RE: [leaf-user] RE: wifi modules
Hi! -Original Message- From: Matija Papec [mailto:[EMAIL PROTECTED] I will do it, but probably only this weekend. Module will be compiled for the latest Bering uClibc version. Tnx! Meanwhile I haven't got the chance to do it, ie: it has slipped my mind... Luis Correia Bering uClibc Team Member PGP Fingerprint: BC44 D7DA 5A17 F92A CA21 9ABE DFF0 3540 2322 21F6 Key Server: http://pgp.mit.edu --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] syslog message: firewall kernel: ip_conntrack: table full, dropping packet.
Hello Eric, Thanks for you reply. After increasing the ip_conntrack_max value to 4096 I did find a curious entry in my messages log file : firewall kernel: __alloc_pages: 0-order allocation failed (gfp=0x1d2/0) This happened twice about a day ago. According to the bucu-conntrack guide the amount for memory used by 4096 connections (with hash size equal to max conntrack) is 4096 x 308 = 1.2 Mb. My LEAF box has 16 Mb RAM and cat /proc/meminfo gives: total:used:free: shared: buffers: cached: Mem: 14725120 11927552 2797568040960 6443008 Swap:000 MemTotal:14380 kB MemFree: 2732 kB MemShared: 0 kB Buffers:40 kB Cached: 6292 kB SwapCached: 0 kB Active: 5924 kB Inactive: 1700 kB HighTotal: 0 kB HighFree:0 kB LowTotal:14380 kB LowFree: 2732 kB SwapTotal: 0 kB SwapFree:0 kB So there should be enough memory left for the conntrack table. Anyway the firewall is still up and running. I set the new max conntrack number using echo 4096 /proc/sys/net/ipv4/ip_conntrack_max. How can I make this setting permanent? I have seen the option net.ipv4.netfilter.ip_conntrack_max in /etc/sysctl.conf but which package should I backup then? Regards Chera Bekker Eric Spakman wrote: Hello Chera, There is some information about this setting in the following Bering-uClibc guide and the links section in this guide. http://leaf.sourceforge.net/doc/guide/bucu-conntrack.html Eric Hello List, I have noticed that when running a p2p client behind my Bering firewall my syslog gets flooded with the message: |firewall kernel: ip_conntrack: table full, dropping packet.| || Allmost all entries in /proc/net/ip_conntrack pointed to the internal machine running the client. |I noticed that the value in |/proc/sys/net/ipv4/ip_conntrack_max was set to 1024. I have increased this value to 4096 which seems to have put a (temporary?) lid on things. My question is if the increase in the number of connections will somehow have a negative impact on the performance of the firewall? Any information is appreciated. Regards Chera Bekker --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] copy Bering floppy to CF card
Hello Eric, Thanks for your reply. Does it make sense to create some swap space on the CF? Regards Chera Bekker Eric Spakman wrote: Hello Chera, The easiest way is to use initrd_ide.lrp (with ide boot modules) from: http://leaf.sourceforge.net/bering-uclibc/index.php?module=pagemasterPAGE_user_op=view_pagePAGE_id=3MMN_position=3:3 if you are using Bering-uClibc 2.3.x If you are using Bering-uClibc 2.2.x, you can find initrd_ide with 2.4.26 modules in: http://cvs.sourceforge.net/viewcvs.py/leaf/bin/packages/uclibc-0.9/20/2.4.26/ Rename the initrd_ide.lrp package to initrd.lrp Read the documentation on http://leaf.sourceforge.net/doc/guide/buci-ide.html; on how to setup Bering-uClibc to use on CF. You can use the configured packages from your floppy, so you shouldn't have to change a lot. Eric Hello List, Right now I am running a Bering uclib firewall from a floppy. I am thinking of buying an IDE CF reader to boot the firewall from a CF card. What would be the easiest way to copy the contents of my current Bering floppy to a CF card which is mounted as /dev/hda1 and to make the CF card bootable? Thanks for any help. Regards Chera Bekker --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
RE: [leaf-user] Puzzling Shorewall log entry?
Jim, Since nobody else has replied, I'll take a crack. An rfc1918 packet arrived at your external interface and you have norfc1918 specified on that interface. Most likely originated from your ISP's equipment, hit your firewall, and was dropped by norfc1918. A successful guess of your internal network # is, as far as I know, worthless to a potential attacker. I am not personally aware of any attack based on guessing internal network #s BTW, don't think of these addresses as unroutable for they are certainly routable. But most internet routers will not route them by default. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Ford Sent: Saturday, December 10, 2005 8:26 AM To: leaf-user Subject: [leaf-user] Puzzling Shorewall log entry? Trying to understand the Shrorewall logs on my Bering ULibC setup, I'm puzzled over the following entry, of which I've had several: Dec 10 06:47:01firewallrfc1918 DROPeth0eth1 192.168.0.2 192.168.1.64TCP 259554321 1410215655 63659 ACK PSH 0 The rfc1918 address 192.168.0.2 is not one I use and as it's unroutable, should not have arrived at my eth0. 192.168.1.64 is the IP address of the machine I'm running Azereus on. The destination port 54321 is the one I use for my Azereus bittorrent client. The source port 2595 is 'World Fusion 1' - whatever that might be! Has someone taken a guess at what the private IP address range I might be using, spoofed it and tried tried to slip in via my open Arereus port? If so, what would have happened if they had correctly guessed at the IP range I use? (BTW, am I giving anything important to potential intruders by revealing the above info?) Jim Ford --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37alloc_id865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] OpenVPN
Hi, I would like to get the feedback of people who have succesfully installed/tested openvpn with bering. Thanks Sylvain --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37alloc_id865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] copy Bering floppy to CF card
Hello Chera, Thanks for your reply. Does it make sense to create some swap space on the CF? No, that isn't necessary or used. Bering-uClibc is running in memory, the flash is only used for booting. Regards Chera Bekker Regards, Eric --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] syslog message: firewall kernel: ip_conntrack: table full, dropping packet.
