Re: [leaf-user] add PCI USB expansion card, USB memory stick to Bering box
Hello Jacques, I have a very old pc as Bering box so I am sure that it will not allow booting from USB. What I would like to know if there are PCI expansion cards for USB ports which are supported by the Bering kernel. That way I could add a USB pendrive for more memory. thanks for your reply! Chera Bekker On Fri May 30 2003 15:38, Jacques Nilo wrote: > Le Vendredi 30 Mai 2003 15:12, H.G. Bekker a écrit : > > Hello List, > > > > In my search to upgrade my LEAF box with WiFi capabilities I am running > > into the 1.68 Mb size limit of my Bering 1.0 floppy. I am thinking of > > adding a USB 1.1 PCI expansion card and a 128/256 USB memory stick to my > > Bering box. I will still boot from floppy though. This is just for extra > > packages. > > > > Can anyone recommend me a USB expansion card and memory stick which are > > supported by Bering kernel modules? > > Bering has no problem to boot from any USB device. > The real problem is to make sure that your BIOS allows booting from such a > device. > Jacques > > > Thanks in advance. > > > > Chera Bekker --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] about RTNETLINK no such file me
On Fri, 30 May 2003 08:54:27 +, <[EMAIL PROTECTED]> wrote: run_tc qdisc del dev eth0 root Get rid of that -- Shorewall is doing it for you quietly (not complaining about errors). Since there is no queuing discipline on eth0 when your command runs, it is failing. -Tom -- Tom Eastep\ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ [EMAIL PROTECTED] --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] RTNETLINK answers : No such file or directory
hello list :) Sorry for posting, but i spent many hours reading leaf-mailuser archive, shorewall and htb faq to find whats wrong in my config. :( so you are my last chance to configure my chaping config. I am using Bering-uClibc with the Two interface shorewall template. i have access to internet through my bering pc. At the end of the boot process , i have this message : Processing /etc/shorewall/tcstart ... RTNETLINK answers : No such file or directory Processing /etc/shorewall/stop ... Terminated Before , all the boot process are OK All the config are defaut exept those : this is my lrp packages loaded in syslinux.cfg LRP=root,etc,local,modules,iptables,keyboard,shorwall,ulogd,dnscache,weblet,tc,q os-htb In Shorewall CONFIG i have : MANGLE_ENABLED=Yes TC_ENABLED=Yes14:12 30/05/2003 CLEAR_TC=No MARK_IN_FORWARD_CHAIN=Yes (because i am using SNAT : 192.168.1.230 >62.251.XXX.XXX) i have 32 IP SNATed in NAT pannel config. TCRULES in shorewall panel config. ## #MARK SOURCE DESTPROTO PORT(S) CLIENT PORT(S) 1 eth10.0.0.0 all 2 fw 0.0.0.0 all 4 fw 0.0.0.0 tcp 1214- 4 fw 0.0.0.0 tcp 4329 4 fw 0.0.0.0 tcp 4661:4665 4 fw 0.0.0.0 tcp 412 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE Modules loaded for HTB: # HTB modules sch_prio sch_htb sch_cbq sch_sfq # ingress modules sch_ingress (renamed through cp sch_ingress.o /lib/modules) sch_in~1 cls_fw cls_u32 and this is my tcstart files copied in \etc\shorewall run_tc qdisc del dev eth0 root run_tc qdisc add dev eth0 root handle 1: htb default 10 run_tc class add dev eth0 parent 1: classid 1:1 htb rate 100kbit run_tc class add dev eth0 parent 1:1 classid 1:10 htb rate 60kbit ceil 100kbit prio 0 run_tc class add dev eth0 parent 1:1 classid 1:20 htb rate 20kbit ceil 30kbit prio 1 run_tc class add dev eth0 parent 1:1 classid 1:30 htb rate 20kbit ceil 50kbit prio 2 run_tc filter add dev eth0 protocol ip parent 1:0 prio 0 handle 1 fw classid 1:10 run_tc filter add dev eth0 protocol ip parent 1:0 prio 1 handle 2 fw classid 1:20 run_tc filter add dev eth0 protocol ip parent 1:0 prio 2 handle 4 fw classid 1:30 thanks for any help Regards everyone. Mehdi Tazi cybercafe admin --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Creating a bootable USB device?
