[leaf-user] dropbear and uclibc 2
anyone know if dropbear should do ssh tunnelling? it does NOT appear to be able, so next question is has anyone compiled lshd for uclibc v2? or am i stuck with the mammoth (relatively!) sshd? thanks! dwf --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] AVM Fritz!Card v2.x
Hello List for others that might be interested AVM Fritzcard version 2.x does work with Bering. Modules needed are: #modules need for AVM-Fritz!Card v2.x ISDN slhc isdn hisax hisac_isac hisax_fcpcipnp # Thanks to felix theodor for tying this out Regards Eric Wolzak member of the Bering Crew --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
Sean At 10:02 15.12.2003 -0500, Sean E. Covel wrote: Please stop me before I go running off down the wrong road!!! Here's the situation: My sister-in-law is dying to get herself a laptop and WIFI. They already have a cable modem and a virus-laden P2P, chat, teenager PC in the house. They have no firewall currently. She can never get on the PC, so she wants a laptop she can use anywhere. Here is what I am proposing to do: Cable Modem - Bering -- (Private Network) Current PC (Windows XP) | --- DMZ -- WAP -- Laptop (Windows XP) The question is, of course, how to secure the WIFI and Laptop. I was hoping that the Laptop could establish an IPSEC connection through the WAP to Bering. Only IPSEC connections would be allowed in the DMZ. I'm recommending she go with 802.11g so there is enough bandwidth left after IPSEC to do some useful work. Does this make any sense? Has anybody done it? Can a WAP passthrough IPSEC? I looked into adding a WIFI card to Bering but 802.11g cards are not well supported, AND I don't want to become full-time tech support for this configuration. You can easily use 802.11b, which is currently supported (and cheap), unless you need high speed access to something on your local LAN. I am running an encrypted tunnel between 2 WLAN connected sites on derelict Pentium hardware and I am saturating easily the WAN uplink. Even with 802.11g, a bad radio link does not give you good speed, so you best check out the site. Good propagation conditions is the keywword here, which partially translates to good antennas/cabling. For Windoze IPSEC set up you can look up the freeswan users mailing list (unfortunately down at the time being :-( ) HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
Hi Sean On Mon, 15 Dec 2003 10:02:35 -0500, Sean E. Covel [EMAIL PROTECTED] wrote: Here is what I am proposing to do: Cable Modem - Bering -- (Private Network) Current PC (Windows XP) | --- DMZ -- WAP -- Laptop (Windows XP) The question is, of course, how to secure the WIFI and Laptop. I was hoping that the Laptop could establish an IPSEC connection through the WAP to Bering. Strange! That's exactly what I'm planning at home, except there are two laptops, both running Mac OS X (which has an IPSEC client built in. As far as I've determined by searching the internet, as long as your access point is set up as a transparent bridge, the IPSEC traffic will pass straight through. cheers Julian --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
Julian, On Mon, 2003-12-15 at 11:32, Julian Church wrote: Hi Sean On Mon, 15 Dec 2003 10:02:35 -0500, Sean E. Covel [EMAIL PROTECTED] wrote: Here is what I am proposing to do: Cable Modem - Bering -- (Private Network) Current PC (Windows XP) | --- DMZ -- WAP -- Laptop (Windows XP) The question is, of course, how to secure the WIFI and Laptop. I was hoping that the Laptop could establish an IPSEC connection through the WAP to Bering. Strange! That's exactly what I'm planning at home, except there are two laptops, both running Mac OS X (which has an IPSEC client built in. As far as I've determined by searching the internet, as long as your access point is set up as a transparent bridge, the IPSEC traffic will pass straight through. cheers Julian Since this needs to be up-and-running quickly, and I'm doing it in my spare time, I wanted to go the path of least resistance. How soon till you implement? I was hoping to learn from someone else's mistakes ;-). Don't want to be the trailblazer on this one. It just sounds too easy. Anyone actually done it? Even with 802.11a/b/g? --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] IPSec WiFi vs. weblet
Hi all, I use two wireless networks simultaneous in a Soekris embeded PC with Bering V1.2. + one normaly wired LAN. Weblet run fine from all subnets. I have not uncomment this in ssh.httpd.conf file : #Who can access the server? #CLIENT_ADDRS=192.168.1 In Shorewall policy file, I have this : fw loc ACCEPT loc fw ACCEPT and the same for all invoqued interfaces wlan0 and wlan1 zone aliases. I hope this could help. If not, let me know what you want more. Good Luck. Best Regards, Francois BERGERET, France. -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de Christopher Harewood Envoye : lundi 15 decembre 2003 07:10 Cc : [EMAIL PROTECTED] Objet : Re: [leaf-user] IPSec WiFi vs. weblet The 192.168.3.0 subnet is my IPSec vpn. Hence, in /etc/shorewall/rules: ACCEPTloc fw tcp 80 ACCEPTvpn fw tcp 80 No weblet over the vpn, and no hits in the firewall log, so I surmise that it's not a Shorewall issue. But I've been wrong before. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click -- -- leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Save Zebra config fails
Hi, I'm experimenting with Bering uClibc and the Zebra package. When i try to save the ospfd configuration from the vty (with 'write' or 'copy running-config startup-config', I get the message Configuration save to /etc/zebra/ospfd.conf. But when i check this file, it is still the default one, so it seems nothing is saved. Am I doing something wrong ? Any suggestions ? Thanks, Wim --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] LONG /sbin/htb.init: 636: Syntax error: Bad substitution
