date:20041028

Re: [leaf-user] proc net entries in bering/bering-uclibc

2004-10-28 Thread Erich Titl

Ronny

At 23:14 08.10.2004 +0200, Ronny Aasen wrote:
using bering and bering-uclibc, for routers not firewalls
i keep running into the arp table limit and the ip_conntrack limit.

the arp limit is noticed by the message 'neighbour table overflow' in
dmsg, and fixed by 

echo 16  /proc/sys/net/ipv4/neigh/default/gc_thresh1
echo 256  /proc/sys/net/ipv4/neigh/default/gc_thresh2
echo 2048  /proc/sys/net/ipv4/neigh/default/gc_thresh3

more info at: http://www.rstack.net/tuning_proc_for_arp.html

the ip_conntrack limit is noticed by 'ip_conntrack table full dropping
packet'

and fixed by something like 
echo 65000  /proc/sys/net/ipv4/ip_conntrack_max

both of these limits make the box drop packets.

so my question is.
Can these entries be incorperated into the lrcfg meny somewhere.
with a lot of the nice comments that we'v all come to love :)

i have noticed most of these limits the hard way. By customers
complaining about poor performance at the worst possible time (tm) 

or is there already such a system, and i am just to blind to spot it ? 
the network.options maybee ? 

good point IMHO

you can try this 

/etc/network/options:

ip_forward=no
spoofprotect=yes
syncookies=no
# adjust arp table
arp_table_adjust=yes
gc_stale_time=15# stale time for arp entries
default_gc_stale_time=15# default stale time for arp entries
gc_interval=5   # arp garbage collection interval
gc_thresh1=256  # arp garbage collection lower threshold
gc_thresh2=2048 # arp garbage collection aggressive threshold
gc_thresh3=4096 # arp garbage collection upper threshold

and the following code fragment in /etc/init.d/networking

...
arp_table_adjust()
{
. /etc/network/options
echo adjusting arp table values...
echo adjusting the arp entry stale time...
[ X$gc_stale_time != X ]  for i in `find /proc/sys/net/ipv4/neigh/ -name 
gc_stale_time |
do
echo $gc_stale_time  $i
done
[ X$default_gc_stale_time != X ]  echo $default_gc_stale_time  
/proc/sys/net/ipv4
echo adjusting the garbage collector interval
[ X$gc_interval != X ]  echo echo $gc_interval  
/proc/sys/net/ipv4/neigh/default/gc_in
echo adjusting the arp table thresholds
[ X$gc_thresh1 != X ]  echo $gc_thresh1  
/proc/sys/net/ipv4/neigh/default/gc_thresh1
[ X$gc_thresh2 != X ]  echo $gc_thresh2  
/proc/sys/net/ipv4/neigh/default/gc_thresh2
[ X$gc_thresh3 != X ]  echo $gc_thresh3  
/proc/sys/net/ipv4/neigh/default/gc_thresh3
echo done...
}

doopt () {
optname=$1
default=$2
opt=`grep ^$optname= /etc/network/options`
if [ -z $opt ]; then
opt=$optname=$default
fi
optval=${opt#$optname=}
if [ $optval = yes ]; then
eval $optname
fi
}

case $1 in
start)
doopt spoofprotect yes
doopt syncookies no
doopt ip_forward no
doopt arp_table_adjust no
..

I will do a patch later

cheers
Erich

THINK 
Püntenstrasse 39 
8143 Stallikon 
mailto:[EMAIL PROTECTED] 
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16




---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88alloc_id065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] PPP connection

2004-10-28 Thread Victor McAllister

Askari wrote:
Hello all,
I need to know how to setup ppp connection (dialup connection) to the
internet with Bering-uClibc.
I already have floppy image file include ppp.lrp and pppoe.lrp, and i
need to setup my LAN like this :
Int---modem---bering uClibc
  |
  |
  |
HUB/SWITCHCLIENT
Can i setup like that, if anyone have an information or tutorial about
that, please inform to me, thank's.
 

