RE: [leaf-user] Bering and processor temperature
Hi! AFAIK, a P200 needs both heatsink fan. Besides processor temperature, what did you change in your setup? Are you running VPN on 1.1? Any extra services, or was it a plain ole upgrade? If nothing has really changed, then there is no real answer to your problem... -Original Message- From: Lee Kimber [mailto:[EMAIL PROTECTED] Sent: Sunday, March 09, 2003 7:11 PM To: [EMAIL PROTECTED] Subject: [leaf-user] Bering and processor temperature Has anyone noticed that their processor runs hotter under Bering 1.1? I have a P200 motherboard loaded with NICs by my desk that I use for testing and the processor heatsink runs considerably hotter under Bering 1.1 than under Bering 1.0. It has no fan so my rough temperature gauge is that I could touch it comfortably for extended periods of time (a useful finger warmer after a winter motorbike ride!) under Bering 1.0 but it's too hot to do so under Bering 1.1. Same configuration and NICs in both versions. Same low network traffic on both... I've noticed that it runs hotter during boot under both distros but then cools down after the boot process is complete in Bering 1.1. Just an idle inquiry really but I'd be interested to know if it does signify anything! Lee --- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] iptraf and ncurses on Bering 1.0/1.1
Has anyone had success in using iptraf.lrp and libncurs.lrp on Bering? When I've loaded as instructed, iptraf returns errors about opening terminal linux which I assume means its having problems with ncurses. The recommended ncurses package certainly appears to have loaded correctly. I seem to remember ntop.lrp has a similar issue at the console, but works okay from the web interface. Can anyone help? Adrian --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] iptraf and ncurses on Bering 1.0/1.1
You might try the full ncurses library in the ncurses5.lrp package, found at http://www.monkeynoodle.org/lrp/lrp/packages/libs Works with Bering 1.1, and presumably earlier versions. -Richard On Mon, 2003-03-10 at 07:41, Adrian Wooster wrote: Has anyone had success in using iptraf.lrp and libncurs.lrp on Bering? When I've loaded as instructed, iptraf returns errors about opening terminal linux which I assume means its having problems with ncurses. The recommended ncurses package certainly appears to have loaded correctly. I seem to remember ntop.lrp has a similar issue at the console, but works okay from the web interface. Can anyone help? Adrian --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html -- Richard Doyle [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] iptraf and ncurses on Bering 1.0/1.1
Adrian, On Mon, 10 Mar 2003 15:41:35 GMT Adrian Wooster wrote: Has anyone had success in using iptraf.lrp and libncurs.lrp on Bering? When I've loaded as instructed, iptraf returns errors about opening terminal linux which I assume means its having problems with ncurses. The recommended ncurses package certainly appears to have loaded correctly. Sounds like a terminfo problem. You probably just need to grab the linux terminfo file from a full distro. On debian it's in /usr/share/terminfo/l/linux You might find this thread in the leaf-user archives useful: http://www.mail-archive.com/[EMAIL PROTECTED]/msg10896.html and also the message: http://www.mail-archive.com/[EMAIL PROTECTED]/msg10900.html --Brad --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering and processor temperature
At 10:46 AM 3/10/2003 +, Luis.F.Correia wrote: Hi! AFAIK, a P200 needs both heatsink fan. Besides processor temperature, what did you change in your setup? Are you running VPN on 1.1? Any extra services, or was it a plain ole upgrade? If nothing has really changed, then there is no real answer to your problem... I didn't add anything, though I can see that the release has ulogd.lrp added to it. Ipsec is on it too but is not yet configured. Mmmm, could that be it? There are no extra services. I've started a second build of it and this is running much cooler so far. I'm bringing it to the same state as the original router step by step while checking the temperature between each step. Hopefully this will highlight where the temperature increase starts. It seems to run a little warmer once it has ipsec and mawk on it and before ipsec is configured, though nothing like as hot as the first one. I'll let you know if I find the answer! --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] iptraf and ncurses on Bering 1.0/1.1
