[leaf-user] uClibc2 Bering
Hello LEAF World, I have just made the transition from Bering 1.2 to the new uClibc release. So far I have got it all working, using only the new uClibc packages except that when I try to use the bash shell (packages ncurses.lrp and bash.lrp), then ezipudate and dnscache don't work any more. errors at boot time are : /etc/rc2.d/S45dnscache: line 14: UID: readonly variable Starting /usr/bin/ez-ipupdate... ez-ipupdate Version 3.0.11b8 Copyright (C) 1998-2001 Angus Mackay gethostbyname: Unknown host error connecting to members.dyndns.org:80 Can anyone help? Robert von Knobloch --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] uClibc2 Bering
Hi At 12:07 21.12.2003 +0100, Robert Sabine von Knobloch wrote: Hello LEAF World, I have just made the transition from Bering 1.2 to the new uClibc release. So far I have got it all working, using only the new uClibc packages except that when I try to use the bash shell (packages ncurses.lrp and bash.lrp), then ezipudate and dnscache don't work any more. errors at boot time are : /etc/rc2.d/S45dnscache: line 14: UID: readonly variable Starting /usr/bin/ez-ipupdate... ez-ipupdate Version 3.0.11b8 Copyright (C) 1998-2001 Angus Mackay gethostbyname: Unknown host error connecting to members.dyndns.org:80 Can anyone help? Well, I'll try 1) it looks like dnscache start bails out, so you lack DNS resolution 2) ez-ipupdate needs a working DNS resolution look into /etc/rc2.d/S45dnscache: line 14: UID: readonly variable HTH Erich --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] uClibc2 Bering
Am Sonntag, 21. Dezember 2003 12:54 schrieb Erich Titl: Hi At 12:07 21.12.2003 +0100, Robert Sabine von Knobloch wrote: Hello LEAF World, I have just made the transition from Bering 1.2 to the new uClibc release. So far I have got it all working, using only the new uClibc packages except that when I try to use the bash shell (packages ncurses.lrp and bash.lrp), then ezipudate and dnscache don't work any more. errors at boot time are : /etc/rc2.d/S45dnscache: line 14: UID: readonly variable Starting /usr/bin/ez-ipupdate... ez-ipupdate Version 3.0.11b8 Copyright (C) 1998-2001 Angus Mackay gethostbyname: Unknown host error connecting to members.dyndns.org:80 Can anyone help? Well, I'll try 1) it looks like dnscache start bails out, so you lack DNS resolution 2) ez-ipupdate needs a working DNS resolution look into /etc/rc2.d/S45dnscache: line 14: UID: readonly variable it only happens with bash, ash works fine. dnscache will start if comment out UID=1001 in /etc/init.d/dnscache. kp --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Question on Shorewall/blacklist/DNAT
Good Morning, I have the latest version of Bering UlibC with shorewall 1.4.5. I also run a DMZ with an ftp server. The DNAT rule logs at the info level so I can see who is accessing the server. I have blacklisted China and Korea according to http://www.okean.com/asianspamblocks.html Now, last night, I get a hit from: Dec 21 01:09:40 firewall kernel: Shorewall:net_dnat:DNAT:IN=eth0 OUT= MAC=00:20:af:9f:15:ff:00:09:12:85:08:70:08:00 SRC=210.82.163.1 DST=66.67.173.226 LEN=60 TOS=0x10 PREC=0x00 TTL=38 ID=24530 DF PROTO=TCP SPT=3457 DPT=21 WINDOW=5840 RES=0x00 SYN URGP=0 But, my blacklist includes 210.82.0.0/15 Also, my shorewall log shows no hit which I didn't expect to, and the counter in shorewall status shows one hit for that range. My question is, did he get blocked or allowed access? It looks as thought he got access. Thanks, Tony --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] pcnet_cs: Invalid argument ???
Hello, Trying to upgrade from Bering 1.0-rc4-2.4.18 to Bering-uClibc_2.0. NetGear FA411 uses pcnet_cs.o and worked under Bering 1.0-rc4-2.4.18. Now when executing insmod pcnet_cs I get: pcnet_cs: Invalid argument Is that referring to a command line argument error? All the prerequisite modules are loaded, error free, and there aren't any options set for pcnet_cs anywhere that I can find. It's the same config that worked under 1.0. Is this a bug? Is there anyone else out there successfully using the pcnet_cs module with Bering-uClibc_2.0? -j- --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] pcnet_cs: Invalid argument ???
Hello Johnny, Bering 1.0 uses kernel 2.4.18, Bering-uClibc-2.0 (and Bering-1.2) are using kernel 2.4.20. Are you absolutely sure you use the pcnet_cs.o module for the 2.4.20 kernel? Eric Hello, Trying to upgrade from Bering 1.0-rc4-2.4.18 to Bering-uClibc_2.0. NetGear FA411 uses pcnet_cs.o and worked under Bering 1.0-rc4-2.4.18. Now when executing insmod pcnet_cs I get: pcnet_cs: Invalid argument Is that referring to a command line argument error? All the prerequisite modules are loaded, error free, and there aren't any options set for pcnet_cs anywhere that I can find. It's the same config that worked under 1.0. Is this a bug? Is there anyone else out there successfully using the pcnet_cs module with Bering-uClibc_2.0? -j- --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] pcnet_cs: Invalid argument ???
