Re:[leaf-user] Current Source for DLink - DFE-570TX ???
Date: Thu, 16 Jan 2003 14:21:38 -0600 From: Doug Hite [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [leaf-user] Current Source for DLink - DFE-570TX ??? Does anybody have a current US source for the=20 DLink - DFE-570TX 4 port Tulip based card ? This card doesn't seem to be made anymore, and the inventory is drying up. Anyone using any other 4 port cards with LEAF ? D-Link DFE-570TX nic with 4 ports works well with Bering. Take the tulip.o driver. Each Port needs an separate interrupt. Regards M. Koelle --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Hi! Newbie Bering user with a few questions. :)
Hi there, I've recently had a cable modem installed at my house, shared between 3 users. I've got it all working nicely with the default policies of Net loc REJECT Loc net ACCEPT And I have added the following rules to allow my pc (192.168.1.1) to use Direct Connect in Active mode behind the firewall. ACCEPT netloc:192.168.1.1:412 tcp ACCEPT netloc:192.168.1.1:412 udp DNATnetloc:192.168.1.1:412 tcp DNATnetloc:192.168.1.1:412 udp It works fine, but is this the correct way of doing this? And is it fairly secure? Will I have to use 2 other different ports on the firewalls external interface, e.g., 413 and 414, to enable this on the other two machines in the house? Is there any way to just say OPEN PORT 412? Next question.. MSN Messanger file sharing and H323 I have to open a range of ports for MSNM's file sharing. Do I have to ACCEPT and DNAT all of these ports for all of the 3 machines (using 3 different ranges)? I have glanced at the Netfilter helper modules, but these just confuse the hell out of me, I'm afraid my Linux knowledge is very limited. Thanks! James L S Neave BSc(Hons) Software Engineer Spur Information Solutions Ltd, Hayward House, Hayward Business Centre, New Lane, Havant, Hants. PO9 2NL Tel: +44 (0)23 9245 5564 Fax: +44 (0)23 9247 0874 --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-669688 ] DHCP problems
Support Requests item #669688, was opened at 2003-01-17 11:24 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=669688group_id=13751 Category: Release/Branch: Bering Group: None Status: Open Priority: 5 Submitted By: Gerd Niemetz (gniemetz) Assigned to: Mike Noyes (mhnoyes) Summary: DHCP problems Initial Comment: Hi! First i want to thank the bering-team for the great work they do! Now to the problem: I'm having a Samsung Cablemodem connected via a Accton-Ethernet card to my ISP and i'm not able to get an IP-Address via dhclient/pump, only when i use the dhcpcd package (older one, found it somewhere in the net :-)). The second question is not proper to the subject, but wouldn't it be nice to have a Wake On Lan feature? I found the ether-wake.c, which would do the thing, but i'm not able to compile it cause i have no suitable linux box. Could somebody do the job for me please? ;-) Any help would be appreciated! best regards, Gerd -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=669688group_id=13751 --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] DHCP problem
Hi! First i want to thank the bering-team for the great work they do! Now to the problem: I'm having a Samsung Cablemodem connected via a Accton-Ethernet card to my ISP and i'm not able to get an IP-Address via dhclient/pump, only when i use the dhcpcd package (older one, found it somewhere in the net :-)). The second question is not proper to the subject, but wouldn't it be nice to have a Wake On Lan feature? I found the ether-wake.c, which would do the thing, but i'm not able to compile it cause i have no suitable linux box. Could somebody do the job for me please? ;-) Any help would be appreciated! best regards, Gerd __ The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Dhcp relay - Howto?
Hi, Yes, There is a Package and it works quite well. My dhcprelay in /etc/init.d looks like that: #!/bin/sh # This shell script takes care of starting and stopping dhcrelay. RCDLINKS=2,S41 3,S41 6,K41 # Add interfaces or servers, separated by a space. ifs=eth1 eth2 eth3 eth4 servers=172.16.34.254 172.16.34.251 #port=67 case $1 in start) echo Starting dhcrelay on $ifs: for if in `echo $ifs`; do ip route append 255.255.255.255 scope host dev $if ix=-i $if i=$i$ix done ip route append 255.255.255.255 scope host dev eth0 /usr/sbin/dhcrelay $servers ;; stop) echo Shutting down dhcrelay on $ifs pf=/var/run/dhcrelay.pid for if in `echo $ifs`; do ip route del 255.255.255.255 scope host dev $if ix=-i $if i=$i$ix done ip route del 255.255.255.255 scope host dev eth0 if [ -r $pf ]; then kill -INT `cat $pf` rm $pf fi ;; status) status dhcrelay ;; restart) $0 stop $0 start ;; *) echo Usage: dhcrelay start|stop|restart|status exit 1 esac exit 0 You have to set the Hostroutes to enable the Broadcastrouting on your Relay interfaces. The Version is a 2.0 and compiled for an 2.2 Kernel , but works fine with 2.4 Kernels. I think the one listed on monkeydoodle. Regards Helfried Behrendt [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Samuel Abreu Sent: Thursday, January 16, 2003 10:28 PM To: [EMAIL PROTECTED] Subject: [leaf-user] Dhcp relay - Howto? Hi all, I wish to know more about dhcp relay??? exist how i put a leaf (Bering more specific) box to do the dhcp relay??? There's a package?? Or it's some config? Thanks! =) Ps: With the recent advisory for dhcpd, the leaf dhcpd server is affected by the vulnerability?? or better, what's the version of the dhcpd in dhcpd.lrp package? Samuel Abreu _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] DHCP problem
Hi Gerd At 06:26 17/01/03 -0500, [EMAIL PROTECTED] wrote: I'm having a Samsung Cablemodem connected via a Accton-Ethernet card to my ISP and i'm not able to get an IP-Address via dhclient/pump, only when i use the dhcpcd package (older one, found it somewhere in the net :-)). Pump and dhclient are DHCP client programs, generally used in LEAF so your firewall can get an IP address from your ISP's DHCP Servers. dhcpd is a DHCP server, if you run it on your firewall then computers on your LAN will be able to get a DHCP lease. Pump and dhclient do the same thing, and that's different to what dhcpd does, so you can't replace either of the former with the latter. A nice shiny up to date version of dhcpd is included as standard in most LEAF distributions. I'm afraid I can't help you with your question about Wake On LAN. regards Julian --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] DHCP problem