Hello Adrian Yes, I did it. I copied from a Red Hat 7.2 the /usr/share/terminfo/l/linux file to a diskette, booted in Bering, created the directory /usr/share/terminfo/l and copied the file linux into the directory. You can include the line /usr/share/terminfo in /var/lib/lrpkg/etc.list and backup the etc package. If you want to run minicom, this file must be located in /etc/terminfo/l. Regards Heriberto -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de Adrian Wooster Enviado el: Lunes, 10 de Marzo de 2003 12:42 p.m. Para: [EMAIL PROTECTED] Asunto: [leaf-user] iptraf and ncurses on Bering 1.0/1.1 Has anyone had success in using iptraf.lrp and libncurs.lrp on Bering? When I've loaded as instructed, iptraf returns errors about opening terminal linux which I assume means its having problems with ncurses. The recommended ncurses package certainly appears to have loaded correctly. I seem to remember ntop.lrp has a similar issue at the console, but works okay from the web interface. Can anyone help? Adrian --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.459 / Virus Database: 258 - Release Date: 25/02/03 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.459 / Virus Database: 258 - Release Date: 25/02/03 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.459 / Virus Database: 258 - Release Date: 25/02/03 ¡Internet GRATIS es Yahoo! Conexión! Usuario yahoo, contraseña yahoo. Desde Buenos Aires, 4004-1010. Otras ciudades: http://conexion.yahoo.com.ar/avanzados.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering and processor temperature
Lee, On Mon, 10 Mar 2003 08:34:20 PST Lee Kimber wrote: At 10:46 AM 3/10/2003 +, Luis.F.Correia wrote: Hi! AFAIK, a P200 needs both heatsink fan. Besides processor temperature, what did you change in your setup? Are you running VPN on 1.1? Any extra services, or was it a plain ole upgrade? If nothing has really changed, then there is no real answer to your problem... I didn't add anything, though I can see that the release has ulogd.lrp added to it. Ipsec is on it too but is not yet configured. Mmmm, could that be it? There are no extra services. I've started a second build of it and this is running much cooler so far. I'm bringing it to the same state as the original router step by step while checking the temperature between each step. Hopefully this will highlight where the temperature increase starts. It seems to run a little warmer once it has ipsec and mawk on it and before ipsec is configured, though nothing like as hot as the first one. I'll let you know if I find the answer! How do the load averages[1] compare on the hot vs. cool setups? If the load average is significantly higher on the hot configuration, you could grab a copy of top.lrp[2] and see which processes are responsible for the increased load average. Running top will itself increase load average (and likely cpu temp), so be sure to account for that increase when measuring temp with top running. It seems unlikely, but I suppose changes between the 2.4.18 (Bering 1.0) and 2.4.20 (Bering 1.1) kernels could also be responsible for increased load on the CPU. Good luck! --Brad [1] Use the uptime command or cat /proc/loadavg. [2] There are versions at http://leaf.sourceforge.net/devel/khadley/packages.html and http://www.monkeynoodle.org/lrp/lrp/packages/ . top may require a package that provides libncurses, e.g. libncurs.lrp, which in turn may require a copy of the terminfo data file for your desired terminal. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: [leaf-devel] ATM bering
Le Lundi 10 Mars 2003 21:19, Jose Luis Abuelo Sebio a écrit : Hi, Let's see if somebody can help me with this. I've a computer running with a bering distribution and I would like to work with an ATM card too. Do you know if I can use ATM in bering? How? Do I need any package or module? How can I configure it? Do you know any guide for that? Check this chapter of the user's guide: http://leaf.sourceforge.net/devel/jnilo/bupppoatm.html Jacques --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Winzip and .lrp
Hello I usually open .lrp files with Winzip81 in Windows 98, renaming them to *.tgz, except initrd.lrp, that can't be opened. I would like to protect the password file of etc.lrp from been cracked with Brute Force crackers like John The Ripper. Is there a way for backing up the .lrp files, so they cannot be opened (as initrd.lrp), except from inside the Bering box, and of course knowing the root password? Regards Heriberto --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.459 / Virus Database: 258 - Release Date: 25/02/03 ¡Internet GRATIS es Yahoo! Conexión! Usuario yahoo, contraseña yahoo. Desde Buenos Aires, 4004-1010. Otras ciudades: http://conexion.yahoo.com.ar/avanzados.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Anyone have the simple ppp how-to for bering/all firewalls?
