[leaf-user] dropbear and uclibc 2

2003-12-15 Thread David Fallin 
anyone know if dropbear should do ssh tunnelling? it does NOT appear to be able, so 
next question is has anyone compiled lshd for uclibc v2? or am i stuck with the 
mammoth (relatively!) sshd?

thanks!
dwf


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] AVM Fritz!Card v2.x

2003-12-15 Thread Eric Wolzak 
Hello List 

for others that might be interested 

AVM Fritzcard version 2.x does work with Bering.

Modules needed are:

#modules need for AVM-Fritz!Card v2.x ISDN
slhc
isdn
hisax
hisac_isac
hisax_fcpcipnp 
#

Thanks to felix theodor for tying this out

Regards

Eric Wolzak
member of the Bering Crew


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???

2003-12-15 Thread Erich Titl 
Sean

At 10:02 15.12.2003 -0500, Sean E. Covel wrote:
Please stop me before I go running off down the wrong road!!!

Here's the situation:  My sister-in-law is dying to get herself a laptop
and WIFI.  They already have a cable modem and a virus-laden P2P, chat,
teenager PC in the house.  They have no firewall currently.  She can
never get on the PC, so she wants a laptop she can use anywhere.
Here is what I am proposing to do:

Cable Modem - Bering -- (Private Network) Current PC (Windows XP)
|
--- DMZ -- WAP -- Laptop (Windows XP)
The question is, of course, how to secure the WIFI and Laptop.  I was
hoping that the Laptop could establish an IPSEC connection through the
WAP to Bering.  Only IPSEC connections would be allowed in the DMZ.  I'm
recommending she go with 802.11g so there is enough bandwidth left after
IPSEC to do some useful work.
Does this make any sense?  Has anybody done it?  Can a WAP passthrough
IPSEC?
I looked into adding a WIFI card to Bering but 802.11g cards are not
well supported, AND I don't want to become full-time tech support for
this configuration.
You can easily use 802.11b, which is currently supported (and cheap), 
unless you need high speed access to something on your local LAN.
I am running an encrypted tunnel between 2 WLAN connected sites on derelict 
Pentium hardware and I am saturating easily the WAN uplink.
Even with 802.11g, a bad radio link does not give you good speed, so you 
best check out the site. Good propagation conditions is the keywword here, 
which partially translates to good antennas/cabling. For Windoze IPSEC set 
up you can look up the freeswan users mailing list (unfortunately down at 
the time being :-(  )

HTH
Erich
THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???

2003-12-15 Thread Julian Church 
Hi Sean

On Mon, 15 Dec 2003 10:02:35 -0500, Sean E. Covel [EMAIL PROTECTED] 
wrote:

Here is what I am proposing to do:

Cable Modem - Bering -- (Private Network) Current PC (Windows XP)
|
--- DMZ -- WAP -- Laptop (Windows XP)
The question is, of course, how to secure the WIFI and Laptop.  I was
hoping that the Laptop could establish an IPSEC connection through the
WAP to Bering.
Strange!

That's exactly what I'm planning at home, except there are two laptops, 
both running Mac OS X (which has an IPSEC client built in.

As far as I've determined by searching the internet, as long as your 
access point is set up as a transparent bridge, the IPSEC traffic will 
pass straight through.

cheers

Julian

---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???

2003-12-15 Thread Sean E. Covel 
Julian,

On Mon, 2003-12-15 at 11:32, Julian Church wrote:
 Hi Sean
 
 On Mon, 15 Dec 2003 10:02:35 -0500, Sean E. Covel [EMAIL PROTECTED] 
 wrote:
 
  Here is what I am proposing to do:
 
  Cable Modem - Bering -- (Private Network) Current PC (Windows XP)
  |
  --- DMZ -- WAP -- Laptop (Windows XP)
 
  The question is, of course, how to secure the WIFI and Laptop.  I was
  hoping that the Laptop could establish an IPSEC connection through the
  WAP to Bering.
 
 Strange!
 
 That's exactly what I'm planning at home, except there are two laptops, 
 both running Mac OS X (which has an IPSEC client built in.
 
