[leaf-user] Load average
Uptime: 8:09pm up 20:15, load average: 0.20, 0.04, 0.01 When I go into weblet and look at the http://192.168.2.1/cgi-bin/viewsys I see the line above at the top of the page. Can anyone tell me how to interpret the load average: 0.20, 0.04, 0.01 portion of this? I have no idea what these numbers mean. If anyone could point me to somewhere that explains these numbers that would be great. Thanks in advance. Troy --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] weblet extension version 2
Hi Tony, I tried this code as well and I think that you have to substitute /var/log/shorewall.log for /var/log/messages in the code that Eric provided. It didn't work for me until I made this change. Perhaps an older version of Bering or Dach used the messages file to log packets, hence the confusion. Please correct me if I'm wrong, Eric. Thanks, Ken -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Sent: Saturday, May 31, 2003 3:33 PM To: eric wolzak; Leaf-User Cc: [EMAIL PROTECTED] Subject: RE: [leaf-user] weblet extension version 2 HI Eric and Jeff, Thanks Eric for the code, this is half of what I was looking for, Jeff gave the other half. If you use the proverb: Give a man a fish, he eats today Teach a man to fish, he eats forever you both gave me one of those lines and I appreciate it. But, I do have some questions about the code, I can get the portsort section to work (from a previous e-mail, but the ipsort section is giving me the headers, but no data under it. I have some observations, but should I move this discussion to the devel list? I don't want to clog up this list with any more messages than necessary. Please advise, and I can pick up with my observations. Thanks, Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of eric wolzak Sent: Saturday, May 31, 2003 12:26 PM To: Tony; Leaf-User Subject: Re: [leaf-user] weblet extension version 2 Hello Tony Another variant is to change in the file viewhits the option ipsort to - ipsort) HEAD='trtd width=50 Hits /tdtdIP-Adress/tdtdnbsp;/td/tr' AUS=`grep DPT=$content /var/log/messages |\ sed 's/.*SRC=\(.* \)DST.*$/a href=viewhits?x_\1\1\/a\/tdtd\/td\/tr/'| sort -n | uniq -c |sort -rn|\ sed 's/^/trtd/ s/a/\/tdtda/` ;; --- this is a little bit slower but let you click on each ip address that tried to connect to the certain port and shows the messages that it caused, including those to another port Regards Eric Wolzak member of the bering crew --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697- 6916-5 -- -- leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/l eaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Load average
At 09:40 AM 6/2/2003 -0600, Troy Aden wrote: Uptime: 8:09pm up 20:15, load average: 0.20, 0.04, 0.01 When I go into weblet and look at the http://192.168.2.1/cgi-bin/viewsys I see the line above at the top of the page. Can anyone tell me how to interpret the load average: 0.20, 0.04, 0.01 portion of this? I have no idea what these numbers mean. If anyone could point me to somewhere that explains these numbers that would be great. I wish I could. (I wish *anyone* could.) These numbers are explained in the man page for uptime. Unfortunatly, the explanation there consists of the following: the system load averages for the past 1, 5, and 15 minutes. Helps a lot, eh? My best understending of these numbers is that they report the average number of processes waiting for some resource (that is, blocked) over the past 1, 5, and 15 minutes. If my understanding is correct, these numbers are in most instances not all that useful, and they are especially useless for routers (which do most of their important work within the kernel ... an old showboat fiddle with a Linux router was to show that it would continue to route even after a halt command had executed (in those days, systems didn't automatically power down)). In most settings (single-purpose systems like routers, as well as workstations and servers), I find CPU load (the percentages reported by top) a better indicator of system load. Since I don't use the weblet, I don't know where (or even whether) it reports this information. If it does not report it, perhaps it should. --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] weblet extension version 2