Hi Julien! Thanks for your reply, but you have misunderstood my question, i asked about dhcpcd, as you can see :-) regards Gerd Julian Church [EMAIL PROTECTED] wrote: Hi Gerd At 06:26 17/01/03 -0500, [EMAIL PROTECTED] wrote: I'm having a Samsung Cablemodem connected via a Accton-Ethernet card to my ISP and i'm not able to get an IP-Address via dhclient/pump, only when i use the dhcpcd package (older one, found it somewhere in the net :-)). Pump and dhclient are DHCP client programs, generally used in LEAF so your firewall can get an IP address from your ISP's DHCP Servers. dhcpd is a DHCP server, if you run it on your firewall then computers on your LAN will be able to get a DHCP lease. Pump and dhclient do the same thing, and that's different to what dhcpd does, so you can't replace either of the former with the latter. A nice shiny up to date version of dhcpd is included as standard in most LEAF distributions. I'm afraid I can't help you with your question about Wake On LAN. regards Julian __ The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Ssh and portforwarding
Hi, I'm getting the following error in my logs : sshd[1986]: channel 3: open failed: connect failed: Remote port is not recognised Can anyone tell me what this error means and/or what is causing it ? My guess is it has something todo with portforwarding, but searching Google doesn't give me any hints :-( I'm using OpenSSH_3.0p1 on an Eigerstein CD configuration. Stefaan --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering + Orinoco wireless
More in the saga of wireless network connectivity. =) Someone mailed me off-list to report that they had enjoyed success with their Orinoco card using the 8.10 firmware revision. So I downgraded the firmware in both of my cards. Again, everything appears to work at first. Now, however, the LEAF/Bering box bombs out after as little as five minutes of no activity on the wireless segment. Doing 'iwconfig' on the LEAF/Bering console produces the same results as before: hermes @ IO 0x100: Card removed while waiting for command completion. hermes @ IO 0x100: Card removed while waiting for command completion. hermes @ IO 0x100: Card removed while waiting for command completion. hermes @ IO 0x100: Card removed while waiting for command completion. hermes @ IO 0x100: Card removed while waiting for command completion. hermes @ IO 0x100: Card removed while waiting for command completion. hermes @ IO 0x100: Card removed while waiting for command completion. hermes @ IO 0x100: Card removed while waiting for command completion. hermes @ IO 0x100: Card removed while waiting for command completion. hermes @ IO 0x100: Card removed while waiting for command completion. eth2IEEE 802.11-DS Nickname:firewall Mode:Ad-Hoc Frequency:42.9497GHz Tx-Power=15 dBm RTS thr:off Encryption key:off '/etc/init.d/pcmcia restart' or ejecting and re-instering the card fixed the problem, until the next period of inactivity. I switched cards, putting the LEAF/Bering card into my laptop, and vice versa; but the problem remained -- a moderate period of inactivity caused the system to think that the card was no longer there. The laptop does not produce these error messages, so I'm fairly confident that the problem is isolated to the LEAF/Bering box. This could mean that I've got a screwy configuration somehow, or that I've got a hardware problem (most likely a flakey ISA-to-PCMCIA adapter?). I'm going to build a new LEAF/Bering floppy from scratch -- following the Wireless section of the User's Guide to a tee from the beginning -- and see if that fixes me up. I'd love to hear from Orinoco users which firmware versions you've had success and failure with. It sounds like Matt Schalit is enjoying 7.28, while Brock Nanson and the person who sent me a private message are enjoying 8.10. --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Hi! Newbie Bering user with a few questions. :)
--On Friday, January 17, 2003 8:56 AM + James Neave [EMAIL PROTECTED] wrote: Hi there, I've recently had a cable modem installed at my house, shared between 3 users. I've got it all working nicely with the default policies of Net loc REJECT The default as shipped is actually net loc DROP. Loc net ACCEPT And I have added the following rules to allow my pc (192.168.1.1) to use Direct Connect in Active mode behind the firewall. ACCEPT netloc:192.168.1.1:412 tcp ACCEPT netloc:192.168.1.1:412 udp DNAT netloc:192.168.1.1:412 tcp DNAT netloc:192.168.1.1:412 udp It works fine, but is this the correct way of doing this? No -- you want: DNAT netloc:192.168.1.1 tcp 412 DNAT netloc:192.168.1.1 udp 412 And is it fairly secure? Once you have changed your rules as recommended above, yes. Will I have to use 2 other different ports on the firewalls external interface, e.g., 413 and 414, to enable this on the other two machines in the house? Yes: e.g., DNAT netloc:192.168.1.2:412 tcp 413 DNAT netloc:192.168.1.2:412 udp 413 Is there any way to just say OPEN PORT 412? Not with only one external IP address. Next question.. MSN Messanger file sharing and H323 I have to open a range of ports for MSNM's file sharing. Do I have to ACCEPT and DNAT all of these ports for all of the 3 machines (using 3 different ranges)? I have glanced at the Netfilter helper modules, but these just confuse the hell out of me, I'm afraid my Linux knowledge is very limited. Someone else will have to answer this -- I avoid both H.323 and MSN IM like the plague (except H.323 through VPN which works nicely). -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: teastep \ http://shorewall.sf.net ICQ: #60745924 \ [EMAIL PROTECTED] --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-669688 ] DHCP problems
