[leaf-user] Accessing lshd externally.
Hi all, I am testrunning the new uclibc version of bering and I am trying to Access my firewall externally over ssh. Unfortunately I am unsuccessful. The firewall (shorewall) is configured to allow the connection. /etc/hosts.allow & deny don't block anything neither so I don't know what Is wrong anymore. Kim --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] leaf router and file exchange protocol
hi, here's my problem. I'm running a small network with a bering 1.0 router as gatway to the internet. Behind the router are several other computers including a linux ftp server running wu-ftpd. I setup shorewall to forward both ftp ports to the ftp server and with this normal ftp transfers worked well. But now someone wants to send me some files from another ftp via flashfxp. The problem is that the other ftp server wants to open a data connection on an arbitrary port (over 3) and my firewall is rejecting this connection. I read somewhere that the connection tracking module is not able to handle the fxp protocol, but i wonder if there is any solution to this problem. thanks for your help Mike --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Accessing lshd externally.
Kim, On Fri, 07 Feb 2003 10:51:17 +0100 Kim Oppalfens wrote: > I am testrunning the new uclibc version of bering and I am trying to > Access my firewall externally over ssh. Unfortunately I am unsuccessful. > > The firewall (shorewall) is configured to allow the connection. > /etc/hosts.allow & deny don't block anything neither so I don't know what > Is wrong anymore. Have you verified lshd is running? (There used to be a bug in the startup script.) Is there anything in the logs? (Particularly daemon.log and messages.) How does the ssh connection fail? Quick connection refused? Longer timeout? Can you verify that routing is working as expected, aside from ssh? With a bit more information we should be able to help. --Brad --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Accessing lshd externally.
Oops, seems I forgot some info. Lshd is definitely running, I can access it internally. The connection fails with a timeout after about 10 seconds. Routing seems to work just fine, since I can access just about anything from the inside to the internet. I don't have access to the logs at this point though. Will check if anything is in there later tonight. Kim >-- Original Message -- >From: "Brad Fritz" <[EMAIL PROTECTED]> >To: Kim Oppalfens <[EMAIL PROTECTED]> >cc: [EMAIL PROTECTED] >Subject: Re: [leaf-user] Accessing lshd externally. >Date: Fri, 07 Feb 2003 07:05:43 -0500 > > > >Kim, > >On Fri, 07 Feb 2003 10:51:17 +0100 Kim Oppalfens wrote: > >> I am testrunning the new uclibc version of bering and I am trying to >> Access my firewall externally over ssh. Unfortunately I am unsuccessful. >> >> The firewall (shorewall) is configured to allow the connection. >> /etc/hosts.allow & deny don't block anything neither so I don't know what >> Is wrong anymore. > >Have you verified lshd is running? (There used to be a bug in the >startup script.) Is there anything in the logs? (Particularly >daemon.log and messages.) How does the ssh connection fail? >Quick connection refused? Longer timeout? Can you verify that >routing is working as expected, aside from ssh? With a bit more >information we should be able to help. > >--Brad > > > >--- >This SF.NET email is sponsored by: >SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! >http://www.vasoftware.com > >leaf-user mailing list: [EMAIL PROTECTED] >https://lists.sourceforge.net/lists/listinfo/leaf-user >SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: [leaf-devel] GRUB and LRP problem