Hi folks, Can someone tell me how to actually "burn" the Bering .iso image to a USB device? I have one of the little USB plug and pray drives I would like to boot Bering from. I normally use Roxio to burn my bootable CD's, but Roxio (apparently) will only burn to a CD drive. P.S. I have a RedHat box I can use if that makes things easier. Thanks, Craig --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] VPN local to remote-dmz
Thanks a lot, Tom. - The 2 subnet-subnet tunnels work perfectly following your instructions. - Now if I would like to add a road-warrior, could I just expand your instructions further as follow? In /etc/shorewall/zones I have vpn VPN VPN local-network vpn2 VPN2 VPN dmz-network vpnRW VPNRW VPN for Road Warrior In /etc/shorewall/tunnels ipsec net 0.0.0.0/0 vpn,vpn2,vpnRW In /etc/shorewall/interfaces - ipsec0 and /etc/shorewall/hosts vpn ipsec0: vpn2 ipsec0: vpnRW ipsec0:0.0.0.0/0 and allow vpnRW and my-local to access each other in /etc/shorewall/policy vpnRW loc ACCEPT loc vpnRWACCEPT - Original Message - From: "Tom Eastep" <[EMAIL PROTECTED]> To: "M Lu" <[EMAIL PROTECTED]> Cc: "LEAF user list" <[EMAIL PROTECTED]> Sent: Tuesday, May 27, 2003 2:51 PM Subject: Re: [leaf-user] VPN local to remote-dmz > On Tue, 27 May 2003 14:28:06 -0700, M Lu <[EMAIL PROTECTED]> wrote: > > > Thank you Tom, > > > > It seems straigforward to add another connection (my-local - his-dmz) in > > 'ipsec.conf' but I do not know how to add another zone and associate it > > in > > '/etc/shorewall/interfaces'. Say I have second zone in > > '/etc/shorewall/zones' > > > > vpn VPN VPN local-network > > vpn2 VPN2 VPN dmz-network > > > > and in '/etc/shorewall/tunnels' I have > > > > ipsec net remote-IP vpn,vpn2 > > > > How do I represent them in '/etc/shorewall/interfaces' so that I can > > later > > have policy to allow 'vpn2' to 'dmz', but not the other way. > > /etc/shorewall/interfaces: > > - ipsec0 > > /etc/shorewall/hosts: > > vpn ipsec0: > vpn2 ipsec0: > > > > > Also, is it possible for me to add Road Warrior (again I need to access > > local and dmz) and they coexist with the permanent subnet-subnet? In that > > case, how does Shorewall know which zone is permanent and which zone will > > be > > up and down? > > > > I have absolutly no clue what question you just asked... > > -Tom > -- > Tom Eastep\ Shorewall - iptables made easy > Shoreline, \ http://www.shorewall.net > Washington USA \ [EMAIL PROTECTED] > > > > --- > This SF.net email is sponsored by: ObjectStore. > If flattening out C++ or Java code to make your application fit in a > relational database is painful, don't do it! Check out ObjectStore. > Now part of Progress Software. http://www.objectstore.net/sourceforge > > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
AW: [leaf-user] Edit floppy directly
> My router is AT form factor and I have no keyboard for it. Not a > problem as I just boot the Bering disk on another system(of > course I can't ssh in until I get Bering working). Is it > possible to mount and edit the floppy directly on my Debian box > or is booting it the only way to edit it? Thanks again. You could try out my LEAF Construction kit (available on my developer page at http://leaf-project.org/mod.php?mod=userpage&menu=1402&page_id=49 I use it for offline preparation for all packages. In fact, to use ou target embedded box, I put customised packages on a DoM and then make changes through serial or by uploading new packages with ssh - Alex --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
AW: [leaf-user] lshd / additional users on bering - su command
> basically, as root i did: "chmod 4111 /usr/local/bin/su" I would rather suggest chmod 4755 /usr/local/bin/su that gives you standard permissions for su (rwsr-xr-x) Regardless of what they were before - Alex --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] DNS from 'fw' to 'dmz'
Hello, I accidentally saw the following in /var/log/messages: May 29 07:41:23 router kernel: Shorewall:all2all:REJECT:IN= OUT=eth2 SRC=192.168.2.254 DST=192.168.2.201 LEN=61 TOS=0x0 0 PREC=0x00 TTL=64 ID=61994 DF PROTO=UDP SPT=53 DPT=1028 LEN=41 My DMZ subnet is 192.168.2.x, 192.168.2.201 is the DMZ server and 192.168.2.254 in on the router. UDP port 53 is for the DNS server and I have DNS server running on the router (also listening to DMZ interface). Currently I have in /etc/shorewall/rules # # 2 - allow DMZ to use DNS on firewall # ACCEPT dmz fw tcp 53 ACCEPT dmz fw udp 53 should I also allow the DNS traffic back from 'fw' to 'dmz'? Thank you. M Lu. --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
AW: [leaf-user] Creating a bootable USB device?