Follow the instructions here
http://leaf.sourceforge.net/doc/guide/bucu-ppp.html



---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] proc net entries in bering/bering-uclibc

2004-10-28 Thread Erich Titl

Ronny

bad code fragment in my first message due to cut and paste :-(

arp_table_adjust()
{
. /etc/network/options
echo adjusting arp table values...
echo adjusting the arp entry stale time...
[ X$gc_stale_time != X ]  for i in `find /proc/sys/net/ipv4/neigh/ -name 
gc_stale_time | grep -v /lo`
do
echo $gc_stale_time  $i
done
[ X$default_gc_stale_time != X ]  echo $default_gc_stale_time  
/proc/sys/net/ipv4/neigh/default/gc_stale_time
echo adjusting the garbage collector interval
[ X$gc_interval != X ]  echo $gc_interval  
/proc/sys/net/ipv4/neigh/default/gc_interval
echo adjusting the arp table thresholds
[ X$gc_thresh1 != X ]  echo $gc_thresh1  
/proc/sys/net/ipv4/neigh/default/gc_thresh1
[ X$gc_thresh2 != X ]  echo $gc_thresh2  
/proc/sys/net/ipv4/neigh/default/gc_thresh2
[ X$gc_thresh3 != X ]  echo $gc_thresh3  
/proc/sys/net/ipv4/neigh/default/gc_thresh3
echo done...
}

Erich

THINK 
Püntenstrasse 39 
8143 Stallikon 
mailto:[EMAIL PROTECTED] 
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16




---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88alloc_id065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] proc net entries in bering/bering-uclibc

2004-10-28 Thread Ronny Aasen

i will add this and try it on a test box as soon as possible
and come back with a report.

(asap is not very soon i'm afraid)

mvh
Ronny Aasen

On Thu, 2004-10-28 at 10:35, Erich Titl wrote:
 Ronny
 
 bad code fragment in my first message due to cut and paste :-(
 
 arp_table_adjust()
 {
 . /etc/network/options
 echo adjusting arp table values...
 echo adjusting the arp entry stale time...
 [ X$gc_stale_time != X ]  for i in `find /proc/sys/net/ipv4/neigh/ -name 
 gc_stale_time | grep -v /lo`
 do
 echo $gc_stale_time  $i
 done
 [ X$default_gc_stale_time != X ]  echo $default_gc_stale_time  
 /proc/sys/net/ipv4/neigh/default/gc_stale_time
 echo adjusting the garbage collector interval
 [ X$gc_interval != X ]  echo $gc_interval  
 /proc/sys/net/ipv4/neigh/default/gc_interval
 echo adjusting the arp table thresholds
 [ X$gc_thresh1 != X ]  echo $gc_thresh1  
 /proc/sys/net/ipv4/neigh/default/gc_thresh1
 [ X$gc_thresh2 != X ]  echo $gc_thresh2  
 /proc/sys/net/ipv4/neigh/default/gc_thresh2
 [ X$gc_thresh3 != X ]  echo $gc_thresh3  
 /proc/sys/net/ipv4/neigh/default/gc_thresh3
 echo done...
 }
 
 Erich
 
 THINK 
 Püntenstrasse 39 
 8143 Stallikon 
 mailto:[EMAIL PROTECTED] 
 PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16
-- 
Ronny Aasen [EMAIL PROTECTED]



---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88alloc_id065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] ide flash module

2004-10-28 Thread Livio Ravetto

it appears as an IDE drive, so you set it up like a harddrive really...
Andrew Nance wrote:
Hi group,
I was thinking about getting away from booting and saving all info on the
floppy on my Bering-uClibc 2.2 box
I would like to have write protection like on the floppy, where it can be
turned on and off.
A CD boot seems difficult because whenever I want to make a change I have to
burn it to the cd on a different machine.
A regular IDE hard drive doesn't have very good write protection.
I don't have and flash media like SD or CF.
I saw on a previous post an IDE Flash Module.  This looks very good to me,
it's fairly inexpensive and does everything I want:  can physically and
easily turn write protect on or off, reliable, and quick.
Here is the link to it:
http://ec.transcendusa.com/product/ItemDetail.asp?ItemID=TS32MDOM40V
My question is has anyone used this for LEAF?
If so, how did it work?
Since I am a newb, how would I get the firewall software on the module?
Thanks,
Andrew

