Re: [leaf-user] IPSEC help needed....
Kevin wrote: Thanks Charles - yes I just need to allow the passthrough of the IPSEC protocol for everything to work. I will update the firewall like below and bring the laptop home tomorrow to try it out. The IT guys do not understand my router and all they have troubleshooting guides for are the commercial routers for consumers I will try the rules first, then the kernel and module. As Matt stated, I will also search the HOWTO's and ask the IT guys what type of connection this is if I need more help. You'll need the rules and the module. You won't need to mess with the kernel if you're running Dachstein from floppy. If you're running off of CD, the default kernel is configured to run IPSec on the firewall so it won't work w/o changing the kernel (kind of hard on the CD-ROM, but you could install to a HDD or similar). Post to the list if you need further help. -- Charles Steinkuehler [EMAIL PROTECTED] --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] IPSEC help needed....
Thanks Charles - yes I just need to allow the passthrough of the IPSEC protocol for everything to work. I will update the firewall like below and bring the laptop home tomorrow to try it out. The IT guys do not understand my router and all they have troubleshooting guides for are the commercial routers for consumers I will try the rules first, then the kernel and module. As Matt stated, I will also search the HOWTO's and ask the IT guys what type of connection this is if I need more help. -Original Message- From: Charles Steinkuehler [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 20, 2004 7:41 AM To: Kevin Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] IPSEC help needed Kevin wrote: SNIP Actually, I think you need a rule set and a module loaded. I'm going to work under the assumption that you need to masquerade an IPSec connection (ie: you're running an ipsec client on an internal system, rather than trying to run ipsec on the firewall itself). To do this, you first need to make sure you're using the proper kernel. Masqerading ipsec and running ipsec on the firewall are mutually exclusive, and require different kernels. The 'plain' kernels avaialble from my site support ipsec masquerading, while kernels with -IPSec in the name support running ipsec directly on the firewall. Which kernel flavor you want depends on your system, but you probably want either the 'small' or 'normal' kernel: http://lrp2.steinkuehler.net/files/kernels/Dachstein-small/ http://lrp2.steinkuehler.net/files/kernels/Dachstein-normal/ The floppy version ships with the small kernel w/o ipsec by default. Once you have an approprate kernel (or have verified you're running the linux-2.2.19-3-LEAF-small.zImage.upx kernel by filesize), you need to copy the ip_masq_ipsec.o masquerading 'helper' module to your modules directory and add it to /etc/modules. The last thing you need to do is allow the actual IPSec traffic through your firewall. This typically involves UDP port 500, and *PROTOCOL* 50 or 51, depending on whether you're running ESP or AH. To do this, add the following in /etc/network.conf EXTERN_UDP_PORTS="0/0_500" EXTERN_PORTS="50_0/0 51_0/0" -- Charles Steinkuehler [EMAIL PROTECTED] --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[Fwd: Re: [Fwd: Re: [leaf-user] dachstein & vt100 emulation]]
Giovanni Franza wrote: Arnold Wiegert ha scritto: Thanks for the references. I looked them up and it seems Putty is good for telnetting only. Found TeraTerm Pro and have installed it. It works well for serial connections, but the 'page up' key seems to cause text to be deleted; the page down key works as it does at the machine console. You can edit the keyboard map. I made this some years ago but I've lost the config file, I only remember that it was possible, sorry ... ;-) Giovanni Thank you for your reply, :-) assuming you are referring to TeraTerm, it does have a keyboard map config file, but the only thing it maps are the key codes vs VT100 functions. It does not allow changing the escape sequences it sends out when a key is pressed. In fact I was just checking the escape sequences on the serial link and found that for page up the program sends out ESC [ 3 ~; similar sequences for page down, home and end keys; only the decimal digit changes. From what I can see, the editor does not handle these sequences as expected. But none of the VT100 documentation I have found on the net includes a ~ as the terminal character. The arrow keys send out the expected sequences. So, I'm still not quite where I wanted to be :-( Arnold --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Routing/openVPN Question