 As far as I've determined by searching the internet, as long as your 
 access point is set up as a transparent bridge, the IPSEC traffic will 
 pass straight through.
 
 cheers
 
 Julian
 
 

Since this needs to be up-and-running quickly, and I'm doing it in my
spare time, I wanted to go the path of least resistance.  How soon till
you implement?  I was hoping to learn from someone else's mistakes ;-). 
Don't want to be the trailblazer on this one.  It just sounds too easy. 
Anyone actually done it?  Even with 802.11a/b/g?




---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] IPSec WiFi vs. weblet

2003-12-15 Thread Francois BERGERET 
Hi all,

I use two wireless networks simultaneous in a Soekris embeded PC with
Bering V1.2. + one normaly wired LAN. Weblet run fine from all
subnets. I have not uncomment this in ssh.httpd.conf file :

#Who can access the server?
#CLIENT_ADDRS=192.168.1

In Shorewall policy file, I have this :

fw  loc ACCEPT
loc fw  ACCEPT

and the same for all invoqued interfaces wlan0 and wlan1 zone aliases.

I hope this could help. If not, let me know what you want more.

Good Luck.
Best Regards,
Francois BERGERET,
France.

 -Message d'origine-
 De : [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] la part de
 Christopher
 Harewood
 Envoye : lundi 15 decembre 2003 07:10
 Cc : [EMAIL PROTECTED]
 Objet : Re: [leaf-user] IPSec WiFi vs. weblet


 The 192.168.3.0 subnet is my IPSec vpn.  Hence, in
 /etc/shorewall/rules:
 ACCEPTloc fw  tcp 80
 ACCEPTvpn fw  tcp 80

 No weblet over the vpn, and no hits in the firewall log, so I
 surmise that
 it's not a Shorewall issue.  But I've been wrong before.




 ---
 This SF.net email is sponsored by: IBM Linux Tutorials.
 Become an expert in LINUX or just sharpen your skills.  Sign
 up for IBM's
 Free Linux Tutorials.  Learn everything from the bash shell
 to sys admin.
 Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
 --
 --
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Save Zebra config fails

2003-12-15 Thread Wim Acke 
Hi,

I'm experimenting with Bering uClibc and the Zebra package.
When i try to save the ospfd configuration from the vty (with 'write' or
'copy running-config startup-config', I get the message Configuration save
to /etc/zebra/ospfd.conf.  But when i check this file, it is still the
default one, so it seems nothing is saved.

Am I doing something wrong ?  Any suggestions ?

Thanks,

Wim



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] LONG /sbin/htb.init: 636: Syntax error: Bad substitution

2003-12-15 Thread Joey Officer 
I'm currently experiencing the same problem.  I think this has to do with
the Ash/Bash problems.  Earlier on, there was a thread that I believe
resolved this.  I am going backwards now to find it.  I'll update you as I
make progress.

Cheers

joey


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Yazgot
Sent: Monday, December 08, 2003 3:03 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: [leaf-user] LONG /sbin/htb.init: 636: Syntax error: Bad
substitution


Hello !
Could anyone tell me what am i doing wrong ?

I've installed QoS package
tc  ss010824
qos-htb 0.8.3
i can edit HTB rules by menu at lrcfg but...

1. It looks like it doesn't work at any interface (I've configured ppp0 as
network interface - SAGEM [EMAIL PROTECTED] ADSL modem and eth0 as LAN interface ).
I've checked it by:
tc -s -d cl show dev [eth0 | ppp0]
besides /var/cache/htb.init (below) script doesn't look like created on my
machine :-(

2. when bering (1.2) boots up i get QoS message at console without any err
htb.init (QoS) ... start

3. after invoking  htb.init or /etc/init.d/htb.init stats i get
/sbin/htb.init: 636: Syntax error: Bad substitution