Craig > Can someone tell me how to actually "burn" the Bering .iso image to a > USB device? I have one of the little USB plug and pray drives I would > like to boot Bering from. I normally use Roxio to burn my bootable CD's, > but Roxio (apparently) will only burn to a CD drive. P.S. I have a > RedHat box I can use if that makes things easier. I did create bootable Bering disks on IEEE1394, which as seen from the Linux kernel is quite similar to USB. I didn't use images but partitioned the drive, put filesystems on it, copied the packages and ran Grub to make it bootable. I don't know if syslinux could handle USB devices. You could try to create a filesystem, copy the packages and run syslinux. USB devices are mapped to a SCSI bus, so you'd have to try syslinux /dev/sr0 or something like that. If you want to try out grub, I could probably help you a bit. - Alex --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] DNS from 'fw' to 'dmz'
On Fri, 30 May 2003 08:37:56 -0700, M Lu <[EMAIL PROTECTED]> wrote: Hello, I accidentally saw the following in /var/log/messages: May 29 07:41:23 router kernel: Shorewall:all2all:REJECT:IN= OUT=eth2 SRC=192.168.2.254 DST=192.168.2.201 LEN=61 TOS=0x0 0 PREC=0x00 TTL=64 ID=61994 DF PROTO=UDP SPT=53 DPT=1028 LEN=41 My DMZ subnet is 192.168.2.x, 192.168.2.201 is the DMZ server and 192.168.2.254 in on the router. UDP port 53 is for the DNS server and I have DNS server running on the router (also listening to DMZ interface). Currently I have in /etc/shorewall/rules # # 2 - allow DMZ to use DNS on firewall # ACCEPT dmz fw tcp 53 ACCEPT dmz fw udp 53 should I also allow the DNS traffic back from 'fw' to 'dmz'? See Shorewall FAQ #6c. -Tom -- Tom Eastep\ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ [EMAIL PROTECTED] --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] VPN local to remote-dmz
On Fri, 30 May 2003 08:21:00 -0700, M Lu <[EMAIL PROTECTED]> wrote: Thanks a lot, Tom. - The 2 subnet-subnet tunnels work perfectly following your instructions. - Now if I would like to add a road-warrior, could I just expand your instructions further as follow? In /etc/shorewall/zones I have vpn VPN VPN local-network vpn2 VPN2 VPN dmz-network vpnRW VPNRW VPN for Road Warrior In /etc/shorewall/tunnels ipsec net 0.0.0.0/0 vpn,vpn2,vpnRW In /etc/shorewall/interfaces - ipsec0 and /etc/shorewall/hosts vpn ipsec0: vpn2 ipsec0: vpnRW ipsec0:0.0.0.0/0 and allow vpnRW and my-local to access each other in /etc/shorewall/policy vpnRW loc ACCEPT loc vpnRWACCEPT Should work. -Tom -- Tom Eastep\ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ [EMAIL PROTECTED] --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Basic Routing with uClib-Bering (v1.1.1)
Hi I'm banging my head against a brick wall trying to work out why some simple routes I have setup on our newly installed uClib-Bering system aren't working. I'm hoping that someone will be able to point me in the right direction, based on the details I lay out here. We have a very simple network setup. One subnet 192.1.1.0 (yeah, I know it should be 192.168 but it was setup before I arrived). Two systems on this subnet can make connections to the outside world. The Bering system, which provides a firewalled internet connection via ppp over isdn (connected via serial port), and our support system (called cosmos) which is used to connect to our customer's networks as required (using ppp and dialback to hook up to a M$ system running RAS). Everything used to work fine when we just had the one box (cosmos) handling both the network connections to customers, and our connection to the internet. I decided to split out the internet connection to make use of a better firewalling system (shorewall) over our variously edited ipchains script. Consequently I changed the default gateway on all the PC's here to point at the Bering box, instead of cosmos as they had done before. Internet connection still works fine. However, I've been unable to come up with the magic required to persuade the Bering box to forward on packets for our customers networks onto cosmos. Here's some config details from the Bering box - # ip addr show 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: dummy0: mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:02:b3:a1:38:ef brd ff:ff:ff:ff:ff:ff inet 192.1.1.254/24 brd 192.1.1.255 scope global eth0 4: ppp0: mtu 1500 qdisc pfifo_fast qlen 3 link/ppp inet 194.153.10.200 peer 194.153.0.46/32 scope global ppp0 5: ppp1: mtu 1500 qdisc pfifo_fast qlen 3 link/ppp # ip route show 194.153.0.46 dev ppp0 proto kernel scope link src 194.153.10.200 192.1.1.230 dev eth0 proto static scope host 192.1.1.0/24 dev eth0 proto kernel scope link src 192.1.1.254 172.25.0.0/16 via 192.1.1.230 dev eth0 proto static default via 194.153.0.46 dev ppp0 # lines from /etc/network/interfaces auto lo iface lo inet loopback auto ppp0 iface ppp0 inet ppp provider provider auto eth0 iface eth0 inet static address 192.1.1.254 masklen 24 broadcast 192.1.1.255 up ip route add 192.1.1.230 dev eth0 proto static scope host || true up ip route add 172.25.0.0/16 via 192.1.1.230 proto static || true Here's the routing table on cosmos when the link is up to a customer who's network is 172.25.0.0/16 - [EMAIL PROTECTED] /root]# route Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 192.1.1.254 * 255.255.255.255 UH0 00 eth0 172.25.150.71 * 255.255.255.255 UH0 00 ppp0 192.1.1.230 * 255.255.255.255 UH0 00 eth0 192.1.1.210 * 255.255.255.255 UH0 00 eth0 192.1.1.0 * 255.255.255.0 U 0 00 eth0 172.25.0.0 172.25.150.71 255.255.0.0 UG0 00 ppp0 172.16.0.0 192.1.1.210 255.255.0.0 UG0 00 eth0 10.136.0.0 192.1.1.210 255.255.0.0 UG0 00 eth0 127.0.0.0 * 255.0.0.0 U 0 00 lo default 192.1.1.254 0.0.0.0 UG0 00 eth0 And here's the output of a traceroute run on cosmos to prove that from cosmos I can find a route to a particular