Support Requests item #669688, was opened at 2003-01-17 11:24 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=669688group_id=13751 Category: Release/Branch: Bering Group: None Status: Open Priority: 5 Submitted By: Gerd Niemetz (gniemetz) Assigned to: Jacques Nilo (jnilo) Summary: DHCP problems Initial Comment: Hi! First i want to thank the bering-team for the great work they do! Now to the problem: I'm having a Samsung Cablemodem connected via a Accton-Ethernet card to my ISP and i'm not able to get an IP-Address via dhclient/pump, only when i use the dhcpcd package (older one, found it somewhere in the net :-)). The second question is not proper to the subject, but wouldn't it be nice to have a Wake On Lan feature? I found the ether-wake.c, which would do the thing, but i'm not able to compile it cause i have no suitable linux box. Could somebody do the job for me please? ;-) Any help would be appreciated! best regards, Gerd -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=669688group_id=13751 --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Hi! Newbie Bering user with a few questions. :)
James, On Fri, 17 Jan 2003 08:56:27 GMT James wrote: I've recently had a cable modem installed at my house, shared between 3 users. I've got it all working nicely with the default policies of Net loc REJECT Loc net ACCEPT A lot of people use DROP rather than REJECT for net-loc . Both block incoming traffic. The difference is that DROP doesn't send any reply to the incoming traffic while REJECT sends and ICMP packet saying essentially nothing is listening on this port. And I have added the following rules to allow my pc (192.168.1.1) to use Direct Connect in Active mode behind the firewall. ACCEPTnetloc:192.168.1.1:412 tcp ACCEPTnetloc:192.168.1.1:412 udp DNAT netloc:192.168.1.1:412 tcp DNAT netloc:192.168.1.1:412 udp You appear to be missing the DEST PORT column. From the examples in /etc/shorewall/rules: # Example: Forward all ssh and http connection requests from the # internet to local system 192.168.1.3 # # #ACTION SOURCE DESTPROTO DESTSOURCE ORIGINAL # PORTPORT(S) DEST # DNATnet loc:192.168.1.3 tcp ssh,http So you probably want: DNAT net loc:192.168.1.1:412 tcp 412 or DNAT net loc:192.168.1.1 tcp 412 I am not sure what the behavior is without the dest port, but there is a chance the hole you created is bigger than intended. The ACCEPT rules are redundant since the DNATs imply ACCEPT. It works fine, but is this the correct way of doing this? And is it fairly secure? It's only as secure as the software listening on port 412. I am not familiar with Direct Connect so I don't know how (in)secure it is. If there is a vulnerability in it, the DNAT rule could expose your entire loc zone via the vulnerability. Hosts that accept inbound connections from untrusted hosts are often placed into a screened subnet (often called a DMZ) so if they are compromised there is still a layer of protection between them and the private LAN machines. If all your sensitive data is on 192.168.1.1 anyway, then a screened subnet wouldn't offer much additional protection. Will I have to use 2 other different ports on the firewalls external interface, e.g., 413 and 414, to enable this on the other two machines in the house? That would work as long as you can route connecting hosts to the correct external port for the machine they wish to connect to. Is there any way to just say OPEN PORT 412? I'm not sure I understand you question, but you already opened it with the DNAT rule. If you're asking if your ext. addr:412 can point to *all of* : int host 1:412 int host 2:412 int host 3:412 the answer is no. Not unless you have three public external addresses available to you. Next question.. MSN Messanger file sharing and H323 I have to open a range of ports for MSNM's file sharing. Do I have to ACCEPT and DNAT all of these ports for all of the 3 machines (using 3 different ranges)? I have glanced at the Netfilter helper modules, but these just confuse the hell out of me, I'm afraid my Linux knowledge is very limited. I am not very familiar with H323 or MSN file sharing, so I can't help here. I believe that topic has been covered before though. You may want to search the leaf-user archives for more info: http://www.mail-archive.com/leaf-user@lists.sourceforge.net/ --Brad --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering + Orinoco wireless
Scott, On Fri, 17 Jan 2003 09:34:24 EST Scott wrote: More in the saga of wireless network connectivity. =) Someone mailed me off-list to report that they had enjoyed success with their Orinoco card using the 8.10 firmware revision. I have also had success with firmware 8.10 (and 6.16) and Lucent/Orinoco/Agere Silver cards using both the 0.09b and 0.11b orinoco_cs drivers with a Vadem VG-469 ISA-to-PCMCIA adpater running in IEEE Ad-Hoc mode. Actually, let me qualify that: I have had success as long as I don't add a prism2 peer to the network. When I do I get a lot of Tx errors and resets on the orinoco end. So I downgraded the firmware in both of my cards. Again, everything appears to work at first. Now, however, the LEAF/Bering box bombs out after as little as five minutes of no activity on the wireless segment. Doing 'iwconfig' on the LEAF/Bering console produces the same results as before: hermes @ IO 0x100: Card removed while waiting for command completion. [..] Never seen those error messages before. Something is defintely wrong, but I'm not sure what. You might get better help on the orinoco-user list: http://sourceforge.net/mailarchive/forum.php?forum=orinoco-users or in the samba wireless archives: http://lists.samba.org/pipermail/wireless/ eth2IEEE 802.11-DS Nickname:firewall Mode:Ad-Hoc Frequency:42.9497GHz Tx-Power=15 dBm Huh? 42.9 GHz!! It should be in the 2.4 GHz range. '/etc/init.d/pcmcia restart' or ejecting and re-instering the card fixed the problem, until the next period of inactivity. I switched cards, putting the LEAF/Bering card into my laptop, and vice versa; but the problem remained -- a moderate period of inactivity caused the system to think that the card was no longer there. Which version of orinoco_cs does the Bering system use? Does the notebook use orinoco_cs drivers? (Note: you could also try the wavelan2_cs binary driver from Lucent.) The laptop does not produce these error messages, so I'm fairly confident that the problem is isolated to the LEAF/Bering box. This could mean that I've got a screwy configuration somehow, or that I've got a hardware problem (most likely a flakey ISA-to-PCMCIA adapter?). What make and model is the ISA-to-PCMCIA bridge? I'm going to build a new LEAF/Bering floppy from scratch -- following the Wireless section of the User's Guide to a tee from the beginning -- and see if that fixes me up. You may also want to try the 2.4.20 version of the kernel, pcmcia_orinoco.lrp, and modules.lrp since that will get you up to the 0.11b version of orinoco_cs. --Brad --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering + Orinoco wireless
