[leaf-user] How do I set 50-line mode for VGA console (Bering uClibc 2.2b5)
For SSH ttyS0 I can achieve this but I cannot figure out how to have my VGA monitor console on my Bering uClibc box give me 50 line display, akin to the DOS command mode con lines=50 cols=80 I've tried adding each of the following to isolinux.cfg (even separately testing with syslinux.cfg) but none had /any/ effect: vga=2 vga=ask vga=ext vga=extended etc. In my reading I've discovered that I may be in need of one or more of: setfont svgatextmode vidmode (aka rdev) fbset but these all seem either unavailable or can't be found in handily, pre-compiled uClibc versions or appear to be unduly complex. Is there an easy way to do what I want? Even a complex way? Thanks for LEAF! scott; canada --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] How do I set 50-line mode for VGA console (Bering uClibc 2.2b5)
Hi, I've tried adding each of the following to isolinux.cfg (even separately testing with syslinux.cfg) but none had /any/ effect: vga=2 vga=ask vga=ext vga=extended etc. as far as I can see the selection of vga modes is not compiled into the default kernel. If you want your options to work you'll have to build a new kernel for Bering with CONFIG_VIDEO_SELECT=y Of course you could use the frame buffer device, which isn't compiled into the default kernel, too Bye, Frank --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idG21alloc_id040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Road-warrior trouble: was Please Help: How to turn on Nat Traversal in Bering?
-Original Message- From: Erich Titl [mailto:[EMAIL PROTECTED] Sent: Monday, July 26, 2004 4:00 PM To: Tibbs, Richard; [EMAIL PROTECTED] Subject: RE: [leaf-user] Road-warrior trouble: was Please Help: How to turn on Nat Traversal in Bering? Rick At 19:56 26.07.2004, you wrote: After long delay getting back to this... Thanks, Erich! Yes, nat_traversal=yes removes the [disabled] portion of the auth.log record. This is on both firewalls below. Mhhh, so nat-traversal is compiled in But, I am having other problems with the home win2k machine. What I am doing is using Bering 1.2 at both home and work firewalls. Home is Bering 1.2 on two floppys, internal network 192.168.1.0/24, ext. static IP 216.12.x.y . Work firewall is Bering CD, internal 192.168.10.0/24 external IP 137.45.w.z. The setup is W2k --- homefw --- internet ---university.net -- W2k --- ethsw --- workfw --- int.subnet ^^ ^ ^ 192.168.1.3 216.12.x.y 137.45.p.q 137.45.w.z 192.168.10.0/24 Can't ping 192.168.10.13 Can ping 192.168.10.13 The symptom is that with identical road-warrior style configs on both W2K machines, the results are different. Also, the university has no firewall (checked with acad. Computing). We have university laptops that we take home with the cisco ipsec client and I can attach these to the internal home network and connect up fine... So the university router ACLs appear to allow ipsec traffic in and out. OK, but NAT occurs on both homefw _and_ workfw? Rick:Yes, masquerading on outbound traffic (SNAT) This is with outbound-filter (same on both win2k security settings) source = my ipaddress/32 dest= 192.168.10.0/24 out-tunnel = 137.45.192.69 --- work fw external IP inbound-filter source= 192.168.10.0/24 dest=my IP addresss/32 in-tunnel = 192.168.1.3 (ip address on home win2k machine) Are these the Cisco settings, so the Cisco VPN client builds a tunnel to 137.45.192.69? Rick: Nope, the cisco client connects to, I suspect, a cisco router running a vpn server. I get no event errors in the Event Viewer, no shorewall log errors, but 100% packet loss over all 12 pings. Pings from where to where? Rick: Pings from the win2k machine to a machine (192.168.10.13) on the office network. The only salient differences seem to be that 1) in the inbound tunnel address is private address on home w2k, and 2) going trhough two firewalls instead of one. Mhhh... at home your source address is in the 192.168.1.0/24 subnet, at work it is in the 137.45.x.y subnet Rick: Yes. What about ipsec barf? Not that I am very good at deciphering it, but it holds a lot of information. Rick: I will give that a try get back to you later. cheers Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idG21alloc_id040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] ioperm