box on the customers network - [EMAIL PROTECTED] /root]# traceroute 172.25.150.70 traceroute to 172.25.150.70 (172.25.150.70), 30 hops max, 40 byte packets 1 172.25.151.252 (172.25.151.252) 158.992 ms 158.315 ms 159.864 ms 2 172.25.150.70 (172.25.150.70) 159.834 ms 158.860 ms 149.907 ms However, if I run the same traceroute command from another machine on the network which has it's default gateway as the Bering box, this is what I get - (the Bering box is called 'firewall' - imaginative no?) [EMAIL PROTECTED] /root]# traceroute uvdirector traceroute to uvdirector (172.25.150.70), 30 hops max, 38 byte packets 1 firewall (192.1.1.254) 0.627 ms 0.427 ms 0.448 ms Can anyone offer advice, or indicate what information is required (beyond what I have provided above) to help me? Many thanks. -- Pete Jewell Example Systems Ltd. The views expressed in this email may not be those of Example Systems Ltd unless explicitly stated. --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 ---
Re: [leaf-user] Basic Routing with uClib-Bering (v1.1.1)
So the cosmos system is a router with two interfaces, yes? One is an address in the 192.1.1.0/24 range, on the local LAN, the other somehow connected to network 172.25.0.0/16. And it wants to route LAN traffic to private addresses in the range 172.25.0.0/16? Is that it? You want the Bering router to receive these requests initially, then forward them to the cosmos router for further routing? Or am I guessing wrong here? You've left out the details of the cosmos setup, so I'm trying to infer them from what you did say. If this is right, I see two possible problems with what you've done. First, the routing table on the Bering router says that 172.25.0.0/16 is a netwotrk *locally* available to eth0. I *think* you want it to say that 192.1.1.d (the cosmos' router's LAN address) is its route to 172.25.0.0/16. The approach you're taking will work only if the cosmos is doing something fancy like proxy-arp'ing the 172.25.0.0/16 addresses on the LAN. Second, since 172.25.0.0/16 is a private-range network (isn't it? I don't use the Class-B private block much), the RFC1918 filtering in Bering/Shorewall will block (DENY, I think) packets to those destinations. You don't say if you've turned off this filtering. It iss also just barely possible that your NAT'ing is causing a problem. Since you don't describe that part of your setup, I can note it as a (remote, I think) possibility but not suggest details. Another option is to set up your hosts to use the cosmos directly. In their routing tables, install an entry telling them that 192.1.1.d (the cosmos' LAN IP address) is their route to network 172.25.0.0/16 . Since you don't describe the clients, I can't even begin to suggest the details of how to do it, but this approach would bypass the LEAF router (for this specfic traffic) completely. A final option is to implement an icmp redirect on the Bering router, so it tells clients to use 192.1.1.d as their route to 172.25.0.0/16, without your having to update the routing tables by hand. I've never implemented one of these, though., and I don't even know if the Linux kernel can do it. icmp redirects also raise some security problems, so I don't know how widely this approach is used these days. At 05:04 PM 5/30/2003 +0100, Pete Jewell wrote: Hi I'm banging my head against a brick wall trying to work out why some simple routes I have setup on our newly installed uClib-Bering system aren't working. I'm hoping that someone will be able to point me in the right direction, based on the details I lay out here. We have a very simple network setup. One subnet 192.1.1.0 (yeah, I know it should be 192.168 but it was setup before I arrived). Two systems on this subnet can make connections to the outside world. The Bering system, which provides a firewalled internet connection via ppp over isdn (connected via serial port), and our support system (called cosmos) which is used to connect to our customer's networks as required (using ppp and dialback to hook up to a M$ system running RAS). Everything used to work fine when we just had the one box (cosmos) handling both the network connections to customers, and our connection to the internet. I decided to split out the internet connection to make use of a better firewalling system (shorewall) over our variously edited ipchains script. Consequently I changed the default gateway on all the PC's here to point at the Bering box, instead of cosmos as they had done before. Internet connection still works fine. However, I've been unable to come up with the magic required to persuade the Bering box to forward on packets for our customers networks onto cosmos. Here's some config details from the Bering box - # ip addr show 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: dummy0: mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:02:b3:a1:38:ef brd ff:ff:ff:ff:ff:ff inet 192.1.1.254/24 brd 192.1.1.255 scope global eth0 4: ppp0: mtu 1500 qdisc pfifo_fast qlen 3 link/ppp inet 194.153.10.200 peer 194.153.0.46/32 scope global ppp0 5: ppp1: mtu 1500 qdisc pfifo_fast qlen 3 link/ppp # ip route show 194.153.0.46 dev ppp0 proto kernel scope link src 194.153.10.200 192.1.1.230 dev eth0 proto static scope host 192.1.1.0/24 dev eth0 proto kernel scope link src 192.1.1.254 172.25.0.0/16 via 192.1.1.230 dev eth0 proto static default via 194.153.0.46 dev ppp0 # lines from /etc/network/interfaces auto lo iface lo inet loopback auto ppp0 iface ppp0 inet ppp provider provider auto eth0 iface eth0 inet static address 192.1.1.254 masklen 24 broadcast 192.1.1.255 up ip route add 192.1.1.230 dev eth0 proto static scope host || true up ip route add 172.25.0.0/16 via 192.1.1.230 proto static || true Here's the routing table on cosmos when th
Re: [leaf-user] opening port 22 on Dachstein 1.02
Thanks Charles, that was my problem.