On Friday 17 January 2003 10:16 am, you wrote: Never seen those error messages before. Something is defintely wrong, but I'm not sure what. You might get better help on the orinoco-user list: http://sourceforge.net/mailarchive/forum.php?forum=orinoco-users or in the samba wireless archives: http://lists.samba.org/pipermail/wireless/ That's my next stop. I switched cards, putting the LEAF/Bering card into my laptop, and vice versa; but the problem remained -- a moderate period of inactivity caused the system to think that the card was no longer there. Which version of orinoco_cs does the Bering system use? Does the notebook use orinoco_cs drivers? (Note: you could also try the wavelan2_cs binary driver from Lucent.) I'm not sure what module version LEAF/Bering uses in the pcmcia_orinoco.lrp package. The laptop is using orinoco_cs, from Debian's woody pcmcia-cs package. The laptop does not produce these error messages, so I'm fairly confident that the problem is isolated to the LEAF/Bering box. This could mean that I've got a screwy configuration somehow, or that I've got a hardware problem (most likely a flakey ISA-to-PCMCIA adapter?). What make and model is the ISA-to-PCMCIA bridge? Vadem VG-469 ISA-to-PCMCIA, just like the one you report success with. You may also want to try the 2.4.20 version of the kernel, pcmcia_orinoco.lrp, and modules.lrp since that will get you up to the 0.11b version of orinoco_cs. If that'll fix it, so be it. But Matt Schalit's recent explanation of the hoops to jump through in order to enjoy 2.4.20 gives me the willies! =) --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering + Orinoco wireless
Scott, On Fri, 17 Jan 2003 10:25:36 EST Scott Merrill wrote: On Friday 17 January 2003 10:16 am, you wrote: Never seen those error messages before. Something is defintely wrong, but I'm not sure what. You might get better help on the orinoco-user list: http://sourceforge.net/mailarchive/forum.php?forum=orinoco-users or in the samba wireless archives: http://lists.samba.org/pipermail/wireless/ That's my next stop. David Gibson, the orinoco_cs author, participates regularly on orinoco-users, so you're likely to get good help there. There is also a recent thread http://sf.net/mailarchive/forum.php?thread_id=1517538forum_id=11432 that references the same error message you reported. I switched cards, putting the LEAF/Bering card into my laptop, and vice versa; but the problem remained -- a moderate period of inactivity caused the system to think that the card was no longer there. Which version of orinoco_cs does the Bering system use? Does the notebook use orinoco_cs drivers? (Note: you could also try the wavelan2_cs binary driver from Lucent.) I'm not sure what module version LEAF/Bering uses in the pcmcia_orinoco.lrp package. The laptop is using orinoco_cs, from Debian's woody pcmcia-cs package. Look in /var/log/kern.log after a pcmcia restart. When the drivers are insmodded they spit out a bunch of debugging info, including the driver version. (If you post to orinoco-users you'll want to include those log messages.) Most likely you have 0.09b on Bering and 0.11b on woody. That is a combo that worked for me for several months with firmware 8.10 in the debian (sarge) card and 6.16 on the Bering card. The laptop does not produce these error messages, so I'm fairly confident that the problem is isolated to the LEAF/Bering box. This could mean that I've got a screwy configuration somehow, or that I've got a hardware problem (most likely a flakey ISA-to-PCMCIA adapter?). What make and model is the ISA-to-PCMCIA bridge? Vadem VG-469 ISA-to-PCMCIA, just like the one you report success with. Did you have to add PCIC_OPTS=i365_base=0x3e2 to /etc/default/pcmcia like I did? Since your setup is so similar to mine, I will send you copies of my config files and startup messages offlist so you can use them for reference. You may also want to try the 2.4.20 version of the kernel, pcmcia_orinoco.lrp, and modules.lrp since that will get you up to the 0.11b version of orinoco_cs. If that'll fix it, so be it. But Matt Schalit's recent explanation of the hoops to jump through in order to enjoy 2.4.20 gives me the willies! =) IIRC, Matt built his from scratch, but that's not really necessary. Just grab the kernel (linux-2.4.20.upx), pcmcia_orinoco.lrp and modules.lrp from http://leaf.sourceforge.net/devel/jnilo/bering/latest/contrib/2.4.20/ and use them instead of the versions in the 1.0-stable image. You will need to rename linux-2.4.20.upx to linux and pcmcia_orinoco.lrp to pcmcia.lrp. You _may_ also need the wireless.lrp and iptables.lrp packages from that directory, but I'm not positive. Then use modules from http://leaf.sourceforge.net/devel/jnilo/bering/latest/modules/2.4.20/ Just a thought...it's certainly easier than compiling your own kernel and pcmcia modules to upgrade orinoco_cs. :) And you'll probably get better support on orinoco-users if you're using a newer driver version. --Brad --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] cannot ping wisp-dist build 2397
On Thu, 2003-01-16 at 17:19, wispdist wrote: I am running build 2397 on some of our routers now. I have noticed that I cannot ping them. They do not respond to a ping. I can ping from them and through them though. Anyone else seen this? wispdist, This resource may answer your question. ICMP Echo-request (Ping) http://www.shorewall.net/ping.html -- Mike Noyes mhnoyes @ users.sourceforge.net http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ http://sitedocs.sf.net/ http://ffl.sf.net/ --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Token ring bridging.