On Thu, Feb 06, 2003 at 10:37:48PM -0600, Spiro Philopoulos said: > BTW, thanks to Simon Blake for his GRUB mini-howto. You're most welcome. > Procedure used for GRUB (in case it's useful for solving the problem): > > - Partition the HD. 100MB FAT16 partition is first partition on the drive. > - Format the partitions. > - Install an MBR using 'fdisk /MBR' from DOS boot disk (GRUB wouldn't work > otherwise) Hmm. I've never had to do this - grub installs fine for me on compact flash drives, without needing to fdisk on an MBR first. > - Install GRUB stage binary images in /boot/grub/ on FAT partition, & edit > menu.lst. > - Install GRUB using the GRUB boot floppy: >root (hd0,0) >setup (hd0) This sounds to me like you might have LBA/CHS dive geometry problems. How big is the actual hard drive? A procedure I've found works pretty well for me is: Configure your target disk as primary master Configure another HD with the master LRP files as secondary master, booting into DOS. Have a Grub floppy available. Configure the BIOS of the machine to boot floppy->hdd0->hdd1 Leave the floppy out, assuming there's no boot sector on the new disk, it'll boot dos off your master disk, and it will become C: in DOS. if the new disk needs FDISKing, then do so (generally compact flash comes with a dos file system, so I don't bother), reboot, run format /s /u on the new D: drive. Copy LRP files across, copy menu.lst, stage1 and stage2 to D:\grub. You don't need stage1_5 (or at least, I've never used it). stick in the floppy, reboot off it, run the grub installer as above. This seems to work well for me because lots of bios's seem to setup the primary master differently from the secondary master - presumably because it expects to have to boot off the primary master. So muck around with your LBA settings in your BIOS, and see if that helps. YMMV, of course :-) Cheers Si --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] LEAF helper scripts: Please comment
I have written some scripts for creating pre-configured Bering packages and firewalls. I hope they are of use to other people as well. I would like to hear suggestions and bug reports, especially for LEAF Distributions other than Bering. I wrote and tested the scripts only with Bering. Find the tarball here: https://sourceforge.net/tracker/download.php?group_id=13751&atid=313751&file_id=41767&aid=682300 Cheers Alex PS: I apologise for the first two tries with non-text mails --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Looking for Bering E1000 binaries
All, I'm in a bind. I need Intel PRO/1000 (e1000) binary module for a Bering installation. I know the source is out there, but I have no build environment and no possibility of setting one up. Anyone care to share what they have? In return, you will receive a message, personally .sig'd by me, declaring you a net.hero. John Rodley Radius Partners 33 Riverside Dr. Pembroke, MA 02359 781 829 2280 http://www.radiuspartners.com --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Looking for Bering E1000 binaries
On Fri, 07 Feb 2003 11:57:46 EST John Rodley wrote: > All, > > I'm in a bind. I need Intel PRO/1000 (e1000) binary module for a Bering > installation. I know the source is out there, but I have no build > environment and no possibility of setting one up. Anyone care to share what > they have? In return, you will receive a message, personally .sig'd by me, > declaring you a net.hero. If you're willing to go the 2.4.20 route there is: http://leaf.sf.net/devel/jnilo/bering/latest/modules/2.4.20/kernel/drivers/net/e1000/e1000.o --Brad --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Looking for Bering E1000 binaries
You are a net.hero (and I'm a net.dumbbell). I could swear I looked in there and didn't see it. John Rodley Radius Partners -Original Message- From: Brad Fritz [mailto:[EMAIL PROTECTED]] Sent: Friday, February 07, 2003 1:25 PM To: John Rodley Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] Looking for Bering E1000 binaries On Fri, 07 Feb 2003 11:57:46 EST John Rodley wrote: > All, > > I'm in a bind. I need Intel PRO/1000 (e1000) binary module for a Bering > installation. I know the source is out there, but I have no build > environment and no possibility of setting one up. Anyone care to share what > they have? In return, you will receive a message, personally .sig'd by me, > declaring you a net.hero. If you're willing to go the 2.4.20 route there is: http://leaf.sf.net/devel/jnilo/bering/latest/modules/2.4.20/kernel/drive rs/net/e1000/e1000.o --Brad --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering+uClibc and keepalived
