[leaf-user] Super ISDN Support Box.
Hello All, An all new problem to solve. Came up with this idea, the boss man likes it. Our company supports several clients and the majority have unshakeable policies of ZERO INCOMING INTERNET TRAFFIC. No ports open, period. The only way to remotely support these clients is to dial into their networks through ISDN. We have many (MANY) ISDN lines, and only 1 dual line is plugged into one ancient PC running NT4. This is our remote ISDN support box, and we are beginning to get queues to use it. We can't afford a more support PCs, plus we like this idea better. :) I came up with the idea that we might be able to NAT our development PCs behind a LEAF powered ISDN dial-up support box. The IPs of the remote servers that we support are generally in the 10.0.0.0/16 range, so I have to be careful with routes. Generally 1 IP address (say, 10.1.0.12) means Dial Client X and NAT connections to that host behind the IP dished out by the client's DHCP server. Then that connection must drop after 60 seconds. Any way to remotely control the connections? A daemon that sits and shows connection status and takes commands to drop them? So, multiple ISDN channels (2 per adaptor), can these go into a pool and connected to a client when required? Then discarded back into the pool after the timeout. Just a thought experiment at the moment, I'm still building Alex's network (ECI DSL modems won't work with Bering 1.2, joy...) and I've got a million and one jobs in The List to do first. James. --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Types of DMZ - Dachstein
Doug Sampson wrote: Very useful information, Charles. Although I don't quite get what proxy-arp really does and how it differs from, say, a strictly public DMZ. Perhaps a short explanation here will help set my mind straight. I am confused especially by the statement regarding separating the DMZ systems from the raw upstream connection. What is the benefit in that? In a traditional strictly public DMZ (DMZ=YES setting), the upstream link to your ISP and the DMZ have *DIFFERENT* IP address ranges. With proxy-arp, the upstream link and the DMZ network IP ranges are the *SAME*. Proxy-arp is the magic that connects systems through the firewall, but lets them think they're all on the same physical network segment. -- Charles Steinkuehler [EMAIL PROTECTED] --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Ann: Bering-uClibc 2.0 rc2
The Bering-uClibc team released today the second release candidate for Bering-uClibc 2.0 - Bering-uClibc 2.0 rc2. Most notable in this release are the modularisation of watchdog, due to user request, and usage of the dropbear multi option (one binary for dropbear and dropbearkey - like busybox). The later allows to significantly reduce space of the base image (about 40kb), but will add about 8 kb to an modified image, where the user removed dbearkey.lrp. We decided to go this way, to reduce maintenance efforts and to make it as simple as possible to use a secure shell on a single floppy. For final release we may update busybox to a fixed version - the current one is 1.0pre3 plus some fixes from cvs, but besides that, rc2 is considered as the final one. For a complete Changelog please read: http://leaf.sourceforge.net/mod.php?mod=userpagemenu=91003page_id=39 As usual you can download the image plus a ipv6 drop-in at: http://sourceforge.net/project/showfiles.php?group_id=13751 You are invited to test and report any outstanding problems. thx for reading your Bering-uClibc team (sent to you by kp) --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Thanks All
G'day all I just wanted to say thanks to all who post and answer questions on this list. I have only ever posted 2 questions,neither of which received a reply - so I assumed they must have been stupid questions and went back to the docs where I found the answers. Now our two offices are connected to the Internet and,through a VPN, to each other using Bering1.2. I am also able to dial up the internet from my W2k box at home and log into the office Netware server (slow but I'm not in a hurry). I didn't believe this was possible, especially by a dunderhead like me, and at almost no cost. Thanks everyone. Richard Saunders --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Q: router/firewall stops responding. What to do?
Hi, This floppy router has been working well for 2 years but now it stops working every day until I re-boot it. It is a 2.9.8 1.6MByte floppy distribution with a 2.2.16 kernel. The configuration is a routed DMZ of a /27 network. After a few hours of operation, I can't ping the external interface. When I re-boot, then it works. Sometime it comes back online during the night. I thought it might be overloaded with useless traffic and I commented all entries in syslog.conf because I thought that might reduce the load on the 120MHz Pentium computer. The logs were filled anyway before they were rotated because of too many useless packets. Can anybody provide any clues to what could cause this or what to do to find the reason for it? My Linux router knowledge is not very deep. Many thanks, Bernard --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Q: router/firewall stops responding. What to do?