Johnny, Hi Eric, yes, 2.4.20 modules, 18K 5/11/03 10:08AM. I think I know what the problem is. Because Bering-uClibc uses a newer pcmcia package and because of that the pcmcia modules in the Bering_uClibc_2.0_modules_2.4.20.tar.gz are not correct for pcmcia. I just put new pcmcia packages in CVS (pcmcia-3.2.6) and will update the Bering_uClibc_2.0_modules_2.4.20.tar.gz to 2.0.1. I will send you the needed modules offlist (if you can tell me exactly which ones are needed). You have to use the new pcmcia-3.2.6 package for this (http://cvs.sourceforge.net/viewcvs.py/leaf/bin/packages/uclibc- 0.9/20/) Regards, Eric Spakman member of the Bering-uClibc crew --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Question on Shorewall/blacklist/DNAT
Tony wrote: Good Morning, I have the latest version of Bering UlibC with shorewall 1.4.5. I also run a DMZ with an ftp server. The DNAT rule logs at the info level so I can see who is accessing the server. I have blacklisted China and Korea according to http://www.okean.com/asianspamblocks.html Now, last night, I get a hit from: Dec 21 01:09:40 firewall kernel: Shorewall:net_dnat:DNAT:IN=eth0 OUT= MAC=00:20:af:9f:15:ff:00:09:12:85:08:70:08:00 SRC=210.82.163.1 DST=66.67.173.226 LEN=60 TOS=0x10 PREC=0x00 TTL=38 ID=24530 DF PROTO=TCP SPT=3457 DPT=21 WINDOW=5840 RES=0x00 SYN URGP=0 But, my blacklist includes 210.82.0.0/15 Also, my shorewall log shows no hit which I didn't expect to, and the counter in shorewall status shows one hit for that range. My question is, did he get blocked or allowed access? It looks as thought he got access. Thanks, Tony Did you actually put the word blacklist in the interfaces file /etc/shorewall/interfaces net ppp0norfc1918,blacklist as welll as fil out the list of IPs to blacklist then do a backup and a shorewall restart --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Question on Shorewall/blacklist/DNAT
Yup, did all that. The actual file reads: net eth0detect dhcp,routefilter,norfc1918,blacklist loc eth1detect dmz eth2detect And the ip's are showing up in the shorewall status under the blacklist column. Thanks Tony Victor McAllister wrote: Tony wrote: Good Morning, I have the latest version of Bering UlibC with shorewall 1.4.5. I also run a DMZ with an ftp server. The DNAT rule logs at the info level so I can see who is accessing the server. I have blacklisted China and Korea according to http://www.okean.com/asianspamblocks.html Now, last night, I get a hit from: Dec 21 01:09:40 firewall kernel: Shorewall:net_dnat:DNAT:IN=eth0 OUT= MAC=00:20:af:9f:15:ff:00:09:12:85:08:70:08:00 SRC=210.82.163.1 DST=66.67.173.226 LEN=60 TOS=0x10 PREC=0x00 TTL=38 ID=24530 DF PROTO=TCP SPT=3457 DPT=21 WINDOW=5840 RES=0x00 SYN URGP=0 But, my blacklist includes 210.82.0.0/15 Also, my shorewall log shows no hit which I didn't expect to, and the counter in shorewall status shows one hit for that range. My question is, did he get blocked or allowed access? It looks as thought he got access. Thanks, Tony Did you actually put the word blacklist in the interfaces file /etc/shorewall/interfaces net ppp0norfc1918,blacklist as welll as fil out the list of IPs to blacklist then do a backup and a shorewall restart --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Shorewall Log Question
On Saturday 20 December 2003 05:44 pm, Kory Krofft wrote: I think I need to add DROPnet fw icmp8 to my rules file just to keep from logging the entries and filling up my logs. Correct? Yes, as recommended at http://www.shorewall.net/ping.html -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Question on Shorewall/blacklist/DNAT
On Sunday 21 December 2003 06:00 am, Tony wrote: But, my blacklist includes 210.82.0.0/15 Also, my shorewall log shows no hit which I didn't expect to, and the counter in shorewall status shows one hit for that range. My question is, did he get blocked or allowed access? It looks as thought he got access. No. Blacklist rules are enforced in the 'filter' table whereas DNAT is logged out of the 'nat' table. See http://www.shorewall.net/NetfilterOverview.html -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Question on Shorewall/blacklist/DNAT
OK, so what you're saying is the packet was logged up in the pre-routing NAT section before it got dropped by the blacklisting filter at the Forward section? Thanks, Tony Tom Eastep wrote: snip No. Blacklist rules are enforced in the 'filter' table whereas DNAT is logged out of the 'nat' table. See http://www.shorewall.net/NetfilterOverview.html -Tom --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Question on Shorewall/blacklist/DNAT