here's my machine configuration
# lrpkg -l
NameVersionDescription
===-==-=
=
initrd  V1.2   LEAF Bering initial filesystem
rootV1.2   Core LEAF Bering package
etc V1.2   LEAF Bering /etc files
local   V1.2   LEAF Bering local package
modules V1.2   Define  contain your LEAF Bering modules
iptables1.2.8  IP packet filter administration tools for
2.4.
ppp 2.4.1-pppoePoint-to-Point Protocol (PPP) daemon
eagle   1.0.4  Linux driver for DSL modems based on the
Analo
shorwall1.4.2  Shoreline Firewall (Shorewall)
ulogd   1.0The Netfilter Userspace Logging Daemon
libcrpto0.9.7c Rev 1   libcrypto  - part of the Openssl libraries
sshd3.7.1p2 compil OpenSSH sshd daemon.
weblet  1.2.0  weblet - LRP status via a small web server
libm   The libm Library
dhcpd3  3.0pl2 ISC DHCP server for automatic IP address
assig
dnscache1.05a  dnscache from djbdns (V1.05a) package
creates
ezipupd 3.0.11b8   ez-ipupdate is a client for several dynamic
IP
tc  ss010824   tc from iproute2 patched for HTB3 packet
sched
qos-htb 0.8.3  QoS HTB based - HTB.init Quality Of Service
pa
ssh 3.7.1p2 compil OpenSSH ssh  scp programs.
sftp3.7.1p2 compil OpenSSH sftp client  server programs.
links   0.95   Links is an advanced replacement for lynx,
the
iptraf  1.3.0-1
libncurs

# ip a
1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop
 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100
 link/ether 00:10:5a:47:2b:c8 brd ff:ff:ff:ff:ff:ff
 inet 192.168.1.254/24 brd 192.168.1.255 scope global eth0
4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100
 link/ether 00:60:4c:14:f4:6e brd ff:ff:ff:ff:ff:ff
5: ppp0: POINTOPOINT,MULTICAST,NOARP,UP mtu 1492 qdisc pfifo_fast qlen 3
 link/ppp
 inet 80.54.204.100 peer 213.25.2.80/32 scope global ppp0

firewall: -root-
# cat /sbin/htb.sysconfig
#!/bin/bash

# This is the main script to build the configuration
# files in the format proposed by htb.init

# By default, if nothing is modified, the generated files
# are adecuated to create classes that control minimum latency
# and maximum throughput traffic.

# But two (2) more classes are created, one specific for web traffic (port
80)
# and a 'default' class for the rest. Normally, web traffic is considered
of minimum
# latency and that's the way we have configured it (it has a higher
priority
# than the maximum throughput and default), but it has it's own class
because
# of it's importance, so you could assign it a different class from ssh,
dns, etc.

# If you want to adjust the values for your own connection,
# it will be enough to know the download and dowload bandwidth
# to automatically adjust the RATE and CEIL values of each class.
# When you are done, don't forget to execute:
#
#/etc/init.d/htb.init recreate
#/etc/init.d/htb.init reload
#
# to rebuild the configuration files and restart the service.

# By default the values are calculated for a 256Kbits download
# and 128 Kbits upload bandwidth, very commom in Spain.
#
# NOTE: all values should be around 95-98% aprox. of the real ones
# to be shure the queue is managed in your Linux router.

RE: [leaf-user] QOS setup under Bering 1.2

2003-12-15 Thread Joey Officer 


-Original Message-
From: S Mohan [mailto:[EMAIL PROTECTED]
Sent: Saturday, November 15, 2003 3:37 AM
To: 'Joey Officer'
Subject: RE: [leaf-user] QOS setup under Bering 1.2


I think the package is broken. Can Juan/Jacques let us know which the
right package is? Apart from this, the standard qos-htb menu entry
points to /sbin/htb-init instead of the file which is indicated by the
manual. Can the package maintainers check this out please?

Warm regards
Mohan

On Friday, November 14, 2003 8:35 AM Joey Officer  wrote:

: I've read over the docs for the Bering user guide, and have been
: stuck at a single spot: 
: 
: firewall: -root-
: # tc qdisc add dev eth0 root
: RTNETLINK answers: Invalid argument
: 
: I have noticed that when I go into LRCFG, that the qos-htb package is
: not listed.  Is there anyway to confirm that the packages are being
: loaded properly? Or, is there a better place to start looking for the
: culprit?   
: 
: The ultimate goal here is to allow my VoIP phone to have priority
: over all other traffic, if there is a better way, please advise. 
: 
: Joey
: 
: 
: 
: ---
: This SF.Net email sponsored by: ApacheCon 2003,
: 16-19 November in Las Vegas. Learn firsthand the latest developments
: in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more!
: http://www.apachecon.com/
:

: leaf-user mailing list: [EMAIL PROTECTED]
: https://lists.sourceforge.net/lists/listinfo/leaf-user 
: SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html