I am currently trying to get keepalived to run correctly but running into a small problem. I keep getting the error: Starting Keepalived v1.0.0 (06/01/2003) Configuration is using : 22095 Registering Kernel Netlink Reflector. VRRP_Instance(VI_1) provide at least one ip for the virtual server stopping keepalived v1.0.0 (06/01/2003) I have searched through the modules library from the CVS repository and the only thing I could find was the module netlink_dev.o I have tried installing this and have the same problem. netlink is not pulling the IP addresses from the interfaces and reporting the to the user environment. Is there anything special I have to do, after installing this module and getting it to load, to get it to work correctly? Shorewall is up and running and is not causing a problem. It currently allows all traffic from all sources to all destinations --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering uClibc - ulogd: load_plugins: /usr/lib/ulogd/ulog_*.so - File not found
On Friday 07 February 2003 05:13 am, Laurentiu Drob wrote: > --- > > [root@lwd ulogd-0.98.bering]# ldd ulogd > libdl.so.0 => /usr/i386-linux-uclibc/lib/libdl.so.0 > libc.so.0 => /usr/i386-linux-uclibc/lib/libc.so.0 > /usr/i386-linux-uclibc/lib/ld-uClibc.so.0 => > /usr/i386-linux-uclibc/lib/ld-uClibc.so.0 > > --- > > Compilation output: > > [root@ ulogd-0.98.bering]# ./ulogd.mk > > ./ulogd: symbol 'mysql_real_escape_string': can't resolve symbol 'D'' > > ./ulogd: symbol 'mysql_connect': can't resolve symbol 'H'' > > ./ulogd: symbol 'mysql_list_fields': can't resolve symbol 'X'' > > ./ulogd: symbol 'mysql_select_db': can't resolve symbol '\'' > > ./ulogd: symbol 'mysql_real_query': can't resolve symbol 'l'' > > ./ulogd: symbol 'mysql_error': can't resolve symbol 'p'' > > ./ulogd: symbol 'mysql_fetch_field': can't resolve symbol '|'' > > ./ulogd: symbol 'mysql_free_result': can't resolve symbol ''' > Fri Feb 7 11:01:49 2003 <7> ulogd.c:449 load_plugins: > /usr/lib/ulogd/ulogd_MYSQL.so - Unable to resolve symbol > > [1]+ Segmentation fault ./ulogd -d > > --- > I think it's a mismatch library usage, I mean ulogd and extensions are > compiled against uClibc but mysql and pgsql libraries are compiled > against glibc. OK, I didn't realize you were compiling this yourself I thought you were using an available binary. Whatever you compile must have the same libraries that you compiled against on the box running the program. If they are compiled against glibc, you'll have to load the same glibc to run it. I hope this helps, -- ~Lynn Avants Linux Embedded Firewall Project developer http://leaf.sourceforge.net --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] My Dachstein not quite up and running
Okay, today I'm trying to get our Exchange 2000 mailserver online behind
the firewall.
Currently mail is set to go straight from our ISP's router to 192.168.1.2
(the ip address of our exchange server)
I'm trying to do a minimal amount of work to get the firewall in between
the ISP's router and the exchange server so I configured the firewall's
external interface (eth0) to be 192.168.1.2 and the internal interface to
10.10.10.254. The exchange server is now 10.10.10.2
In trying to setup port forwarding for smtp services I put the following in
my network.conf file:
# TCP services open to outside world
# Space seperated list: srcip/mask_dstport
#EXTERN_TCP_PORTS="216.171.153.128/25_ssh 0/0_www 0/0_1023"
EXTERN_TCP_PORTS="192.168.1.1/24_25"
and
# Uncomment following for port-forwarded internal services.
# The following is an example of what should be put here.
# Tuples are as follows:
#
#INTERN_SERVERS="tcp_${EXTERN_IP}_ftp_192.168.1.1_ftp
tcp_${EXTERN_IP}_smtp_192.168.1.1_smtp"
INTERN_SERVERS="tcp_$192.168.1.2_smtp_10.10.10.200_smtp"
I've also reconfigured the smtp settings on the Exchange Server and in
Exchange. Currently I can send mail out (both to the LAN and to the
internet) but incoming internet email never makes it to the server.