Hello, I try to run this example in my leaf box. And I get the message: ioperm: opperation not permit thank you for any advice felix /* * example.c: very simple example of port I/O * * This code does nothing useful, just a port write, a pause, * and a port read. Compile with `gcc -O2 -o example example.c', * and run as root with `./example'. */ #include stdio.h #include unistd.h #include asm/io.h #define BASEPORT 0x378 /* lp1 */ int main() { /* Get access to the ports */ if (ioperm(BASEPORT, 2, 1)) {perror(ioperm); exit(1);} /* Set the data signals (D0-7) of the port to all low (0) */ outb(0, BASEPORT); /* Sleep for a while (100 ms) */ usleep(10); /* Read from the status port (BASE+1) and display the result */ printf(status: %d\n, inb(BASEPORT + 1)); /* We don't need the ports anymore */ if (ioperm(BASEPORT, 3, 0)) {perror(ioperm); exit(1);} exit(0); } /* end of example.c */ ___ Gesendet von Yahoo! Mail - Jetzt mit 100MB Speicher kostenlos - Hier anmelden: http://mail.yahoo.de --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] ioperm
Hi! This is a GRSecurity issue, to protect system integrity, it forbids direct I/O access. Luis Correia Bering uClibc Team Member PGP Fingerprint: BC44 D7DA 5A17 F92A CA21 9ABE DFF0 3540 2322 21F6 Key Server: http://pgp.mit.edu -Original Message- From: Felix Theodor [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 1:08 PM To: [EMAIL PROTECTED] Subject: [leaf-user] ioperm Hello, I try to run this example in my leaf box. And I get the message: ioperm: opperation not permit thank you for any advice felix /* * example.c: very simple example of port I/O * * This code does nothing useful, just a port write, a pause, * and a port read. Compile with `gcc -O2 -o example example.c', * and run as root with `./example'. */ #include stdio.h #include unistd.h #include asm/io.h #define BASEPORT 0x378 /* lp1 */ int main() { /* Get access to the ports */ if (ioperm(BASEPORT, 2, 1)) {perror(ioperm); exit(1);} /* Set the data signals (D0-7) of the port to all low (0) */ outb(0, BASEPORT); /* Sleep for a while (100 ms) */ usleep(10); /* Read from the status port (BASE+1) and display the result */ printf(status: %d\n, inb(BASEPORT + 1)); /* We don't need the ports anymore */ if (ioperm(BASEPORT, 3, 0)) {perror(ioperm); exit(1);} exit(0); } /* end of example.c */ ___ Gesendet von Yahoo! Mail - Jetzt mit 100MB Speicher kostenlos - Hier anmelden: http://mail.yahoo.de --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click -- -- leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering-uClibc_2.2-beta5 w/ OpenVPN ver 1.6.0 Rev 1 Multiple Tunne l
Yes, it is possible. For each tunnel you have one .conf file in /etc/openvpn. The OpenVPN script will create the tunnels for you. You also need to modify shorewall to allow the new tunnels. Do a search on the mail archive on this topic. M Lu - Original Message - From: Chris Lee [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 12:36 AM Subject: [leaf-user] Bering-uClibc_2.2-beta5 w/ OpenVPN ver 1.6.0 Rev 1 Multiple Tunne l Is it possible to setup more than can one OpenVPN tunnel per Server? If yes, how? i.e. Main Server --Tunnel upd:5000-- Server A ^--Tunnel upd:5001-- Server B ^--Tunnel upd:5002-- Server C I am using Bering-uClibc_2.2-beta5 w/ OpenVPN ver 1.6.0 Rev 1 Many thanks in advance. Regards, Chris Lee --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Need advice to shoose solution
I need to connect several smal health offices to the center office in a secure conection over the Internet. I intend to use uBering as the firewall on each unit, but do not know what to shoose to securely conect them. There is stunel, pptp, IPSec, OpenVPN At the center office is a squid-proxy, the mail server and the database of the administration software. I think that only the access to the administration stuff must realy be secured, as web and e-mail travels anyway over the unsecure internet. I realy dont't know how to decide between them. Any guideline would be apreciated. Thanks, Alex -- ATIX Tecnologia e Com Ltda Tel.: +55-(11) 4667-5900 This message was sent using IMP, the Internet Messaging Program. --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Shorewall logs have bad dates in them