Any one know if a linux router can act like a token ring bridge? Will it handle source routing? Error monitoring? replacing tokens? all that token ringish stuff. I a card working with the olympic driver, but don't know whether I should try to spend the time to replace some old bridges we have that are wearing out. It would be worth it, they are old, expensive and there a lot of them. --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] RE: Stopping DHCPD logging
--On Thursday, January 16, 2003 4:52 PM -0800 Brock Nanson [EMAIL PROTECTED] wrote: Googling suggested that this was a firewall issue so I played about with that for a while - finally got it to stop by adjusting the Shorewall rules to ACCEPT UDP 67 and 68 between the Bering box and my LAN. The correct solution is to specify the 'dhcp' in /etc/shorewall/interfaces for the interface(s) being served by dhcpd. -Tom Ah, that might be the problem. I looked at my interfaces file and saw that my LAN interface did NOT have this enabled, however, the note at the beginning of the interfaces file says that the DHCP setting is used if the interface is managed by DHCP. I took the 'managed' term to imply that the interface gets an address via DHCP, not that it serves DHCPD. As well, I was always able to get an IP without this entry - I just got the errors described in the original poster's message when a lease renewal was required. I will try changing this setting tonight, although I'm betting the 'dhcp' entry just does what I did manually...(?) Brock --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] RE: Stopping DHCPD logging
--On Friday, January 17, 2003 8:37 AM -0800 Brock Nanson [EMAIL PROTECTED] wrote: --On Thursday, January 16, 2003 4:52 PM -0800 Brock Nanson [EMAIL PROTECTED] wrote: Googling suggested that this was a firewall issue so I played about with that for a while - finally got it to stop by adjusting the Shorewall rules to ACCEPT UDP 67 and 68 between the Bering box and my LAN. The correct solution is to specify the 'dhcp' in /etc/shorewall/interfaces for the interface(s) being served by dhcpd. -Tom Ah, that might be the problem. I looked at my interfaces file and saw that my LAN interface did NOT have this enabled, however, the note at the beginning of the interfaces file says that the DHCP setting is used if the interface is managed by DHCP. The interfaces file that I release says: # dhcp - interface is managed by DHCP or used by -- #a DHCP server running on the firewall or - #you have a static IP but are on a LAN #segment with lots of Laptop DHCP clients. # What version of Shorewall do you have? I took the 'managed' term to imply that the interface gets an address via DHCP, not that it serves DHCPD. As well, I was always able to get an IP without this entry - I just got the errors described in the original poster's message when a lease renewal was required. I will try changing this setting tonight, although I'm betting the 'dhcp' entry just does what I did manually...(?) It adds those rules but much earlier in the rule gauntlett. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: teastep \ http://shorewall.sf.net ICQ: #60745924 \ [EMAIL PROTECTED] --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Dhcp relay - Howto?
As far as I know, all LEAF variants use version 2.0pl5 of the ISC dhcp implementation, including the relay and server. The current (3.0) versions of these programs are significantly larger. The security advisory applies to the 3.0 versions, but the 2.0 versions are obsolete and unmaintained. In effect, LEAF uses an obsolete version rather than a current, but prohibitively larger version; the same is true of the C library. On a side note: your questions suggest you plan to put dhcpd and dhcrelay on the same Bering box. Am I misreading this? -Richard On Thu, 2003-01-16 at 13:27, Samuel Abreu wrote: Hi all, I wish to know more about dhcp relay??? exist how i put a leaf (Bering more specific) box to do the dhcp relay??? There's a package?? Or it's some config? Thanks! =) Ps: With the recent advisory for dhcpd, the leaf dhcpd server is affected by the vulnerability?? or better, what's the version of the dhcpd in dhcpd.lrp package? Samuel Abreu --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Dhcp relay - Howto?