Well ... we don't get many questions here about LRP classic, and I'm not at all sure how many people on this list still use it (rather than one of the newer LEAF variants), and Linux 2.2.16 is a distant memory for me. Someone here might be able to help you if you reported on the problem a bit more systematically. For starters, please read the SR FAQ (referenced at the end of this message) and provide the information it asks for, so we better understand the basics of your setup. Next, read the ping FAQs (in the Docs somewhere, look around) to see how better to report (and intrepret for yourself) ping failures -- the short version is that you need to rell us *how* ping fails, not just *that* it fails (what actual command do you type, what if any response do you get, and what OS is on the machine you are pinging from). Also, which side are you trying to ping from? If outside, might there be upstream problems, at the ISP say? You should check if the router itself is running before you reboot it. Can you log into it, via the console or ssh or telnet or whatever you have running on it? Can you ping its *internal* IP address successfully? The filesystem that holds the logs can fill up, and that could cause the sort of failure you seem to be seeing. How much RAM is in the system? Assuming you can log on to the router, is the filesystem with the logs actually full (I think LRP 2.9.8 supplied a version of busybox with the df command) at the time of failure? At 12:19 PM 10/15/2003 +1300, Bernard wrote: Hi, This floppy router has been working well for 2 years but now it stops working every day until I re-boot it. It is a 2.9.8 1.6MByte floppy distribution with a 2.2.16 kernel. The configuration is a routed DMZ of a /27 network. After a few hours of operation, I can't ping the external interface. When I re-boot, then it works. Sometime it comes back online during the night. I thought it might be overloaded with useless traffic and I commented all entries in syslog.conf because I thought that might reduce the load on the 120MHz Pentium computer. The logs were filled anyway before they were rotated because of too many useless packets. Can anybody provide any clues to what could cause this or what to do to find the reason for it? My Linux router knowledge is not very deep. --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Q: router/firewall stops responding. What to do?
At 01:13 PM 10/15/2003 +1300, Bernard wrote: Hi Ray, Thanks so much for your reply. After reading your suggestions, I think I should try a recent stable version before anything else. Which one would you suggest? Although there are many variants available, the two that seem to see the widest use are Dachstein and Bering. More use means more people able to answer questions ... so I'd suggest trying one or the other of them. I don't really have a redommendation between the two ... Bering is a bit more up to date, but your requirements are not really very tricky (the fact that you were meeting them until recently with LRP 2.9.8 is the best indication of that), so either should do the job. You might even want to stick with LRP 2.9.8. Had you reported a problem of this sort with eithe Dach or Bering, I'd still have given you pretty much the same advice ... troubleshooting requires information. It needs to fit on a floppy, must do both routing and firewalling and must support a routed DMZ. There is a permanent external ethernet connection and only a single internal interface to the DMZ, nothing else. The DMZ is a single Linux computer that runs multiple services with IP addresses in a /27 network. All these addresses are public, such as virtual web servers. Thanks again, [old stuff deleted] --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] really strange entries in shorewall log file