I've also tried changing the EXTERN_TCP_PORTS line to read:
EXTERN_TCP_PORTS="192.168.1.2/24_25"
and even tried
EXTERN_TCP_PORTS="208.57.96.254/24_25" (The ISP's router's external IP)
With either of those settings I can also send, but not receive. What else
can I try?
---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Using a wireless router with LEAF (Dachstein, Bering)
On Friday 07 February 2003 01:23 am, Camille King wrote: > Could somebody explain to me how to setup wireless networking (Linksys > AP/Router/4-Port Switch) and Bering? Right now, my setup is a p200 > connected my Linksys using one of the Lan ports. Then, my desktop is > connected to another port. > > Although I understand that I need to change the Linksys to Static IP (IP > 192.168.1.240) that follows the documentation and I'm supposed to disable > DHCP, what sort of settings does the network card take? If I disable DHCP, > do I give the network card a static IP as well? > > Any help would be greatly appreciated. You use the AP and switch functions on the Linksys don't connect the WAN side of it or route. This connects the wired LAN to the wireless LAN on the same network and your wireless cards can get dhcp from leaf across the "bridged" Linksys. -- ~Lynn Avants Linux Embedded Firewall Project developer http://leaf.sourceforge.net --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering+uClibc and keepalived
Hi Charles, > I am currently trying to get keepalived to run correctly but > running into a > small problem. I keep getting the error: > Starting Keepalived v1.0.0 (06/01/2003) > Configuration is using : 22095 > Registering Kernel Netlink Reflector. > VRRP_Instance(VI_1) provide at least one ip for the virtual server > stopping keepalived v1.0.0 (06/01/2003) Did you configure /etc/keepalived/keepalived.conf through the package configuration subsystem or directly? What kind of kernel & add on packages are you running? I modified my Bering kernel config with 686, SMP, IDE, eepro, and tulip compiled into the kernel. I didn't change anything else and it worked. If this doesn't help you might want to try temporarily removing shorwall.lrp just to make certain it isn't it. If it starts working after you remove it I'm sure Tom or a shorewall expert can help you get it going. FYI, I think I have almost the same config as the LRP package. My logs are attached below. Notice the ip addr only show up with iproute2 commands.. Feb 7 15:21:08 firewall Keepalived: Terminating on signal Feb 7 15:21:08 firewall Keepalived: Stopping Keepalived v1.0.0 (06/01, 2003) Feb 7 15:21:08 firewall Keepalived: VRRP_Instance(VI_1) removing protocol VIPs. Feb 7 15:21:08 firewall Keepalived: VRRP_Instance(VI_2) removing protocol VIPs. Feb 7 15:21:08 firewall Keepalived: Starting Keepalived v1.0.0 (06/01, 2003) Feb 7 15:21:08 firewall Keepalived: Configuration is using : 174779 Bytes Feb 7 15:21:08 firewall Keepalived: Registering Kernel netlink reflector Feb 7 15:21:08 firewall Keepalived: VRRP_Instance(VI_2) Entering BACKUP STATE Feb 7 15:21:08 firewall Keepalived: VRRP sockpool: [ifindex(3), proto(112), fd(5)] Feb 7 15:21:09 firewall Keepalived: VRRP_Instance(VI_1) Transition to MASTER STATE Feb 7 15:21:10 firewall Keepalived: VRRP_Instance(VI_1) Entering MASTER STATE Feb 7 15:21:10 firewall Keepalived: VRRP_Instance(VI_1) setting protocol VIPs. Feb 7 15:21:10 firewall Keepalived: VRRP_Instance(VI_1) Sending gratuitous ARP on eth1 Feb 7 15:21:12 firewall Keepalived: VRRP_Instance(VI_2) Transition to MASTER STATE Feb 7 15:21:13 firewall Keepalived: VRRP_Instance(VI_2) Entering MASTER STATE Feb 7 15:21:13 firewall Keepalived: VRRP_Instance(VI_2) setting protocol VIPs. Feb 7 15:21:13 firewall Keepalived: VRRP_Instance(VI_2) Sending gratuitous ARP on eth1 # ip addr show 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: eth0: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:c0:95:c5:d0:38 brd ff:ff:ff:ff:ff:ff inet 10.0.0.254/24 brd 10.0.0.255 scope global eth0 3: eth1: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:c0:95:c5:d0:39 