Yeah, but, what package is?? and where can i get it I install dhcpd.lrp but the dhcrelay don't exist in the package! =( Samuel Abreu Hi, Yes, There is a Package and it works quite well. My dhcprelay in /etc/init.d looks like that: #!/bin/sh # This shell script takes care of starting and stopping dhcrelay. RCDLINKS=2,S41 3,S41 6,K41 # Add interfaces or servers, separated by a space. ifs=eth1 eth2 eth3 eth4 servers=172.16.34.254 172.16.34.251 #port=67 case $1 in start) echo Starting dhcrelay on $ifs: for if in `echo $ifs`; do ip route append 255.255.255.255 scope host dev $if ix=-i $if i=$i$ix done ip route append 255.255.255.255 scope host dev eth0 /usr/sbin/dhcrelay $servers ;; stop) echo Shutting down dhcrelay on $ifs pf=/var/run/dhcrelay.pid for if in `echo $ifs`; do ip route del 255.255.255.255 scope host dev $if ix=-i $if i=$i$ix done ip route del 255.255.255.255 scope host dev eth0 if [ -r $pf ]; then kill -INT `cat $pf` rm $pf fi ;; status) status dhcrelay ;; restart) $0 stop $0 start ;; *) echo Usage: dhcrelay start|stop|restart|status exit 1 esac exit 0 You have to set the Hostroutes to enable the Broadcastrouting on your Relay interfaces. The Version is a 2.0 and compiled for an 2.2 Kernel , but works fine with 2.4 Kernels. I think the one listed on monkeydoodle. Regards Helfried Behrendt [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Samuel Abreu Sent: Thursday, January 16, 2003 10:28 PM To: [EMAIL PROTECTED] Subject: [leaf-user] Dhcp relay - Howto? Hi all, I wish to know more about dhcp relay??? exist how i put a leaf (Bering more specific) box to do the dhcp relay??? There's a package?? Or it's some config? Thanks! =) Ps: With the recent advisory for dhcpd, the leaf dhcpd server is affected by the vulnerability?? or better, what's the version of the dhcpd in dhcpd.lrp package? Samuel Abreu _ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering + Orinoco wireless
Brad Fritz wrote: IIRC, Matt built his from scratch, but that's not really necessary. Just grab the kernel (linux-2.4.20.upx), pcmcia_orinoco.lrp and modules.lrp from http://leaf.sourceforge.net/devel/jnilo/bering/latest/contrib/2.4.20/ http://leaf.sourceforge.net/devel/jnilo/bering/latest/modules/2.4.20/ --Brad To be clear, I built mine entirely from .lrps available above, following the guides 98% to the letter. I didn't compile anything. I'll tear through a mini-HOWTO later today. The two big diffs were 1) cardmgr asked for wavlan2_cs rather than orinoco_cs and 2) adding rw to syslinux.cfg for 2.4.20. Caveat I don't have a laptop to test w/today :-/ Matt --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] cannot ping wisp-dist build 2397
WISP-Dist does not use Shorewall. Mike Noyes wrote: On Thu, 2003-01-16 at 17:19, wispdist wrote: I am running build 2397 on some of our routers now. I have noticed that I cannot ping them. They do not respond to a ping. I can ping from them and through them though. Anyone else seen this? wispdist, This resource may answer your question. ICMP Echo-request (Ping) http://www.shorewall.net/ping.html -- Best Regards, Vladimir Systems Engineer (RHCE) --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] cannot ping wisp-dist build 2397
On Fri, 2003-01-17 at 11:18, Vladimir I. wrote: WISP-Dist does not use Shorewall. Vladimir, I stand corrected. I apologize for providing incorrect information. Mike Noyes wrote: On Thu, 2003-01-16 at 17:19, wispdist wrote: I am running build 2397 on some of our routers now. I have noticed that I cannot ping them. They do not respond to a ping. I can ping from them and through them though. Anyone else seen this? wispdist, This resource may answer your question. ICMP Echo-request (Ping) http://www.shorewall.net/ping.html -- Mike Noyes mhnoyes @ users.sourceforge.net http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ http://sitedocs.sf.net/ http://ffl.sf.net/ --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering + Orinoco wireless and wavelan2_cs.conf
Matt, On Fri, 17 Jan 2003 10:54:47 PST Matt Schalit wrote: Brad Fritz wrote: IIRC, Matt built his from scratch, but that's not really necessary. To be clear, I built mine entirely from .lrps available above, following the guides 98% to the letter. I didn't compile anything. That's what I meant, but I didn't express it very clearly. Thank you for clarifying. I'll tear through a mini-HOWTO later today. The two big diffs were 1) cardmgr asked for wavlan2_cs rather than orinoco_cs and 2) adding rw to syslinux.cfg for 2.4.20. #1 occurs because etc/pcmcia/wavelan2_cs.conf is included in the pcmcia_orinoco.lrp package. The fact that it's included (and not renamed to end in something other than .conf) almost seems like a packaging bug since that package includes hermes.o, orinoco.o and orinoco_cs.o but not wavelan2_cs.o . --Brad --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] cannot ping wisp-dist build 2397
wispdist, On Thu, 2003-01-16 at 17:19, wispdist wrote: I am running build 2397 on some of our routers now. I have noticed that I cannot ping them. They do not respond to a ping. I can ping from them and through them though. On Fri, 17 Jan 2003 21:18:11 +0200 Vladimir I. wrote: WISP-Dist does not use Shorewall. In that case, what says: cat /proc/sys/net/ipv4/icmp_echo_ignore_all ? If it's a 1, echo 0 /proc/sys/net/ipv4/icmp_echo_ignore_all should re-enable replies to echo requests (pings) on the firewall. More documentation in Documentation/networking/ip-sysctl.txt and Documentation/filesystems/proc.txt of the Linux kernel source. --Brad --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Dhcp relay - Howto?
Samuel, On Fri, 17 Jan 2003 18:21:12 GMT Samuel Abreu wrote: Yeah, but, what package is?? and where can i get it I install dhcpd.lrp but the dhcrelay don't exist in the package! =( There are a few listed in the leaf package list at: http://leaf-project.org/pub/packages-list.html There is also a dhcpreli.lrp package in http://leaf.sourceforge.net/devel/jnilo/bering/latest/contrib/ that appears to be v0.3.1 of: http://www.strongsec.com/freeswan/dhcprelay/ $ tar -xzf /tmp/dhcpreli.lrp -O ./var/lib/lrpkg/dhcpreli.version 0.3.1 --Brad Samuel Abreu Hi, Yes, There is a Package and it works quite well. --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] DHCP problem
Gerd, On Fri, 17 Jan 2003 08:25:26 EST gniemetz wrote: At 06:26 17/01/03 -0500, [EMAIL PROTECTED] wrote: I'm having a Samsung Cablemodem connected via a Accton-Ethernet card to my ISP and i'm not able to get an IP-Address via dhclient/pump, only when i use the dhcpcd package (older one, found it somewhere in the net :-)). [Julian's accurate and appropriate, given the vauge information you provided, explanation of the differences between dhclient, pump and dhcpd snipped.] Thanks for your reply, but you have misunderstood my question, i asked about dhcpcd, as you can see :-) Your first question was a statement, and a confusing one at that. What exactly is your question, and for that matter, the problem? I don't mean to be too harsh, especially if English isn't your primary languange, but we need a better description of the problem before we can offer useful insight. The support request FAQ (linked to below) offers hints for submitting good requests to the list. --Brad --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] cannot ping wisp-dist build 2397
Please give more information about network - interfaces, IP addresses etc. Do you get network unreachable messages? Did you tweak iptables configuration? wispdist wrote: I am running build 2397 on some of our routers now. I have noticed that I cannot ping them. They do not respond to a ping. I can ping from them and through them though. Anyone else seen this? --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html -- Best Regards, Vladimir Systems Engineer (RHCE) --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Dhcp relay - Howto?