On Sunday 21 December 2003 08:36 am, Tony wrote: OK, so what you're saying is the packet was logged up in the pre-routing NAT section before it got dropped by the blacklisting filter at the Forward section? Yes. If you want to log these connections out of the FORWARD chain, replace your DNAT rule with: DNAT- net dmz:internal ip ftp 21 ACCEPT:log level net dmz:internal ip ftp 21 With Shorewall 1.4.5, the above two rules are identical to your current single DNAT rule with the exception that logging occurs out of the filter table. With Shorewall 1.4.6 and later, if your kernel has the connection tracking match extension, the single DNAT rule is a little tighter than the two rules above in that the ACCEPT rule checks to ensure that the original destination of the connection was your external IP address. This extra check requires that you have DETECT_DNAT_IPADDRS=Yes in shorewall.conf. This additional check usually doesn't significantly enhance security though since you have RFC1918 filtering enabled on your external interface and the internal ip is most likely an RFC 1918 address. That guarantees that any connection from the net to the server had to have traversed the DNAT rule. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Qmail questions
I have successfully set up my DMZ, registered a domain, compiled a custom version of ez-ipupdate to handle a non standard service, reconfigured weblet to act as a basic web content server. I now need to get Qmail up and running so I can host my own email. I followed the qmail LEAF/LRP user's guide but I am missing something. If I use a windows mail client to send mail to the lrpqmail user at my domain name, the message shows up in the /home/lrpqmail/Maildir/new directory. If I configure the mail client to retrieve the message, it times out and is unable to retrieve it. Anyone else got this working and care to help me debug it? I have pored through many qmail documents but the lrp setup is different than most as far as some of the file locations so I am trusting that the package should work as is if the right config options are set. Thanks, Kory Local mail client is at 192.168.1.1 qmail is on the dmz host at 192.168.10.1 The dmz host is running Bering 1.2 without shorewall. hosts.allow is set to all:all I have these rules set in /etc/shorewall/rules ACCEPT loc dmz tcp 110 ACCEPT loc dmz udp 110 ACCEPT dmz loc tcp 110 ACCEPT dmz loc udp 110 to allow pop3 access and the shorewall logs do not show anything after I make the attempt. tcpdump shows this cat /trace.txt 12:15:02.858391 192.168.10.1.22 192.168.1.1.2545: P 1829060004:1829060048(44) ack 2012809980 win 7504 (DF) [tos 0x10] 0x 4510 0054 cc2c 4000 4006 e214 c0a8 0a01E..T.,@[EMAIL PROTECTED] 0x0010 c0a8 0101 0016 09f1 6d05 3da4 77f9 0afcm.=.w... 0x0020 5018 1d50 4f4d 0027 15bb 63c4P..POM.'..c. 0x0030 cb01 b157 ed34 4321 891d 69dc ce4d e601...W.4C!..i..M.. 0x0040 106b 3e93 9eec 801a e0f4 be8e 8c60 b6c0.k..`.. 0x0050 3d90 2330 =.#0 12:15:03.022844 192.168.1.1.2545 192.168.10.1.22: . ack 44 win 64859 (DF) [tos 0x10] 0x 4510 0028 e834 4000 7f06 8738 c0a8 0101E..([EMAIL PROTECTED] 0x0010 c0a8 0a01 09f1 0016 77f9 0afc 6d05 3dd0w...m.=. 0x0020 5010 fd5b ee53 P..[.S 12:15:17.574911 192.168.1.1.2596 192.168.10.1.110: S 2396681599:2396681599(0) win 65535 mss 1460,nop,nop,sackOK (DF) 0x 4500 0030 ec7c 4000 7f06 82f8 c0a8 0101E..0.|@. 0x0010 c0a8 0a01 0a24 006e 8eda 757f .$.n..u. 0x0020 7002 e7e0 0204 05b4 0101 0402p... 12:15:17.575141 192.168.10.1.110 192.168.1.1.2596: S 1898983426:1898983426(0) ack 2396681600 win 5840 mss 1460,nop,nop,sackOK (DF) 0x 4500 0030 931e 4000 4006 1b57 c0a8 0a01[EMAIL PROTECTED]@..W 0x0010 c0a8 0101 006e 0a24 7130 3002 8eda 7580.n.$q00...u. 0x0020 7012 16d0 2fcd 0204 05b4 0101 0402p.../... 12:15:17.575863 192.168.1.1.2596 192.168.10.1.110: . ack 1 win 65535 (DF) 0x 4500 0028 ec7d 4000 7f06 82ff c0a8 0101E..([EMAIL PROTECTED] 0x0010 c0a8 0a01 0a24 006e 8eda 7580 7130 3003.$.n..u.q00. 0x0020 5010 7361 P...sa 12:16:38.723826 192.168.10.1.110 192.168.1.1.2596: P 1:42(41) ack 1 win 5840 (DF) 0x 4500 0051 d712 4000 4006 d741 c0a8 0a01[EMAIL PROTECTED]@..A 0x0010 c0a8 0101 006e 0a24 7130 3003 8eda 7580.n.$q00...u. 0x0020 5018 16d0 d2a9 2b4f 4b20 3c31 3537P...+OK.157 0x0030 3734 2e31 3037 3230 3038 3939 3840 6d61[EMAIL PROTECTED] 0x0040 696c 2e6b 726f 7473 2e63 6f6d 3e0dil.kroffts.com. 0x0050 0a . 12:16:38.940653 192.168.1.1.2596 192.168.10.1.110: . ack 42 win 65494 (DF) 0x 4500 0028 eee6 4000 7f06 8096 c0a8 0101E..([EMAIL PROTECTED] 0x0010 c0a8 0a01 0a24 006e 8eda 7580 7130 302c.$.n..u.q00, 0x0020 5010 ffd6 7361 P...sa 12:17:27.145630 192.168.1.1.2596 192.168.10.1.110: F 1:1(0) ack 42 win 65494 (DF) 0x 4500 0028 f113 4000 7f06 7e69 c0a8 0101E..([EMAIL PROTECTED] 0x0010 c0a8 0a01 0a24 006e 8eda 7580 7130 302c.$.n..u.q00, 0x0020 5011 ffd6 7360 P...s` 12:17:27.146212 192.168.10.1.110 192.168.1.1.2596: F 42:42(0) ack 2 win 5840 (DF) 0x 4500 0028 2e5e 4000 4006 801f c0a8 0a01E..([EMAIL PROTECTED]@... 0x0010 c0a8 0101 006e 0a24 7130 302c 8eda 7581.n.$q00,..u. 0x0020 5011 16d0 5c66 P...\f.. 12:17:27.146783 192.168.1.1.2596 192.168.10.1.110: . ack 43 win 65494 (DF) 0x 4500 0028 f114 4000 7f06 7e68 c0a8 0101E..([EMAIL PROTECTED] 0x0010 c0a8 0a01 0a24 006e 8eda 7581 7130 302d.$.n..u.q00- 0x0020 5010 ffd6 735f P...s_ --- This SF.net email is sponsored by: IBM Linux Tutorials.