I remember using a very simplified ppp how-to when i last configured my router, but have since lost the URL. it included everything needed for a successful ppp connection, including mgetty and ppp how-to's. it did not include anything about routing though. anyone have this link? --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] IPsec with Bering 1.1 without MAWK.LRP and IPSEC509.LRP ?
Hi all folks, I am jumping into IPSec with my two feet. I am using Bering 1.1. I am surprised to see that our friend Jacques NILO has stored minus files for Bering 1.1 than the previous 1.0. I have trieved the IPSEC.LRP, but not IPSEC509.LRP and not MAWK.LRP in his current directories http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/. Are they always needed, or only the IPSEC.LRP is necessary ? I want to check VPN with preshared secret as the first step, and pass to X509 after. Could you, somebody, confirm me if I have missed something or if only file is now necessary ? Best Regards, Francois BERGERET, France. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] IPsec with Bering 1.1 without MAWK.LRP and IPSEC509.LRP ?
On Monday 10 March 2003 03:07 pm, Francois BERGERET wrote: Hi all folks, I am jumping into IPSec with my two feet. I am using Bering 1.1. I am surprised to see that our friend Jacques NILO has stored minus files for Bering 1.1 than the previous 1.0. I have trieved the IPSEC.LRP, but not IPSEC509.LRP and not MAWK.LRP in his current directories http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/. Are they always needed, or only the IPSEC.LRP is necessary ? I want to check VPN with preshared secret as the first step, and pass to X509 after. Could you, somebody, confirm me if I have missed something or if only file is now necessary ? You still need mawk.lrp to run any of the ipsec packages. You will need to use ipsec509 instead of ipsec to use x509 certs. -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://www.guitarlynn.homelinux.org:81 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Winzip and .lrp
On Monday 10 March 2003 02:51 pm, Heriberto Höhlke wrote: Hello I usually open .lrp files with Winzip81 in Windows 98, renaming them to *.tgz, except initrd.lrp, that can't be opened. I would like to protect the password file of etc.lrp from been cracked with Brute Force crackers like John The Ripper. Is there a way for backing up the .lrp files, so they cannot be opened (as initrd.lrp), except from inside the Bering box, and of course knowing the root password? How would anyone be able to crack your password file without logging in as 'root'? Really the only security concerns to the outside you would have would be dependant on opening http/ftp/etc... services open to the internet and running on the router itself. If this is a large concern of yours, I would suggest moving these services off the router and into a DMZ. -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://www.guitarlynn.homelinux.org:81 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] IPsec with Bering 1.1 without MAWK.LRP and IPSEC509.LRP ?
