal IPs are assigned by DHCP so I didn't do that section) and I've setup sshd so I can make configuration changes from my desk instead of dragging a monitor keyboard to our rack closet. I've backed up to floppy and rebooted. I get tons of Martian errors so I switched the internal and external cables. This stopped the errors, but then I couldn't ping or use putty to logon to the firewall. Either way the cables go all traffic is blocked--we can't browse the web, send email, ftp... I even tried a new image of Dachstein and set it up to not use a static external IP address and same thing. What else can I try? Chris --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering + Orinoco wireless
Hey, read down your post included at the bottom, and tell me why it finds your card as an Intersil? It finds mine as a Lucent/Agere. When I boot my w/rc3 and the pcmcia_orinoco.lrp that I use, called pcmcia.lrp, version 3.1.33, I see the following in my syslog: cardmgr[6583]: watching 2 sockets cardmgr[14020]: starting, version is 3.1.33 cardmgr[14020]: socket 0: Intersil PRISM2 11 Mbps Wireless Adapter kernel: cs: memory probe 0x0d-0x0d: clean. cardmgr[14020]: executing: 'insmod /lib/modules/2.4.18/pcmcia/hermes.o' kernel: hermes.c: 16 Jan 2002 David Gibson [EMAIL PROTECTED] cardmgr[14020]: + Using /lib/modules/2.4.18/pcmcia/hermes.o cardmgr[14020]: executing: 'insmod /lib/modules/2.4.18/pcmcia/orinoco.o' kernel: orinoco.c 0.09b (David Gibson [EMAIL PROTECTED] and others) cardmgr[14020]: + Using /lib/modules/2.4.18/pcmcia/orinoco.o cardmgr[14020]: executing: 'insmod /lib/modules/2.4.18/pcmcia/orinoco_cs.o' kernel: orinoco_cs.c 0.09b (David Gibson [EMAIL PROTECTED] and others) cardmgr[14020]: + Using /lib/modules/2.4.18/pcmcia/orinoco_cs.o kernel: cs: IO port probe 0x0100-0x04ff: excluding 0x290-0x297 0x3c0-0x3e7 0x3f0-0x3f7 0x4d0-0x4d7 kernel: cs: IO port probe 0x0298-0x03bf: clean. kernel: cs: IO port probe 0x03e8-0x03ef: clean. kernel: cs: IO port probe 0x03f8-0x04cf: clean. kernel: cs: IO port probe 0x04d8-0x04ff: clean. kernel: cs: IO port probe 0x0800-0x08ff: clean. kernel: cs: IO port probe 0x0a00-0x0aff: clean. kernel: cs: IO port probe 0x0c00-0x0cff: clean. kernel: eth2: Station identity 001f:0001:0007:001c kernel: eth2: Looks like a Lucent/Agere firmware version 7.28 kernel: eth2: Ad-hoc demo mode supported kernel: eth2: IEEE standard IBSS ad-hoc mode supported kernel: eth2: WEP supported, 104-bit key kernel: eth2: MAC address 00:02:2D:74:55:93 kernel: eth2: Station name HERMES I kernel: eth2: ready kernel: eth2: index 0x01: Vcc 5.0, irq 5, io 0x0100-0x013f cardmgr[14020]: executing: './network start eth2' Hub:# cd pcmcia Hub:# ls -l -rw-r--r--1 root root11248 Jun 16 2002 ds.o -rw-r--r--1 root root 6060 Jun 16 2002 hermes.o -rw-r--r--1 root root33728 Jun 16 2002 i82365.o -rw-r--r--1 root root42152 Jun 16 2002 orinoco.o -rw-r--r--1 root root 8100 Jun 16 2002 orinoco_cs.o -rw-r--r--1 root root58163 Jun 16 2002 pcmcia_core.o Comparing our two filesets, I have no idea what you are using in your attempt to get rc3 running. Please list the exact directory and filename of the .lrp you downloaded from leaf.sourceforge.net to handle your pcmcia, presumably a version of pcmcia_orinoco.lrp. Also do a lrpkg -l and tell me what version is claims your pcmcia.lrp is. Matt, I brought up RC3 Bering-orinoco again. Here what I got : The card is WaveLAN/IEEE. .. hermes_read_ltv(): rid (0xfd20) does not match type (0xc7ff) hermes @ 0x140: Truncating LTV record from 508 to 8 bytes. (rid=0xfd20, len=0x00ff) eth0: Station identity 003f:00ff:d4bf:00ff eth0: Looks like an Intersil firmware version 54463.255 ^^ Regards, Matthew --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] RE: Bering ip_conntrack_max on a 21Port, heavyloaded router