brd ff:ff:ff:ff:ff:ff inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1 inet 192.168.1.6/32 scope global eth1 inet 192.168.1.7/32 scope global eth1 4: eth2: mtu 1500 qdisc noop qlen 100 link/ether 00:c0:95:c5:d0:3a brd ff:ff:ff:ff:ff:ff 5: eth3: mtu 1500 qdisc noop qlen 100 link/ether 00:c0:95:c5:d0:3b brd ff:ff:ff:ff:ff:ff 6: eth4: mtu 1500 qdisc noop qlen 100 link/ether 00:d0:b7:a7:95:09 brd ff:ff:ff:ff:ff:ff 7: dummy0: mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff Hope that helps. P --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] My Dachstein not quite up and running
On Friday 07 February 2003 05:18 pm, Chris Low wrote:
> # TCP services open to outside world
> # Space seperated list: srcip/mask_dstport
> #EXTERN_TCP_PORTS="216.171.153.128/25_ssh 0/0_www 0/0_1023"
> EXTERN_TCP_PORTS="192.168.1.1/24_25"
It needs to be 192.168.1.2 to match the address the mail is being
forwarded to.
> and
>
> # Uncomment following for port-forwarded internal services.
> # The following is an example of what should be put here.
> # Tuples are as follows:
> #
> #INTERN_SERVERS="tcp_${EXTERN_IP}_ftp_192.168.1.1_ftp
> tcp_${EXTERN_IP}_smtp_192.168.1.1_smtp"
> INTERN_SERVERS="tcp_$192.168.1.2_smtp_10.10.10.200_smtp"
OK.
Have you loaded the portfw module???
--
~Lynn Avants
Linux Embedded Firewall Project developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Log Interpretation Please
On Wednesday 05 February 2003 03:38 pm, Chris wrote: > I tried: SILENT_DENY="17_10.10.10.2_161" but it didn't seem to do anything. > Lynn's suggestion above is asking me to edit the ipfilters.conf file, > right? To be honest, I don't remember whether SILENT_DENY works on the internal interface (eth1 in your case). Removing the "-l" in the 10.0.0.0/8 rules in ipfilter.conf will stop the logging regardless. -- ~Lynn Avants Linux Embedded Firewall Project developer http://leaf.sourceforge.net --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Has anyone had success getting PUMP to receive a hostname via DHCP?
On Thursday 06 February 2003 08:28 am, Garrett E. Martin wrote: > After reading the man pages and other posts, it looks like PUMP should > be able to update the hostname from the option on the DHCP server... I > don't seem to be able to make it happen however. > > Any direction or assistance will be greatly appreciated. > Thanks Most linux dhcp clients allow options to send a specific hostname, not recieve it. You'll likely need to edit this by hand. -- ~Lynn Avants Linux Embedded Firewall Project developer http://leaf.sourceforge.net --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] My Dachstein not quite up and running
It needs to be 192.168.1.2 to match the address the mail is being forwarded to. I'll give it a try. Have you loaded the portfw module??? under the modules menu, ip_masq_portfw is uncommented. is there something else that needs to be done to get it to load? --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Log Interpretation Please
Removing the "-l" in the 10.0.0.0/8 rules in ipfilter.conf will stop the logging regardless. I could only find three instances of 10.0.0.0/8 in the file. one was commented out, and the other 2 didn't have a "-l". Is there another instance I'm missing? # RFC 1918/1627/1597 blocks # $IPCH -A $LIST -j DENY -p all -s 10.0.0.0/8 -d 0/0 -l $* # Prevent RFC 1918/1627/1597 IP packets from coming in $IPCH -A input -j DENY -p all -s 0/0 -d 10.0.0.0/8 -i $EXTERN_RIF # Stop outgoing RFC 1918/1627/1597 packets $IPCH -A output -j DENY -p all -s 0/0 -d 10.0.0.0/8 -i $EXTERN_RIF --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Log Interpretation Please
On Friday 07 February 2003 06:15 pm, Chris Low wrote: > >Removing the "-l" in the 10.0.0.0/8 > >rules in ipfilter.conf will stop the logging regardless. > > I could only find three instances of 10.0.0.0/8 in the file. one was > commented out, and the other 2 didn't have a "-l". Is there another > instance I'm missing? > > # RFC 1918/1627/1597 blocks > # $IPCH -A $LIST -j DENY -p all -s 10.0.0.0/8 -d 0/0 -l $* > Removing the -l in this line should do it. -- ~Lynn Avants Linux Embedded Firewall Project developer http://leaf.sourceforge.net --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] My Dachstein not quite up and running