---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88alloc_id065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Squid-2

2004-10-28 Thread magolfi

I've just tested SQUID-2.lrp pakage .
I spent several days to test it but I wasn't able to make it work.

in /var/logs/cache.log file I always get the following warning concerning
DNSSERVER :

Can't sun /usr/bin/dnsserver process

this message was repeted so many times like the total number of the child
dnsserver process set.
So i suspect that it's just a configuration problem , but i tried in many
different way to change my
configuration parameters but I still get the same problem : DNS doesn't
start .

starting dnsserver directly (not from squid ) it works , the dnsserver resolve
the names , if  I try to resolve :
www.gogle.com  i get back the related IP.

So !
anybody has experience concerning SQUID-2.lrp cofiguration ?

thank
Maurizio

__
Tiscali Adsl 2 Mega Free: naviga gratis tutto l'anno!
Supera tutti i limiti di velocita' con Tiscali Adsl 2 Mega Free.
Sei libero da costi fissi e, se ti abboni entro l'8 novembre,
navighi gratis tutto l'anno.
http://abbonati.tiscali.it/adsl/





---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88alloc_id065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Bering-uClibc 2.2.2 Not avalible....?

2004-10-28 Thread Troy Aden

http://prdownloads.sourceforge.net/leaf/Bering-uClibc_2.2.2_img_bering-uclib
c-1680.exe?download 

I have tried to download it from every mirror and I keep getting he mirror
you've selected, url does not currently have the file you requested. (This
is an error on our part which will be fixed).
I their any way I could get this file? 

Thanks in advance!

Troy


---
This Newsletter Sponsored by: Macrovision 
For reliable Linux application installations, use the industry's leading
setup authoring tool, InstallShield X. Learn more and evaluate 
today. http://clk.atdmt.com/MSI/go/ins003001msi/direct/01/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] tulip.o problems (Bering-uClibc 2.2.2)

2004-10-28 Thread Troy Aden

I am running the Bering-uClibc 2.2.2. 
The tulip.o module seems to not bee working. 
Do I have to load additional modules to make it work? 
Here are the errors I get on boot:
Tulip - Using /lib/modules ./tulip.o
Insmod: unresolved symbol CRC_Le
Insmod: unresolved symbol Bitreverse

Can anyone help me out here? 

Thanks in advance!

Troy


---
This Newsletter Sponsored by: Macrovision 
For reliable Linux application installations, use the industry's leading
setup authoring tool, InstallShield X. Learn more and evaluate 
today. http://clk.atdmt.com/MSI/go/ins003001msi/direct/01/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] tulip.o problems (Bering-uClibc 2.2.2)

2004-10-28 Thread Arne Bernin

On Fri, 2004-10-29 at 00:30, Troy Aden wrote:
 I am running the Bering-uClibc 2.2.2. 
 The tulip.o module seems to not bee working. 
 Do I have to load additional modules to make it work? 
 Here are the errors I get on boot:
 Tulip - Using /lib/modules ./tulip.o
 Insmod: unresolved symbol CRC_Le
 Insmod: unresolved symbol Bitreverse
 
 Can anyone help me out here? 
 
try to load crc32 first.


 Thanks in advance!
 
 Troy
 
--arne



---
This Newsletter Sponsored by: Macrovision 
For reliable Linux application installations, use the industry's leading
setup authoring tool, InstallShield X. Learn more and evaluate 
today. http://clk.atdmt.com/MSI/go/ins003001msi/direct/01/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] dnsmaq version 2.16

2004-10-28 Thread Victor McAllister

I tried uClibc 2.2.2 with dnsmasq 2.16
dnsmasq complains that it cannot create a leases file and refuses to start.
/etc/init.d/dnsmasq looks the same.
Anyone noticed this?