Dear Lynn, This what I was done with the previous Bering 1.0. But, I have not seen them in the current latest subdirectory. Can I use those of the previous 1.0 instead of not yet ready new release ? Best Regards, Francois BERGERET, France. -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de Lynn Avants Envoyé : lundi 10 mars 2003 22:36 À : [EMAIL PROTECTED] Objet : Re: [leaf-user] IPsec with Bering 1.1 without MAWK.LRP and IPSEC509.LRP ? On Monday 10 March 2003 03:07 pm, Francois BERGERET wrote: Hi all folks, I am jumping into IPSec with my two feet. I am using Bering 1.1. I am surprised to see that our friend Jacques NILO has stored minus files for Bering 1.1 than the previous 1.0. I have trieved the IPSEC.LRP, but not IPSEC509.LRP and not MAWK.LRP in his current directories http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/. Are they always needed, or only the IPSEC.LRP is necessary ? I want to check VPN with preshared secret as the first step, and pass to X509 after. Could you, somebody, confirm me if I have missed something or if only file is now necessary ? You still need mawk.lrp to run any of the ipsec packages. You will need to use ipsec509 instead of ipsec to use x509 certs. -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://www.guitarlynn.homelinux.org:81 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Winzip and .lrp
I share Lynn's sense of puzzlement about just what you are trying to protect here. He is correct that the etc.lrp file on a LEAF router is not particularly vulnerable to remote theft, unless the thief already has root privileges on the LEAF router or the router is running a service with a serious security hole. I surmise that you are concerned about someone who has physical access to the router and can copy the file directly from the boot floppy (or other boot medium). The sad reality is that it is almost impossible to secure any standard PC against an attack by somebody who has physical access to it. In the immediate example, far easier than cracking root's password on the floppy would be substituting a fresh /etc/shadow file in etc.lrp (or even supplying a completely fresh etc.lrp package). In general, the best way to fight brute force password crackers is to pick hard-to-guess passwords ... good, unpatterned ones of the sort that all the references recommend. At 03:39 PM 3/10/2003 -0600, Lynn Avants wrote: On Monday 10 March 2003 02:51 pm, Heriberto Höhlke wrote: Hello I usually open .lrp files with Winzip81 in Windows 98, renaming them to *.tgz, except initrd.lrp, that can't be opened. I would like to protect the password file of etc.lrp from been cracked with Brute Force crackers like John The Ripper. Is there a way for backing up the .lrp files, so they cannot be opened (as initrd.lrp), except from inside the Bering box, and of course knowing the root password? How would anyone be able to crack your password file without logging in as 'root'? Really the only security concerns to the outside you would have would be dependant on opening http/ftp/etc... services open to the internet and running on the router itself. If this is a large concern of yours, I would suggest moving these services off the router and into a DMZ. -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] IPsec with Bering 1.1 without MAWK.LRP and IPSEC509.LRP ?
On Monday 10 March 2003 22:07, Francois BERGERET wrote: Hi all folks, I am jumping into IPSec with my two feet. I am using Bering 1.1. I am surprised to see that our friend Jacques NILO has stored minus files for Bering 1.1 than the previous 1.0. I have trieved the IPSEC.LRP, but not IPSEC509.LRP and not MAWK.LRP in his current directories http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/. Are they always needed, or only the IPSEC.LRP is necessary ? I want to check VPN with preshared secret as the first step, and pass to X509 after. Could you, somebody, confirm me if I have missed something or if only file is now necessary ? As stated in the Changelog, begining with Bering 1.1 there is now only one version of ipsec which includes all the patches x509, NAT-traversal ... SInce there is now only a single package I named it ipsec.lrp http://leaf.sourceforge.net/devel/jnilo/bichlog.html#AEN111 Jacques --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Winzip and .lrp
And one note! initrd.lrp is not protected, in fact is not even a .tgz file! If you wanna see it Content just mount in a linux box with -o loop: mkdir -p /mnt/initrd mount /path/to/initrd.lrp /mnt/initrd -o loop Samuel Abreu On Mon, 10 Mar 2003 17:51:28 -0300 Heriberto Höhlke [EMAIL PROTECTED] wrote: Hello I usually open .lrp files with Winzip81 in Windows 98, renaming them to *.tgz, except initrd.lrp, that can't be opened. I would like to protect the password file of etc.lrp from been cracked with Brute Force crackers like John The Ripper. Is there a way for backing up the .lrp files, so they cannot be opened (as initrd.lrp), except from inside the Bering box, and of course knowing the root password? Regards Heriberto --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Winzip and .lrp