Hi Ken. I tried this code as well and I think that you have to substitute /var/log/shorewall.log for /var/log/messages in the code that Eric provided. It didn't work for me until I made this change. Perhaps an older version of Bering or Dach used the messages file to log packets, hence the confusion. Please correct me if I'm wrong, Eric. Thanks, Ken You are of course right , the log file should be the one the messages for shorewall are directed to. Bering 1.0 stable did the logging still in the /var/log/messages file ( this was the version I used to debug the script.) I should make things more modular again ;) Thanks for your feedback. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Sent: Saturday, May 31, 2003 3:33 PM To: eric wolzak; Leaf-User Cc: [EMAIL PROTECTED] Subject: RE: [leaf-user] weblet extension version 2 HI Eric and Jeff, Thanks Eric for the code, this is half of what I was looking for, Jeff gave the other half. If you use the proverb: Give a man a fish, he eats today Teach a man to fish, he eats forever you both gave me one of those lines and I appreciate it. But, I do have some questions about the code, I can get the portsort section to work (from a previous e-mail, but the ipsort section is giving me the headers, but no data under it. I have some observations, but should I move this discussion to the devel list? I don't want to clog up this list with any more messages than necessary. Please advise, and I can pick up with my observations. Thanks, Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of eric wolzak Sent: Saturday, May 31, 2003 12:26 PM To: Tony; Leaf-User Subject: Re: [leaf-user] weblet extension version 2 Hello Tony Another variant is to change in the file viewhits the option ipsort to - ipsort) HEAD='trtd width=50 Hits /tdtdIP-Adress/tdtdnbsp;/td/tr' AUS=`grep DPT=$content /var/log/messages |\ sed 's/.*SRC=\(.* \)DST.*$/a href=viewhits?x_\1\1\/a\/tdtd\/td\/tr/'| sort -n | uniq -c |sort -rn|\ sed 's/^/trtd/ s/a/\/tdtda/` ;; --- this is a little bit slower but let you click on each ip address that tried to connect to the certain port and shows the messages that it caused, including those to another port Regards Eric Wolzak member of the bering crew Regards Eric Wolzak member of the bering crew. --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Load average
Thanks for the quick response. :) In truth, I am just using weblet on our routers so that I have an easy way to track the throughput on all of the interfaces. (Packet count/ collisions/ bytes in out.) So I guess I loose nothing by ignoring these numbers. I am thinking of using the version of Weblet here. http://leaf.sourceforge.net/devel/cstein/files/packages/weblet.lrp Weblet V1.2.0 Includes Bandwidth monitor Does this version already have Netstat installed? I am very interested in trying this version out. Would I have any issues running this on Bering 1.2? Thanks again. Troy -Original Message- From: Ray Olszewski [mailto:[EMAIL PROTECTED] Sent: Monday, June 02, 2003 10:02 AM To: Leaf-User (E-mail) Subject: Re: [leaf-user] Load average At 09:40 AM 6/2/2003 -0600, Troy Aden wrote: Uptime: 8:09pm up 20:15, load average: 0.20, 0.04, 0.01 When I go into weblet and look at the http://192.168.2.1/cgi-bin/viewsys I see the line above at the top of the page. Can anyone tell me how to interpret the load average: 0.20, 0.04, 0.01 portion of this? I have no idea what these numbers mean. If anyone could point me to somewhere that explains these numbers that would be great. I wish I could. (I wish *anyone* could.) These numbers are explained in the man page for uptime. Unfortunatly, the explanation there consists of the following: the system load averages for the past 1, 5, and 15 minutes. Helps a lot, eh? My best understending of these numbers is that they report the average number of processes waiting for some resource (that is, blocked) over the past 1, 5, and 15 minutes. If my understanding is correct, these numbers are in most instances not all that useful, and they are especially useless for routers (which do most of their important work within the kernel ... an old showboat fiddle with a Linux router was to show that it would continue to route even after a halt command had executed (in those days, systems didn't automatically power down)). In most settings (single-purpose systems like routers, as well as workstations and servers), I find CPU load (the percentages reported by top) a better indicator of system load. Since I don't use the weblet, I don't know where (or even whether) it reports this information. If it does not report it, perhaps it should. --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Add local networks to the machine