Re: [leaf-user] Bering-uclibc kernel with CONFIG_MELAN=y for soekris?
Hi Steve, Steve Tell wrote: Let me know if I should upload the kernel/modules to sourceforge If you want me to, I can do so tomorrow (the files are on my devel box at the office). It would be great if you could do so. I'm not using ipsec yet, so that's no problem. Ok, done. I had to put it in CVS, since access to the SF shell servers is down at the moment. You can get to it at: http://cvs.sourceforge.net/viewcvs.py/leaf/devel/hejl/elan/ Let me know if you run into any problems. Martin --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Qmail questions
Kory, I haven't set up Qmail on a LEAF system, but from regular Linux distributions I'm not sure your likely looking for the most common problems. Typically, each user must have a directory that contains a ~/Maildir folder rather than a global directory (one user?). POP3 is quite a bit of a PITA with Qmail over the preferred IMAP method as well (which likely doesn't have a *.lrp package). IIRC, the qmail.lrp is setup by default as a relay instead of a stand-alone server which makes more sense from the configuration you describe and the typical use of a MTA on a router distribution. In any respect, you should see if you can telnet in a pop/smtp session to the mail server and see where the process bombs out manually. If you can't SMTP in as a valid mail user, the most likely culprit is the fact that the server is configured to relay to a different full mail server. On Sunday 21 December 2003 11:53 am, Kory Krofft wrote: I have successfully set up my DMZ, registered a domain, compiled a custom version of ez-ipupdate to handle a non standard service, reconfigured weblet to act as a basic web content server. I now need to get Qmail up and running so I can host my own email. I followed the qmail LEAF/LRP user's guide but I am missing something. If I use a windows mail client to send mail to the lrpqmail user at my domain name, the message shows up in the /home/lrpqmail/Maildir/new directory. If I configure the mail client to retrieve the message, it times out and is unable to retrieve it. Anyone else got this working and care to help me debug it? I have pored through many qmail documents but the lrp setup is different than most as far as some of the file locations so I am trusting that the package should work as is if the right config options are set. Thanks, Kory Local mail client is at 192.168.1.1 qmail is on the dmz host at 192.168.10.1 The dmz host is running Bering 1.2 without shorewall. hosts.allow is set to all:all I have these rules set in /etc/shorewall/rules ACCEPT loc dmz tcp 110 ACCEPT loc dmz udp 110 ACCEPT dmz loc tcp 110 ACCEPT dmz loc udp 110 to allow pop3 access and the shorewall logs do not show anything after I make the attempt. tcpdump shows this cat /trace.txt 12:15:02.858391 192.168.10.1.22 192.168.1.1.2545: P 1829060004:1829060048(44) ack 2012809980 win 7504 (DF) [tos 0x10] 0x 4510 0054 cc2c 4000 4006 e214 c0a8 0a01E..T.,@[EMAIL PROTECTED] 0x0010 c0a8 0101 0016 09f1 6d05 3da4 77f9 0afcm.=.w... 0x0020 5018 1d50 4f4d 0027 15bb 63c4P..POM.'..c. 0x0030 cb01 b157 ed34 4321 891d 69dc ce4d e601...W.4C!..i..M.. 0x0040 106b 3e93 9eec 801a e0f4 be8e 8c60 b6c0.k..`.. 0x0050 3d90 2330 =.#0 12:15:03.022844 192.168.1.1.2545 192.168.10.1.22: . ack 44 win 64859 (DF) [tos 0x10] 0x 4510 0028 e834 4000 7f06 8738 c0a8 0101 E..([EMAIL PROTECTED] 0x0010 c0a8 0a01 09f1 0016 77f9 0afc 6d05 3dd0 w...m.=. 0x0020 5010 fd5b ee53 P..[.S 12:15:17.574911 192.168.1.1.2596 192.168.10.1.110: S 2396681599:2396681599(0) win 65535 mss 1460,nop,nop,sackOK (DF) 0x 4500 0030 ec7c 4000 7f06 82f8 c0a8 0101E..0.|@. 0x0010 c0a8 0a01 0a24 006e 8eda 757f .$.n..u. 0x0020 7002 e7e0 0204 05b4 0101 0402p... 12:15:17.575141 192.168.10.1.110 192.168.1.1.2596: S 1898983426:1898983426(0) ack 2396681600 win 5840 mss 1460,nop,nop,sackOK (DF) 0x 4500 0030 931e 4000 4006 1b57 c0a8 0a01 [EMAIL PROTECTED]@..W 0x0010 c0a8 0101 006e 0a24 7130 3002 8eda 7580 .n.$q00...u. 0x0020 7012 16d0 2fcd 0204 05b4 0101 0402 p.../... 12:15:17.575863 192.168.1.1.2596 192.168.10.1.110: . ack 1 win 65535 (DF) 0x 4500 0028 ec7d 4000 7f06 82ff c0a8 0101 E..([EMAIL PROTECTED] 0x0010 c0a8 0a01 0a24 006e 8eda 7580 7130 3003 .$.n..u.q00. 0x0020 5010 7361 P...sa 12:16:38.723826 192.168.10.1.110 192.168.1.1.2596: P 1:42(41) ack 1 win 5840 (DF) 0x 4500 0051 d712 4000 4006 d741 c0a8 0a01[EMAIL PROTECTED]@..A 0x0010 c0a8 0101 006e 0a24 7130 3003 8eda 7580.n.$q00...u. 0x0020 5018 16d0 d2a9 2b4f 4b20 3c31 3537P...+OK.157 0x0030 3734 2e31 3037 3230 3038 3939 3840 6d61[EMAIL PROTECTED] 0x0040 696c 2e6b 726f 7473 2e63 6f6d 3e0dil.kroffts.com. 0x0050 0a . 12:16:38.940653 192.168.1.1.2596 192.168.10.1.110: . ack 42 win 65494 (DF) 0x 4500 0028 eee6 4000 7f06 8096 c0a8 0101 E..([EMAIL PROTECTED] 0x0010 c0a8 0a01 0a24 006e 8eda 7580 7130 302c .$.n..u.q00, 0x0020 5010 ffd6 7361 P...sa 12:17:27.145630 192.168.1.1.2596
