Re: [leaf-user] LEAF Print Server

[[EMAIL PROTECTED]]

 You don't need me to tell you that shouldn't run a print server on 
 a router.
 
 Am  I missing something, again? 

Just security.


The traditional view is that a firewall is so important to the 
network, you cannot have it screw up.

May I add: 1)the more stuff you have on a firewall, the more chances there may 
be an exploitable flaw, and 2)if routing is all it does, and it comes under a 
determined attack, you can always just power-down.

LEAF will run on any old piece of junk you've got lying around, and do well.  
Dedicate it to the job.  There is no reason to run a print server on a router, 
to do what?  Offer print services to the whole wide world?  Print services 
should always be inside the router/DMZ.  Routers are NOT servers.

Paul Rogers  ([EMAIL PROTECTED])
http://www.xprt.net/~pgrogers/
Rogers' Second Law: Everything you do communicates.
(I do not personally endorse any additions after this line. TANSTAAFL :-)




-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now  http://get.splunk.com/

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] The old floppy question

[[EMAIL PROTECTED]]

Lets make a poll to find out how many of us are booting bering from a
floppy and decide from there.

I still favor  use Bering 1.2 floppies.  I like the security of the 
write-protect slider.  And part of the idea about Linux, and Bering firewalls 
in particular, is repurposing old hardware for a new  useful task.  It's not 
so hard to find boxes of an appropriate horsepower for the task that came with 
floppies.


Paul Rogers  ([EMAIL PROTECTED])
http://www.xprt.net/~pgrogers/
Rogers' Second Law: Everything you do communicates.
(I do not personally endorse any additions after this line. TANSTAAFL :-)




-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] The old floppy question

[[EMAIL PROTECTED]]

Lets make a poll to find out how many of us are booting bering from a
floppy and decide from there.

I still favor  use Bering 1.2 floppies.  I like the security of the 
write-protect slider.  And part of the idea about Linux, and Bering firewalls 
in particular, is repurposing old hardware for a new  useful task.  It's not 
so hard to find boxes of an appropriate horsepower for the task that came with 
floppies.


Paul Rogers  ([EMAIL PROTECTED])
http://www.xprt.net/~pgrogers/
Rogers' Second Law: Everything you do communicates.
(I do not personally endorse any additions after this line. TANSTAAFL :-)




-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] WLM 54G (Aneesh Pande)

[[EMAIL PROTECTED]]

Hi Aneesh,

I've had the same problem with setting up Leaf as WAP.
You've followed the doc that Martin so generously provided?
It was a huge help for me, but for some reason there was a gap between 
finishing those steps and connecting to my shiny new Soekris.
For me, I think it was a knowledge gap between what is merely routine 
for experts and my decidedly ,uh network-challenged condition.
At any rate, I did figure it out eventually, and you will too- you're 
that close.

One of the things I noticed was hostapd either wasn't running or wasn't 
sourcing that hostapd.conf file I spent so long modifying.
'iwconfig' didn't reflect the changes I'd made in ssid, for example.
'ps' didn't show hostapd running either. You seem to have those bases 
covered.

My next brick-upside-the-head-moment^H^H^H hurdle was the realization 
that the nic in my VAIO would not support WPA, so make sure you're 
compatible on that end.

Sorry to wait so long to post so little on this thread. I'm happy to 
cut-n-paste any logs or confs you might find useful, and again, thanks 
to Martin, and all the whole Leaf crew, past and present

-Ben


[EMAIL PROTECTED] wrote:
 Send leaf-user mailing list submissions to
   leaf-user@lists.sourceforge.net
 
 To subscribe or unsubscribe via the World Wide Web, visit
   https://lists.sourceforge.net/lists/listinfo/leaf-user
 or, via email, send a message with subject or body 'help' to
   [EMAIL PROTECTED]
 
 You can reach the person managing the list at
   [EMAIL PROTECTED]
 
 When replying, please edit your Subject line so it is more specific
 than Re: Contents of leaf-user digest...
 
 
 Today's Topics:
 
1. Re: WLM 54G (Aneesh Pande)
 
 
 --
 
 Message: 1
 Date: Thu, 5 Jul 2007 21:21:46 +0200
 From: Aneesh Pande [EMAIL PROTECTED]
 Subject: Re: [leaf-user] WLM 54G
 To: leaf-user@lists.sourceforge.net
 Message-ID:
   [EMAIL PROTECTED]
 Content-Type: text/plain; charset=ISO-8859-1; format=flowed
 
 I'm trying to implement a wireless access point using Bering but haven't
 been able to run it successfully yet. I can see the access point from an
 external laptop but can't connect to it.
 

