Re: [leaf-user] PPP unreliable. Diagnosis help
Dave Whiteley wrote: I am using a 56k serial modem over ordinary phone line. Communication is slow, and large web pages, or large (usually spam) email messages have a tendency to time out or lose their socket. I had a similar problem with ppp over a 56k modem using a Bering 1.0 installation. After reading the Shorewall doc's I discovered that my ISP is "criminally braindead". Setting CLAMP_MSS=yes in /etc/shorewall/shorewall.conf fixed the problem. Cheers, Peter. --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Just OOT.
Note : This is OOT post - Dear All To day April 4th (GMT+7) Is my son's 1st birthday. Why I post this msg to this list ... Just because His (my son's) name is "Lintang Reka Pratama" Yes .. I named him after LRP. Sincerely, and apologize for this anoying post. A very happy Father. A Father who use LRP/LEAF as his tool to make life. -bino- --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] weblet returning "No data error message
I am running dachstein and I cannot get the weblet to return data. Connecting to the router with mozilla ends up with a "This document contains no data" error. Since it isn't refusing the connection, weblet must be running. So, why no data. -- Jeff, wd4nmq [EMAIL PROTECTED] http://mywebpages.comcast.net/wd4nmq --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering uClibc 1.1 pppd MTU settings
I'm not shure I understood your question; but it sounds you didn't set clampmss=yes in shorewall.conf kp Am Donnerstag, 3. April 2003 19:34 schrieb Robert Marlow: > Hi all > > I just installed Bering uClibc 1.1 and am very happy with it... well happy > with all except one thing. It seems the default ppp for this LEAF version > is possibly one of the older ones which contained a bug with MTU > translation. Well, that's how it appears from my experience anyway. > > When I send packets through my LEAF firewall from another host, if it's an > amount of traffic larger than 1492 the traffic gets no further than that > 1492. After a lil research I found that the earlier implementations of pppd > had this problem and it was caused by it not being very good at breaking > packets up and forming them into new sizes. So when traffic from my > network, running at the standard ethernet MTU of 1500, reaches pppd it > freezes, confused about how to send traffic of 1500 down a 1492 pppoe link. > I got around this by setting the MTU on the network cards of each host on > my LAN to 1492. This is of course an extremely ugly hack (but I didn't have > time to try to fix the ppp installation) > > I was wondering if Bering users out there are aware of this problem and > whether there's a solution to it simpler than changing the MTU settings on > all hosts on the network. Or if there's a more up to date ppp.lrp (or > pppoe.lrp if it turns out that's causing the problem). > > Thanks, all! > > > > > --- > This SF.net email is sponsored by: ValueWeb: > Dedicated Hosting for just $79/mo with 500 GB of bandwidth! > No other company gives more support or power for your dedicated server > http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ > > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: lost root password
Never Mind - Bad keyboard Darcy - Original Message - From: "Darcy Parker" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, April 03, 2003 9:55 PM Subject: lost root password > I just know that people out there will be laughing! My root password no > longer works. I am running leaf bering. Is there anyway to restore or > change it? > > Darcy Parker > --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] lost root password
I just know that people out there will be laughing! My root password no longer works. I am running leaf bering. Is there anyway to restore or change it? Darcy Parker --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Openssl/IPSEC fswcert tool
In the bering docs, it talks about using the fswcert tool ("fswcert -k serverKey.pem > ipsec.secrets") which is presumably used to extract the private key from the certificate. Is this needed anymore or can i simply do a cat serverKey.pem > ipsec.secrets? from the following URL i would guess that it is no longer needed, but since i'm not sure of the version of openssl used with bering, i cannot confirm this. (URL=http://cert.uni-stuttgart.de/archive/debian/security/2002/04/msg00159.h tml) thanks! matt --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Booting VIA EPIA Mobo with Isolinux