Re: [leaf-user] Qmail questions
Lynn, Please forgive my lack of experience but I don't quite follow all the terms. I have the proper Maildir set up for the admin account (lrpqmail) and it receives the mail sent to it from the internet as proven by my ability to see the message in the ~Maildir/new directory. I believe I may have some additional issues with the user accounts since the user accounts do not receive mail sent to them as yet. I am thinking it is because they have home directories that are located on the ide drive and may need to have some other config option set to let qmail know about them. My intention is to host my own email server for a few local users to avoid the hassles I have had with transfer limits on my other pop3 accounts. I am not sure I understand what the relay comments mean in my situation. /etc/tcp.smtp looks like this: 127.:allow,RELAYCLIENT= 192.168.:allow,RELAYCLIENT= I assume that I need to do something else to change the behavior of qmail to provide pop access? You suggest that relay makes sense in my configuration. I am open to suggestions. What should I relay to. We use Mozilla and PocoMail clients on our windows machines for mail. There is no MS Exchange server available. I would like to keep the bering DMZ machine as the mail server as it is one box that will be on all the time. The DMZ server does not have telnet and I am unsure how to telnet in a pop/smtp session to the mail server and see where the process bombs out manually. I do have ssh configured for access to the DMZ host. I will try to provide any test results that would be helpful in further resolving this setup. Thank you so much, Kory On Sun, 21 Dec 2003 12:41:01 -0600, Lynn Avants wrote: Kory, I haven't set up Qmail on a LEAF system, but from regular Linux distributions I'm not sure your likely looking for the most common problems. Typically, each user must have a directory that contains a ~/Maildir folder rather than a global directory (one user?). POP3 is quite a bit of a PITA with Qmail over the preferred IMAP method as well (which likely doesn't have a *.lrp package). IIRC, the qmail.lrp is setup by default as a relay instead of a stand-alone server which makes more sense from the configuration you describe and the typical use of a MTA on a router distribution. In any respect, you should see if you can telnet in a pop/smtp session to the mail server and see where the process bombs out manually. If you can't SMTP in as a valid mail user, the most likely culprit is the fact that the server is configured to relay to a different full mail server. On Sunday 21 December 2003 11:53 am, Kory Krofft wrote: I have successfully set up my DMZ, registered a domain, compiled a custom version of ez-ipupdate to handle a non standard service, reconfigured weblet to act as a basic web content server. I now need to get Qmail up and running so I can host my own email. I followed the qmail LEAF/LRP user's guide but I am missing something. If I use a windows mail client to send mail to the lrpqmail user at my domain name, the message shows up in the /home/lrpqmail/Maildir/new directory. If I configure the mail client to retrieve the message, it times out and is unable to retrieve it. Anyone else got this working and care to help me debug it? I have pored through many qmail documents but the lrp setup is different than most as far as some of the file locations so I am trusting that the package should work as is if the right config options are set. Thanks, Kory Local mail client is at 192.168.1.1 qmail is on the dmz host at 192.168.10.1 The dmz host is running Bering 1.2 without shorewall. hosts.allow is set to all:all I have these rules set in /etc/shorewall/rules ACCEPT loc dmz tcp 110 ACCEPT loc dmz udp 110 ACCEPT dmz loc tcp 110 ACCEPT dmz loc udp 110 to allow pop3 access and the shorewall logs do not show anything Snipped --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Qmail questions