It's not a problem with a route on the workstation. We run a wide area network, our networks are 10.100.100.0/24 - 10.100.110.0/24 and also 208.193.230.0/24. The workstations know naturally not to route anything in thier local subnet, but since I have given everyone a router address of my Bering box the Bering box tries to ping the hosts and in the case of 208.193.230.0/24 becuase that is a real IP range and not exclusively for internal use it actually tries to go out and ping it. I need to be able to tell the Bering box where to route the traffic correctly or by telling it that it's a local subnet and it should ignore any requests to it so that the machine will hit the correct router (which I don't have to include in the machine's router address because the other router is on the local network). Hope I explained it better this time. Robert Everland III Web Developer Extraordinaire Dixon Ticonderoga Company http://www.dixonusa.com -Original Message- From: Ray Olszewski [mailto:[EMAIL PROTECTED] Sent: Friday, May 30, 2003 4:19 PM To: [EMAIL PROTECTED] Subject: Re: [leaf-user] Add local networks to the machine See below. At 03:43 PM 5/30/2003 -0400, Robert Everland wrote: I am having issues with the box, I set it up on our network as a fail safe so that if something goes wrong with our Proxy server this will take over. I gave everyone a router of dress of this, my problem is now I can't ping outside of my local network. I need to find a way to tell my Bering box that these subnets are local and not to try and route them 10.100.100.0 through 10.100.110.0 And 208.193.230.0 Where would I do this and how do I do this? This is very hard to follow. What, for example, can I gave everyone a router of dress of this possibly mean? In any case, a router will try to route only packets that are sent to it in the first place. If 10.100.100.0 through 10.100.110.0 and 208.193.230.0 (I assume you mean us to read them as /24 networks) are all LAN addresses, the hosts that use them should know this at not try to use the default gateway (I presume that's what the Bering host is). Someone here can probably help you, but you need to provide a more coherent description of the problem. The SR FAQ (referenced below) should help you do this. Reading over the ping FAQ on the LEAF Website will help you amplify can't ping in useful ways. Also please be clearer as to what you mean by I need to find a way to tell my Bering box that these subnets are local and not to try and route them. Do you mean you want it to refuse to route outgoing connections from these networks? Or are they on separate interfaces, and you wan the Bering router to route among these networks locally? Or is the issue with NAT (since the networks are a mix or private and public addresses)? My first guess would be that you have a routing problem in the LAN workstations, not in the Bering router. My second would be that you are trying to ping to the Internet from a non-routable address and have not set up the Bering router to NAT it. But even these are shots in the dark until you describe the setup better. --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Shorewall rules and stuff. ;)
Am Montag, 2. Juni 2003 10:37 schrieb Adam Niedzwiedzki: I also ran an nmap scan on my firewall IP. Port State Service 22/tcp openssh 113/tcpclosed auth 135/tcpclosed loc-srv I'm have no idea why 113 and 135 are showing as open. These are my firewall rules. They are showed as closed :) Both are defined in /etc/shorewall/common.def kp --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Shorewall rules and stuff. ;)
On Mon, 2 Jun 2003 18:48:04 +0200, K.-P. Kirchdörfer [EMAIL PROTECTED] wrote: Am Montag, 2. Juni 2003 10:37 schrieb Adam Niedzwiedzki: I also ran an nmap scan on my firewall IP. Port State Service 22/tcp openssh 113/tcpclosed auth 135/tcpclosed loc-srv I'm have no idea why 113 and 135 are showing as open. These are my firewall rules. They are showed as closed :) Both are defined in /etc/shorewall/common.def Which is all explained in Shorewall FAQ #4. -Tom -- Tom Eastep\ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ [EMAIL PROTECTED] --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] weblet extension version 2