Heriberto Höhlke wrote: Hello I usually open .lrp files with Winzip81 in Windows 98, renaming them to *.tgz, except initrd.lrp, that can't be opened. I would like to protect the password file of etc.lrp from been cracked with Brute Force crackers like John The Ripper. Is there a way for backing up the .lrp files, so they cannot be opened (as initrd.lrp), except from inside the Bering box, and of course knowing the root password? It is very difficult to protect a system against someone who has physical access to it. Even the bigshots like Microsoft get this wrong (witness the XBox boot code). The Catch-22 is in your question above rephrased: How do you protect the password file from being read by anyone who doesn't have the password? Well, if you're keeping data out of the hands of someone with physical access, the system itself doesn't have the password, so it can't access the password file, so it can't know what the password is...catch-22. About the only thing I can think of that might satisfy your request is the encryption of etc.lrp, with the encorperation of an appropriate decrypting routine into the initial ramdisk startup script. This would require you to be present at system boot to enter the password (so the packages could be decrypted and installed), but would prevent anyone from being able to get at your passwords quite as easily, but there are still lots of ways around this for someone with physical access to the machine, they're just harder than extracting a zip file. -- Charles Steinkuehler [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Winzip and .lrp
Hello Lynn I plan to install Bering in a site, where I have no control who has physical access to the firewall. Regards Heriberto On Monday 10 March 2003 02:51 pm, Heriberto Höhlke wrote: Hello I usually open .lrp files with Winzip81 in Windows 98, renaming them to *.tgz, except initrd.lrp, that can't be opened. I would like to protect the password file of etc.lrp from been cracked with Brute Force crackers like John The Ripper. Is there a way for backing up the .lrp files, so they cannot be opened (as initrd.lrp), except from inside the Bering box, and of course knowing the root password? How would anyone be able to crack your password file without logging in as 'root'? Really the only security concerns to the outside you would have would be dependant on opening http/ftp/etc... services open to the internet and running on the router itself. If this is a large concern of yours, I would suggest moving these services off the router and into a DMZ. -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://www.guitarlynn.homelinux.org:81 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.459 / Virus Database: 258 - Release Date: 25/02/03 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.459 / Virus Database: 258 - Release Date: 25/02/03 ¡Internet GRATIS es Yahoo! Conexión! Usuario yahoo, contraseña yahoo. Desde Buenos Aires, 4004-1010. Otras ciudades: http://conexion.yahoo.com.ar/avanzados.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] debian question, /etc/network/interfaces
Hi all, How do you force the duplex setting speed on LRP? It seems /etc/network/interfaces is the key file, but the Debian man page (http://www.fifi.org/cgi-bin/man2html/usr/share/man/man5/interfaces.5.gz#lbA D) and LEAF user guide don't provide the answer. Thanks for your help P --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] WISP on soekris help
I tried askig this on the WISP list, but got no response (maybe not many people on the list?). Anyway, thanks for any help in advance. Dave Hey folks, I'm having a large amount of trouble getting my soekris board as an access points. Well, it acts as an access point (I'm using a Prism 2.5 D-Link Air 650 PCMCIA card), that is I can connect to the ap as a client, I get a good signal, but I can't surf. ARG! Any help would be great, thanks in advance. Dave --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering and processor temperature
How do the load averages[1] compare on the hot vs. cool setups? If the load average is significantly higher on the hot configuration, you could grab a copy of top.lrp[2] and see which processes are responsible for the increased load average. Running top will itself increase load average (and likely cpu temp), so be sure to account for that increase when measuring temp with top running. It seems unlikely, but I suppose changes between the 2.4.18 (Bering 1.0) and 2.4.20 (Bering 1.1) kernels could also be responsible for increased load on the CPU. Good luck! --Brad [1] Use the uptime command or cat /proc/loadavg. [2] There are versions at http://leaf.sourceforge.net/devel/khadley/packages.html and http://www.monkeynoodle.org/lrp/lrp/packages/ . top may require a package that provides libncurses, e.g. libncurs.lrp, which in turn may require a copy of the terminfo data file for your desired terminal. Great - I didn't know you could do that on a Bering box. I will do it and let you know. Lee --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Anyone have the simple ppp how-to for bering/allfirewalls?