Robert Chambers
Charles Steinkuehler wrote:
Robert Chambers wrote:
After doing the svi network reload I get a few error messages:
EXTERN_IP: not found
portfw: illegal local address/port specified
M Lu wrote:
- Add the following lines (or edit them if already there) into
/etc/network.conf
EXTERN_TCP_PORTS="0/0_ssh"
and
INTERN_SERVERS="tcp_${EXTERN_IP}_ssh_192.168.1.1_ssh"
assuming you want to access SSH on 192.168.1.1
then do
svi network reload
I suspect you used parens "()" instead of curly braces "{}" for the
INTERN_SERVERS line. Use the line exactly as it appears above, and it
should work.
Alternatively, you could use the built-in port-forwarding for ssh:
INTERN_SSH_SERVER=192.168.1.1
EXTERN_SSH_PORT=22
instead of the INTERN_SERVERS setting. You still need the
EXTERN_TCP_PORTS setting for either of these options to allow the
packets through your firewall so they can be forwarded.
---
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Basic Routing with uClib-Bering (v1.1.1) - SOLVED!
Thanks for your reply Ray, isn't it always the case that stating a problem can sometimes suggest the answer? ;-) To answer some of your questions - I had found and disabled the firewall blocking of the relevant private IP range - sorry not to have mentioned it. Also, as you point out, I left the details of the cosmos box very sketchy - turns out that his is exactly where the problem was! When I had removed our firewalling script from the cosmos box, I had failed to notice that it handled the NAT configuration for us The simple solution was to do the following on the cosmos box (Linux 2.2.x) echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/ipchains -A forward -j MASQ -i ppp0 -s 192.1.1.0/24 -d 0.0.0.0/0 /sbin/ipchains -A forward -j MASQ -i eth0 -s 192.1.1.0/24 -d 0.0.0.0/0 Now everything is working fine :) -- Pete Jewell Example Systems Ltd. The views expressed in this email may not be those of Example Systems Ltd unless explicitly stated. --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] add PCI USB expansion card, USB memory stick to Bering box
Hi, That might be an alternative. However I have some problems locating the equipment in the Netherlands. But I will keep it in mind. Thanks! Chera Bekker On Fri May 30 2003 15:44, you wrote: > You would probably be better off buying a IDE-CF adaptor and hooking on a > CF card as a hard disk. I've had problems loading USB moduls on a openbrick > box. The above method uses std IDE drivers and hence is more sureshot. > > You can buy equipment whereby the CF reader sits in a 3 1/2" external bay. > > look up http://www.mydigitaldiscount(s).com > > Bye > Mohan > > >Hello List, > > > >In my search to upgrade my LEAF box with WiFi capabilities I am running > > into > > > >the 1.68 Mb size limit of my Bering 1.0 floppy. I am thinking of adding a > > USB > > > >1.1 PCI expansion card and a 128/256 USB memory stick to my Bering box. I > > > >will still boot from floppy though. This is just for extra packages. > > > >Can anyone recommend me a USB expansion card and memory stick which are > >supported by Bering kernel modules? > > > >Thanks in advance. > > > >Chera Bekker > > > > > > > >--- > >This SF.net email is sponsored by: eBay > >Get office equipment for less on eBay! > >http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 > > > >leaf-user mailing list: [EMAIL PROTECTED] > >https://lists.sourceforge.net/lists/listinfo/leaf-user > >SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] My wife says Ipsec is going to drive her nuts.