No problem. This actually got me playing around with this and I added one other thing that I've wanted for a while: a link to whois for each IP address that gets logged. I changed the following section: hitssort) HEAD='trtd width=20%Hits/tdtdIP-Address/tdtdWhois/tdtdDate/t AUS=`grep Shorewall: /var/log/shorewall.log |\ sed 's/\(.\{6\}\)\(.*SRC=\)\(.*\)\( DST=.*\)/\\/td\\td\\a href=\viewhits?x_\3\\\3\\/a\\/td\\ \td\\a href=\http:\/\/ws.arin.net\/cgi-bin\/whois.pl\?queryinput=\3\\Whois-\3\\ /a\\/td\\td\\ \1\\/td\\\/tr\'|\ sort |uniq -c | sort -rn |sed 's/^/\tr\\td\/'` titel=Hits sorted by frequency and by ip address ;; That's a lot of escapes. :) Ken -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of eric wolzak Sent: Monday, June 02, 2003 10:11 AM To: Ken Marshall; 'Tony'; 'Leaf-User' Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] weblet extension version 2 Hi Ken. I tried this code as well and I think that you have to substitute /var/log/shorewall.log for /var/log/messages in the code that Eric provided. It didn't work for me until I made this change. Perhaps an older version of Bering or Dach used the messages file to log packets, hence the confusion. Please correct me if I'm wrong, Eric. Thanks, Ken You are of course right , the log file should be the one the messages for shorewall are directed to. Bering 1.0 stable did the logging still in the /var/log/messages file ( this was the version I used to debug the script.) I should make things more modular again ;) Thanks for your feedback. --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] adding iproute2 policy on boot
Gurus, I have built a script that configures iproute2 on my LEAF box. I tried placing this script in /etc/network/if-up.d/ and then backing up - which saves my script quite nicely. When I restart networking from the menu I notice this script being run more than once, when ideally it should be run once on boot / network-restart. What is the best way to hook this script in ? Basically, it wget's a conf file from a private LAN, and executes it, loading extra addresses, routes into tables, rules etc. The Interface facing the core is not touched by the script - it is set and left in the inital config (too many times during testing I lost contact with the router due to slipups.) Only user-facing interfaces are configured. TIA, Steve --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Kernel panic-syslinux.cfg no good
On Sunday 01 June 2003 03:51 pm, Erich Titl wrote: [...] boot=dev/fd0u1680:msdos PKGPATH=/dev/fd0u1680 boot=/dev/fd0u1680 note preceeding '/' before 'dev' -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://guitarlynn.homelinux.org:81 --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Strange problem with Ap1000 and Wisp Dist!
Hi... i have that situation: # ttcp -s -r ttcp-r: buflen=8192, nbuf=2048, align=16384/0, port=5001 tcp ttcp-r: socket ttcp-r: accept from 200.253.xxx.xxx ttcp-r: 4194304 bytes in 17.12 real seconds = 239.25 KB/sec +++ ttcp-r: 2653 I/O calls, msec/call = 6.61, calls/sec = 154.96 ttcp-r: 0.0user 1.1sys 0:17real 7% 0i+0d 0maxrss 0+2pf 0+0csw station: -root- # ttcp -n512 -s -t 200.253.187.144 ttcp-t: buflen=8192, nbuf=512, align=16384/0, port=5001 tcp - 200.253.xxx.xxx ttcp-t: socket ttcp-t: connect ttcp-t: 4194304 bytes in 2497.68 real seconds = 1.64 KB/sec +++ ttcp-t: 512 I/O calls, msec/call = 4995.36, calls/sec = 0.20 ttcp-t: 0.0user 0.3sys 41:37real 0% 0i+0d 0maxrss 0+2pf 0+0csw The SNR in AP Manager is in good... without packet loss... Is in both sides Orinoco Gold Card with firmware 7.28. This is, when the station try to upload/send packets the rate is too slow... but for receiving is ok! Anyone have any idea of what can be??? I already change the entire equipment, the distance between AP1000 and the station is about 600m Thanks Samuel Abreu --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] pppoe-server
Does anyone have a working pppoe-server running ? I have pppoe-server accepting connections but pppd dies and pppoe-server spawns another. I am thinking it is a pppd config problem. comments ? TIA, Steve --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Receiving Dial up connections from a modem.
