[leaf-user] Network time synchronization

2004-03-17 Thread Felix Theodor 
Dear LEAF friends,

I'm using Bering leaf 1.2 it's working fine.
Now I'm trying to install ntpdate.lrp to synchronize
my network time but some how my time is always one
hour late.

can someone help me?

thank you in advance
felix

__

Gesendet von Yahoo! Mail - http://mail.yahoo.de
Mit Yahoo! Suche finden Sie alles: http://suche.yahoo.de


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] VPN Suggestions?

2004-03-17 Thread Jorn Eriksen 
Norman,

I've used PPTP for quite some time.  It's very stable!  The best thing is that
it do not require ANY software on W2K / XP machines...

Have a look here for details:
http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/pppd/

Best regards
Jorn

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Nachman
Yaakov Ziskind
Sent: Tuesday, March 09, 2004 8:18 PM
To: [EMAIL PROTECTED]
Subject: [leaf-user] VPN Suggestions?


I'd like to implement a VPN at work (seems to be the in thing to do); I don't
really so much want encryption (but I'll take it :-) as better user
authentication (right now, I use TCP Wrappers and firewall rules to keep out
undesireables; this is becoming more and more unworkable as folks wish to
connect  with dynamic IP addresses). Right now, I have Bering V1.0-RC2 running
off a floppy (love that firewall!) and a Mandrake box on the interior.

Primary criterion: ease of setup on the admin's part. :-)

Any suggestions would be appreciated.

Thanks!

--
_
Nachman Yaakov Ziskind, EA, LLM [EMAIL PROTECTED]
Attorney and Counselor-at-Law   http://ziskind.us
Economic Group Pension Services http://egps.com
Actuaries and Employee Benefit Consultants


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] nameresolution fail with multipath

2004-03-17 Thread Ronny Aasen 
hello

I am trying to set up an redundant multipath network
looks something like this

---  ---
| gw1 |--| gw2 | --
DEFGW---| |  | |-| Laptop |
| |--| | --
---  ---

and the routertable shows multipath routes

now eveything works as expected i guess
the laptop can browse the net and things seam ok
the laptop and the gw's all use the same nameserver that sits in the
DEFGW 

but

following command fails on gw2
# nslookup www.vg.no [ip of any nameserver]

and also every command that need nameresolution fail to work


but if i cut one of the multipath links and wait for the ospfd to remove
the multipath routes
like this 

---  ---
| gw1 |--| gw2 | --
DEFGW---| |  | |-| Laptop |
| |--| | --
---  ---

or

---  ---
| gw1 |--| gw2 | --
DEFGW---| |  | |-| Laptop |
| |--| | --
---  ---

then nameresolution function as expected

in all 3 scenarioes i can ping the nameserver ok from all boxes.

hope someone have a clue to give me :)
-- 
Ronny Aasen [EMAIL PROTECTED]
datapart AS
-- 
Ronny Aasen [EMAIL PROTECTED]



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Network time synchronization

2004-03-17 Thread Erich Titl 
Hi

At 11:00 17.03.2004 +, Shango wrote:
I can think of 2 causes:

1. You are sync'ing your Bering box to a timeserver in a different
   timezone than you, in which case get a server in your location:

http://www.eecis.udel.edu/~mills/ntp/servers.html 

NTP servers usually serve UTC




2. Your entry in /etc/localtime might be incorrect, altho' I don't
   think this is the problem - someone else might elaborate on this.

look at the output of `date`, what timezone does it specify

cheers
Erich


THINK 
Püntenstrasse 39 
8143 Stallikon 
mailto:[EMAIL PROTECTED] 
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70alloc_id638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Does ne.o work with Bering Uclib?

2004-03-17 Thread Marko Nurmenniemi 
Tim Wegner wrote:

Ah so, the solution is to load the crc32 module before the 8390 
module. This is probably a FAQ that I missed, but if not, this would 
be a good thing to add to the installation docs since it's a 
difference from Bering,

 

It's not in the FAQ. but it is in the dependencies list.