I have what I thought would be an easy problem to figure out but is not, well for me anyways. I'm hoping someone will be in a kind and generous frame of mind so as to point out the error of my ways! To begin, I am using Leaf 1.2 in an attempt to evaluate it's ipsec performance in no more than a firewall/vpn sort of role. I have no problems setting it up, making it work and establishing a connection. the problem manifests itself when I attempt to ping anything on either subnet - all I can see are the nics on the Bering machines themselves, nothing beyond. Subnet Local Net Gateway Gateway Net LocalSubnet 192.168.0.0/24<>192.168.0.25<>142.59.65.140<>142.59.64.1<>THE INTERNET<>216.123.215.81<>216.123.215.94<>192.168.2.4<>192.168.2.0/24 Please excuse the crudity of my above network topology layout where the ip addresses have not been concealed to protect the innocent. To better explain, if I am tring to ping from a machine on the 192.168.2.0/24 subnet to another machine on the 192.168.0.0/24 subnet as far as I can get is to 192.168.0.25 address on the leaf box, if I try vice versa I can only go as far as 192.168.2.4. I am unsure what information would best assist you in determining where my problem lies, what I am hoping is that as this is being read someone, somewhere is smirking and already knows why. In the event that I have actually found a bona fida tear jerker (hah!) I will send along some stuff. I made the follow alterations to the shorewall configuration from what it came with 'out of the box': zones file: vpn VPN Remote Subnet policy file: loc vpn ACCEPT vpn loc ACCEPT tunnels file: ipsec net 216.123.215.94 on one machine and 142.59.65.140 on the other, I have also tried 0.0.0.0/0 for both Here is ipsec.conf for the sake of simplicity and lack of full blown Linux machine I am using Pre Shared Keys. config setup # THIS SETTING MUST BE CORRECT or almost nothing will work; # %defaultroute is okay for most simple cases. interfaces=%defaultroute # Debug-logging controls: "none" for (almost) none, "all" for lots. klipsdebug=none plutodebug=none # Use auto= parameters in conn descriptions to control startup actions. plutoload=%search plutostart=%search # Close down old connection when new one using same ID shows up. uniqueids=yes # defaults for subsequent connection descriptions conn %default # How persistent to be in (re)keying negotiations (0 means very). keyingtries=0 # RSA authentication with keys from DNS. authby=secret pfs=yes auto=add # sample VPN connection conn home-edm # Left security gateway, subnet behind it, next hop toward right. left=216.123.215.94 leftsubnet=192.168.2.0/24 leftnexthop=216.123.215.81 # Right security gateway, subnet behind it, next hop toward left. right=142.59.65.140 rightsubnet=192.168.0.0/24 rightnexthop=142.59.64.1 # To authorize this connection, but not actually start it, at startup, # uncomment this. auto=start Upon starting either machine a connection is made pretty much as soon as ipsec is running the tail end of the barf file is like so: May 30 11:49:40 firewall pluto[2212]: added connection description "home-edm" May 30 11:49:40 firewall pluto[2212]: listening for IKE messages May 30 11:49:40 firewall pluto[2212]: adding interface ipsec0/eth0 216.123.215.94 May 30 11:49:40 firewall pluto[2212]: loading secrets from "/etc/ipsec.secrets" May 30 11:49:40 firewall pluto[2212]: "home-edm" #1: initiating Main Mode May 30 11:49:41 firewall pluto[2212]: "home-edm" #1: Peer ID is ID_IPV4_ADDR: '142.59.65.140' May 30 11:49:41 firewall pluto[2212]: "home-edm" #1: ISAKMP SA established May 30 11:49:41 firewall pluto[2212]: "home-edm" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK May 30 11:49:41 firewall pluto[2212]: "home-edm" #2: sent QI2, IPsec SA established According to Freeswan.org this is as it should be. Here is a copy of ipsec look after the conenction has been established: firewall Fri May 30 11:55:19 UTC 2003 0192168 0 024:0:192.168.2.0/24:0 -> 192.168.0.0/24:0 => [EMAIL PROTECTED]:0 (4) ipsec0->eth0 mtu=16260(1443)->1500 [EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=in src=142.59.65.140 iv_bits=64bits iv=0x639a27d1364f4faa ooowin=64 seq=4 bit=0xf alen=128 aklen=128 eklen=192 life(c,s,h)=bytes(432,0,0)addtime(338,0,0)usetime(333,0,0)packets(4,0,0) idle=330 [EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=out src=216.123.215.94 iv_bits=64bits iv=0x652c19db3099b60f ooowin=64 seq=4 alen=128 aklen=128 eklen=192 life(c,s,h)=bytes(448,0,0)addtime(338,0,0)usetime(333,0,0)packets(4,0,0) idle=330 [EMAIL PROTECTED] IPIP: dir=in src=142.59.65.140 life(c,s,h)=bytes(432,0,0)addtime(338,0,0)usetime(333,0,0)packets(4,0,0) idle=330 [EMAIL PRO
Re: [leaf-user] My wife says Ipsec is going to drive her nuts.