I'm currently experiencing the same problem. I think this has to do with the Ash/Bash problems. Earlier on, there was a thread that I believe resolved this. I am going backwards now to find it. I'll update you as I make progress. Cheers joey -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Yazgot Sent: Monday, December 08, 2003 3:03 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [leaf-user] LONG /sbin/htb.init: 636: Syntax error: Bad substitution Hello ! Could anyone tell me what am i doing wrong ? I've installed QoS package tc ss010824 qos-htb 0.8.3 i can edit HTB rules by menu at lrcfg but... 1. It looks like it doesn't work at any interface (I've configured ppp0 as network interface - SAGEM [EMAIL PROTECTED] ADSL modem and eth0 as LAN interface ). I've checked it by: tc -s -d cl show dev [eth0 | ppp0] besides /var/cache/htb.init (below) script doesn't look like created on my machine :-( 2. when bering (1.2) boots up i get QoS message at console without any err htb.init (QoS) ... start 3. after invoking htb.init or /etc/init.d/htb.init stats i get /sbin/htb.init: 636: Syntax error: Bad substitution here's my machine configuration # lrpkg -l NameVersionDescription ===-==-= = initrd V1.2 LEAF Bering initial filesystem rootV1.2 Core LEAF Bering package etc V1.2 LEAF Bering /etc files local V1.2 LEAF Bering local package modules V1.2 Define contain your LEAF Bering modules iptables1.2.8 IP packet filter administration tools for 2.4. ppp 2.4.1-pppoePoint-to-Point Protocol (PPP) daemon eagle 1.0.4 Linux driver for DSL modems based on the Analo shorwall1.4.2 Shoreline Firewall (Shorewall) ulogd 1.0The Netfilter Userspace Logging Daemon libcrpto0.9.7c Rev 1 libcrypto - part of the Openssl libraries sshd3.7.1p2 compil OpenSSH sshd daemon. weblet 1.2.0 weblet - LRP status via a small web server libm The libm Library dhcpd3 3.0pl2 ISC DHCP server for automatic IP address assig dnscache1.05a dnscache from djbdns (V1.05a) package creates ezipupd 3.0.11b8 ez-ipupdate is a client for several dynamic IP tc ss010824 tc from iproute2 patched for HTB3 packet sched qos-htb 0.8.3 QoS HTB based - HTB.init Quality Of Service pa ssh 3.7.1p2 compil OpenSSH ssh scp programs. sftp3.7.1p2 compil OpenSSH sftp client server programs. links 0.95 Links is an advanced replacement for lynx, the iptraf 1.3.0-1 libncurs # ip a 1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:10:5a:47:2b:c8 brd ff:ff:ff:ff:ff:ff inet 192.168.1.254/24 brd 192.168.1.255 scope global eth0 4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:60:4c:14:f4:6e brd ff:ff:ff:ff:ff:ff 5: ppp0: POINTOPOINT,MULTICAST,NOARP,UP mtu 1492 qdisc pfifo_fast qlen 3 link/ppp inet 80.54.204.100 peer 213.25.2.80/32 scope global ppp0 firewall: -root- # cat /sbin/htb.sysconfig #!/bin/bash # This is the main script to build the configuration # files in the format proposed by htb.init # By default, if nothing is modified, the generated files # are adecuated to create classes that control minimum latency # and maximum throughput traffic. # But two (2) more classes are created, one specific for web traffic (port 80) # and a 'default' class for the rest. Normally, web traffic is considered of minimum # latency and that's the way we have configured it (it has a higher priority # than the maximum throughput and default), but it has it's own class because # of it's importance, so you could assign it a different class from ssh, dns, etc. # If you want to adjust the values for your own connection, # it will be enough to know the download and dowload bandwidth # to automatically adjust the RATE and CEIL values of each class. # When you are done, don't forget to execute: # #/etc/init.d/htb.init recreate #/etc/init.d/htb.init reload # # to rebuild the configuration files and restart the service. # By default the values are calculated for a 256Kbits download # and 128 Kbits upload bandwidth, very commom in Spain. # # NOTE: all values should be around 95-98% aprox. of the real ones # to be shure the queue is managed in your Linux router.
RE: [leaf-user] QOS setup under Bering 1.2
-Original Message- From: S Mohan [mailto:[EMAIL PROTECTED] Sent: Saturday, November 15, 2003 3:37 AM To: 'Joey Officer' Subject: RE: [leaf-user] QOS setup under Bering 1.2 I think the package is broken. Can Juan/Jacques let us know which the right package is? Apart from this, the standard qos-htb menu entry points to /sbin/htb-init instead of the file which is indicated by the manual. Can the package maintainers check this out please? Warm regards Mohan On Friday, November 14, 2003 8:35 AM Joey Officer wrote: : I've read over the docs for the Bering user guide, and have been : stuck at a single spot: : : firewall: -root- : # tc qdisc add dev eth0 root : RTNETLINK answers: Invalid argument : : I have noticed that when I go into LRCFG, that the qos-htb package is : not listed. Is there anyway to confirm that the packages are being : loaded properly? Or, is there a better place to start looking for the : culprit? : : The ultimate goal here is to allow my VoIP phone to have priority : over all other traffic, if there is a better way, please advise. : : Joey : : : : --- : This SF.Net email sponsored by: ApacheCon 2003, : 16-19 November in Las Vegas. Learn firsthand the latest developments : in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! : http://www.apachecon.com/ : : leaf-user mailing list: [EMAIL PROTECTED] : https://lists.sourceforge.net/lists/listinfo/leaf-user : SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html