On Fri, 2003-01-17 at 05:50, Sandro Minola wrote: What does the value 32768 mean? Max. size of the conntrack table in bytes? Max. # of entries in the table? I just found out that this value means the number (#) of connections. And it's currently not set to 32768 (as I misleadingly wrote), it's set to 32760. http://www.sns.ias.edu/~jns/security/iptables/iptables_conntrack.html says that this is the default value for a 512MB RAM machine. So it seems that my router can handle 32760 simultaneous connections. Do you think this is enough for 200 clients and 20 servers? At a guess, and only a guess, I don't think you will have problems. You can increase the limit by - echo 9 /proc/sys/net/ipv4/ip_conntrack_max Change 9 to what ever you think you need by remember that each connection uses about 350 bytes of memory so 9*350 is about 35MB but with 512MB to play with I don't think it will be a problem :-)) If you have concerns then you may want to run a script file that monitors the number of connections and reports to you by email. Add a file with - date -R /tmp/connections cat /proc/net/ip_conntrack | wc -l /tmp/connections and get cron to run this every 5 minutes or so and then each hour, 6 hours or what ever you want run the following by cron - cat /tmp/connections | mail -s Connections report [EMAIL PROTECTED] rm -f /tmp/connections This should produce an email something like- Fri Jan 17 11:23:18 NZDT 2003 31 Fri Jan 17 11:23:42 NZDT 2003 36 With this you can track the load during the day to see what your peak connections are and also the time of day it happens. Run it for a week or so to see how your system is going. If you want to take it a step further then you could create a script that only emails an alert or warning if the number of connections get above a certain amount. -- Lyndsay Roger [EMAIL PROTECTED] --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering ip_conntrack_max on a 21Port, heavy loaded router
On Thursday 16 January 2003 10:28 am, Sandro Minola wrote: Hi all I just noticed that the 2.4. Kernel shipped with Bering does add a conntrack entry for each routed connection. Please note that I really mean plain routing, NOT NAT/MASQ'ing. FYI, the 2.4/iptables does not _have_ to be set up as a stateful firewall. If you run in w/o the stateful option conntrack is not used, and definately not very useful with plain routing. I'm not sure whether the statefull definition is set in the kernel, but IIRC it is an option with the iptables ruleset. -- ~Lynn Avants Linux Embedded Appliance Firewall developer http://leaf.sourceforge.net --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Stopping DHCPD logging
Hello, I get a LOT of the following in my syslog: Jan 16 23:27:38 firewall dhcpd: DHCPREQUEST for 192.168.1.2 from 00:80:c6:f8:62:c6 via eth1 Jan 16 23:27:38 firewall dhcpd: DHCPACK on 192.168.1.2 to 00:80:c6:f8:62:c6 via eth1 Jan 16 23:27:38 firewall dhcpd: send_packet: Operation not permitted Jan 16 23:27:59 firewall dhcpd: DHCPREQUEST for 192.168.1.1 from 00:e0:29:2c:ba:6d via eth1 Jan 16 23:27:59 firewall dhcpd: DHCPACK on 192.168.1.1 to 00:e0:29:2c:ba:6d via eth1 Jan 16 23:27:59 firewall dhcpd: send_packet: Operation not permitted Jan 16 23:28:42 firewall dhcpd: DHCPREQUEST for 192.168.1.2 from 00:80:c6:f8:62:c6 via eth1 Jan 16 23:28:42 firewall dhcpd: DHCPACK on 192.168.1.2 to 00:80:c6:f8:62:c6 via eth1 Jan 16 23:28:42 