In my case it changed somewhere around uClibc 2.
When previously I had 8390.o and smc-ultra.o
Now it is
crc32.o, 8390.o  smc-ultra.o
-M

---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Network time synchronization

2004-03-17 Thread Craig Caughlin 
Hi folks,

This is what I did...and it seems to work O.K. I'm on the West Coast
(Sacramento, CA):

Place this entry in the TZ file: PST+8PDT,M4.1.0/2,M10.5.0/2

Then, end the line with a newline character (hit enter, or it might not work
correctly) if you're using Bering-uClibc.

Place the following entries in Shorewall, and then back up!

ACCEPT fw net udp ntp (if you want to query an external NTP server)
ACCEPT loc fw udp ntp (if you want to query your Bering box time server)

Cheers,
Craig



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70alloc_id638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Shorewall Log File Management

2004-03-17 Thread Tom Eastep 
On Wednesday 17 March 2004 07:11 am, Tom Eastep wrote:


 When I find the time, I'll clone that description in the shorewall.conf
 documentation.


See http://shorewall.net/Documentation.htm#Conf

-Tom
-- 
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re[2]: [leaf-user] kernel panic Bering 2.1

2004-03-17 Thread Yazgot 
Hello Ray,

  March 16th 2004 (01:10:19) you wrote:


RO information about their causes to examine. Even with the complete screenful
RO of stuff you actually saw (the lots of data), analysis requires uncommon
RO expertise.

Acctually I've got all info from that screen :-)

RO But ... if you are using a strandard LEAF production kernel, the odds are

I didn't touch the kernel, i just added needed modules to script

Cut

RO Although I haven't sen it myself, the mention of the interrupt handler
RO makes me wonder about a problem with either the NIC or the USB device.

RO The only likely source of the problem that is Linux related is modules, if
RO you are using anything at all non-standard there (for example, how do you
RO support the USB DSL interface?).

I'm using following modules:

adiusbadsl usb-uhci usbcore [adiusbadsl usb-uhci]

^These are suspected for me (i encounter strange behavior at full
saturation of bandwidth {512/120kbit} - ADSL modem hangs and router
can reestablish ppp only after putting down ppp0 and eth1 {-my INET
if} and restarting ADSL modem {by adictrl -w}) and then ppp {pppd call
eagle} (I've written a script for doing that - probably caveman style
but it's working:-))

packages I'm using:
ppp ver. 2.4.1-pppoe
eagle ver. 1.0.4

-- 
Greetings,
 Yazgotmailto:[EMAIL PROTECTED]



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] VPN Suggestions?

2004-03-17 Thread Nachman Yaakov Ziskind 
 -Original Message-
 
 I'd like to implement a VPN at work (seems to be the in thing to do); I don't
 really so much want encryption (but I'll take it :-) as better user
 authentication (right now, I use TCP Wrappers and firewall rules to keep out
 undesireables; this is becoming more and more unworkable as folks wish to
 connect  with dynamic IP addresses). Right now, I have Bering V1.0-RC2 
 running off a floppy (love that firewall!) and a Mandrake box on the 
 interior.
 
 Primary criterion: ease of setup on the admin's part. :-)
 
 Any suggestions would be appreciated.
 
 Thanks!

Jorn Eriksen wrote (on Wed, Mar 17, 2004 at 12:15:47PM +0100):
 Norman,
 
 I've used PPTP for quite some time.  It's very stable!  The best thing is 
 that it do not require ANY software on W2K / XP machines...
 
 Have a look here for details:
 http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/pppd/

Thanks, Jorn. But I am now confused - there was very little documentation
there. And, from Googling, I see that pppd is supposed to transmit datagrams
over serial links - and I'm not sure how that fits in to a VPN over broadband
ethernet, or how pppd relates to pptp. 

Can you point me to some documentation?

Thanks!

-- 
_
Nachman Yaakov Ziskind, EA, LLM [EMAIL PROTECTED]
Attorney and Counselor-at-Law   http://ziskind.us
Economic Group Pension Services http://egps.com
Actuaries and Employee Benefit Consultants


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] VPN Suggestions?