On Friday 07 February 2003 06:00 pm, Chris Low wrote: > >It needs to be 192.168.1.2 to match the address the mail is being > >forwarded to. > > I'll give it a try. > > >Have you loaded the portfw module??? > > under the modules menu, ip_masq_portfw is uncommented. is there something > else that needs to be done to get it to load? No, is it listed in the "lsmod" command? If not you'll have to download it from Charles' site and add it in /lib/modules on your disk (and backup the modules package). -- ~Lynn Avants Linux Embedded Firewall Project developer http://leaf.sourceforge.net --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] My Dachstein not quite up and running
> >It needs to be 192.168.1.2 to match the address the mail is being > >forwarded to. > I'll give it a try. Didn't work. Still can only send, not receive. > >Have you loaded the portfw module??? is it listed in the "lsmod" command? Yep. modulepages used by ip_masq_portfw 2416 0 (unused) Here's something else fun to work on while we're at it: I tried putting other machines behind the firewall today since the office was empty (office retreat, except for me!) and only the NT box, and the Exchange server (Running Windows 2000 server) can browse the web. Our windows 98se, windows me, and windows 95 computers can't. They log into the server fine, get an ip address fine, just no web. They can ping the firewall (both interfaces) and the ISP's router (also both interfaces) but when I ping something like www.yahoo.com it comes back with "unknown host". Any ideas on this one? --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] My Dachstein not quite up and running
Several specifics below. But first a general one: looking at changes to config files helps us understand what you are trying to do, and sometimes we can spot an error that way. But it also helps to know what you are actually doing ... that is, how the router's underlying configuration really is set. For that reason, when you run into these problems, you should look at the real settings that the config files create, with (in this instance) netstat -nr ipchains -nvL At 05:46 PM 2/7/03 -0800, Chris Low wrote: > >It needs to be 192.168.1.2 to match the address the mail is being > >forwarded to. > I'll give it a try. Didn't work. Still can only send, not receive. In case you don't already know this ... sending and receiving mail operate very differently. You don't even need to run an SMTP daemon to send mail. All the configuration issues you are addressing relate to the ability to receive mail. In addition to reviewing the firewall rulesets, you could work on this one by using telnet to connect to (internally, from between the routers) 192.168.1.2 25 or (from the Internet)208.57.96.254 25 . I just tried the second, with this result: autovcr@waverly:~$ telnet 208.57.96.254 25 Trying 208.57.96.254... autovcr@waverly:~$ ping 208.57.96.254 PING 208.57.96.254 (208.57.96.254): 56 data bytes 64 bytes from 208.57.96.254: icmp_seq=0 ttl=245 time=37.6 ms 64 bytes from 208.57.96.254: icmp_seq=1 ttl=245 time=38.0 ms --- 208.57.96.254 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 37.6/37.8/38.0 ms autovcr@waverly:~$ (The ping part is just to confirm that the problem isn't just Internet connectivity.) This failure implies that the handoff from ISP router to LEAF router to Exchange server is failing somewhere along the line. I did notice this typo in a prior message: The exchange server is now 10.10.10.2 ... and ... INTERN_SERVERS="tcp_$192.168.1.2_smtp_10.10.10.200_smtp" The two IP addresses are different; they need to be the same (I don't know which is right, or if the trpo was just in the message or indicates an actual configuration problem). > >Have you loaded the portfw module??? is it listed in