firewall dhcpd: send_packet: Operation not permitted I suppose that I could simply change the two target machines to use static IPs but I'd prefer not to do that, since DHCP is more portable for various network configurations. However my logs are all filled up with this and I'd really like it to stop. The DHCPD package offers no visible options for logging. The DHCPD man pages do mention a little bit about logging: the -d option to log to stdout. This means that there is one apparent way to stop logging: 1) Edit init.d script 2) In the line to start dhcpd, type: dhcpd -d 21 /dev/null but that doesn't seem so nice. Any other ideas? Thank you, -- -- Arcana --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Stopping DHCPD logging
--On Thursday, January 16, 2003 6:37 PM -0500 Arcana [EMAIL PROTECTED] wrote: Any other ideas? Configure dhcpd to issue longer leases. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: teastep \ http://shorewall.sf.net ICQ: #60745924 \ [EMAIL PROTECTED] --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering + Orinoco wireless
Matt, I found out what the problem was. It was caused by memory conflict. I modified the config.opts and did a few includes/excludes io ports and memory. It fixed the problem right away. I couldn't locate any hardware infomation from Lucent/Agere and I just did by trials and errors and wathed what hermes.c did with the offset. Apparently, it reads some unmapped memory location and thinks that it is an Intersil chipset. Thank you for your help. BTW, do you know if I can use the same interface to do both ad-hoc and managed mode concurrently ? I meant to use 1 channel for ad-hoc and and use a different channel to provide access point service. Thank you for your help again. Newton --- Matt Schalit [EMAIL PROTECTED] wrote: Hey, read down your post included at the bottom, and tell me why it finds your card as an Intersil? It finds mine as a Lucent/Agere. When I boot my w/rc3 and the pcmcia_orinoco.lrp that I use, called pcmcia.lrp, version 3.1.33, I see the following in my syslog: cardmgr[6583]: watching 2 sockets cardmgr[14020]: starting, version is 3.1.33 cardmgr[14020]: socket 0: Intersil PRISM2 11 Mbps Wireless Adapter kernel: cs: memory probe 0x0d-0x0d: clean. cardmgr[14020]: executing: 'insmod /lib/modules/2.4.18/pcmcia/hermes.o' kernel: hermes.c: 16 Jan 2002 David Gibson [EMAIL PROTECTED] cardmgr[14020]: + Using /lib/modules/2.4.18/pcmcia/hermes.o cardmgr[14020]: executing: 'insmod /lib/modules/2.4.18/pcmcia/orinoco.o' kernel: orinoco.c 0.09b (David Gibson [EMAIL PROTECTED] and others) cardmgr[14020]: + Using /lib/modules/2.4.18/pcmcia/orinoco.o cardmgr[14020]: executing: 'insmod /lib/modules/2.4.18/pcmcia/orinoco_cs.o' kernel: orinoco_cs.c 0.09b (David Gibson [EMAIL PROTECTED] and others) cardmgr[14020]: + Using /lib/modules/2.4.18/pcmcia/orinoco_cs.o kernel: cs: IO port probe 0x0100-0x04ff: excluding 0x290-0x297 0x3c0-0x3e7 0x3f0-0x3f7 0x4d0-0x4d7 kernel: cs: IO port probe 0x0298-0x03bf: clean. kernel: cs: IO port probe 0x03e8-0x03ef: clean. kernel: cs: IO port probe 0x03f8-0x04cf: clean. kernel: cs: IO port probe 0x04d8-0x04ff: clean. kernel: cs: IO port probe 0x0800-0x08ff: clean. kernel: cs: IO port probe 0x0a00-0x0aff: clean. kernel: cs: IO port probe 0x0c00-0x0cff: clean. kernel: eth2: Station identity 001f:0001:0007:001c kernel: eth2: Looks like a Lucent/Agere firmware version 7.28 kernel: eth2: Ad-hoc demo mode supported kernel: eth2: IEEE standard IBSS ad-hoc mode supported kernel: eth2: WEP supported, 104-bit key kernel: eth2: MAC address 00:02:2D:74:55:93 