2004-03-17 Thread Martin Hejl 
Nachman Yaakov Ziskind wrote:
I'd like to implement a VPN at work (seems to be the in thing to do); I don't
really so much want encryption (but I'll take it :-) as better user
authentication (right now, I use TCP Wrappers and firewall rules to keep out
undesireables; this is becoming more and more unworkable as folks wish to
connect  with dynamic IP addresses). Right now, I have Bering V1.0-RC2 running
off a floppy (love that firewall!) and a Mandrake box on the interior.
Primary criterion: ease of setup on the admin's part. :-)

Any suggestions would be appreciated.
I'd highly suggest OpenVPN - it's easy enough to set up, and well 
supported by the developer (and it also comes with an installer for 
windows clients, which makes setting things up under Windows a piece of 
cake). The only downside is (IMHO) that it only runs on Windows 2000 or 
XP (of course, it runs on every linux plattform I've tried it on). And 
it seems to be a bit more CPU intensive than IPSEC (tried it on a 
head-to-head comparison on a pretty slow box) but unless you're running 
a VPN over a 10MBit link, it should make no difference. Plus OpenVPN is 
_much_ easier to use over NATed connections.

I maintain the lrp for Bering uClibc, but I'm afraid I don't know how 
current the version for Bering is.

HTH

Martin

--
You think that's tough?  Try herding cats!


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] VPN Suggestions?

2004-03-17 Thread Jorn Eriksen 
Hi again,

The PPTP daemon that is used in Bering is based on:
http://www.poptop.org/
That should be a good startiing point...

Jorn

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Nachman
Yaakov Ziskind
Sent: Wednesday, March 17, 2004 8:39 PM
To: Jorn Eriksen
Cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] VPN Suggestions?


 -Original Message-
 
 I'd like to implement a VPN at work (seems to be the in thing to do); I don't
 really so much want encryption (but I'll take it :-) as better user
 authentication (right now, I use TCP Wrappers and firewall rules to keep out
 undesireables; this is becoming more and more unworkable as folks wish to
 connect  with dynamic IP addresses). Right now, I have Bering V1.0-RC2 
 running off a floppy (love that firewall!) and a Mandrake box on the 
 interior.
 
 Primary criterion: ease of setup on the admin's part. :-)
 
 Any suggestions would be appreciated.
 
 Thanks!

Jorn Eriksen wrote (on Wed, Mar 17, 2004 at 12:15:47PM +0100):
 Norman,
 
 I've used PPTP for quite some time.  It's very stable!  The best thing is 
 that it do not require ANY software on W2K / XP machines...
 
 Have a look here for details:
 http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/pppd/

Thanks, Jorn. But I am now confused - there was very little documentation
there. And, from Googling, I see that pppd is supposed to transmit datagrams
over serial links - and I'm not sure how that fits in to a VPN over broadband
ethernet, or how pppd relates to pptp. 

Can you point me to some documentation?

Thanks!

-- 
_
Nachman Yaakov Ziskind, EA, LLM [EMAIL PROTECTED]
Attorney and Counselor-at-Law   http://ziskind.us
Economic Group Pension Services http://egps.com
Actuaries and Employee Benefit Consultants


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Is this Hardware more effective than LEAF?

2004-03-17 Thread joah moat 
Hello, I came across this PCI Firewall card:

http://www.netmaster.com/products/ggblade.shtml

Does this card have any major technical advantages over LEAF?  (I know LEAF 
has the advantage of affordability, but from a layman's standpoint, I'm just 
curious what are the advantages such a device has over LEAF.)

_
http://join.msn.com/?pgmarket=en-capage=byoa/premxAPID=1994DI=1034SU=http://hotmail.com/encaHL=Market_MSNIS_Taglines


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Re: Which Distro for This Firewall/Router?

2004-03-17 Thread Calvin Webster 
Well, I've gotten no responses from the list so I think I'm going with
the Bering-uClibc distribution since it seems to be more actively
maintained than most of the others and apparently can handle the
multiple interfaces I'll need. Hopefully, someone will chime in with
some pointers when they get the time.