Hello Chera, Hello Eric, Thanks for you reply. After increasing the ip_conntrack_max value to 4096 I did find a curious entry in my messages log file : firewall kernel: __alloc_pages: 0-order allocation failed (gfp=0x1d2/0) This happened twice about a day ago. I don't know what this message means, maybe someone else on the list? But a quick Google gave some notes about the system running out of virtual memory, so tight memory may be the problem. You can take a look with top to see which processes use a lot of virtual memory. According to the bucu-conntrack guide the amount for memory used by 4096 connections (with hash size equal to max conntrack) is 4096 x 308 = 1.2 Mb. My LEAF box has 16 Mb RAM and cat /proc/meminfo gives: total:used:free: shared: buffers: cached: Mem: 14725120 11927552 2797568040960 6443008 Swap:000 MemTotal:14380 kB MemFree: 2732 kB MemShared: 0 kB Buffers:40 kB Cached: 6292 kB SwapCached: 0 kB Active: 5924 kB Inactive: 1700 kB HighTotal: 0 kB HighFree:0 kB LowTotal:14380 kB LowFree: 2732 kB SwapTotal: 0 kB SwapFree:0 kB So there should be enough memory left for the conntrack table. Anyway the firewall is still up and running. I set the new max conntrack number using echo 4096 /proc/sys/net/ipv4/ip_conntrack_max. How can I make this setting permanent? I have seen the option net.ipv4.netfilter.ip_conntrack_max in /etc/sysctl.conf but which package should I backup then? You could indeed set it in /etc/sysctl.conf (lrcfg - 2 - 10), the file is saved with the backup of the etc.lrp package. Regards Chera Bekker Regards, Eric Eric Spakman wrote: Hello Chera, There is some information about this setting in the following Bering-uClibc guide and the links section in this guide. http://leaf.sourceforge.net/doc/guide/bucu-conntrack.html Eric Hello List, I have noticed that when running a p2p client behind my Bering firewall my syslog gets flooded with the message: |firewall kernel: ip_conntrack: table full, dropping packet.| || Allmost all entries in /proc/net/ip_conntrack pointed to the internal machine running the client. |I noticed that the value in |/proc/sys/net/ipv4/ip_conntrack_max was set to 1024. I have increased this value to 4096 which seems to have put a (temporary?) lid on things. My question is if the increase in the number of connections will somehow have a negative impact on the performance of the firewall? Any information is appreciated. Regards Chera Bekker --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click -- -- leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request --
Re: [leaf-user] OpenVPN
Sylvain Sylvain Pelletier wrote: Hi, I would like to get the feedback of people who have succesfully installed/tested openvpn with bering. I am running it on multiple systems without a hitch using Bering glibc cheers Erich --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] OpenVPN
Tens of installations using bering uclibc Ciao Gianni Hi, I would like to get the feedback of people who have succesfully installed/tested openvpn with bering. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] RE: wifi modules
-Original Message- From: Matija Papec [mailto:[EMAIL PROTECTED] I will do it, but probably only this weekend. Module will be compiled for the latest Bering uClibc version. Tnx! Meanwhile I haven't got the chance to do it, ie: it has slipped my mind... LOL Ok, I'll be waiting. :) Matija __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Re: TCP Destination port DPT=2703 Blocked by Bering uClibc 2.3.1
That’s strange! 192.168.73.76 is a Gentoo Linux email (Postfix) and web (Apache) server. Why would this server try to contact 66.151.150.12 (d1.cloudmark.com)? Finally figure out! TCP 7, 2703 and UDP 6277 are used by DCC/Razor. I now have the following rules in /etc/shorewall/rules: # DCC/Razor specific rules: ACCEPT dmz net tcp 7,2703 ACCEPT dmz net udp 6277 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] What modules are needed for shorewall 3.0 traffic shaping?
Hi, I upgraded to shorewall 3.x and would like to use the built-in traffic shaping. After creating some simple tc-files I started shorewall and I got error Processing /etc/shorewall/tcdevices... RTNETLINK answers: Invalid argument and I think that some modules (for HTB?) are missing. According to shorewall documentation: ...For builtin support, you need the HTB scheduler, the PRIO pseudoscheduler and SFQ queue. The other scheduler or queue algorithms are not needed... Can somebody list what modules I need to specify in /etc/modules? Thank you. M Lu --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] What modules are needed for shorewall 3.0 traffic shaping?
On Mon, Dec 12, 2005 at 11:55:23PM -0500, M Lu wrote: I upgraded to shorewall 3.x and would like to use the built-in traffic shaping. After creating some simple tc-files I started shorewall and I got error Processing /etc/shorewall/tcdevices... RTNETLINK answers: Invalid argument and I think that some modules (for HTB?) are missing. According to shorewall documentation: ...For builtin support, you need the HTB scheduler, the PRIO pseudoscheduler and SFQ queue. The other scheduler or queue algorithms are not needed... Can somebody list what modules I need to specify in /etc/modules? For these you need: sch_htb sch_prio sch_sfq You can find these in directory kernel/net/sched of the modules tree. Jaap --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/