kernel: eth2: Station name HERMES I kernel: eth2: ready kernel: eth2: index 0x01: Vcc 5.0, irq 5, io 0x0100-0x013f cardmgr[14020]: executing: './network start eth2' Hub:# cd pcmcia Hub:# ls -l -rw-r--r--1 root root11248 Jun 16 2002 ds.o -rw-r--r--1 root root 6060 Jun 16 2002 hermes.o -rw-r--r--1 root root33728 Jun 16 2002 i82365.o -rw-r--r--1 root root42152 Jun 16 2002 orinoco.o -rw-r--r--1 root root 8100 Jun 16 2002 orinoco_cs.o -rw-r--r--1 root root58163 Jun 16 2002 pcmcia_core.o Comparing our two filesets, I have no idea what you are using in your attempt to get rc3 running. Please list the exact directory and filename of the .lrp you downloaded from leaf.sourceforge.net to handle your pcmcia, presumably a version of pcmcia_orinoco.lrp. Also do a lrpkg -l and tell me what version is claims your pcmcia.lrp is. Matt, I brought up RC3 Bering-orinoco again. Here what I got : The card is WaveLAN/IEEE. .. hermes_read_ltv(): rid (0xfd20) does not match type (0xc7ff) hermes @ 0x140: Truncating LTV record from 508 to 8 bytes. (rid=0xfd20, len=0x00ff) eth0: Station identity 003f:00ff:d4bf:00ff eth0: Looks like an Intersil firmware version 54463.255 ^^ Regards, Matthew --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide:
Re: [leaf-user] Bering + Orinoco wireless
Scott Merrill wrote: This is a long message, attempting to document the steps I took to get my Orinoco wireless cards to work in my laptop and in my LEAF/Bering box. Hey, funny thing, I just got 1.0 stable running my Orinoco gold, and it cardmgr choked if I only had the orinoco*.o modules in /lib/modules/pcmcia/ It complained in syslog that it wanted wavlan2_cs.o!! So I added that to /lib/modules/pcmcia and svi restarted pcmcia and I got 2 beeps, iwconfig, everything. Cool. I'm using 2.4.20 btw. Tricky. [smerrill@smerrill secondary]$ head lsmod Module Size Used byNot tainted orinoco_cs 4712 0 (unused) orinoco29568 0 [orinoco_cs] hermes 3296 0 [orinoco_cs orinoco] appletalk 18988 0 (autoclean) ipx15636 0 (autoclean) 3c575_cb 19876 2 cb_enabler 2528 2 [3c575_cb] ds 6624 2 [orinoco_cs cb_enabler] i82365 22416 2 ipx, heh heh. modified the file to look like this: # Lucent Wavelan IEEE (+ Orinoco, RoamAbout and ELSA) # Note : wvlan_cs driver only, and version 1.0.4+ for encryption support *,*,*,00:60:1D:*|*,*,*,00:02:2D:*) INFO=Wavelan IEEE example (Lucent default settings) ESSID=test MODE=Ad-Hoc #RATE=auto #KEY=s:secu1 # To set all four keys, use : Yes those are the recommened mods in the Bering users guide. For all I know, waving a dead chicken over both cards... Try waving live turkeys. It's a helluva lot more, well, everything... leaner too Things yet to figure out: * why does LEAF/Bering think that I ejected the card if it hasn't been used for a while? Dunno. Try the 2.4.20/latest. * why doesn't LEAF/Bering hand out DHCP addresses on the wireless segment? (I have a subnet declaration for 192.168.1.0/24 in /etc/dhcpd.conf, and I modified /etc/init.d/dhcpd to include both eth1 and eth2) Don't know dhcp with repect to wireless, sorry. Start a new thread, perhaps. * why does my wireless card fail to initialize unless my 3Com 3c575 card is inserted first? Is this something to do with /etc/network/interfaces? Don't know pc-card hardware issues much at all. good luck scott, matt --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering + Orinoco wireless