Julian Julian Church wrote the following at 16:37 03.04.2003: Hi All I'm attempting to put together a CD-based Bering firewall on a computer based around a VIA EPIA 5000 motherboard. To try out my new motherboard, I tried an existing Bering CD from another firewall I use (Bering 1.0 I think). I get the following error very early in the boot process: ... Otherwise, can anyone give me any general pointers? Would a newer version of isolinux help? How about varying the isolinux settings when I generate the disk image? How about alternatives to isolinux? I don't know how you created the CD, but there are certainly several possibilities you can play with, either in native (isolinux) mode or to use a cd boot image. The syslinux guys will certainly have more experience as this is not strictly a LEAF problem but one of a rather generic nature. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering Ipsec and Shorewall rules
Simon Simon Chalk wrote the following at 22:33 03.04.2003: Hi Erich, I did not want to go into detail, until I understood the operation of both shorewall and ipsec. I am still a little confused about shorewall, but the key seems to be the tunnels file. ipsec was failing and I assumed it was shorewall. It turns out that it wasn't shorewall at all, but the configuration of ipsec.conf. I believe everyone setting up ipsec for the first time is in the same league, as an earlier post today mentionned you really have to follow the instructions to the letter. My first attempt was of course one that no textbook mentioned to start with, connecting to a commercial low end firewall (Zywall). You can imagine how many hours I poked my nose in the process. Glad you got it up working. Good luck Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering Ipsec and Shorewall rules
Hi Erich, I did not want to go into detail, until I understood the operation of both shorewall and ipsec. I am still a little confused about shorewall, but the key seems to be the tunnels file. ipsec was failing and I assumed it was shorewall. It turns out that it wasn't shorewall at all, but the configuration of ipsec.conf. I think when I have got this truly working, I may provide a post on my findings. Thanks for your input anyway. Regards, Simon. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Erich Titl Sent: 03 April 2003 16:07 To: [EMAIL PROTECTED] Subject: Re: [leaf-user] Bering Ipsec and Shorewall rules Simon At 14:07 03.04.2003 +0100, you wrote: >Please can someone confirm whether the Shorewall Tunnels file internally >manages the UDP Port 500 and Protocols 50 and 51? > >Or do I need to create rules? > >I have created the tunnel files as per documentation on the Bering site and >Shorewall. But I am currently unable to get ipsec working between two >firewalls. I am assuming at this point that something is blocking the path. It is best if you tell the list what _exactly_ you did. Even if you made no errors at all (to the best of your knowledge) it is quite difficult to answer such a general question without knowledge what happens _exactly_. Being unable to get ipsec working is not what I would call an exact description of an error. Maybe you should consult your log file for shorewall entries, and you may want to reset the counters in the iptables and see where messages go through. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering uClibc 1.1 pppd MTU settings
Hi all I just installed Bering uClibc 1.1 and am very happy with it... well happy with all except one thing. It seems the default ppp for this LEAF version is possibly one of the older ones which contained a bug with MTU translation. Well, that's how it appears from my experience anyway. When I send packets through my LEAF firewall from another host, if it's an amount of traffic larger than 1492 the traffic gets no further than that 1492. After a lil research I found that the earlier implementations of pppd had this problem and it was caused by it not being very good at breaking packets up and forming them into new sizes. So when traffic from my network, running at the standard ethernet MTU of 1500, reaches pppd it freezes, confused about how to send traffic of 1500 down a 1492 pppoe link. I got around this by setting the MTU on the network cards of each host on my LAN to 1492. This is of course an extremely ugly hack (but I didn't have time to try to fix the ppp installation) I was wondering if Bering users out there are aware of this problem and whether there's a solution to it simpler than changing the MTU settings on all hosts on the network. Or if there's a more up to date ppp.lrp (or pppoe.lrp if it turns out that's causing the problem). Thanks, all! --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering Ipsec and Shorewall rules