Sorry if this has been covered before. It looks like a real obvious problem, but I'm all Google-eyed from looking for it and couldn't find anything on it. I'm using Shorewall 2.0.2f and the logs always have Dec 31 19:00:00 for the date for REJECTS in the all2all chain. Example log from today: Jul 27 11:50:56 firewall Shorewall:net2all:DROP: IN=ppp0 OUT= MAC= SRC=219.150.118.21 DST=138.88.147.32 LEN=1147 TOS=00 PREC=0x00 TTL=107 ID=60031 CE PROTO=UDP SPT=15008 DPT=1026 LEN=1127 Dec 31 19:00:00 firewall Shorewall:all2all:REJECT: IN= OUT=eth1 MAC= SRC=192.168.1.254 DST=192.168.1.185 LEN=331 TOS=00 PREC=0x00 TTL=64 ID=46672 CE DF PROTO=UDP SPT=67 DPT=68 LEN=311 Dec 31 19:00:00 firewall Shorewall:all2all:REJECT: IN= OUT=eth1 MAC= SRC=192.168.1.254 DST=192.168.1.185 LEN=331 TOS=00 PREC=0x00 TTL=64 ID=34851 CE DF PROTO=UDP SPT=67 DPT=68 LEN=311 Jul 27 12:01:16 firewall Shorewall:net2all:DROP: IN=ppp0 OUT= MAC= SRC=218.78.209.68 DST=138.88.147.32 LEN=1108 TOS=00 PREC=0x00 TTL=108 ID=48679 CE PROTO=UDP SPT=18585 DPT=1026 LEN=1088 Have I misconfigured something? -John --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Road-warrior trouble: was Please Help: How to turn on Nat Traversal in Bering?
OK, at the end is the ipsec barf output (from home fw) for a few pings. So voluminous I snipped out much irrelevant stuff, but if anyone needs a section let me know. I included the homefw config, which virtually identical to office except for the IPs. Interesting message from homefw = something about no NAT detected. That is technically correct, since both fw's are masquerading. Maybe I need to figure out how to wrap the ipsec from win2k with UDP? Any advice would be usefull. TIA Rick. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tibbs, Richard Sent: Tuesday, July 27, 2004 7:47 AM To: Erich Titl Cc: [EMAIL PROTECTED] Subject: RE: [leaf-user] Road-warrior trouble: was Please Help: How to turn on Nat Traversal in Bering? -Original Message- From: Erich Titl [mailto:[EMAIL PROTECTED] Sent: Monday, July 26, 2004 4:00 PM To: Tibbs, Richard; [EMAIL PROTECTED] Subject: RE: [leaf-user] Road-warrior trouble: was Please Help: How to turn on Nat Traversal in Bering? Rick At 19:56 26.07.2004, you wrote: After long delay getting back to this... Thanks, Erich! Yes, nat_traversal=yes removes the [disabled] portion of the auth.log record. This is on both firewalls below. Mhhh, so nat-traversal is compiled in But, I am having other problems with the home win2k machine. What I am doing is using Bering 1.2 at both home and work firewalls. Home is Bering 1.2 on two floppys, internal network 192.168.1.0/24, ext. static IP 216.12.x.y . Work firewall is Bering CD, internal 192.168.10.0/24 external IP 137.45.w.z. The setup is W2k --- homefw --- internet ---university.net -- W2k --- ethsw --- workfw --- int.subnet ^^ ^ ^ 192.168.1.3 216.12.x.y 137.45.p.q 137.45.w.z 192.168.10.0/24 Can't ping 192.168.10.13 Can ping 192.168.10.13 The symptom is that with identical road-warrior style configs on both W2K machines, the results are different. Also, the university has no firewall (checked with acad. Computing). We have university laptops that we take home with the cisco ipsec client and I can attach these to the internal home network and connect up fine... So the university router ACLs appear to allow ipsec traffic in and out. OK, but NAT occurs on both homefw _and_ workfw? Rick:Yes, masquerading on outbound traffic (SNAT) This is with outbound-filter (same on both win2k security settings) source = my ipaddress/32 dest= 192.168.10.0/24 out-tunnel = 137.45.192.69 --- work fw external IP inbound-filter source= 192.168.10.0/24 dest=my IP addresss/32 in-tunnel = 192.168.1.3 (ip address on home win2k machine) Are these the Cisco