Brad Fritz has already pointed you to http://leaf-project.org/pub/packages-list.html n Fri, 2003-01-17 at 11:51, Samuel Abreu wrote: Hi, i get Bering stable and the binary dhcrelay don't exist in the distro, or in dhcpd.lrp, so, u can say me what package i find dhcrelay??? Thanks Samuel Abreu --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Dhcp relay - Howto?
On Fri, 2003-01-17 at 11:55, Brad Fritz wrote: snip There is also a dhcpreli.lrp package in http://leaf.sourceforge.net/devel/jnilo/bering/latest/contrib/ that appears to be v0.3.1 of: http://www.strongsec.com/freeswan/dhcprelay/ $ tar -xzf /tmp/dhcpreli.lrp -O ./var/lib/lrpkg/dhcpreli.version 0.3.1 --Brad A question for Eric Spakman: is dhcprelay a suitable general replacement for dhcrelay, or is it only useful for ipsec applications? Your package is quite a bit smaller than dhcrelay.lrp -Richard --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] RE: Stopping DHCPD logging
Hi Tom, You asked what version I'm running... Not too sure - I don't have access to the box at the moment. However, the snippet you included in your message to the list jogged my memory. I was working on doing something along the lines of WISP-Dist for a local group a year or so ago and was chasing every bit of disk space possible. I recall editing some configuration files to remove some of the 'wordy' explanatory text... This file must have been one of them and the .lrp must have eventually been added to my home's LEAF compact flash system. So, I apologize for hearing the hoofbeats and going off on a zebra hunt ;-) (and wasting your time to boot). The good news is I solved the problem! ;-) But I still don't know how I was able to get the lease in the first place! Sheepishly, Brock The interfaces file that I release says: # dhcp - interface is managed by DHCP or used by -- #a DHCP server running on the firewall or - #you have a static IP but are on a LAN #segment with lots of Laptop DHCP clients. # What version of Shorewall do you have? I took the 'managed' term to imply that the interface gets an address via DHCP, not that it serves DHCPD. As well, I was always able to get an IP without this entry - I just got the errors described in the original poster's message when a lease renewal was required. I will try changing this setting tonight, although I'm betting the 'dhcp' entry just does what I did manually...(?) It adds those rules but much earlier in the rule gauntlett. -Tom --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] RE: Stopping DHCPD logging
--On Friday, January 17, 2003 01:31:45 PM -0800 Brock Nanson [EMAIL PROTECTED] wrote: The good news is I solved the problem! ;-) But I still don't know how I was able to get the lease in the first place! I don't know either -- sometime when I'm bored, I'll look into it since I've seen similar things before. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline,\ http://www.shorewall.net Washington USA \ [EMAIL PROTECTED] --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] WISP-Dist: new test build 2493
Hi, New WISP-Dist test build 2493 is available. Mostly it is a couple of bugfixes to the previous test build. The major change is that ext2 is used instead of minix on the rw partition, this freed up considerable amount of space as it seems that minix is not efficient when storing symlinks. I run this build on several routers now without problems. Get it from http://leaf.sourceforge.net/devel/hzdrus/files/ New: ext2 is used instead of minix for rw partition - more space is available New: support for layer 2 bridging in the configuration interface New: support for layer 2 bridging in the network scripts New: automatic WDS configuration if layer 2 bridging is enabled on Prism wireless cards in AP mode New: wireless statistics are available through SNMP (.1.3.6.1.4.1.2021 tree) New: kernel 2.4.20 New: MMS (Windows Media)/tftp/PPTP/SNMP basic/talk/quake3 conntrack+nat (you may need to uncomment them in /etc/modules) New: updated PCMCIA New: new hostap_cs driver New: update wireless extensions version in 2.4.20 New: DHCP relay; uncomment RCDLINKS and set MASTER_DHCP_SERVER in /etc/init.d/dhcrelay to enable it New: hostapd support; delete /etc/pcmcia/hostap_cs.conf and rename /etc/pcmcia/hostap_cs_hapd.conf.disabled to /etc/pcmcia/hostap_cs_hapd.conf Bugfix: updated AiroNet driver Bugfix: updated rtl8139 driver from Donald Becker (no overrun lockup problem) Bugfix: updated orinoco driver to 0.13 Bugfix: new wireless utils (fix WEP key removal bug) Bugfix: include and load modules for DiskOnChip in initrd -- Best Regards, Vladimir Systems Engineer (RHCE) --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] DHCP problem
Le Vendredi 17 Janvier 2003 14:25, [EMAIL PROTECTED] a écrit : I have compiled the dhcpcd client from Debian. It is untested. Give it a try and let us know. http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/ I still find it strange that you can succeed with it and not with pump or dhclient. Jacques Hi Julien! Thanks for your reply, but you have misunderstood my question, i asked about dhcpcd, as you can see :-) regards Gerd Julian Church [EMAIL PROTECTED] wrote: Hi Gerd At 06:26 17/01/03 -0500, [EMAIL PROTECTED] wrote: I'm having a Samsung Cablemodem connected via a Accton-Ethernet card to my ISP and i'm not able to get an IP-Address via dhclient/pump, only when i use the dhcpcd package (older one, found it somewhere in the net :-)). Pump and dhclient are DHCP client programs, generally used in LEAF so your firewall can get an IP address from your ISP's DHCP Servers. dhcpd is a DHCP server, if you run it on your firewall then computers on your LAN will be able to get a DHCP lease. Pump and dhclient do the same thing, and that's different to what dhcpd does, so you can't replace either of the former with the latter. A nice shiny up to date version of dhcpd is included as standard in most LEAF distributions. I'm afraid I can't help you with your question about Wake On LAN. regards Julian __ The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] My Dachstein not quite up and running