On Mon, 10 Mar 2003, Matt Russell wrote: I remember using a very simplified ppp how-to when i last configured my router, but have since lost the URL. it included everything needed for a successful ppp connection, including mgetty and ppp how-to's. it did not include anything about routing though. anyone have this link? I can't think of any howtos easier than the Bering Installation Guide and Bering User's Guide: http://leaf.sourceforge.net/devel/jnilo/binstall.html http://leaf.sourceforge.net/devel/jnilo/busers.html In particular, the latter guide discusses outbound serial connections in section 2. Regarding inbound connections, I think I have seen something describing them, but cannot recall where right now. --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] How to set process run at startup?
Dear all I would like to start one process at startup. Could i write some script to run at startup like rc.local? anyone who know please tell me. Thankz. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] How to set process run at startup?
On Monday 10 March 2003 09:12 pm, Thitiporn Pornpirunrak wrote: Dear all I would like to start one process at startup. Could i write some script to run at startup like rc.local? anyone who know please tell me. It goes in /etc/init.d like Debian with the RCDLINKS line set for the runlevel and load order. -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://www.guitarlynn.homelinux.org:81 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Winzip and .lrp
On Monday 10 March 2003 05:03 pm, Heriberto Höhlke wrote: Hello Lynn I plan to install Bering in a site, where I have no control who has physical access to the firewall. Well, if you eliminate the possibilitiy of using a monitor or removing whatever disk/physical media you are using, I don't imagine you'll have any problems. A floppy or other disk type can usually be mounted inside of the case so access to it requires removing the cover. -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://www.guitarlynn.homelinux.org:81 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Anyone have the simple ppp how-to for bering/all firewalls?
On Monday 10 March 2003 07:50 pm, Jeff Newmiller wrote: Regarding inbound connections, I think I have seen something describing them, but cannot recall where right now. http://leaf.sourceforge.net/devel/thc/dox/pppserv.txt -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://www.guitarlynn.homelinux.org:81 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] How to set process run at startup?
Le Mardi 11 Mars 2003 04:22, Lynn Avants a écrit : On Monday 10 March 2003 09:12 pm, Thitiporn Pornpirunrak wrote: Dear all I would like to start one process at startup. Could i write some script to run at startup like rc.local? anyone who know please tell me. It goes in /etc/init.d like Debian with the RCDLINKS line set for the runlevel and load order. In fact there is another, more traditional approach: There is and /etc/rc.boot directory in Bering. All the scripts you will put there will be executed at the end of the boot process by /etc/init.d/rcS: snip rcS:# For compatibility, run the files in /etc/rc.boot too. rcS:[ -d /etc/rc.boot ] run-parts /etc/rc.boot snip Also do not forget to save etc.lrp once your script have been put into rc.boot. :-) Jacques --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering/pppoe: ignoring mtu setting...