Hi Simon, I recently got my IPSec tunnel up and running using Bering 1.1. I had a few problems as well, but they were due to my not COMPLETELY following the instructions that Tom wrote. I made a couple of assumptions about the ipsec.conf file and my tunnel didn't work until I went back and read the docs again. I did not have to create any additional rule sets in Shorewall. The documents at http://shorewall.net/IPSEC.htm and http://jixen.tripod.com were extremely helpful and got the whole thing up and running once I followed the instructions to the letter. :-) My set up is a LAN-to-LAN tunnel using RSA keys. HTH -- Ken > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Simon Chalk > Sent: Thursday, April 03, 2003 6:08 AM > To: [EMAIL PROTECTED] > Subject: [leaf-user] Bering Ipsec and Shorewall rules > > > Please can someone confirm whether the Shorewall Tunnels file > internally manages the UDP Port 500 and Protocols 50 and 51? > > Or do I need to create rules? > > I have created the tunnel files as per documentation on the > Bering site and Shorewall. But I am currently unable to get > ipsec working between two firewalls. I am assuming at this > point that something is blocking the path. > > Regards, > > Simon. > > > > > --- > This SF.net email is sponsored by: ValueWeb: > Dedicated Hosting for just $79/mo with 500 GB of bandwidth! > No other company gives more support or power for your > dedicated server > http://click.atdmt.com/AFF/go/sdnxxaff00300020> aff/direct/01/ > > > -- > -- > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/l> eaf-user > SR > FAQ: > http://leaf-project.org/pub/doc/docmanager/docid_1891.html > --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering Ipsec and Shorewall rules
Simon At 14:07 03.04.2003 +0100, you wrote: Please can someone confirm whether the Shorewall Tunnels file internally manages the UDP Port 500 and Protocols 50 and 51? Or do I need to create rules? I have created the tunnel files as per documentation on the Bering site and Shorewall. But I am currently unable to get ipsec working between two firewalls. I am assuming at this point that something is blocking the path. It is best if you tell the list what _exactly_ you did. Even if you made no errors at all (to the best of your knowledge) it is quite difficult to answer such a general question without knowledge what happens _exactly_. Being unable to get ipsec working is not what I would call an exact description of an error. Maybe you should consult your log file for shorewall entries, and you may want to reset the counters in the iptables and see where messages go through. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Booting VIA EPIA Mobo with Isolinux
Hi All I'm attempting to put together a CD-based Bering firewall on a computer based around a VIA EPIA 5000 motherboard. To try out my new motherboard, I tried an existing Bering CD from another firewall I use (Bering 1.0 I think). I get the following error very early in the boot process: ISOLINUX 1.67 2002-02-03 isolinux: Loading spec packet failed, trying to wing it ... isolinux: Failed to locate CD-ROM device; boot failed. Googling for fragments of this error message tells me that others have had this problem, and that it's due to BIOS bugs, but doesn't give a clear solution. The first disc in my debian 3.0 set gives the same error message, but later discs in the set boot OK (I think they use different booting methods to help people with difficult BIOS's). I know others on this list have used these motherboards - has anyone here solved this problem? Otherwise, can anyone give me any general pointers? Would a newer version of isolinux help? How about varying the isolinux settings when I generate the disk image? How about alternatives to isolinux? Sorry about the general nature of these questions. regards Julian Church --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering Ipsec and Shorewall rules
Please can someone confirm whether the Shorewall Tunnels file internally manages the UDP Port 500 and Protocols 50 and 51? Or do I need to create rules? I have created the tunnel files as per documentation on the Bering site and Shorewall. But I am currently unable to get ipsec working between two firewalls. I am assuming at this point that something is blocking the path. Regards, Simon. --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] How many client that one connection in ipsec.conf can recieve (with rsa)?
look at your ipsec.conf : uniqueids = no Bibinsa --- Thitiporn Pornpirunrak <[EMAIL PROTECTED]> a écrit : > Hi all > Now I could enable road-warrior with rsa and > using leftupdown script to > add specific route for new connection. I found that > when 2nd client connect > to my firewall with rsa. first client will > disconnected. Anyone know why > please tell me??? > > Thanx. ___ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html