From what I've found so far, there is precious little real
documentation on installation, configuration, and implementation. A nice
HTML or PDF User Guide would be nice.

Thanks in advance for any suggestions. :-)

--Cal Webster

On Tue, 2004-03-16 at 18:17, Calvin Webster wrote:
 I've been looking over the LEAF distros for a candidate to build a set
 of border firewall/routers. They are to replace existing devices built
 with PC hardware and commercial DOS-based firewall software.
 
 I have several questions. Here are a few to start:
 
 1. Given the details below, which distro would be most appropriate?
 2. Given the firewall/routing requirements, which dynamic routing
 protocols would be recommended.
 3. Suggestions on configuring IPSEC VPNs over the untrusted networks?
 
 I have given an outline of the project below. This is a fictitious
 network, but representative of the real project. Details of
 infrastructure have been obfuscated, but the outline describes project
 parameters.
 
 Please let me know if I've left out anything.
 
 Thanks!
 
 --Cal Webster
 
 
 
 There are 4 devices, one in each building at our site. Two of the new
 firewalls will run on the older hardware, while the other two will run
 on recently purchased hardware stored in DiskOnChip. Eventually, I want
 to replace all older platforms with newer machines and run them from
 DiskOnChip or straight Flash memory. I have some 40 GB hard drives
 installed in the new machines on which I plan to build the custom
 kernels and setup the services for testing.
 
 Old Hardware Platform:
 
 Generic Desktop Chassis
 AMD K6-2 336 MHz CPU
 1MB cache
 128 MB RAM
 2 GB HDD
 1.44 FDD
 4 3c905 NICs
 
 New Hardware Platform:
 
 Cyber Research 2U rack-mount passive backplane chassis
 CPTD CEL/COP-850 All-In-One Single Board Computer
 PIII 850 MHz
 100 MHz front side bus
 Intel 82558 10/100-TX (integrated)
 768 MB RAM
 256 MB DiskOnChip
 1.44 FDD
 USB
 4 3C905-TX NIC's
 
 I began building one new machine with RedHat Linux 8 but had to put the
 project on hold after finally getting the drivers to work with
 DiskOnChip.
 
 
 
 Here is a summary of the functionality required:
 
 Firewall: 
 stateful packet inspection
 NAT/PAT
 IPSEC Auth
 IPSEC VPN tunneling
 Router:
 BGP
 RIP
 Logging to external syslog server
 https/ssh configuration/management tool
 Port Knocking to trigger remote vpn/ssh access
 Optional user authentication to access Internet
 Block outbound traffic by IP,subnet,user,port
 Block all inbound traffic from untrusted networks except that which is
 initiated from inside
 Allow all traffic between trusted networks.
 Fastest available link should be chosen when redundant paths exist.
 
 
 Here is a sketch of the network:
 
 DSL = 500 Kbps ADSL Link
 RF1 = 100 Mbps RF Wireless direct point-to-point link
 RF2 = 1.5 Mbps RF Wireless direct point-to-point link
 ISP = 2 Mbps Cable ISP
 PLANn = Fast Ethernet Private LANs within buildings at site.
 
[PLAN2] [PLAN2] [Remote User]
   |   | |
 [PLAN1]   |   [PLAN1] | |
|  |  || [Internet]
|  |  || |
 Building A   Building B|
 [Firewall 1]-[RF1]-[Firewall 2]---[ISP]
 ^  \/ ^
 \   \  /  /
  \ [DSL][DSL]/
   \   \  /  / 
\   \   [Internet]   /  /
 \   \  |   /  /
  \   \ |  /  /
   \   \| /  /
\   \   |/  /
   [RF1] \  |   /[RF1]
  \   [Corp Network]  /
   \^/
\   |   /
 \  |  /
  \   [DSL]   /
   \|/
\   |   /
 \  |  /
Building C 
   [Firewall 3]---[PLAN1]
 ^\
 | \--[PLAN2]
 |
   [RF2]
 |
 |
 Building D 
[Firewall

Re: [leaf-user] Re: Which Distro for This Firewall/Router?