wing newton wrote: Matt, Thank you for your help. Hi again Newton, I just got my Bering-1.0 up and running great w/kernel 2.4.20 and my Orinoco Gold. I started from blank diskettes and built the system out of parts from /devel/jnilo/bering/latest/ following the Bering install guide and users guide. The only parts I reused from rc3 were tinydns, dnscache, and some unchanged libs like libm. It was a little tricky getting 2.4.20 up, especially finding the kernel in JN's underground maze of directories. I pretty much religiously followed the install guide for the basic setup, then the user's guide for the Orinoco stuff. The funny thing was, when I did so, my syslog had errors in it from cardmgr, and my wireless setup didn't completely work. Instead of getting 2 beeps, I got a beep, bonk. The syslog complained that it wanted wavlan2_cs.o. So I installed it and with an svi pcmcia restart, I was in 2 beep land. The Orinoco (WaveLAN turob) gold firmware is the latest i.e. version 8.10. I'm still on 7.28. And what exact packages are you loading, and please note file sizes and dates so I can compare. I go the packages directly from the sourceforge/leaf site. Here is my ls -l of /lib/modules/pcmcia -rw-r--r-- 1 root root 8848 Jul 19 2002 8390.o -rw-r--r-- 1 root root15788 Jul 19 2002 axnet_cs.o -rw-r--r-- 1 root root11248 Jun 16 2002 ds.o -rw-r--r-- 1 root root 6060 Jun 16 2002 hermes.o -rw-r--r-- 1 root root33728 Jun 16 2002 i82365.o -rw-r--r-- 1 root root42152 Jun 16 2002 orinoco.o -rw-r--r-- 1 root root 8100 Jun 16 2002 orinoco_cs.o -rw-r--r-- 1 root root58163 Jun 16 2002 pcmcia_core.o -rw-r--r-- 1 root root18016 Jul 19 2002 pcnet_cs.o I took a closer look at your list, and there was nothing different about the files we both had, when I was using 2.4.18 and rc3. Now that I'm on 2.4.20 and 1.0-stable, our files totally differ. Have a great day, matt --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] RE: Stopping DHCPD logging
Hello, I get a LOT of the following in my syslog: Jan 16 23:27:38 firewall dhcpd: DHCPREQUEST for 192.168.1.2 from=20 00:80:c6:f8:62:c6 via eth1 Jan 16 23:27:38 firewall dhcpd: DHCPACK on 192.168.1.2 to 00:80:c6:f8:62:c6= =20 via eth1 Jan 16 23:27:38 firewall dhcpd: send_packet: Operation not permitted Jan 16 23:27:59 firewall dhcpd: DHCPREQUEST for 192.168.1.1 from=20 00:e0:29:2c:ba:6d via eth1 Jan 16 23:27:59 firewall dhcpd: DHCPACK on 192.168.1.1 to 00:e0:29:2c:ba:6d= =20 via eth1 Jan 16 23:27:59 firewall dhcpd: send_packet: Operation not permitted Jan 16 23:28:42 firewall dhcpd: DHCPREQUEST for 192.168.1.2 from=20 00:80:c6:f8:62:c6 via eth1 Jan 16 23:28:42 firewall dhcpd: DHCPACK on 192.168.1.2 to 00:80:c6:f8:62:c6= =20 via eth1 Jan 16 23:28:42 firewall dhcpd: send_packet: Operation not permitted I suppose that I could simply change the two target machines to use static = IPs=20 but I'd prefer not to do that, since DHCP is more portable for various=20 network configurations. However my logs are all filled up with this and I'd really like it to stop.= =20 The DHCPD package offers no visible options for logging. The DHCPD man pag= es=20 do mention a little bit about logging: the -d option to log to stdout. Thi= s=20 means that there is one apparent way to stop logging: 1) Edit init.d script 2) In the line to start dhcpd, type: dhcpd -d 21 /dev/null but that doesn't seem so nice. Any other ideas? Thank you, =2D-=20 =2D- Arcana You don't say what LEAF variant you are running. However, I saw this problem with my Bering box (early version, don't recall which one, probably RC2 or 3). Googling suggested that this was a firewall issue so I played about with that for a while - finally got it to stop by adjusting the Shorewall rules to ACCEPT UDP 67 and 68 between the Bering box and my LAN. The workstation that was operating