Re: [leaf-user] Dachstein, 2 internal nets routing
Mark Bynum wrote: Richard, Two questions: 1. What is wrong with Dachstein? Is it insecure? 2. I've tried your suggestions and still I can't ping either internal network from the other. But, I do know have a new route: 192.168.2.0/24 via 192.168.1.254 dev eth1 The other one didn't take. I don't know why. Any other suggestions? Thanks, Mark Richard Doyle wrote: On Thu, 2003-09-25 at 21:37, Mark Bynum wrote: INTERN_NET="192.168.1.0/24 192.168.2.0/24" eth1_ROUTES="192.168.2.0/24_via_192.168.2.254" eth2_ROUTES="192.168.1.0/24_via_192.168.1.254" Don't use Dachstein, but the eth1 route can't go through 192.168.2.254 since 192.168.2.254 isn't on the 192.168.1.0 network. You need something like eth1_ROUTES="192.168.2.0/24_via_192.168.1.254" eth2_ROUTES="192.168.1.0/24_via_192.168.2.254" don't you? Dachstein will not route between interfaces unless you tell it to do so. To masquerade both networks INERN_NET=192.168.0/23 should cover both networks. Now you must specifically forward whatever traffic you want between these networks. you can list whatever ipchains rules you need for forwarding traffic between these networks. Put the ipchains commands in /etc/ipchains.forward --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Dachstein, 2 internal nets routing
Mark Bynum wrote: All, It shouldn't be this hard. All I'm trying to do is route between my two internal networks of 192.168.1.0 and 192.168.2.0. Here is what I have: INTERN_NET="192.168.1.0/24 192.168.2.0/24" eth1_ROUTES="192.168.2.0/24_via_192.168.2.254" eth2_ROUTES="192.168.1.0/24_via_192.168.1.254" eth1 is the 192.168.1.0 network, eth2 is the other one. I can ping 192.168.1.254 from the 192.168.2.0 network and also 192.168.2.254 from the 192.168.1.0 network, but no other addresses on the opposite internal networks. Connections to the outside world, through eth0, work fine. I must be missing something, it's got me stumped. As Victor mentioned, what you're missing is firewall rules. By default, Dachstein does not forward packets between multiple internal networks. You do *NOT* need any entries for eth1_ROUTES or eth2_ROUTES, since your firewall is directly connected to both internal networks. To allow all traffic to be forwarded between your two internal networks, you should add an appropriate rule to /etc/ipchains.forward. Something like: $IPCH -I forward -j ACCEPT -s 192.168.1.0/24 -d 192.168.2.0/24 -b -- Charles Steinkuehler [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] OT: Piracy and imact on Linux
Interesting... http://www.pcmag.com/article2/0,4149,1275902,00.asp = - Peter Nosko ([EMAIL PROTECTED]) This is a good place for a tagline. __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] openssh 3.7.1p1
On Thu, 2003-09-25 at 14:02, Jacques Nilo wrote: > Le Jeudi 25 Septembre 2003 09:07, Stephen Lee a écrit : > > On Wed, 2003-09-24 at 14:48, Brian Fisher wrote: > > > Hi All, > > > > > > I have updated my bering with the new ssh suite. Here's a bug that > > > I want to pass along. > > > > > > I use putty to ssh into my bering box and all is good except when > > > I want to 'break' or end a command. > > >for example, if I start to ping an ip and then want to stop the ping > > > I would just use 'ctrl-c' but that command now closes the ssh window ! > > > > > > Has anyone ran into this problem ? > > > > I recently reported this problem when Superfreeswan was activated in > > Bering 1.2. I suspect changing "stty" settings will fix the > > unintentionally aborted ssh shell. Where are stty settings located in > > Bering? > > 1/ stty setting are set in /etc/profile (or /root/.profile) > 2/ This problem occured the first time with openssh 3.6.1 > See my mail on this: > http://sourceforge.net/mailarchive/message.php?msg_id=4480281 > That is why at that time I went back to 3.5p1 > > If someone can provide a fix let us know. I do not have much time currently. > Otherwise I will apply the latest security patch to 3.5p1 until a solution is > found. > > Jacques Here's the error message from auth.log accompanying an ssh login (Bering running OpenSSH_3.7.1p1): Sep 26 07:43:58 instylegate2 sshd[15881]: Accepted password for root from 64.85.225.252 port 47995 ssh2 Sep 26 07:43:58 instylegate2 sshd[3682]: error: ioctl(TIOCSCTTY): Operation not permitted Sep 26 07:43:58 instylegate2 sshd[3682]: error: open /dev/tty failed - could not set controlling tty: Device not configured I've tried all kinds of stty settings including brkint, sane and raw with no effect on control-c. Stephen --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Static Route Setup for Bering Firewall
Hi All, Has anyone setup Static routes on Bering 1.2? I am trying to add the following to the /etc/network/interfaces file up route -net 1.2.3.4 netmask 255.255.255.248 gw 4.5.6.7 When I do a ip route, I don't see the route above. I have also tried to add a route using ip route add etc.. etc.. but I am not sure of the exact syntax, since I get an error. Please help Regards, Simon. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] RE: PPTP Client trouble
Hi! I'm using Bering 2.0 Beta4, with a 256 ADSL line. I also connect my Bering Box to a VPN Server (PoPtoP) through the DSL line. I've noticed 2 kinds of errors regarding the PPTP client. (that I'm not sure if they are related) The first one is when the connection is trying to get established. Several times (not allways) I get the following in daemon.log : Sep 26 11:09:11 Bering pppd[14988]: pppd 2.4.1 started by root, uid 0 Sep 26 11:09:11 Bering pppd[14988]: Using interface ppp1 Sep 26 11:09:11 Bering pppd[14988]: Connect: ppp1 <--> /dev/ttyp0 Sep 26 11:09:12 Bering pptp[1077]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:580]: Client connection established. Sep 26 11:09:13 Bering pptp[1077]: log[pptp_dispatch_ctrl_packet:pptp_ctrl.c:708]: Outgoing call established (call ID 0, peer's call ID 0). Sep 26 11:09:15 Bering pptp[982]: log[decaps_gre:pptp_gre.c:215]: short read (4294967295): Protocol not available Sep 26 11:09:15 Bering pptp[1077]: log[callmgr_main:pptp_callmgr.c:245]: Closing connection Sep 26 11:09:15 Bering pptp[1077]: log[pptp_conn_close:pptp_ctrl.c:307]: Closing PPTP connection Sep 26 11:09:17 Bering pptp[1077]: log[call_callback:pptp_callmgr.c:88]: Closing connection Sep 26 11:09:18 Bering pppd[14988]: Modem hangup Sep 26 11:09:18 Bering pppd[14988]: Connection terminated. And this lines repeats 4 o 5 times after the connection is finally established. The second error is : Sep 26 11:08:08 Bering pptp[564]: log[decaps_gre:pptp_gre.c:262]: discarding out-of-order seq is 201 seqrecv is 209 Sep 26 11:08:28 Bering pptp[564]: log[decaps_gre:pptp_gre.c:262]: discarding out-of-order seq is 202 seqrecv is 210 Sep 26 11:08:48 Bering pptp[564]: log[decaps_gre:pptp_gre.c:262]: discarding out-of-order seq is 203 seqrecv is 211 In this case, I get one line each 20 seconds. After a while (It can be 30 minutes), the ppptp link goes down and when it reconnects, this problem don't appears again. Any suggestion will be appreciated. Thanks in advance, Mariano --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Static Route Setup for Bering Firewall