settings, so the Cisco VPN client builds a tunnel to 137.45.192.69? Rick: Nope, the cisco client connects to, I suspect, a cisco router running a vpn server. I get no event errors in the Event Viewer, no shorewall log errors, but 100% packet loss over all 12 pings. Pings from where to where? Rick: Pings from the win2k machine to a machine (192.168.10.13) on the office network. The only salient differences seem to be that 1) in the inbound tunnel address is private address on home w2k, and 2) going trhough two firewalls instead of one. Mhhh... at home your source address is in the 192.168.1.0/24 subnet, at work it is in the 137.45.x.y subnet Rick: Yes. What about ipsec barf? Not that I am very good at deciphering it, but it holds a lot of information. Rick: I will give that a try get back to you later. --- now homefw here, below: lots of crud snipped out # basic configuration config setup # THIS SETTING MUST BE CORRECT or almost nothing will work; # %defaultroute is okay for most simple cases. interfaces=ipsec0=eth0 # Debug-logging controls: none for (almost) none, all for lots. klipsdebug=none plutodebug=none # Use auto= parameters in conn descriptions to control startup actions. plutoload=%search plutostart=%search # Close down old connection when new one using same ID shows up. uniqueids=yes nat_traversal=yes # defaults for subsequent connection descriptions conn %default # How persistent to be in (re)keying negotiations (0 means very). keyingtries=0 # RSA authentication with keys from DNS. #authby=rsasig #leftrsasigkey=%dns #rightrsasigkey=%dns authby=secret left=216.12.22.89 leftsubnet=192.168.1.0/24 leftnexthop=%direct leftfirewall=yes pfs=yes auto=add conn road-warrior right=%any # connection description for (experimental!) opportunistic encryption # (requires KEY record in your DNS reverse map; see doc/opportunism.howto) conn me-to-anyone #left=%defaultroute #right=%opportunistic # uncomment to enable incoming; change to auto=route for outgoing #auto=add #
Re: [leaf-user] Shorewall logs have bad dates in them
John Desmond wrote: Sorry if this has been covered before. It looks like a real obvious problem, but I'm all Google-eyed from looking for it and couldn't find anything on it. I'm using Shorewall 2.0.2f and the logs always have Dec 31 19:00:00 for the date for REJECTS in the all2all chain. I don't know the source of your problem but I can tell you that the version of Shorewall is irrelevant since Shorewall has nothing to do with generating or displaying dates in these log messages. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Shorewall logs have bad dates in them
John At 20:52 27.07.2004, you wrote: John Desmond wrote: Sorry if this has been covered before. It looks like a real obvious problem, but I'm all Google-eyed from looking for it and couldn't find anything on it. I'm using Shorewall 2.0.2f and the logs always have Dec 31 19:00:00 for the date for REJECTS in the all2all chain. I don't know the source of your problem but I can tell you that the version of Shorewall is irrelevant since Shorewall has nothing to do with generating or displaying dates in these log messages. The puzzling thing is the time stamp, 5 hours off the 1st of january (probably UTC), somehow it looks like an empty date field converted somehow to east coast time A guess would be to ask around in the netfilter team. Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idG21alloc_id040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Connecting to Exchange Server using VPN through Bering 2.0
Good day all, Our network at work has MS Remote Access Server (RAS) running and I connect to the network using MS VPN connection from my WinXP box at Home. I am going through a Bering uClibC 2.0 LRP box and this works no problem. However, I can only make a single connection to the VPN. A connection attempt from a second machine also behind the FW fails. Is this because of masquerading? Is there anyway to establish a connection from a second machine behind the same firewall? Best Regards, Darcy --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html