Hey all, I am trying to force a 1452 mtu setting on my pppoe connection but it refuse to go to that number... It remains at 1492 what ever I change in the pppoe conf files and etc-interface settings! Any ideas? Rgds Thomas Fischer, MCSE mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Apple, WinNT, e-Mail, Groupware mailto:[EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] WISP on soekris help
Le Mardi 11 Mars 2003 03:03, Dave Shpritz a écrit : I tried askig this on the WISP list, but got no response (maybe not many people on the list?). Anyway, thanks for any help in advance. Dave Hey folks, I'm having a large amount of trouble getting my soekris board as an access points. Well, it acts as an access point (I'm using a Prism 2.5 D-Link Air 650 PCMCIA card), that is I can connect to the ap as a client, I get a good signal, but I can't surf. ARG! Any help would be great, thanks in advance. Are your interfaces properly configured in Shorewall ? What says: ip addr show and cat /etc/shorewall/interfaces Jacques --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: Development environment
Le Mardi 11 Mars 2003 00:39, Ryan Lindeman a écrit : Hi, I'm trying to use Bering for work and I would like to create some packages for it. I'm having problems creating a development environment, can you give me a few pointers as to what to do after I setup a debian/woody virtual machine? To create Bering packages you need to setup a Debian/slink virtual machine. Debian/woody is only used for kernel development Then you need to learn how to build a LEAF package. Refer to the LEAF Document manager. Section 13 Developer questions answered: http://sourceforge.net/docman/?group_id=13751 Jacques Ryan Lindeman --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: [leaf-devel] Tunneling in bering
ok. Using Bering to make a remote bridge. A very, very, mini howto.
You need a bering system, with bridging already working, and with the
tun.o kernel module loaded. Make sure /dev/net/tun exists, if it
doesn't, add
mkdir /dev/net
mknod /dev/net/tun c 10 200
to the end of /var/lib/lrpkg/root.dev.mk , and backup initrd.lrp.
(Jacques/Eric, would be nice to get that into Bering by default)
get the vtund executable (from http://vtun.sourceforge.net/ ) onto your
box. Unfortunately, I don't have a package that'll do this (well, I do,
but it's compiled against glibc-2.2.5, so probably isn't much help to
most people).
make a bridge device in /etc/network/interfaces, add the real interfaces
you want to bridge, and the tap0 interface:
iface br0 inet static
address 192.168.1.0
masklen 32
bridge_ports eth0 tap0
note that you *don't* want an auto br0 line in there - this thing
won't work unless it's started after vtund has created tap0, so you
don't want the system bringing up the bridge at boot time.
create vtund.conf, you'll need something like:
--
options {
port 5000;# Listen on this port.
# Path to various programs
ppp /usr/sbin/brctl;
ifconfig /sbin/ip;
route /sbin/ifup;
firewall /sbin/ifdown;
}
# Default session options
default {
compress no; # Compression is off by default
speed 0; # By default maximum speed, NO shaping
type ether; # Ethernet tunnel
proto tcp;# UDP protocol
stat yes;# Log connection statistic
keepalive yes;# Keep connection alive
multi yes;
device tap0; # Device tap0
}
bridge {
pass dfg47df; # Password
up {
route br0;
};
down {
firewall br0;
};
--
You'll need a similar vtund.conf on either machine. There are a few
things to note here. The weird route/firewall thing is like a macro
expansion, what's really going on is an ifup br0 and ifdown br0. I
couldn't get it to work reliable with UDP, but TCP works a charm,
obviously you can add crypto/compression options as you see fit (I tend
to run it over IPSEC tunnels, so I generally have all those options
disabled).
Start one machine as a server with
/usr/sbin/vtund -s
and the other as a client with
/usr/sbin/vtund -p bridge ip of server
Watch your kernel logs - if it's working, you'll get the usual bridge
STP messages happening, and 30 seconds later, you'll be bridging. The
output of ps is useful, it tells you what the status of a tunnel is:
1488 root 2284 S vtund[c]: bridge ether tap0
indicates a working tunnel. brctl show will also give useful info:
bridge 8000.0040f466370a yes eth0
tap0
And that should about do it. Any questions/omissions, please sing out.
This writeup'd GPL'd, etc. Jacques/Eric, if you wish to put this
somewhere in the Bering docs, please do so.
Cheers
Si
On Tue, Mar 11, 2003 at 02:28:37AM +0100, Jose Luis Abuelo Sebio said:
Hi guys:
Here is the situation, I have two computers running
with a bering distribution and working as bridges to
set up a virtual lan. They are fisically connected
by
a cable and they work perfectly.