Ray, Sorry I was not clearer about the overall config. Comments inline. Kory -- Because (I think) your setup involves two separate LEAF systems -- one running as a router/firewall, the other as a DMZ/Qmail server -- you might want to be a bit clearer about which system you are reporting each detail about. For example: Local mail client is at 192.168.1.1 qmail is on the dmz host at 192.168.10.1 The dmz host is running Bering 1.2 without shorewall. hosts.allow is set to all:all This setting is relevant (and for the purposes at hand, correct) on the DMZ/Qmail server but not on the router. Correct. 192.168.1.1 is a Win2K machine using Pocomail. I have these rules set in /etc/shorewall/rules ACCEPT loc dmz tcp 110 ACCEPT loc dmz udp 110 ACCEPT dmz loc tcp 110 ACCEPT dmz loc udp 110 to allow pop3 access and the shorewall logs do not show anything after I make the attempt. But this information makes sense only with respect to the router (since the DMZ host is, as you say, not running Shorewall). Correct assumption. As to the rules themselves, the first two are fine: they will get port-110 traffic *to* the DMZ as you intend. They are probably sufficient to get the return traffic to the LAN (since Shorewall normally handles responses to ACCEPTed traffic right). My thought as well but I added the others in case. But if not, the latter two don't do the job, because they ACCEPT traffic *to* port 110 on the LAN, not *from* port 110 on the DMZ. I'm not the best source for Shorewall rules, but I think that in order to ACCEPT traffic *from* DMZ port 110, the rules need to be: ACCEPT dmz loc tcp - 110 ACCEPT dmz loc udp - 110 (the added - skips the dport value and puts the 110 into the sport location). I can change them, but I agree they are most likely unneeded. The Shorewall logs are helpful here but not definitive. Much better is to run status shorewall before and after an unsuccessful attempt to connect and see what rules are being incremented. I reset the counters and tried to connect. Shorewall status afterward shows: [H[JShorewall-1.4.2 Status at markii - Sun Dec 21 16:49:15 UTC 2003 Counters reset Sun Dec 21 16:47:00 UTC 2003 Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP !icmp -- * * 0.0.0.0/00.0.0.0/0 state INVALID 9 639 ACCEPT all -- lo * 0.0.0.0/00.0.0.0/0 21 3966 eth0_inall -- eth0 * 0.0.0.0/00.0.0.0/0 1212 212K eth1_inall -- eth1 * 0.0.0.0/00.0.0.0/0 7 496 eth2_inall -- eth2 * 0.0.0.0/00.0.0.0/0 0 0 common all -- * * 0.0.0.0/00.0.0.0/0 0 0 ULOG all -- * * 0.0.0.0/00.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `Shorewall:INPUT:REJECT:' queue_threshold 1 0 0 reject all -- * * 0.0.0.0/00.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP !icmp -- * * 0.0.0.0/00.0.0.0/0 state INVALID 0 0 eth0_fwd all -- eth0 * 0.0.0.0/00.0.0.0/0 5 208 eth1_fwd all -- eth1 * 0.0.0.0/00.0.0.0/0 3 168 eth2_fwd all -- eth2 * 0.0.0.0/00.0.0.0/0 0 0 common all -- * * 0.0.0.0/00.0.0.0/0 0 0 ULOG all -- * * 0.0.0.0/00.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `Shorewall:FORWARD:REJECT:' queue_threshold 1 0 0 reject all -- * * 0.0.0.0/00.0.0.0/0 Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP !icmp -- * * 0.0.0.0/00.0.0.0/0 state INVALID 0 0 ACCEPT udp -- * eth00.0.0.0/00.0.0.0/0 udp dpts:67:68 9 639 ACCEPT all -- * lo 0.0.0.0/00.0.0.0/0 0 0 fw2net all -- * eth00.0.0.0/00.0.0.0/0 1252 419K all2allall -- * eth10.0.0.0/00.0.0.0/0 7 580 all2allall -- * eth20.0.0.0/00.0.0.0/0 0 0 common all -- * * 0.0.0.0/00.0.0.0/0 0 0 ULOG all -- * * 0.0.0.0/00.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `Shorewall:OUTPUT:REJECT:' queue_threshold 1 0 0 reject all -- * * 0.0.0.0/00.0.0.0/0 Chain all2all (7 references) pkts bytes target prot opt in out source destination 1256 419K ACCEPT all -- * * 0.0.0.0/00.0.0.0/0 state
Re: [leaf-user] Qmail questions
Ray, I was able to connect to the pop server using telnet it seemed to take quite a while to get a response but I was able to retreive and read the test message sent to lrpqmail. I don't know your setup well enough to tell you what is going on in the Shorewall DROP log, but since it involves ports 67 and 68, it has something to do with DHCP leases, not anything to do with POP3. I was getting a lot of log entries from DHCP queries so I added the DROP to stop the logging of the rejects. Last thing ... the tcpdump output you sent indicates that after the POP3 connection is initiated, the POP3 server is trying to do a reverse lookup on the source IP address. Several packets indicate this, the first being -- 16:37:26.524013 192.168.10.1.59258 192.168.1.254.53: 28701+ PTR? 1.10.168.192.in-addr.arpa. (43) (DF) The router responds with a port unreachable packet: 16:37:29.547086 192.168.10.254 192.168.10.1: icmp: 192.168.10.254 udp port 53 unreachable [tos 0xc0] This certainly indicates some sort of a configuration error, but not knowing the details of your setup, I can;t say what that error is. It does make me guess that the POP3 server does not reply, after the initial reply, because it cannot do a lookup on the IP address. Or ... a blue-sky thought here ... how long do you wait before giving up? DNS failures can, in some cases, cause delays of up to 3 minutes in responses. What would be the proper way for the router to reply to this reverse lookup? /etc/hosts on the router looks like this: 127.0.0.1 localhost.kroffts.home localhost 192.168.1.254 markii 192.168.1.1 coventry.kroffts.home coventry 192.168.10.1www.kroffts.com dmz kroffts_web /etc/resolv.conf on router: domain kroffts.home nameserver 