 THe /etc/network/interfaces file looks like this:
 auto ath0
 iface ath0 inet static
 address 192.168.1.254
  netmask 255.255.255.0
 broadcast 192.168.1.255
 wireless-channel 1

 The output of lsmod |grep ath is the following:
 ath_pci60292 0
 ath_rate_sample   7872 0 [ath_pci]
 wlan   129916 1 [wlan_xauth wlan_tkip wlan_ccmp
 wlan_acl ath_p]
 ath_hal   174288 1 [ath_pci ath_rate_sample]

 When trying to connect to the AP from an external laptop I get the
 following error message:
 
 
 firewall# hostapd /etc/hostapd/hostapd.conf
 Configuration file: /etc/hostapd/hostapd.conf
 madwifi_set_privacy: enabled=0
 BSS count 1, BSSID mask ff:ff:ff:ff:ff:ff (0 bits)
 ath0: IEEE 802.11 Fetching hardware channel/rate support not supported.
 madwifi_sta_deauth: addr=ff:ff:ff:ff:ff:ff reason_code=3
 ioctl[IEEE80211_IOCTL_SETMLME]: Invalid argument
 Could not connect to kernel driver.
 Mode: IEEE 802.11g  Channel: 60  Frequency: 0 MHz
 madwifi_del_key: addr=00:00:00:00:00:00 key_idx=0
 madwifi_del_key: addr=00:00:00:00:00:00 key_idx=1
 madwifi_del_key: addr=00:00:00:00:00:00 key_idx=2
 madwifi_del_key: addr=00:00:00:00:00:00 key_idx=3
 Using interface ath0 with hwaddr 00:80:48:7e:6b:c9 and ssid 'AneeshAP'
 madwifi_set_ieee8021x: enabled=1
 madwifi_configure_wpa: group key cipher=1
 madwifi_configure_wpa: pairwise key ciphers=0xa
 madwifi_configure_wpa: key management algorithms=0x2
 madwifi_configure_wpa: rsn capabilities=0x0
 madwifi_configure_wpa: enable WPA=0x3
 madwifi_set_privacy: enabled=0
 madwifi_set_key: alg=TKIP addr=00:00:00:00:00:00 key_idx=1
 madwifi_set_privacy: enabled=1
 l2_packet_receive - recvfrom: Network is down
 Wireless event: cmd=0x8c03 len=20
 ath0: STA 00:1b:77:02:6c:96 IEEE 802.11: associated
   New STA
 ath0: STA 00:1b:77:02:6c:96 WPA: event 1 notification
 madwifi_del_key: addr=00:1b:77:02:6c:96 key_idx=0
 ath0: STA 00:1b:77:02:6c:96 WPA: start authentication
 madwifi_del_key: addr=00:1b:77:02:6c:96 key_idx=0
 madwifi_set_sta_authorized: addr=00:1b:77:02:6c:96 authorized=0
 ath0: STA 00:1b:77:02:6c:96 IEEE 802.1X: unauthorizing port
 ath0: STA 00:1b:77:02:6c:96 WPA: sending 1/4 msg of 4-Way Handshake
 IEEE 802.1X: 125 bytes from 00:1b:77:02:6c:96
IEEE 802.1X: version=1 type=3 length=121
 ath0: STA 00:1b:77:02:6c:96 WPA: received EAPOL-Key frame (2/4 Pairwise)
 ath0: STA 00:1b:77:02:6c:96 WPA: invalid MIC in msg 2/4 of 4-Way
 Handshake
 ath0: STA 00:1b:77:02:6c:96 WPA: EAPOL-Key timeout
 ath0: STA 00:1b:77:02:6c:96 WPA: sending 1/4 msg of 4-Way Handshake
 IEEE 802.1X: 125 bytes from 00:1b:77:02:6c:96
IEEE 802.1X: version=1 type=3 length=121
 ath0: STA 00:1b:77:02:6c:96 WPA

Re: [leaf-user] Ping failed to server in DMC

[[EMAIL PROTECTED]]

- Oorspronkelijk bericht -
Van: Erich Titl [mailto:[EMAIL PROTECTED]
Verzonden: donderdag, maart 29, 2007 11:03 AM
Aan: [EMAIL PROTECTED]
CC: leaf-user@lists.sourceforge.net
Onderwerp: Re: [leaf-user] Ping failed to server in DMC

Hi Jan

[EMAIL PROTECTED] wrote:
 Hi Erich
 
...
 
 My conclusion is that my router forwards the packets to my server. And my 
 server is capable of replying a ping packet (see tst2). But for some reason 
 he doesn't reply a packet from my loc zone. Because I don't see a packet 
 returning on eth2. There is no sign of a packet entering eth2 (dmz).
 
 I think my router is routing packets between loc and dmz. (chain from 
 loc2dmz)

Yep

 My server can respond to ping. 