---
This Newsletter Sponsored by: Macrovision 
For reliable Linux application installations, use the industry's leading
setup authoring tool, InstallShield X. Learn more and evaluate 
today. http://clk.atdmt.com/MSI/go/ins003001msi/direct/01/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] errors backing up ipsec (Bering-uClibc 2.2.2)

2004-10-28 Thread Troy Aden

First off thanks for the quick answers for the questions I have posted
previously! I got the firewall up and it runs very nicely.

However when I do a full backup I get the following errors:

Creating ipsec.lrp Please wait: /tar: etc/pgpcert.pgp: No such file or
directory
tar: Error exit delayed from previous errors
Back-up of ipsec complete
Creating lpthread.lrp Please wait: \tar: var/lib/lrpkg/libpthread.*: No such
file or directory
tar: Error exit delayed from previous errors
Back-up of lpthread complete

Can anyone please explain these to me? It looks like it is expecting some
files that do not exist. Should I be concerned about this?

Just a footnote:
I noticed that the version of IPSec that you have posted in the 2.2 Bering
Uclibc does not include libm as a package dependency. I need to load the
libm package for this version of IPSec to work so you may want to update
your links.
Here is a link:
http://leaf.sourceforge.net/mod.php?mod=userpagemenu=91017page_id=51 
ipsec.lrp 
Openswan IPSEC
Homepage: http://www.openswan.org
Requires: mawk.lrp lpthread.lrp
LEAF Package by [EMAIL PROTECTED], 2004-09-23
Version: 1.0.7 

Again thanks for all the help so far. 
 
Troy


---
This Newsletter Sponsored by: Macrovision 
For reliable Linux application installations, use the industry's leading
setup authoring tool, InstallShield X. Learn more and evaluate 
today. http://clk.atdmt.com/MSI/go/ins003001msi/direct/01/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] tulip.o problems (Bering-uClibc 2.2.2)

2004-10-28 Thread M Lu

tulip.o depends on crc32.o so you need to load crc32 too
/lib/modules/2.4.26/kernel/drivers/net/tulip/tulip.o: 
/lib/modules/2.4.26/kernel/lib/crc32.o


- Original Message - 
From: Troy Aden [EMAIL PROTECTED]
To: Leaf-User (E-mail) [EMAIL PROTECTED]
Sent: Thursday, October 28, 2004 6:30 PM
Subject: [leaf-user] tulip.o problems (Bering-uClibc 2.2.2)


I am running the Bering-uClibc 2.2.2.
The tulip.o module seems to not bee working.
Do I have to load additional modules to make it work?
Here are the errors I get on boot:
Tulip - Using /lib/modules ./tulip.o
Insmod: unresolved symbol CRC_Le
Insmod: unresolved symbol Bitreverse
Can anyone help me out here?
Thanks in advance!
Troy
---
This Newsletter Sponsored by: Macrovision
For reliable Linux application installations, use the industry's leading
setup authoring tool, InstallShield X. Learn more and evaluate
today. http://clk.atdmt.com/MSI/go/ins003001msi/direct/01/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

---
This Newsletter Sponsored by: Macrovision 
For reliable Linux application installations, use the industry's leading
setup authoring tool, InstallShield X. Learn more and evaluate 
today. http://clk.atdmt.com/MSI/go/ins003001msi/direct/01/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] proc net entries in bering/bering-uclibc

Re: [leaf-user] PPP connection

Re: [leaf-user] proc net entries in bering/bering-uclibc

Re: [leaf-user] proc net entries in bering/bering-uclibc

Re: [leaf-user] ide flash module

[leaf-user] Squid-2

[leaf-user] Bering-uClibc 2.2.2 Not avalible....?

[leaf-user] tulip.o problems (Bering-uClibc 2.2.2)

Re: [leaf-user] tulip.o problems (Bering-uClibc 2.2.2)

[leaf-user] dnsmaq version 2.16

[leaf-user] errors backing up ipsec (Bering-uClibc 2.2.2)

Re: [leaf-user] tulip.o problems (Bering-uClibc 2.2.2)

12 matches

Site Navigation

Mail list logo

Footer information