127.0.0.1 nameserver 192.168.1.254 /etc/hosts on dmz: 127.0.0.1 localhost 192.168.1.254 markii 192.168.10.1kroffts_web.kroffts.com kroffts_web mail.kroffts.com 191.168.1.1 coventry.kroffts.home coventry /etc/resolv.conf on dmz: domain kroffts.com nameserver 127.0.0.1 nameserver 192.168.1.254 nameserver 192.168.10.254 What can you tell me about The /etc/tinydns-private/root/data file from the router? Does this look correct? kroffts.home::localhost 1.168.192.in-addr.arpa::localhost +markii.kroffts.home:192.168.1.254the router =mail.kroffts.com:192.168.10.1 the dmz host I am not running any DNS daemons on the dmz. Should I be? I had wanted to use DHCP to configure the DMZ host but I could not get it to work on two separate networks. I know it should, but it didn't so I set up the eth0 on the dmz host as static. from the /etc/network/interfaces file on the dmz host: auto eth0 iface eth0 inet static address 192.168.10.1 masklen 24 broadcast 192.168.10.255 gateway 192.168.10.254 Thanks again, Kory --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] 2 VPN Clients through Bering
On Wednesday 17 December 2003 08:33 am, John J. Orsini wrote: Leaf Users, This is a general question about the capability of Bering. I am trying to connect 2 VPN clients from inside my network to their respective VPN concentrators. I have successfully set up the Cisco VPN client to communicate to my wife's company. One of the clients is a Cisco and the other is for Checkpoint. My question is, does Bering support VPN pass thru like a Linksys or Dlink router? Is there a way to set up Bering so that it works dynamically, instead of setting up all of the portforwarding and firewall rules by hand. Please let me know. At this time, the Linux firewalling programs have no way of dynamically port-forwarding more than one pass-through service (such as Ipsec) on a single port (ie... 500). I know many of the DLinks are running Cisco IOS, but I can't explain how they accomplish this feat even on IOS. Simple answer no. -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://guitarlynn.homelinux.org:81 --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Qmail questions
On Sunday 21 December 2003 08:32 pm, Kory Krofft wrote: Ray, I was able to connect to the pop server using telnet it seemed to take quite a while to get a response but I was able to retreive and read the test message sent to lrpqmail. Then the mail server is working correctly and you have not yet setup the user accounts for the 'real' users. Unfortunately on LEAF, you must do this manually. Sample /home/(username)/Maildir. This likely uses system passwords, so you must also set these up manually and make sure the users directories have the proper ownership/permissions. Your close! :) -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://guitarlynn.homelinux.org:81 --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] 2 VPN Clients through Bering
Lynn Avants wrote: On Wednesday 17 December 2003 08:33 am, John J. Orsini wrote: Leaf Users, This is a general question about the capability of Bering. I am trying to connect 2 VPN clients from inside my network to their respective VPN concentrators. I have successfully set up the Cisco VPN client to communicate to my wife's company. One of the clients is a Cisco and the other is for Checkpoint. My question is, does Bering support VPN pass thru like a Linksys or Dlink router? Is there a way to set up Bering so that it works dynamically, instead of setting up all of the portforwarding and firewall rules by hand. Please let me know. At this time, the Linux firewalling programs have no way of dynamically port-forwarding more than one pass-through service (such as Ipsec) on a single port (ie... 500). I know many of the DLinks are running Cisco IOS, but I can't explain how they accomplish this feat even on IOS. Simple answer no. You can have multiple VPN clients behind a linux firewall if they're using the recent NAT traversal configuration. IIRC, instead of using protocols 50/51 for the IPSec data, *ALL* data is sent via UDP, allowing VPN connections to traverse standard NAT/masquerading firewalls. AFAIK, this would be something you would setup in your VPN software, and should 'just work' with most default firewall configurations. Note that FreeS/WAN requires a patch to support this functionality, if you're planning on using linux as one (or both) of the endpoints. Of course, it's still possible to setup one system for pretty much any VPN flavor using port/protocol forwarding, and there may be some advanced conntrack modules in 2.4 that do fancy things with IPSec packets, but I'm stuck in 2.2 kernel land (for IPSec, anyway) so am not familiar with what new features might be in 2.4. -- Charles Steinkuehler [EMAIL PROTECTED] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering-uclibc kernel with CONFIG_MELAN=y for soekris?