Am Dienstag, 20. April 2004 20:32 schrieb Tom Eastep: > Chris Carbaugh wrote: > > If the only resort is to change IP address space on our LAN, what is > > recommended to avoid this 'clash' in the future. > > The NETMAP facility provides a way around this -- see > http://shorewall.net/netmap.html. Note that NETMAP requires: > > a) A patched kernel (I don't know if the Bering uClibc kernels support > NETMAP). It doesn't yet, but it's now put on todo-list. kp --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] dachstein & vt100 emulation
Charles Steinkuehler wrote: Arnold Wiegert wrote: Hi all I'm still running Dachstein, but would like to use a serial line to access the 'box' from a Windows machine. Since I haven't found a good & free VT100 emulation program, I've used and older modem program which does a pretty good job, except for the page up and down keys. They work well enough in the editor at the console but not in the editor when run on a serial link. What am I missing? If you're only having problems in the e3 editor provided with Dachstein, you might consider using a different editor. While e3 is tiny, IIRC it's written in assembly so it wouldn't necessarily work properly with terminal settings (which tend to be a linked C library thing). If you're having problems outside of the editor as well, make sure your TERM variable is set correctly. Thank you Charles. TERM is set to vt100 It is not that I'm having any problems when I use the PC keyboard, but only when I'm trying to run the system off the serial ports and try to edit a file. I understand that the original VT100 did not have 'page up & down' keys, so the PC keyboard must translate those keys such that they produce the desired effect - same goes for 'home' & 'end'. These work as expected from the PC keyboard, but not on a serial line. When using TeraTerm the 'page down' seems to move the cursor as expected, but 'page up' deletes the character under the cursor, while the 'home' and 'end' keys do nothing good or bad. I was mainly wondering if there might be a key mapping for the 'standard' editor which I might have overlooked and which would give me what I need. TIA Arnold --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[Fwd: Re: [leaf-user] dachstein & vt100 emulation]
Thanks for the references. I looked them up and it seems Putty is good for telnetting only. Found TeraTerm Pro and have installed it. It works well for serial connections, but the 'page up' key seems to cause text to be deleted; the page down key works as it does at the machine console. I'll investigate some more to see where the problem lies. Arnold Tony wrote: TeraTerm Pro? Putty? Tony - Original Message - From: "Arnold Wiegert" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, April 20, 2004 12:28 PM Subject: [leaf-user] dachstein & vt100 emulation Hi all I'm still running Dachstein, but would like to use a serial line to access the 'box' from a Windows machine. Since I haven't found a good & free VT100 emulation program, I've used and older modem program which does a pretty good job, except for the page up and down keys. They work well enough in the editor at the console but not in the editor when run on a serial link. What am I missing? TIA, Arnold --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] dachstein & vt100 emulation
Arnold Wiegert wrote: Hi all I'm still running Dachstein, but would like to use a serial line to access the 'box' from a Windows machine. Since I haven't found a good & free VT100 emulation program, I've used and older modem program which does a pretty good job, except for the page up and down keys. They work well enough in the editor at the console but not in the editor when run on a serial link. What am I missing? If you're only having problems in the e3 editor provided with Dachstein, you might consider using a different editor. While e3 is tiny, IIRC it's written in assembly so it wouldn't necessarily work properly with terminal settings (which tend to be a linked C library thing). If you're having problems outside of the editor as well, make sure your TERM variable is set correctly. -- Charles Steinkuehler [EMAIL PROTECTED] --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Routing/openVPN Question
Chris Carbaugh wrote: If the only resort is to change IP address space on our LAN, what is recommended to avoid this 'clash' in the future. The NETMAP facility provides a way around this -- see http://shorewall.net/netmap.html. Note that NETMAP requires: a) A patched kernel (I don't know if the Bering uClibc kernels support NETMAP). b) Shorewall 2.0.1 -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] dachstein & vt100 emulation
TeraTerm Pro? Putty? Tony - Original Message - From: "Arnold Wiegert" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, April 20, 2004 12:28 PM Subject: [leaf-user] dachstein & vt100 emulation > Hi all > > I'm still running Dachstein, but would like to use a serial line to > access the 'box' from a Windows machine. > > Since I haven't found a good & free VT100 emulation program, I've used > and older modem program which does a pretty good job, except for the > page up and down keys. > > They work well enough in the editor at the console but not in the editor > when run on a serial link. > > What am I missing? > > TIA, > Arnold > > > > --- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Routing/openVPN Question