On Friday 30 May 2003 08:12 am, James Neave wrote: Hi, Is the following possible? Can a LEAF box, without any coding required, auto-answer a modem, authenticate the caller and start a PPP interface across that connection? Yep, if you configure your system to do so. I have posted a draft of a PPP server howto on the leaf-devel list, it will come up in a search of the archives (and linked in leaf-user a week or so ago). Once I have the box connected, the caller can initiate TCP connections to any local daemons running, yes? Yes, through use of proxy-arp'ing the ppp interfaces to the local LAN. What if the modem was a PCMCIA modem? Likely if the modem is supported, I haven't tried that one. -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://guitarlynn.homelinux.org:81 --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] weblet extension version 2
Hi Ken, Yeah, actually I picked that up. What happened was I was missing a backtick that somehow dropped off when I pasted the code into the window. Thanks, Tony P.S. Thanks for that lookup code, that's also helpful. I had thought about that, but didn't want to push my luck. ;-) -Original Message- From: Ken Marshall [mailto:[EMAIL PROTECTED] Sent: Monday, June 02, 2003 11:55 AM To: 'Tony'; 'eric wolzak'; 'Leaf-User' Cc: [EMAIL PROTECTED] Subject: RE: [leaf-user] weblet extension version 2 Hi Tony, I tried this code as well and I think that you have to substitute /var/log/shorewall.log for /var/log/messages in the code that Eric provided. It didn't work for me until I made this change. Perhaps an older version of Bering or Dach used the messages file to log packets, hence the confusion. Please correct me if I'm wrong, Eric. Thanks, Ken --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Shorewall rules and stuff. ;)
On Mon, 2 Jun 2003 18:37:10 +1000, Adam Niedzwiedzki [EMAIL PROTECTED] wrote: I have a couple of question about shorewall and stuff I'm running version 1.3 from on the base install of bering. I was reading the shorewall help and have a question about this line. You know, there is an entire web site devoted to Shorewall with detailed documentation, QuickStart Guides (the two-interface guide is particularly relevant for Bering users), FAQ (FAQ #24 applies to your question), troubleshooting tips, and much more. It's a good place to look before you post Shorewall questions to the list. For version 1.3, go to http://www.shorewall.net/1.3. -Tom -- Tom Eastep\ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ [EMAIL PROTECTED] --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Shorewall rules and stuff. ;)
On Tue, 3 Jun 2003 08:24:41 +1000, Adam Niedzwiedzki [EMAIL PROTECTED] wrote: But I was asking on how to restrict SSH to only answer on one of my LIVE ips and for shorewall to ONLY allow ssh connections on that LIVE ip. Due to me only being on a dynamic IP (my DSL provider is a real PIG they force change my IP every 2 days) I can't restrict SSH to a fixed IP. I have absolutely no idea what you mean by LIVE IP. I can point out however that the answer to FAQ #2 shows you now to determine the current IP address of an interface and then use that IP address in a rule. And the reason that ORIGINAL DEST is only needed in DNAT -- when you are doing DNAT, there are two destinations; the ORIGINAL DESTINATION and the FINAL DESTINATION. In all other cases, the destination isn't changed by the rule so there is only one and you specify it (obsurely) in the DEST(INATION) column. And I do know of the shorewall site. But I think I do this time have a valid question in relation to upgrading from 1.3 to 1.4? Your wesite says If you already have a running Bering installation and wish to upgrade to a later version of Shorewall: UNDER CONSTRUCTION... That worried ME even more... Is it a timing issue on getting the documentation done or is it a little more complicated? a) I don't run Bering. b) I will never run Bering. c) No one that runs Bering has stepped forward to write this section even though I've asked on the list. d) Therefore, I have concluded that either no one knows how to do it or no one care's enough to let other know how to do it. -Tom -- Tom Eastep\ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ [EMAIL PROTECTED] --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Shorewall rules and stuff. ;)
On Tue, 3 Jun 2003 09:52:47 +1000, Adam Niedzwiedzki [EMAIL PROTECTED] wrote: On Tue, 3 Jun 2003 08:24:41 +1000, Adam Niedzwiedzki [EMAIL PROTECTED] wrote: But I was asking on how to restrict SSH to only answer on one of my LIVE ips and for shorewall to ONLY allow ssh connections on that LIVE ip. Due to me only being on a dynamic IP (my DSL provider is a real PIG they force change my IP every 2 days) I can't restrict SSH to a fixed IP. Hmm ok my external interfaces has half a Class C on it. 67.106.134.xx I want to only allow SSH to listen on one IP 67.106.134.127 on the external interface and of course only want shorewall to allow connections to SSH on the external interface using the IP 67.106.134.127 And you really can't see how to do that? a) I don't run Bering. If you do run a firewall what is it? Just our of interest? Shorewall on a minimal RedHat 9.0 install. b) I will never run Bering. c) No one that runs Bering has stepped forward to write this section even though I've asked on the list. Hmm ok didn't even know you were waiting on some documentation... I'll give it bash if you want :) Seen as I'm gonna have to do it myself anyways, I spose I can write down how. Thanks! -Tom -- Tom Eastep\ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ [EMAIL PROTECTED] --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Lost of port forwarding with Bering/Shorewall...