2004-03-17 Thread Tony 
HI Calvin,

Bering and Bering uClibc are kissing cousins, so what you find in the 
original Bering docs are relevant to Bering uClibc.  Any differences are 
noted in the uClibc docs.

Check out:
http://leaf.sourceforge.net/doc/guide/binstall.html - Bering Install guide
http://leaf.sourceforge.net/doc/guide/busers.html - Bering Users Guide
http://leaf.sourceforge.net/doc/guide/buc-install.html - Bering-uClibc 
Installation Guide
http://leaf.sourceforge.net/doc/guide/buc-user.html - Bering-uClibc 
User's Guide

As far as your requirements, I think you'll find either to be up to 
snuff, with the exception there is no web based configuration at this 
time.  All CLI baby

Don't forget to backup your disk after making changes, as they will be 
lost upon reboot if you don't.

Good Luck

Tony



Calvin Webster wrote:

Well, I've gotten no responses from the list so I think I'm going with
the Bering-uClibc distribution since it seems to be more actively
maintained than most of the others and apparently can handle the
multiple interfaces I'll need. Hopefully, someone will chime in with
some pointers when they get the time.
From what I've found so far, there is precious little real
documentation on installation, configuration, and implementation. A nice
HTML or PDF User Guide would be nice.
Thanks in advance for any suggestions. :-)

--Cal Webster

On Tue, 2004-03-16 at 18:17, Calvin Webster wrote:
 

I've been looking over the LEAF distros for a candidate to build a set
of border firewall/routers. They are to replace existing devices built
with PC hardware and commercial DOS-based firewall software.
I have several questions. Here are a few to start:

1. Given the details below, which distro would be most appropriate?
2. Given the firewall/routing requirements, which dynamic routing
protocols would be recommended.
3. Suggestions on configuring IPSEC VPNs over the untrusted networks?
I have given an outline of the project below. This is a fictitious
network, but representative of the real project. Details of
infrastructure have been obfuscated, but the outline describes project
parameters.
Please let me know if I've left out anything.

Thanks!

--Cal Webster



There are 4 devices, one in each building at our site. Two of the new
firewalls will run on the older hardware, while the other two will run
on recently purchased hardware stored in DiskOnChip. Eventually, I want
to replace all older platforms with newer machines and run them from
DiskOnChip or straight Flash memory. I have some 40 GB hard drives
installed in the new machines on which I plan to build the custom
kernels and setup the services for testing.
Old Hardware Platform:

Generic Desktop Chassis
   AMD K6-2 336 MHz CPU
   1MB cache
   128 MB RAM
   2 GB HDD
   1.44 FDD
4 3c905 NICs
New Hardware Platform:

Cyber Research 2U rack-mount passive backplane chassis
CPTD CEL/COP-850 All-In-One Single Board Computer
   PIII 850 MHz
   100 MHz front side bus
   Intel 82558 10/100-TX (integrated)
   768 MB RAM
   256 MB DiskOnChip
   1.44 FDD
   USB
4 3C905-TX NIC's
I began building one new machine with RedHat Linux 8 but had to put the
project on hold after finally getting the drivers to work with
DiskOnChip.


Here is a summary of the functionality required:

Firewall: 
   stateful packet inspection
   NAT/PAT
   IPSEC Auth
   IPSEC VPN tunneling
Router:
   BGP
   RIP
Logging to external syslog server
https/ssh configuration/management tool
Port Knocking to trigger remote vpn/ssh access
Optional user authentication to access Internet
Block outbound traffic by IP,subnet,user,port
Block all inbound traffic from untrusted networks except that which is
initiated from inside
Allow all traffic between trusted networks.
Fastest available link should be chosen when redundant paths exist.