The question is that I want to know how to set them
up if the computers working as bridges, and which
connect the workstations of the vlan, were located
in
different places like Europe and America. I was told
in one of this lists that I should use a tunnel and
that there is a tool called vtun that I could use.
The problem is that I don't know how to set up the
computers to work as bridges and to create a tunnel
between them at the same time. They already work as
bridges but could some of you tell me how to do to
create a tunnel between them? Should I use the
vtun
tool for the bering distribution or you think that
there is something better?
Thank for your time, and I hope there is some of
you
that can help me with this. I will really apreciate
it.
If you do not know the answer to this but you have
any
documentation about it I will apreciate it if you
can
send it to me.
Luis
P.S. If this is not the correct mailing-list, sorry,
but can you remail me to the correct one, thanks
___
Yahoo! Messenger - Nueva versi?n GRATIS
Super Webcam, voz, caritas animadas, y m?s...
http://messenger.yahoo.es
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek
Re: [leaf-user] Re: [leaf-devel] Tunneling in bering
Le Mardi 11 Mars 2003 07:52, Simon Blake a écrit : ok. Using Bering to make a remote bridge. A very, very, mini howto. You need a bering system, with bridging already working, and with the tun.o kernel module loaded. Make sure /dev/net/tun exists, if it doesn't, add mkdir /dev/net mknod /dev/net/tun c 10 200 to the end of /var/lib/lrpkg/root.dev.mk , and backup initrd.lrp. (Jacques/Eric, would be nice to get that into Bering by default) Yes. Or could be added in the vtund.lrp package in the init.d/vtund script get the vtund executable (from http://vtun.sourceforge.net/ ) onto your box. Unfortunately, I don't have a package that'll do this (well, I do, but it's compiled against glibc-2.2.5, so probably isn't much help to most people). It's available for Bering here: http://leaf.sourceforge.net/devel/jnilo/packages/vtund.lrp Jacques make a bridge device in /etc/network/interfaces, add the real interfaces you want to bridge, and the tap0 interface: iface br0 inet static address 192.168.1.0 masklen 32 bridge_ports eth0 tap0 note that you *don't* want an auto br0 line in there - this thing won't work unless it's started after vtund has created tap0, so you don't want the system bringing up the bridge at boot time. create vtund.conf, you'll need something like: --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Tunneling in bering
Hi guys: Here is the situation, I have two computers running with a bering distribution and working as bridges to set up a virtual lan. They are fisically connected by a cable and they work perfectly. The question is that I want to know how to set them up if the computers working as bridges, and which connect the workstations of the vlan, were located in different places like Europe and America. I was told in one of this lists that I should use a tunnel and that there is a tool called vtun that I could use. The problem is that I don't know how to set up the computers to work as bridges and to create a tunnel between them at the same time. They already work as bridges but could some of you tell me how to do to create a tunnel between them? Should I use the vtun tool for the bering distribution or you think that there is something better? Thank for your time, and I hope there is some of you that can help me with this. I will really apreciate it. If you do not know the answer to this but you have any documentation about it I will apreciate it if you can send it to me. Luis P.S. If this is not the correct mailing-list, sorry, but can you remail me to the correct one, thanks ___ Yahoo! Messenger - Nueva versión GRATIS Super Webcam, voz, caritas animadas, y más... http://messenger.yahoo.es --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] ATM bering
Hi, Let's see if somebody can help me with this. I've a computer running with a bering distribution and I would like to work with an ATM card too. Do you know if I can use ATM in bering? How? Do I need any package or module? How can I configure it? Do you know any guide for that? Thanks and I hope some of you can help me with this. See you ___ Yahoo! Messenger - Nueva versión GRATIS Super Webcam, voz, caritas animadas, y más... http://messenger.yahoo.es --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