Trevor-Engele wrote: I have what I thought would be an easy problem to figure out but is not, well for me anyways. I'm hoping someone will be in a kind and generous frame of mind so as to point out the error of my ways! To begin, I am using Leaf 1.2 in an attempt to evaluate it's ipsec performance in no more than a firewall/vpn sort of role. I have no problems setting it up, making it work and establishing a connection. the problem manifests itself when I attempt to ping anything on either subnet - all I can see are the nics on the Bering machines themselves, nothing beyond. Subnet Local Net Gateway Gateway Net LocalSubnet 192.168.0.0/24<>192.168.0.25<>142.59.65.140<>142.59.64.1<>THE INTERNET<>216.123.215.81<>216.123.215.94<>192.168.2.4<>192.168.2.0/24 Please excuse the crudity of my above network topology layout where the ip addresses have not been concealed to protect the innocent. To better explain, if I am tring to ping from a machine on the 192.168.2.0/24 subnet to another machine on the 192.168.0.0/24 subnet as far as I can get is to 192.168.0.25 address on the leaf box, if I try vice versa I can only go as far as 192.168.2.4. I am unsure what information would best assist you in determining where my problem lies, what I am hoping is that as this is being read someone, somewhere is smirking and already knows why. In the event that I have actually found a bona fida tear jerker (hah!) I will send along some stuff. I made the follow alterations to the shorewall configuration from what it came with 'out of the box': zones file: vpn VPN Remote Subnet policy file: loc vpn ACCEPT vpn loc ACCEPT tunnels file: ipsec net 216.123.215.94 on one machine and 142.59.65.140 on the other, I have also tried 0.0.0.0/0 for both I strongly suspect your firewall rules. It looks like your IPSec tunnel is coming up OK, which means the two endpoints can excahnge UDP port 500 traffic. For acutal data to flow through the VPN, the ends also have to be able to exchange ESP/AH traffic (protocol 50/51), and you have to allow forwarding between the two networks. I'm not familiar with how to cleanly set this up with Shorewall, but Tom has excellent online documentation, and maybe some of the Shorewall users here will chime-in. Based on a quick review of the ShorewallIPSec docs (since Tom's not answering Shorewall mail durring business hours anymore): http://www.shorewall.net/IPSEC.htm ...it looks like you might have missed assigning the ipsec0 interface to the VPN zone in /etc/shorewall/interfaces. -- Charles Steinkuehler [EMAIL PROTECTED] --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Add local networks to the machine
I am having issues with the box, I set it up on our network as a fail safe so that if something goes wrong with our Proxy server this will take over. I gave everyone a router of dress of this, my problem is now I can't ping outside of my local network. I need to find a way to tell my Bering box that these subnets are local and not to try and route them 10.100.100.0 through 10.100.110.0 And 208.193.230.0 Where would I do this and how do I do this? Robert Everland III Web Developer Extraordinaire Dixon Ticonderoga Company http://www.dixonusa.com --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Problem using ftp!
Hi, i have 2 station connected to each other via Orinoco Wireless cards, using Bering 1.0... But the problem is i can't list directories in ftp connections! Im not denying nothing, and the Bering 1.0 has the ip_nat_ftp modules of netfilter right??? What can be the problem??? Thanks Samuel Abreu --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-wisp] Problem under high load!
Hi ppl... I have a wisp station, where when i try to test with ttcp, i get strange errors! If the direction is from another station to the station with problem, i get 400 Kb/s... But if i try the command: ttcp -n512 -s -t xxx.xxx.xxx.x from the problematic station to the good one... i get the message in the good station: ttcp-r: IO: Connection reset by peer The problematic station just drop the connection... and the station keep with high usage for a few minutes... something about: load average: 3.0 ... And one more strange thing, when i test with ttcp, in the problem situation the link quality looking in AP-1000 goes to Marginal for a few seconds, then back to normal... Well, if anyone knows what can be, please tell me... or else, exist a way in wisp to limit the upload bandwidth?? With HTB i can limit the download bandwidth, but there is somehow to limit the upload bandwidth? Thanks Samuel Abreu --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 ___ leaf-wisp-dist mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-wisp-dist
Re: [leaf-user] Add local networks to the machine
See below. At 03:43 PM 5/30/2003 -0400, Robert Everland wrote: I am having issues with the box, I set it up on our network as a fail safe so that if something goes wrong with our Proxy server this will take over. I gave everyone a router of dress of this, my problem is now I can't ping outside of my local network. I need to find a way to tell my Bering box that these subnets are local and not to try and route them 10.100.100.0 through 10.100.110.0 And 208.193.230.0 Where would I do this and how do I do this? This is very hard to follow. What, for example, can "I gave everyone a router of dress of this" possibly mean? In any case, a router will "try to route" only packets that are sent to it in the first place. If 10.100.100.0 through 10.100.110.0 and 208.193.230.0 (I assume you mean us to read them as /24 networks) are all LAN addresses, the hosts that use them should know this at not try to use the default gateway (I presume that's what the Bering host is). Someone here can probably help you, but you need to provide a more coherent description of the problem. The SR FAQ (referenced below) should help you do this. Reading over the ping FAQ on the LEAF Website will help you amplify "can't ping" in useful ways. Also please be clearer as to what you mean by "I need to find a way to tell my Bering box that these subnets are local and not to try and route them". Do you mean you want it to refuse to route outgoing connections from these networks? Or are they on separate interfaces, and you wan the Bering router to route among these networks locally? Or is the issue with NAT (since the networks are a mix or private and public addresses)? My first guess would be that you have a routing problem in the LAN workstations, not in the Bering router. My second would be that you are trying to ping to the Internet from a non-routable address and have not set up the Bering router to NAT it. But even these are shots in the dark until you describe the setup better. --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Shorewall Support
I regret to announce that effective immediately, I will no longer be answering Shorewall questions during local business hours. I normally work from 7:00AM - 4:00PM, Pacific Time (GMT -0800). -Tom -- Tom Eastep\ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ [EMAIL PROTECTED] --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Problem using ftp!