Chris wrote: Two things: 1) Is this bad or normal: Jan 16 15:23:05 Nimrod kernel: The PCI BIOS has not enabled the device at 0/48! Updating PCI command 0003-0007. Jan 16 15:23:05 Nimrod kernel: eth0: RealTek RTL8139 Fast Ethernet at 0xfe00, IRQ 9, 00:90:47:01:98:80. Jan 16 15:23:05 Nimrod kernel: The PCI BIOS has not enabled the device at 0/56! Updating PCI command 0003-0007. Jan 16 15:23:05 Nimrod kernel: eth1: RealTek RTL8139 Fast Ethernet at 0xfc00, IRQ 10, 00:90:47:01:a0:7a. 2) I'm trying to get Dachstein up and running and it doesn't seem to want to work. I set it up as described at lrp.steinkuehler.net/files/diskimages/dachstein/readme.txt and home.attbi.com/~srlohman/linux/firewall/ds-contents.html (the linux primer section of the second site is where it told me the command to unmount a floppy is unmount, not umount, BTW). So far I've gotten through the initial setup sections, and the section on static external IP (internal IPs are assigned by DHCP so I didn't do that section) and I've setup sshd so I can make configuration changes from my desk instead of dragging a monitor keyboard to our rack closet. I've backed up to floppy and rebooted. I get tons of Martian errors so I switched the internal and external cables. This stopped the errors, but then I couldn't ping or use putty to logon to the firewall. Either way the cables go all traffic is blocked--we can't browse the web, send email, ftp... I even tried a new image of Dachstein and set it up to not use a static external IP address and same thing. What else can I try? Report more of your networking information. If your NICs are working properly (likely, since you get martian messages, and indicate ssh was working, both of which mean you can send/recieve packets), your external interface may have a private IP. The default firewall rules in Dachstein drop this traffic. Otherwise, you could have routing problems (default gateway), or some other basic error that's keeping you from talking to the 'net. See the FAQ (link at the bottom of this e-mail from the leaf-user list) for details on how to report enough information we can help you. -- Charles Steinkuehler [EMAIL PROTECTED] --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Dachstein PCMCIA
I'm trying with little success to get PCMCIA NICs working with Dachstein. Does anyone know of a Dachstein pcmcia.lrp package? Roger --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering + Orinoco wireless and wavelan2_cs.conf
Brad Fritz wrote: #1 occurs because etc/pcmcia/wavelan2_cs.conf is included in the pcmcia_orinoco.lrp package. Ahh, yes, when I rename that file, and svi restart pcmcia, then it loads with orinoco_cs, rather than wavelan2_cs. Now I'll have to get the laptop to test. Matt --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-669688 ] DHCP problems
Support Requests item #669688, was opened at 2003-01-17 12:24 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=669688group_id=13751 Category: Release/Branch: Bering Group: None Status: Open Priority: 5 Submitted By: Gerd Niemetz (gniemetz) Assigned to: Jacques Nilo (jnilo) Summary: DHCP problems Initial Comment: Hi! First i want to thank the bering-team for the great work they do! Now to the problem: I'm having a Samsung Cablemodem connected via a Accton-Ethernet card to my ISP and i'm not able to get an IP-Address via dhclient/pump, only when i use the dhcpcd package (older one, found it somewhere in the net :-)). The second question is not proper to the subject, but wouldn't it be nice to have a Wake On Lan feature? I found the ether-wake.c, which would do the thing, but i'm not able to compile it cause i have no suitable linux box. Could somebody do the job for me please? ;-) Any help would be appreciated! best regards, Gerd -- Comment By: Jacques Nilo (jnilo) Date: 2003-01-17 23:18 Message: Logged In: YES user_id=150195 The two packages dhcpcd.lrp and etherw.lrp have been compiled and are available for download from the Bering packages download area: http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/ They are untested please report success/pb. Note that you dhcpcd is started by ifconfig. You must remove any version of pump or dhclient in order for ifconfig to cativate dhcpcd. Jacques -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=669688group_id=13751 --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] LEAF in SysAdmin
I just got my Feb. 2003 issue of SysAdmin, and was pleased to see an article about LEAF. In Increasing Bandwidth with Wireless Devices, Henry Psenicka nad Bob Pocius go over the details of migrating their WAN from 128Kbit/s ISDN links to point-point wireless using 802.11 wireless devices and the Bering LEAF disto. Of particular note is the fact that the article was written after nearly a full year of virtually flawless operation (the only problem was one Orinoco NIC that failed), showing how reliable linux and LEAF can be even when deployed in harsh environments guarding the network perimiter. Saddly, the article is not one of the ones available on-line, but I'm sure everyone here subscribes anyway, right? If not, head over to the sysadmin site, where you can subscribe and check out the current issue: http://www.sysadminmag.com/articles/2003/0302/ Kudos to Jacques Nilo and the rest of the Bering crew! -- Charles Steinkuehler [EMAIL PROTECTED] --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html