through all the experimentation was trying to renew the IP every 64 seconds, and the message you see was being logged in daemon.log each time. Made for long logs. I tried UDP 67 first without effect, then tried 68 next. The next time the workstation made the attempt the log showed it to be successful and I haven't seen anything from this workstation since except after the normal interval. Odd that an IP is obtained at boot, but the renewal had issues without this rule change... Does anyone know if the original request is dealt with on different ports than the renewal? Brock --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering + Orinoco wireless
wing newton wrote: Matt, I found out what the problem was. It was caused by memory conflict. ... Nice spotting that. Thank God for useful output to the syslog and dmesg, huh? BTW, do you know if I can use the same interface to do both ad-hoc and managed mode concurrently ? Never heard of that. If you don't get an answer, you might ask on a wireless list. Cheers, matt --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] cannot ping wisp-dist build 2397
I am running build 2397 on some of our routers now. I have noticed that I cannot ping them. They do not respond to a ping. I can ping from them and through them though. Anyone else seen this? --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] RE: Stopping DHCPD logging
--On Thursday, January 16, 2003 4:52 PM -0800 Brock Nanson [EMAIL PROTECTED] wrote: Googling suggested that this was a firewall issue so I played about with that for a while - finally got it to stop by adjusting the Shorewall rules to ACCEPT UDP 67 and 68 between the Bering box and my LAN. The correct solution is to specify the 'dhcp' in /etc/shorewall/interfaces for the interface(s) being served by dhcpd. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: teastep \ http://shorewall.sf.net ICQ: #60745924 \ [EMAIL PROTECTED] --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] RE: Stopping DHCPD logging
--On Thursday, January 16, 2003 7:12 PM -0800 Tom Eastep [EMAIL PROTECTED] wrote: The correct solution is to specify the 'dhcp' in /etc/shorewall/interfaces for the interface(s) being served by dhcpd. I of course meant the 'dhcp' option -- -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: teastep \ http://shorewall.sf.net ICQ: #60745924 \ [EMAIL PROTECTED] --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] dhcrelay on Bering?
Ok, after some research i find the dhcrelay binary who made the job, as i user of Slackware, and have not too much contact with Debian, so, i can't compile ISC dhcpd to put into Bering, and my question is??? If i get dhcrelay binary from wisp release, i can put into Bering??? Someone has do that??? Or someone have a hint to give me about that??? Thanks Samuel Abreu _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] dhcrelay on Bering?
Le Vendredi 17 Janvier 2003 04:25, Samuel Abreu a écrit : Ok, after some research i find the dhcrelay binary who made the job, as i user of Slackware, and have not too much contact with Debian, so, i can't compile ISC dhcpd to put into Bering, and my question is??? You could run a Debian virtual marchine within you Slackware box :-) http://leaf.sourceforge.net/devel/jnilo/uml.html If i get dhcrelay binary from wisp release, i can put into Bering??? Someone has do that??? Or someone have a hint to give me about that??? It should work since I understand that Wisp userland programs are compiled against glibc 2.0 Jacques --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html