Hi Samuel Samuel Abreu de Paula wrote the following at 22:01 30.05.2003: Hi, i have 2 station connected to each other via Orinoco Wireless cards, using Bering 1.0... But the problem is i can't list directories in ftp connections! Im not denying nothing, and the Bering 1.0 has the ip_nat_ftp modules of netfilter right??? What can be the problem??? Did you look at the shorewall logs? It might be that there is traffic blocked. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] add PCI USB expansion card, USB memory stick to Bering box
Hi Apacer has the Europe headquarters in the Netherlands, you could probably get a DOM easily there and that is the most versatile storage I can think of in a LEAF box. Erich H.G. Bekker wrote the following at 19:29 30.05.2003: Hi, That might be an alternative. However I have some problems locating the equipment in the Netherlands. But I will keep it in mind. Thanks! Chera Bekker THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] SLIP
>You could try out my LEAF Construction kit (available on my developer >page >at >http://leaf-project.org/mod.php?mod=userpage&menu=1402&page_id=49 >I use it for offline preparation for all packages. In fact, to use ou >target >embedded box, I put customised packages on a DoM and then make changes >through serial or by uploading new packages with ssh >- Alex Alex-This is very cool! I have recently acquired a 486 laptop and thought I might use it to ssh into my router. Can I do that through a null modem cable? I could also buy a pcmcia card OR I have already built a DB9 to RJ45 adapter. Is it possible to use your LEAF construction kit to build a distro to use in this way? I have read a little about SLIP/ppp* it seems that they aren't the same and yet they tend to be grouped together. I have a completely secure LAN -that is to say that no one here could care in the slightest about routers and things. I won't be accessing it from the outside. Oh and BTW- there is no math co-processor on this laptop. It has a 121M hdd- 8M RAM. Perhaps I could use the hdd to build the disks and still boot a floppy to make the connection? What would be the easiest way to configure Bering on the router for this type of application? Thanks for any and all input! -- __ http://www.linuxmail.org/ Now with e-mail forwarding for only US$5.95/yr Powered by Outblaze --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] weblet/sed question
Good Evening all, I'm sorry to ask a question like this, but here goes. I want to expand weblet a little and would like some pointers. I'm currently running weblet 1.2 under Bering v1.1. I like the screens where you can view the hits by either port or sorted IP address. What I want to do is, add the functionality of the IP address screen to the port screen. On the IP screen, the addresses are clickable to view the actual hits the IP was associated with. What I would like to do is have the ports be clickable to view a sorted list of IP addresses. So if I clicked port 53, I could get a listing of all the IP's who hit that port. I could then get the offending IP's without having to plow through the current IP list to see who hit what port. Did I describe that clearly enough? I viewed the code to see how the different pages are rendered and how the sub routines are called, but I don't really know sed. I'm not sure where to start. Any pointers would be helpful. Thanks Tony --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] App Layer Filtering: Kazaa blocker?
Hello! As reported on /., an Application Layer (Layer 7) packet filter that can block protocols regardless of port, etc. The FAQ and HOWTO are sketchy on details: I can't tell if this is more advanced than filtering packets based on the contents of the packet: something you can already easily do. Also, it's only available on 2.5, though they are working on backporting it. I thought I'd throw it out there... http://l7-filter.sourceforge.net/ Tim Massey --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] SLIP
At 04:29 PM 5/30/2003 -0700, glenn greenfield wrote: [...] I have recently acquired a 486 laptop and thought I might use it to ssh into my router. Can I do that through a null modem cable? You can, but offhand, I see no benefit in doing so. You can just run a regular getty on a serial port and log into a shell, without the overhead of ppp and ssh (since it is a serial connection, there is no real issue of snooping on the line, so the connection does not need encrypting). I think Bering even has in /etc/inittab a commented-out line to run a getty (or maybe mgetty or agetty or mingetty ... one of the common variants, anyway) process on each standard serial port (ttyS0 and ttyS1). So you just need to uncomment a line and re-hup init for testing .. if it works, backup the modified system to a floppy. On the client end (the 486 laptop), you run any convenient terminal-emulation application ... minicom is the common console-based app, and seyon is on X-based app. The advantage of running ppp over the serial port is that it lets you do things other than ssh ... scp, ftp, whatever. You should consider whether you need that functionality, or if you really just require a console for plug-in management of a headless system. I could also buy a pcmcia card OR I have already built a DB9 to RJ45 adapter. Is it possible to use your LEAF construction kit to build a distro to use in this way? I have read a little about SLIP/ppp* it seems that they aren't the same and yet they tend to be grouped together. I have a completely secure LAN -that is to say that no one here could care in the slightest about routers and things. I won't be accessing it from the outside. Oh and BTW- there is no math co-processor on this laptop. It has a 121M hdd- 8M RAM. Perhaps I could use the hdd to build the disks and still boot a floppy to make the connection? What would be the easiest way to configure Bering on the router for this type of application? --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