Here is a sketch of the network:

DSL = 500 Kbps ADSL Link
RF1 = 100 Mbps RF Wireless direct point-to-point link
RF2 = 1.5 Mbps RF Wireless direct point-to-point link
ISP = 2 Mbps Cable ISP
PLANn = Fast Ethernet Private LANs within buildings at site.
  [PLAN2] [PLAN2] [Remote User]
 |   | |
[PLAN1]   |   [PLAN1] | |
  |  |  || [Internet]
  |  |  || |
Building A   Building B|
[Firewall 1]-[RF1]-[Firewall 2]---[ISP]
   ^  \/ ^
   \   \  /  /
\ [DSL][DSL]/
 \   \  /  / 
  \   \   [Internet]   /  /
   \   \  |   /  /
\   \ |  /  /
 \   \| /  /
  \   \   |/  /
 [RF1] \  |   /[RF1]

Re: [leaf-user] Is this Hardware more effective than LEAF?

2004-03-17 Thread Ben Wang 
The difference is, its all set up for you and ready to go.

Its alot like any other hardware solution on the market where the OS and 
settings are done all you need to do is configure it match your own 
situation.

Unless of course that board comes with an onboard encryption processor 
other than that it looks like just a standard embedded system without a 
nice looking enclosure and power supply.

Ben

joah moat wrote:

Hello, I came across this PCI Firewall card:

http://www.netmaster.com/products/ggblade.shtml

Does this card have any major technical advantages over LEAF?  (I know 
LEAF has the advantage of affordability, but from a layman's standpoint, 
I'm just curious what are the advantages such a device has over LEAF.)

_
http://join.msn.com/?pgmarket=en-capage=byoa/premxAPID=1994DI=1034SU=http://hotmail.com/encaHL=Market_MSNIS_Taglines 



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Is this Hardware more effective than LEAF?

2004-03-17 Thread Joey Officer 
I have to agree here.  While the idea of using an embedded device that is
intended to do a specific job, and do it well, is really nice, I think its
also intended for a larger environment.

I can see this card being used for a rack of systems that could treat all of
these card as a single device, of sort, and be able to route through the
cards quickly and efficiently.

The specs from the page do not reference what PCI bus it uses, or what
external environment it requires, as it most certainaly will require a host
to accept.

I admit its impressive looking, but I would venture that its rather
expensive and you could probably do more with less, using commodity
hardware, as LEAF does.  For the high end stuff, sure it requires better
hardware, but I think you need to evaluate what it is that you are doing,
versus the hardware you expect to use.

my 2 cents
joey


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Ben Wang
Sent: Wednesday, March 17, 2004 8:01 PM
To: joah moat
Cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Is this Hardware more effective than LEAF?


The difference is, its all set up for you and ready to go.

Its alot like any other hardware solution on the market where the OS and
settings are done all you need to do is configure it match your own
situation.

Unless of course that board comes with an onboard encryption processor
other than that it looks like just a standard embedded system without a
nice looking enclosure and power supply.

Ben

joah moat wrote:

 Hello, I came across this PCI Firewall card:

 http://www.netmaster.com/products/ggblade.shtml

 Does this card have any major technical advantages over LEAF?  (I know
 LEAF has the advantage of affordability, but from a layman's standpoint,
 I'm just curious what are the advantages such a device has over LEAF.)

 _

http://join.msn.com/?pgmarket=en-capage=byoa/premxAPID=1994DI=1034SU=htt
p://hotmail.com/encaHL=Market_MSNIS_Taglines




 ---
 This SF.Net email is sponsored by: IBM Linux Tutorials
 Free Linux tutorial presented by Daniel Robbins, President and CEO of
 GenToo technologies. Learn everything from fundamentals to system
 administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Does ne.o work with Bering Uclib?

2004-03-17 Thread K.-P. Kirchdörfer 
Am Mittwoch, 17. März 2004 16:48 schrieb Marko Nurmenniemi:
 Tim Wegner wrote:
 Ah so, the solution is to load the crc32 module before the 8390
 module. This is probably a FAQ that I missed, but if not, this would
 be a good thing to add to the installation docs since it's a
 difference from Bering,

 It's not in the FAQ. but it is in the dependencies list.

Anyway we should add it to the Installation Guide...

 In my case it changed somewhere around uClibc 2.

Exactly with the move to newer kernel version 2.4.24

kp


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70alloc_id638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html