Re: [leaf-user] trouble accessing firewall

[Erich Titl]

Hi

At 20:06 07.04.2004 -0400, Dave Rose wrote:
I am standing up a bering firewall and have made it through the 3c509
troubleshooting phase, or so I thought. I am unable to ping the internal
side of the firewall from my other computers.

I am not sure icmp to the firewall is enabled in shorewall by default.

HTH
Erich


THINK 
Püntenstrasse 39 
8143 Stallikon 
mailto:[EMAIL PROTECTED] 
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70alloc_id638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] OpenVPN on Bering

[Tom Eastep]

I'm only posting a reply to the LEAF list since that is where I prefer 
Leaf Shorewall support to be handled. I also dislike getting involved in 
mail threads that are cross-posted on several lists.

AdStar wrote:

I'm trying to setup a VPN (openvpn version 1.5.0) connection from my home
(ADSL, static IP) to my Office (Static IP).
Both networks have a leaf Bering machine as there firewalls, both running
shorewall 1.4.7c. I followed the guide at
http://www.shorewall.net/1.4/OPENVPN.html but I'm not 100% sure I have got
it right. I can get the openvpn side of things to connect but cannot ping
any machines on either side of the VPN from the firewall or internal
machines.
a) Your Shorewall rules/policies don't permit and fw-vpn traffic so 
that rules out fw access via the tunnel.

b) I believe that the routes that you are adding are specifying the 
wrong gateway -- they should specify the remote end of the tunnel as the 
gateway, not the local end.

c) I suggest that you shorewall clear then debug your tunnel. Once it 
is working that way *then* start Shorewall. You will then be confident 
that any remaining problems are in your Shorewall config and not in your 
tunnel/routing setup.

-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] trouble accessing firewall

[George Metz]

Really wouldn't matter, just yet, that ping isn't enabled. If he has no 
link light from the LEAF box on his switch/hub, and no light on the 
networking card, then there's an issue that's lower than Layer 3 (IP), 
and probably an issue at Layer 1 (Physical).

After he figures out the reason he doesn't have link, then yeah, the 
firewall issue with ICMP comes into play. :)

Henning Jebsen wrote:

Did you allow pinging to/from the firewall ?
You have to switch it on explicitly in recent versions:
http://www.shorewall.net/ping.html

Greetings !



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Open Brick E

[Roger E McClurg]

Bao,

I've tried Lexar and SanDisk. I've tried both DOS and LEAF boot images on 
each of the CFs. I've used both Linux and DOS fdisk programs. I've tried 
every combination imaginable, and in all cases the boot terminates at 
Verifying DMI Data Pool. Do you have any ideas?

Roger





leaf-user-request
@lists.sourceforge.net
Sent by: leaf-user-admin
04/07/2004 11:03 PM
Please respond to leaf-user
 
To: [EMAIL PROTECTED]
cc: 
Subject:leaf-user digest, Vol 1 #2233 - 3 msgs


Date: Wed, 7 Apr 2004 21:18:45 -0400
From: Bao C. Ha [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Open Brick E

On Wed, Apr 07, 2004 at 07:47:43PM -0400, Roger E McClurg wrote:

Hi Roger,

 Is anyone running LEAF on the OpenBrick E hardware with compact flash? 
If 
 so, can you please tell me what brand you are using?

Lexar seems to be the best. We do use other brands occasionally.

Bao
-- 
Best Regards.
Bao C. Ha
Hacom OpenBrick Distributor USA http://www.hacom.net
voice: (714) 530-8817 fax: (714) 530-8818
8D66 6672 7A9B 6879 85CD 42E0 9F6C 7908 ED95 6B38






---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Open Brick E

[Bao C. Ha]

On Thu, Apr 08, 2004 at 12:17:51PM -0400, Roger E McClurg wrote:

Hi Roger,

 I've tried Lexar and SanDisk. I've tried both DOS and LEAF boot images on 
 each of the CFs. I've used both Linux and DOS fdisk programs. I've tried 
 every combination imaginable, and in all cases the boot terminates at 
 Verifying DMI Data Pool. Do you have any ideas?