On Sun, 21 Dec 2003, Martin Hejl wrote: Ok, done. I had to put it in CVS, since access to the SF shell servers is down at the moment. You can get to it at: http://cvs.sourceforge.net/viewcvs.py/leaf/devel/hejl/elan/ Let me know if you run into any problems. Its working great, thanks! Steve --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] uClibc2 Bering
On Sun, 21 Dec 2003, K.-P. Kirchdörfer wrote: Am Sonntag, 21. Dezember 2003 12:54 schrieb Erich Titl: Hi At 12:07 21.12.2003 +0100, Robert Sabine von Knobloch wrote: Hello LEAF World, I have just made the transition from Bering 1.2 to the new uClibc release. So far I have got it all working, using only the new uClibc packages except that when I try to use the bash shell (packages ncurses.lrp and bash.lrp), then ezipudate and dnscache don't work any more. errors at boot time are : /etc/rc2.d/S45dnscache: line 14: UID: readonly variable Starting /usr/bin/ez-ipupdate... ez-ipupdate Version 3.0.11b8 Copyright (C) 1998-2001 Angus Mackay gethostbyname: Unknown host error connecting to members.dyndns.org:80 Can anyone help? Well, I'll try 1) it looks like dnscache start bails out, so you lack DNS resolution 2) ez-ipupdate needs a working DNS resolution look into /etc/rc2.d/S45dnscache: line 14: UID: readonly variable it only happens with bash, ash works fine. dnscache will start if comment out UID=1001 in /etc/init.d/dnscache. Alternately, you can change the first line of /etc/init.d/dnscache from #!/bin/sh to #!/bin/ash dnscache uses environment variables for things that should be in a config file or on the command line, including UID UID is a special read-only variable in bash, but not special to ash. Steve --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Qmail questions
Kory Krofft [EMAIL PROTECTED] [2003:12:21:12:53:56-0500] scribed: I have successfully set up my DMZ, registered a domain, compiled a custom version of ez-ipupdate to handle a non standard service, reconfigured weblet to act as a basic web content server. I now need to get Qmail up and running so I can host my own email. I followed the qmail LEAF/LRP user's guide but I am missing something. If I use a windows mail client to send mail to the lrpqmail user at my domain name, the message shows up in the /home/lrpqmail/Maildir/new directory. If I configure the mail client to retrieve the message, it times out and is unable to retrieve it. Anyone else got this working and care to help me debug it? I have pored through many qmail documents but the lrp setup is different than most as far as some of the file locations so I am trusting that the package should work as is if the right config options are set. Do I understand correctly that you _successfully_ send mail to this box, and you know that because that same message shows up in /home/lrpqmail/Maildir/new? So, your only problem is retrieving that message to a windows machine? If so, what username and password are you using for this retrieval? I am running Dachstein and, of course, 110/tcp is open to my retrieving systems, both on same LAN and across the Internet. What is in these files: /var/qmail/control/defaultdomain /var/qmail/control/locals /var/qmail/control/rcpthosts Try watching output from the following while you attempt to retrieve mail to the windows box: tail -f /var/log/qmail/{pop3d,qmail,smtpd}/current | tai64nlocal Without any special configuration to my qmail, here is a fetchmail recipe I use every 131 seconds: poll mail.private.network with proto POP3 user 'lrpqmail' there with password '_secret_password_' is 'mds' here It should `just work' -- even from a windows box -- if that port is open, qmail is properly configured, and you are using lrpqmail user and its correct password. hth -- Best Regards, mds mds resource 877.596.8237 - Dare to fix things before they break . . . - Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . -- pgp0.pgp Description: PGP signature