Hi! I was wondering if there is any known issues in Bering (V1.1) and/or the Shorewall that came with (1.3.?) that might cause it to temporarily stop forwarding a port... One of the server stopped responding to queries while another (but on another segment, the one of the DMZ) was still accessible... According to the logs it could still access the outside (Internet) but the port that was forwarded to it appeared to no longer be forwarded. A few minutes after the initial attempt to connect everything returned to normal... Any suggestions? Thanks! Nick PS: Please cc me on your replies as I am subscribed to the digest and I need help ASAP... Thanks! --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] weblet extension version 2
FWIW, I think that's a very useful addition for the standard distribution. Paul Rogers ([EMAIL PROTECTED]) http://www.xprt.net/~pgrogers/ http://www.angelfire.com/or/paulrogers/ Rogers' Second Law: Everything you do communicates. (I do not personally endorse any additions after this line. TANSTAAFL :-) - Begin forwarded message -- From: Ken Marshall [EMAIL PROTECTED] Subject: RE: [leaf-user] weblet extension version 2 Date: Mon, 2 Jun 2003 10:56:43 -0600 Organization: Black Mountain Software, Inc. This actually got me playing around with this and I added one other thing that I've wanted for a while: a link to whois for each IP address that gets logged. I changed the following section: The best thing to hit the internet in years - Juno SpeedBand! Surf the web up to FIVE TIMES FASTER! Only $14.95/ month - visit www.juno.com to sign up today! --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Strange problem with Ap1000 and Wisp Dist!
What are the signal levels from both sides? Samuel Abreu de Paula wrote: Hi... i have that situation: # ttcp -s -r ttcp-r: buflen=8192, nbuf=2048, align=16384/0, port=5001 tcp ttcp-r: socket ttcp-r: accept from 200.253.xxx.xxx ttcp-r: 4194304 bytes in 17.12 real seconds = 239.25 KB/sec +++ ttcp-r: 2653 I/O calls, msec/call = 6.61, calls/sec = 154.96 ttcp-r: 0.0user 1.1sys 0:17real 7% 0i+0d 0maxrss 0+2pf 0+0csw station: -root- # ttcp -n512 -s -t 200.253.187.144 ttcp-t: buflen=8192, nbuf=512, align=16384/0, port=5001 tcp - 200.253.xxx.xxx ttcp-t: socket ttcp-t: connect ttcp-t: 4194304 bytes in 2497.68 real seconds = 1.64 KB/sec +++ ttcp-t: 512 I/O calls, msec/call = 4995.36, calls/sec = 0.20 ttcp-t: 0.0user 0.3sys 41:37real 0% 0i+0d 0maxrss 0+2pf 0+0csw The SNR in AP Manager is in good... without packet loss... Is in both sides Orinoco Gold Card with firmware 7.28. This is, when the station try to upload/send packets the rate is too slow... but for receiving is ok! Anyone have any idea of what can be??? I already change the entire equipment, the distance between AP1000 and the station is about 600m Thanks Samuel Abreu --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html -- Best Regards, Vladimir Ivaschenko Thunderworx - Senior Systems Engineer (RHCE) --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] shaping control started , but not serving my pcs
hello all Sorry for posting, but after many hours searching in several faqs , i decide to post to find some help. tcstart started without any boot error message The bering pc are serving 16 pcs in my lan To share a 128K leased line. I noticed that shaping not running , because yesterday one guys using imesh have their downloads at 3x5k . and then surfing was verry slow. I appreciate Any help to find whats wrong in my setting. Thanks i noticed also on the weblet interface, The firewall status are in Error ( just 5min after rebooting): firewall Firewall Status: error You have 518 denied or rejected packets in your recent packet logs. ::Hits sorted by porttype:: hits port Service 134 80 www 119 137 netbios-ns 110 138 netbios-dgm 28 1214 27 1428 20 1900 18 28431 7 5499 7 27024 7 27023 ## After 1 hour : i have that firewall Firewall Status: error You have 2637 denied or rejected