the "lsmod" command? Yep. modulepages used by ip_masq_portfw 2416 0 (unused) Here's something else fun to work on while we're at it: I tried putting other machines behind the firewall today since the office was empty (office retreat, except for me!) and only the NT box, and the Exchange server (Running Windows 2000 server) can browse the web. Our windows 98se, windows me, and windows 95 computers can't. They log into the server fine, get an ip address fine, just no web. They can ping the firewall (both interfaces) and the ISP's router (also both interfaces) but when I ping something like www.yahoo.com it comes back with "unknown host". Any ideas on this one? This is almost surely a DNS problem. When your hosts got their DHCP assignments from the ISP's router, they rceived in them the IP addresses of the DNS servers they are supposed to use. Unless you added that information to the LEAF router's dhcpd config file, it is not providing the DNS settings. Fix this and the particular problem you are describing here will go away. -- ---"Never tell me the odds!" Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] --- --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Help with Taxcut uploading
I am having problems with uploading TaxCut. Help desks states I have to disable the firewall to have it complete. Does anyone have a quick way to disable the firewall to allow the upload then turn the firewall back on? Running Dachstein firewall - two floppy disk system thanks for any help or directions --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: [leaf-devel] GRUB and LRP problem
Thanks for the help. I'd just like to let anyone that's interested know that GRUB works fine off a hard drive FAT16 partition. It didn't work initially due to an embarrassing blunder of mine. I didn't set the RAMDISK size in menu.lst correctly :-) On Friday 07 February 2003 05:06, Simon Blake wrote: > On Thu, Feb 06, 2003 at 10:37:48PM -0600, Spiro Philopoulos said: > > BTW, thanks to Simon Blake for his GRUB mini-howto. > > You're most welcome. > > > Procedure used for GRUB (in case it's useful for solving the problem): > > > > - Partition the HD. 100MB FAT16 partition is first partition on the > > drive. - Format the partitions. > > - Install an MBR using 'fdisk /MBR' from DOS boot disk (GRUB wouldn't > > work otherwise) > > Hmm. I've never had to do this - grub installs fine for me on compact > flash drives, without needing to fdisk on an MBR first. > > > - Install GRUB stage binary images in /boot/grub/ on FAT partition, & > > edit menu.lst. > > - Install GRUB using the GRUB boot floppy: > >root (hd0,0) > >setup (hd0) > > This sounds to me like you might have LBA/CHS dive geometry problems. > How big is the actual hard drive? A procedure I've found works pretty > well for me is: > > Configure your target disk as primary master > > Configure another HD with the master LRP files as secondary master, > booting into DOS. > > Have a Grub floppy available. > > Configure the BIOS of the machine to boot floppy->hdd0->hdd1 > > Leave the floppy out, assuming there's no boot sector on the new disk, > it'll boot dos off your master disk, and it will become C: in DOS. > > if the new disk needs FDISKing, then do so (generally compact flash > comes with a dos file system, so I don't bother), reboot, run > > format /s /u > > on the new D: drive. Copy LRP files across, copy menu.lst, stage1 and > stage2 to D:\grub. You don't need stage1_5 (or at least, I've never > used it). > > stick in the floppy, reboot off it, run the grub installer as above. > > This seems to work well for me because lots of bios's seem to setup the > primary master differently from the secondary master - presumably > because it expects to have to boot off the primary master. So muck > around with your LBA settings in your BIOS, and see if that helps. > > YMMV, of course :-) > > Cheers > Si --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Will be out of town till Feb 14, 2003
--- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