Hello all, I have openVPN setup on a Bering uClibc 2.1 box on our local LAN, connected to a T1 with static IP. I can successfully connect (openVPN) from another Bering box and a Win2k client (over cable modem, DHCP), so everything appears to be running as it should. I'm trying to connect another remote WinXP box over DSL (DHCP). Here's what I have: 192.168.11.2Remote Client | | 192.168.11.1Remote LAN Gateway - Linksys router 192.168.1.33router external interface | | 192.168.1.0/24 Sprint's local DSL subnet 192.168.1.254 router's gateway ? ? 65.41.48.33 Sprint's public IP (DSL subnet is NAT'ed behind this) | | 66.216.159.82 Our T1 public interface (NAT'ing our LAN) 192.168.1.100 Our LAN's Gateway | | 192.168.1.0/24 Our LAN OpenVPN on the remote client will connect to openVPN on our Bering box. So Sprint's NAT doesn't seem to be a problem. The problem is of course that Sprint is using the same IP address Space on their DSL segment that we use on our LAN. Is is possible to configure routing on the WinXP machine and (or) our Bering box with this configuration? I know the easy answer is to change the IP addresses on our LAN, but what happens when the next remote client is in the same situation? If the only resort is to change IP address space on our LAN, what is recommended to avoid this 'clash' in the future. Any thoughts appreciated, Chris -- Chris Carbaugh Network Administrator [EMAIL PROTECTED] Leer Electric Inc. www.LeerElectric.com PHONE: (717) 432-9756 FAX: (717) 432-9758 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] dachstein & vt100 emulation
Hi all I'm still running Dachstein, but would like to use a serial line to access the 'box' from a Windows machine. Since I haven't found a good & free VT100 emulation program, I've used and older modem program which does a pretty good job, except for the page up and down keys. They work well enough in the editor at the console but not in the editor when run on a serial link. What am I missing? TIA, Arnold --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] IPSEC help needed....
Kevin wrote: I am using Dachstein 1.02 and need IPSEC enabled to get the work VPN software to work correctly. I do not see a module IPSEC that is loaded, should I have one to make this work correctly? Here are the modules loaded: Linux version 2.2.19-3-LEAF ([EMAIL PROTECTED]) (gcc version 2.7.2.3) #1 Sat Dec 1 12:15:05 CST 2001 Installed Modules: ip_masq_vdolive 1180 0 (unused) ip_masq_user3708 0 (unused) ip_masq_raudio 2980 0 (unused) ip_masq_quake 1220 0 (unused) ip_masq_portfw 2416 0 (unused) ip_masq_mfw 3196 0 (unused) ip_masq_irc 1924 0 ip_masq_ftp 3576 0 ip_masq_cuseeme 964 0 (unused) ip_masq_autofw 2476 0 (unused) ne 6292 2 83906236 0 [ne] bsd_comp3708 0 (unused) ppp_deflate40672 0 (unused) ppp20828 2 [bsd_comp ppp_deflate] slhc4436 0 [ppp] Here are the packages: This is the block that needs to pass through: Apr 19 07:10:48 amberton kernel: Packet log: input DENY ppp0 PROTO=50 207.11.4.7:65535 68.19.16.103:65535 L=168 S=0x00 I=8699 F=0x T=243 (#70) I am not sure if I need a rule set or a package loaded, any help would be beneficial. Actually, I think you need a rule set and a module loaded. I'm going to work under the assumption that you need to masquerade an IPSec connection (ie: you're running an ipsec client on an internal system, rather than trying to run ipsec on the firewall itself). To do this, you first need to make sure you're using the proper kernel. Masqerading ipsec and running ipsec on the firewall are mutually exclusive, and require different kernels. The 'plain' kernels avaialble from my site support ipsec masquerading, while kernels with -IPSec in the name support running ipsec directly on the firewall. Which kernel flavor you want depends on your system, but you probably want either the 'small' or 'normal' kernel: http://lrp2.steinkuehler.net/files/kernels/Dachstein-small/ http://lrp2.steinkuehler.net/files/kernels/Dachstein-normal/ The floppy version ships with the small kernel w/o ipsec by default. Once you have an approprate kernel (or have verified you're running the linux-2.2.19-3-LEAF-small.zImage.upx kernel by filesize), you need to copy the ip_masq_ipsec.o masquerading 'helper' module to your modules directory and add it to /etc/modules. The last thing you need to do is allow the actual IPSec traffic through your firewall. This typically involves UDP port 500, and *PROTOCOL* 50 or 51, depending on whether you're running ESP or AH. To do this, add the following in /etc/network.conf EXTERN_UDP_PORTS="0/0_500" EXTERN_PORTS="50_0/0 51_0/0" -- Charles Steinkuehler [EMAIL PROTECTED] --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