[accidentally sent this message from the wrong address, my apologies to the moderator] Hey folks, I'm running Bering a firewall, three interfaces: eth0 is 209.98.2.1 eth1 is 192.168.1.254 (LAN) eth2 is 10.0.0.254 (DMZ) This evening, I noticed the following in my log files: Oct 14 23:00:14 firewall Shorewall:all2all:REJECT: IN= OUT=eth0 MAC=00:77:c1:00:02:ff:ff:02:01:77:c1:10:07 SRC=209.98.2.1 DST=209.101.210.198 LEN=92 TOS=00 PREC=0x00 TTL=64 ID=42724 PROTO=ICMP TYPE=0 CODE=0 ID=512 SEQ=4323 Oct 14 23:00:24 firewall Shorewall:all2all:REJECT: IN= OUT=eth0 MAC=71:10:c0:00:00:00:00:11:00:00:00:00:00:00:00:00:00:00:00:02:00:00:00:00:00:00:00:d2:05:00:00:00:00:00:00:d2:05:00:00:49:12:00:00:00:00:00:00:00:00:20:c1:00:00:20:c1:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:ec:45:00:00:5c SRC=209.98.2.1 DST=209.101.210.198 LEN=92 TOS=00 PREC=0x00 TTL=64 ID=23174 PROTO=ICMP TYPE=0 CODE=0 ID=512 SEQ=5091 it continues on like this: Oct 14 23:02:57 firewall Shorewall:all2all:REJECT: IN= OUT=eth0 MAC=00:50:fc:59:16:5b:00:20:ea:1f:0f:fc:08:00 SRC=209.98.2.1 DST=209.98.111.101 LEN=92 TOS=00 PREC=0x00 TTL=64 ID=38485 PROTO=ICMP TYPE=0 CODE=0 ID=256 SEQ=43473 Oct 14 23:03:07 firewall Shorewall:all2all:REJECT: IN= OUT=eth0 MAC=00:50:fc:59:16:5b:00:20:ea:1f:0f:fc:08:00 SRC=209.98.2.1 DST=209.98.111.101 LEN=92 TOS=00 PREC=0x00 TTL=64 ID=57193 PROTO=ICMP TYPE=0 CODE=0 ID=256 SEQ=44241 Oct 14 23:06:53 firewall Shorewall:all2all:REJECT: IN= OUT=eth0 MAC=00:50:fc:59:16:5b:00:20:ea:1f:0f:fc:08:00 SRC=209.98.2.1 DST=209.101.254.160 LEN=92 TOS=00 PREC=0x00 TTL=64 ID=21489 PROTO=ICMP TYPE=0 CODE=0 ID=768 SEQ=32753 Oct 14 23:07:03 firewall Shorewall:all2all:REJECT: IN= OUT=eth0 MAC=00:50:fc:59:16:5b:00:20:ea:1f:0f:fc:08:00 SRC=209.98.2.1 DST=209.101.254.160 LEN=92 TOS=00 PREC=0x00 TTL=64 ID=34477 PROTO=ICMP TYPE=0 CODE=0 ID=768 SEQ=33521 Oct 14 23:07:22 firewall Shorewall:all2all:REJECT: IN= OUT=eth0 MAC=00:50:fc:59:16:5b:00:20:ea:1f:0f:fc:08:00 SRC=209.98.2.1 DST=209.97.104.30 LEN=92 TOS=00 PREC=0x00 TTL=64 ID=6621 PROTO=ICMP TYPE=0 CODE=0 ID=512 SEQ=39885 Oct 14 23:07:32 firewall Shorewall:all2all:REJECT: IN= OUT=eth0 MAC=00:50:fc:59:16:5b:00:20:ea:1f:0f:fc:08:00 SRC=209.98.2.1 DST=209.97.104.30 LEN=92 TOS=00 PREC=0x00 TTL=64 ID=32430 PROTO=ICMP TYPE=0 CODE=0 ID=512 SEQ=40653 Oct 14 23:07:36 firewall Shorewall:all2all:REJECT: IN= OUT=eth0 MAC=00:50:fc:59:16:5b:00:20:ea:1f:0f:fc:08:00 SRC=209.98.2.1 DST=209.97.104.65 LEN=92 TOS=00 PREC=0x00 TTL=64 ID=43425 PROTO=ICMP TYPE=0 CODE=0 ID=768 SEQ=19193 Oct 14 23:07:46 firewall Shorewall:all2all:REJECT: IN= OUT=eth0 MAC=00:50:fc:59:16:5b:00:20:ea:1f:0f:fc:08:00 SRC=209.98.2.1 DST=209.97.104.65 LEN=92 TOS=00 PREC=0x00 TTL=64 ID=32216 PROTO=ICMP TYPE=0 CODE=0 ID=768 SEQ=19961 I don't have foggiest idea what's going on here, and this certainly hasn't happened before, so any help would be appreciated. thanks, arif --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html