Hi Erich, Your syntax did not work for me. I have since tried ip route add 1.2.3.4 via 4.5.6.7 this works and I have added it to the Shorewall start up script. (Before Shorewall Starts) Regards, Simon. -Original Message- From: Erich Titl [mailto:[EMAIL PROTECTED] Sent: 26 September 2003 16:39 To: Simon Chalk; Leaf-User List Subject: Re: [leaf-user] Static Route Setup for Bering Firewall Simon At 17:11 26.09.2003, Simon Chalk wrote: >Hi All, > >Has anyone setup Static routes on Bering 1.2? > >I am trying to add the following to the /etc/network/interfaces file > >up route -net 1.2.3.4 netmask 255.255.255.248 gw 4.5.6.7 > > >When I do a ip route, I don't see the route above. I have also tried to add >a route using > >ip route add etc.. etc.. Maybe you should tell route what to do like ip route add to 1.2.3.0/24 dev eth1 metric 1 HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Static Route Setup for Bering Firewall
[Simon Chalk] a ecrit le 26/09/2003 17:11 : Hi All, Has anyone setup Static routes on Bering 1.2? I am trying to add the following to the /etc/network/interfaces file up route -net 1.2.3.4 netmask 255.255.255.248 gw 4.5.6.7 When I do a ip route, I don't see the route above. I have also tried to add a route using ip route add etc.. etc.. but I am not sure of the exact syntax, since I get an error. Please help Regards, Simon. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html Try this in your /etc/network/interfaces : up ip route add 1.2.3.4/21 via 4.5.6.7 || true -- Bibinsa --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Static Route Setup for Bering Firewall
Hello Simon you wrote : > Hi All, > > Has anyone setup Static routes on Bering 1.2? > I am trying to add the following to the /etc/network/interfaces file > up route -net 1.2.3.4 netmask 255.255.255.248 gw 4.5.6.7 > > > When I do a ip route, I don't see the route above. I have also tried to add > a route using > > ip route add etc.. etc.. the netmask is transformed like this 255.255.255.248 is 8 +8 +8 + 5 bit or 29 bit ip route add 1.2.3.4/29 via 4.5.6.7 remember 4.5.6.7 should be reachable otherwise it could be necessary to use ip route add 1.2.3.4/29 via 5.5.5.5 via 4.5.6.7 put his line in the interfaces file after up so up ip route add 1.2.3.4/29 via 4.5.6.7 > but I am not sure of the exact syntax, since I get an error. > Regards eric wolzak member of the bering crew --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] openssh 3.7.1p1
Le Vendredi 26 Septembre 2003 16:55, Stephen Lee a écrit : > On Thu, 2003-09-25 at 14:02, Jacques Nilo wrote: > > Le Jeudi 25 Septembre 2003 09:07, Stephen Lee a écrit : > > > On Wed, 2003-09-24 at 14:48, Brian Fisher wrote: > > > > Hi All, > > > > > > > > I have updated my bering with the new ssh suite. Here's a bug > > > > that I want to pass along. > > > > > > > > I use putty to ssh into my bering box and all is good except > > > > when I want to 'break' or end a command. > > > >for example, if I start to ping an ip and then want to stop the > > > > ping I would just use 'ctrl-c' but that command now closes the ssh > > > > window ! > > > > > > > > Has anyone ran into this problem ? > > > > > > I recently reported this problem when Superfreeswan was activated in > > > Bering 1.2. I suspect changing "stty" settings will fix the > > > unintentionally aborted ssh shell. Where are stty settings located in > > > Bering? > > > > 1/ stty setting are set in /etc/profile (or /root/.profile) > > 2/ This problem occured the first time with openssh 3.6.1 > > See my mail on this: > > http://sourceforge.net/mailarchive/message.php?msg_id=4480281 > > That is why at that time I went back to 3.5p1 > > > > If someone can provide a fix let us know. I do not have much time > > currently. Otherwise I will apply the latest security patch to 3.5p1 > > until a solution is found. > > > > Jacques > > Here's the error message from auth.log accompanying an ssh login (Bering > running OpenSSH_3.7.1p1): > > Sep 26 07:43:58 instylegate2 sshd[15881]: Accepted password for root > from 64.85.225.252 port 47995 ssh2 > Sep 26 07:43:58 instylegate2 sshd[3682]: error: ioctl(TIOCSCTTY): > Operation not permitted > Sep 26 07:43:58 instylegate2 sshd[3682]: error: open /dev/tty failed - > could not set controlling tty: Device not configured > > I've tried all kinds of stty settings including brkint, sane and raw > with no effect on control-c. > > Stephen OK explanations are here: http://bugzilla.mindrot.org/show_bug.cgi?id=536 http://bugzilla.mindrot.org/show_bug.cgi?id=540 I'll released a fixed 3.7.1p2 over the week-end Jacques --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Ann: Bering-uClibc 2.0 rc1