It usually means that the CF still has some DOS information on its boot
sector. What boot loader are you using? I just use Grub, since it seems
to work better than syslinux.

Bao
-- 
Best Regards.
Bao C. Ha
Hacom OpenBrick Distributor USA http://www.hacom.net
voice: (714) 530-8817 fax: (714) 530-8818
8D66 6672 7A9B 6879 85CD 42E0 9F6C 7908 ED95 6B38


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] trouble accessing firewall

[Dave Rose]

Thank you to everyone who responded to my request for help. It appears that
I was the victim of my own stupidity. I inadvertantly grabbed an old 100MB
hub to use (not a 10/100MB hub). Needless to say, the 3c509 cards did not
work. I have replaced the hub and everything is fine now.

On another note, I have determined that there is a small but vital piece of
information missing from the linux Ethernet HOWTO. That is, if you attempt
to specify any parameters on the 3c509 driver line(s) in the /etc/modules
file, the driver will NOT load. Once the cards are appropriately set with
the DOS utility, the simple 3c509 entry works like a charm.

Thanks again,
Dave

- Original Message -
From: Dave Rose [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, April 07, 2004 8:06 PM
Subject: [leaf-user] trouble accessing firewall


 I am standing up a bering firewall and have made it through the 3c509
 troubleshooting phase, or so I thought. I am unable to ping the internal
 side of the firewall from my other computers.

 My hardware
 -
 486DX4 100Mhz
 PCI video card
 20MB RAM
 Floppy disk
 3c509B-TP (I have two of these cards installed in the ISA bus)


 Hardware configuration
 ---
 NO Hard drive (controller disabled in BIOS)
 NO comm/parallel ports (disabled in BIOS)
 Set the 3c509-TP cards to IRQ7,5 and IO addresses of 0x300,0x280 and
 disabled the ISA plug and play feature and successfully ran the 3COM
 diagnostics function on each card)


 Software configuration
 
 1.) downloaded the bering 1.2 software (Windows utility to make the boot
 floppy- Bering_1.2_img_bering-1680.exe from
 http://download.sourceforge.net/leaf/)

 2) downloaded the bering 1.2 modules (Bering_1.2_modules_2.4.20.tar.gz
from
 http://download.sourceforge.net/leaf/)

 3) I booted the floppy I made in the first step and added the 3c509.o
 ethernet card driver to /lib/modules

 4.) I modified /etc/modules to add the line

 3c509

 5) I pretty much left /etc/network/interfaces to the default settings
since
 they are set up initially for the configuration that I am looking for


 The problem
 
 Although the system recognizes both cards (IRQs and IO addresses) at
 startup, the eth1 interface fails to activate, light up the led on the hub
 and can not be pinged from my other workstation on the internal lan. Any
 ideas how to proceed would be much appreciated.

 Thanks
 Dave



 ---
 This SF.Net email is sponsored by: IBM Linux Tutorials
 Free Linux tutorial presented by Daniel Robbins, President and CEO of
 GenToo technologies. Learn everything from fundamentals to system
 administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] HDPARM

[freeman]

Personally, I'd second this 'motion' for this to be posted to SF.

A large factor in my deciding to go with a 2-floppy setup (vs a HD) was 
my desire to reduce energy consumption on my box which runs 7/24. I even 
underclocked the CPU so as to be able to disconnect the PS-fan and keep 
it further quiet and less energy-consuming!

As we watch energy prices rise (not to mention the problem of global 
climate change caused by CO2 emissions from, in part, electrical 
generating stations) this HD-powerdown, though small in it's energy  
CO2 savings, is nonetheless a step in the right direction.

scott; canada

Roger E McClurg wrote:

I created an hdparm.lrp package for Bering 1.2. It uses the 5.2 version of 
hdparm from RedHat 9.0. The package includes a script called spindown. 
Spindown will automatically put the HD into standby mode (hdparm -y) at 
the end of the boot process.  I can send it to anyone interested, but if 
the developers think it is useful maybe one of them will agree to put it 
up on Sourceforge.

Roger


---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html