packets in your recent packet logs. ::Hits sorted by porttype:: hits port Service 422 137 netbios-ns 335 138 netbios-dgm 295 80 www 127 27015 118 27024 118 27023 118 27022 118 27021 118 27020 118 27019 118 27018 118 27017 118 27016 There are some of my Shorewall setting. ALL THE REST ARE DEFAULT ## Shorewall.conf ADD_IP_ALIASES=Yes (because i am usint SNAT) MANGLE_ENABLED=Yes TC_ENABLED=Yes CLEAR_TC=No MARK_IN_FORWARD_CHAIN=Yes ## TCRULES: #MARKSOURCE DESTPROTO PORT(S)CLIENT PORT(S) 1eth10.0.0.0all 2fw0.0.0.0all 3fw0.0.0.0tcp80 4fw0.0.0.0tcp20 4fw0.0.0.0tcp21 4fw0.0.0.0tcp 1214- 4fw0.0.0.0tcp4329 4fw0.0.0.0tcp4661:4665 4fw0.0.0.0tcp412 ## TOS: #SOURCE DESTPROTOCOLSOURCE PORTSDEST PORTSTOS allalltcp- ssh16 allalltcpssh- 16 allalltcp- ftp4 allalltcpftp- 4 allalltcp80 8016 allalltcpftp-data- 2 allalltcp-ftp- data2 allalltcp- 12142 allalltcp1214- 2 allalltcp4329- 2 allalltcp- 43292 allalltcp4661:4665- 2 allalltcp- 4661:46652 allalltcp412- 2 allalltcp- 4122 ## RULES: #Playing Games online : Camelot # ACCEPTfwnet:193.252.123.0/24tcp1280 ACCEPTfwnet:193.252.123.0/24tcp 10500:10504 ACCEPTfwnet:193.252.123.0/24tcp 10622:10624 ## TCSTART run_tc qdisc add dev eth0 root handle 1: htb default 30 run_tc class add dev eth0 parent 1: classid 1:1 htb rate 128kbps ceil 128kbps run_tc class add dev eth0 parent 1:1 classid 1:10 htb rate 72kbps ceil 128kbps burst 2k prio 1 run_tc class add dev eth0 parent 1:1 classid 1:11 htb rate 32kbps ceil 128kbps prio 2 run_tc class add dev eth0 parent 1:1 classid 1:12 htb rate 24kbps ceil 128kbps prio 3 run_tc filter add dev eth0 protocol ip parent 1:0 prio 4 handle 2 fw classid 1:10 run_tc filter add dev eth0 protocol ip parent 1:0 prio 5 handle 3 fw classid 1:11 run_tc filter add dev eth0 protocol ip parent 1:0 prio 6 handle 4 fw
[leaf-user] syslinux question: putting bering on a diskonchip
Hi, I've been following the instructions from the user manual for putting berind on a IDE drive. My IDE drive is a 64MB SanDisk diskonchip module. When I execute the syslinux /dev/hda1 (or syslinux -s /dev/hda1) command I always get a warning message about something with permissions being possibly set wrong for /tmp. When I attempt to boot the system with the IDE drive, it says it is missing the operating system. The linux kernel file is there, so I assume this is a syslinux issue. After mounting /dev/hda1 I don't see the ldlinux.sys file, and I am not even sure this should be there. Any pointers in the right direction would be appreciated. Thanks, MArc --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] syslinux question: putting bering on a diskonchip
Hi Marc. If the disk-on-chip is anything like my setup, the /hda1 device will be the wrong device. With Bering, it will probably be /nftla1. Cheers, == If each of us have one object, and we exchange them, then each of us still has one object. If each of us have one idea, and we exchange them, then each of us now has two ideas. == http://www.olgc.ca888-345-7568 ext. 2210 mailto:[EMAIL PROTECTED]416-213-2210 (direct) == Marc E. Fiuczynski [EMAIL PROTECTED] To: Leaf User [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED]Subject: [leaf-user] syslinux question: putting bering on a diskonchip ceforge.net 06/03/2003 01:03 PM Hi, I've been following the instructions from the user manual for putting berind on a IDE drive. My IDE drive is a 64MB SanDisk diskonchip module. When I execute the syslinux /dev/hda1 (or syslinux -s /dev/hda1) command I always get a warning message about something with permissions being possibly set wrong for /tmp. When I attempt to boot the system with the IDE drive, it says it is missing the operating system. The linux kernel file is there, so I assume this is a syslinux issue. After mounting /dev/hda1 I don't see the ldlinux.sys file, and I am not even sure this should be there. Any pointers in the right direction would be appreciated. Thanks, MArc --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html