The Bering-uClibc team released today the first release candidate for Bering-uClibc 2.0 - Bering-uClibc 2.0 rc1. No further changes are planned for stable release. Most notable in this release is the replacement of ifupdown with the according busybox applet - extensively patched by honourable Eric Spakman to get it finally working. Please note that it requires changed keywords in your network interface definition (/etc/network/interfaces) - so please do not (re)use your old /etc/network/interfaces file. Additionally you'll find some changes and cleanups in etc.lrp a few minor changes elsewhere and the fix of the famous /dev/null bug. For a complete Changelog please read: http://leaf.sourceforge.net/mod.php?mod=userpage&menu=91003&page_id=39 As usual you can download the image plus a ipv6 drop-in at: http://sourceforge.net/project/showfiles.php?group_id=13751 Please test and report any outstanding problems. thx for reading your Bering-uClibc team (sent to you by kp) --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] openssh 3.7.1p1
> Le Vendredi 26 Septembre 2003 16:55, Stephen Lee a écrit : >> On Thu, 2003-09-25 at 14:02, Jacques Nilo wrote: >> > Le Jeudi 25 Septembre 2003 09:07, Stephen Lee a écrit : >> > > On Wed, 2003-09-24 at 14:48, Brian Fisher wrote: >> > > > Hi All, >> > > > >> > > > I have updated my bering with the new ssh suite. >> Here's a bug >> > > > that I want to pass along. >> > > > >> > > > I use putty to ssh into my bering box and all is good >> except when I want to 'break' or end a >> command. >> > > >for example, if I start to ping an ip and then >> want to stop the >> > > > ping I would just use 'ctrl-c' but that command now >> closes the ssh window ! >> > > > >> > > > Has anyone ran into this problem ? >> > > >> > > I recently reported this problem when Superfreeswan was >> activated in Bering 1.2. I suspect changing "stty" >> settings will fix the >> > > unintentionally aborted ssh shell. Where are stty >> settings located in Bering? >> > >> > 1/ stty setting are set in /etc/profile (or >> /root/.profile) >> > 2/ This problem occured the first time with openssh 3.6.1 >> > See my mail on this: >> > http://sourceforge.net/mailarchive/message.php?msg_id=4480281 >> > That is why at that time I went back to 3.5p1 >> > >> > If someone can provide a fix let us know. I do not have >> much time currently. Otherwise I will apply the latest >> security patch to 3.5p1 until a solution is found. >> > >> > Jacques >> >> Here's the error message from auth.log accompanying an ssh >> login (Bering running OpenSSH_3.7.1p1): >> >> Sep 26 07:43:58 instylegate2 sshd[15881]: Accepted password >> for root from 64.85.225.252 port 47995 ssh2 >> Sep 26 07:43:58 instylegate2 sshd[3682]: error: >> ioctl(TIOCSCTTY): Operation not permitted >> Sep 26 07:43:58 instylegate2 sshd[3682]: error: open >> /dev/tty failed - could not set controlling tty: Device not >> configured >> >> I've tried all kinds of stty settings including brkint, >> sane and raw with no effect on control-c. >> >> Stephen > OK explanations are here: > http://bugzilla.mindrot.org/show_bug.cgi?id=536 > http://bugzilla.mindrot.org/show_bug.cgi?id=540 > I'll released a fixed 3.7.1p2 over the week-end > Jacques Merci!!! Stephen --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