No proof, as there are no packets on eth2_fwd

But when I ping from my router to my server, my server respons to it. (see 
test2) Or can't I link this behaviour with that conclusion?

And firewall isn't blocking packets from dmz to loc. Why aren't there 
packet's entering my eth2 heading for my laptop? :o)

Use tcpdump to see if they are entering eth2 at all.

I will search how I should do that. And see if I get a litle more info from 
there.


Erich



Thanks

Jan



-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Ping failed to server in DMC

[[EMAIL PROTECTED]]

Have you check the tcp/ip setting on your server especially subnet mask. 
Also as Tom suggested have you check the default gateway on the server. Can 
you get to the internet from the server.
Since you can not ping 192.168.1.254 made me suspect the subnet mask on your 
server. I treat that as on the same network
What do you mean by that last sentence?

Server
ip: 192.168.3.2
subnet mask: 255.255.255.0
default gateway: 192.168.3.1

Thanks

Jan



-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Ping failed to server in DMC

[[EMAIL PROTECTED]]

I suggest that you shorwall clear then try to ping the IP address of your
firewall's *local* interface (not the *DMZ* interface) from your server. If
that ping does not succeed then you have a routing problem.

-Tom
-- 
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



Actually, I made a mistake to say the ping failes. And this is a huge mistake 
from me. When I try to ping 192.168.1.254 (ip address local interface) it just 
says Network unreachable.

Probably a huge difference!

Thanks,

Jan



-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Ping failed to server in DMC

[[EMAIL PROTECTED]]

My problem is solved.
What it was??? I don't know! But I think I was misreading a bad standard 
gateway. 

I did the folowing:

1:I checked my ip settings from my server. I tought everything was ok.
2:I tried to ping from my server (192.168.3.1) to my loc router (192.198.1.254) 
Result was. Could not reach network.
3:Then I set up my router (dnsmasq) to give ipaddresses on network 192.168.3.0. 
And let my server get an dhcp address. (my server got: 192.168.3.83)
4:I tried again to ping from my server to my loc router. This time the ping 
whas succesful.
5:Than I tried to ping from my local pc to the server. This also whas succesful.
6:I checked what standard gateway the server got from dhcp (route -nee). And it 
checked out to be the same as I tought I gave it the first time fixed before...
7:I gave my server back a fixed ip address (192.168.3.83) and the standard 
gateway (192.168.3.1) and subnetmask (255.255.255.0)
8:Tried both pings again and they were succesfull.
9:I gave my server back his old ip address (192.168.3.2) and tried the pings 
again. Both were succesfull.
10:I stopped dhcp on network 192.168.3.0 and restarted dnsmasq. Tried both 
pings again and they were still succesfull.

So I don't have a clue wath went wrong the last few day's. Because I whas so 
sure I did entered the same standard gateway.

Could it be that I had this problem because I put in my 
/etc/shorewall/interfaces file the following rule:
dmzeth2detect  dhcp

And if so. wich word should there be in place of the dhcp word when you only 
have static IP's in your dmz zone...

Thanks for all the help to everyone!!!

Greetings

Jan



-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Ping failed to server in DMC

[[EMAIL PROTECTED]]

Hi Erich

If you reset the counters before testing it is easier to read.
Try to minimize all other traffic durng your tests, it will become clear 
what is happening

If you want us to understand your test, please note _exactly_ what 
test1,2,3 is. Please conduct only one test at a time.

I tried to folow your advice:
So i did a shorwall reset.
Than I did a ping from my local pc (located in loc, etc1) to my server (in DMZ 
eth2)

Pingen naar 192.168.3.2 met 32 byte gegevens:

Time-out bij opdracht.
Time-out bij opdracht.
Time-out bij opdracht.
Time-out bij opdracht.

Ping-statistieken voor 192.168.3.2:
Pakketten: verzonden = 4, ontvangen = 0, verloren = 4
(100% verlies).

And than I made as fast as I could: iptables -nvL  tst1.txt

The result is tst1.txt:
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target prot opt in out source   destination 

0 0 ACCEPT all  --  lo *   0.0.0.0/00.0.0.0/0   

1   485 eth0_inall  --  eth0   *   0.0.0.0/00.0.0.0/0   

   91  6042 eth1_inall  --  eth1   *   0.0.0.0/00.0.0.0/0   

0 0 eth2_inall  --  eth2   *   0.0.0.0/00.0.0.0/0   

0 0 tun_in all  --  tun+   *   0.0.0.0/00.0.0.0/0   

0 0 Reject all  --  *  *   0.0.0.0/00.0.0.0/0   

0 0 ULOG   all  --  *  *   0.0.0.0/00.0.0.0/0   
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:INPUT:REJECT:' 
queue_threshold 1 
0 0 reject all  --  *  *   0.0.0.0/00.0.0.0/0   


Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target prot opt in out source   destination 

0 0 eth0_fwd   all  --  eth0   *   0.0.0.0/00.0.0.0/0   

4   240 eth1_fwd   all  --  eth1   *   0.0.0.0/00.0.0.0/0   

0 0 eth2_fwd   all  --  eth2   *   0.0.0.0/00.0.0.0/0   

0 0 tun_fwdall  --  tun+   *   0.0.0.0/00.0.0.0/0   

0 0 Reject all  --  *  *   0.0.0.0/00.0.0.0/0   

0 0 ULOG   all  --  *  *   0.0.0.0/00.0.0.0/0   
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:FORWARD:REJECT:' 
queue_threshold 1 
0 0 reject all  --  *  *   0.0.0.0/00.0.0.0/0   


Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target prot opt in out source   destination 

0 0 ACCEPT all  --  *  lo  0.0.0.0/00.0.0.0/0   

0 0 ACCEPT udp  --  *  eth00.0.0.0/00.0.0.0/0   
udp dpts:67:68 
0 0 ACCEPT udp  --  *  eth10.0.0.0/00.0.0.0/0   
udp dpts:67:68 
0 0 ACCEPT udp  --  *  eth20.0.0.0/00.0.0.0/0   
udp dpts:67:68 
0 0 fw2net all  --  *  eth00.0.0.0/00.0.0.0/0   

   51  4208 fw2loc all  --  *  eth10.0.0.0/00.0.0.0/0   

0 0 all2allall  --  *  tun+0.0.0.0/00.0.0.0/0   

0 0 fw2dmz all  --  *  eth20.0.0.0/00.0.0.0/0   

0 0 Reject all  --  *  *   0.0.0.0/00.0.0.0/0   

0 0 ULOG   all  --  *  *   0.0.0.0/00.0.0.0/0   
ULOG copy_range 0 nlgroup 1 prefix `Shorewall:OUTPUT:REJECT:' 
queue_threshold 1 
0 0 reject all  --  *  *   0.0.0.0/00.0.0.0/0   


Chain Drop (1 references)
 pkts bytes target prot opt in out source   destination 

0 0 reject tcp  --  *  *   0.0.0.0/00.0.0.0/0   
tcp dpt:113 
1   485 dropBcast  all  --  *  *   0.0.0.0/00.0.0.0/0   

0 0 ACCEPT icmp --  *  *   0.0.0.0/00.0.0.0/0   
icmp type 3 code 4 
0 0 ACCEPT icmp --  *  *   0.0.0.0/00.0.0.0/0   
icmp type 11 
1   485 dropInvalid  all  --  *  *   0.0.0.0/00.0.0.0/0 
  
0 0 DROP   udp  --  *  *   0.0.0.0/00.0.0.0/0   
multiport dports 135,445 
0 0 DROP   udp  --  *  *   0.0.0.0/00.0.0.0/0   
udp dpts:137:139 
0 0 DROP   udp  --  *  *   0.0.0.0/00.0.0.0/0   
udp spt:137 dpts:1024:65535 
0 0 DROP   tcp  --  *  *   0.0.0.0/00.0.0.0/0   
multiport dports 135,139,445 
0 0 DROP   udp  --  *  *   0.0.0.0/00.0.0.0/0   
udp dpt:1900 
0 0 

Re: [leaf-user] Ping failed to server in DMC

[[EMAIL PROTECTED]]

Hi Erich

Did you look at the log files? Do those pings appear there? If not, is 
unlikely it is the firewall.
I did, but It's very confusing. As far as I can analize the log file, there is 
no sign of my ping. But at the moment I'm at work, so I will double check this 
in a few hours when I'm back at home.


Please look at shorewall status for iptables settings.
This is something I don't understand. Because the: /sbin/shorewall status just 
tell's me that shorewall is up. (see my first mail. It's somewhere between all 
the info) And I expected a litle more info from that command.

How can I check the iptables settings because I understand that shorewall is an 
wrap around iptables.

So when it's not a firewall problem, where would you start looking for the 
problem?

Thanks for your reply and help.

Kind regards

Jan




-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] Ping failed to server in DMC

[[EMAIL PROTECTED]]

Hello everyone,

After a few days trying to get this to work, I'm out of possibilitys. I read 
all documentation I could found. I read many post about this subject. And I 
tried some thinks I found on the net.

The one thing I try to do is setup my router with 3 network interfaces to give 
me a working dmz. My network is working wonderfull. But I can’t get my dmz to 
do what I want.
I want to set up a webserver but I want to be able to do the maintance on my 
server from my local network. (server is a machine without keyboard and 
monitor).

The problem: I can’t ping to my server. I think my firewall is blocking the 
reply packets.

Loc: 192.168.1.0/24
DMZ: 192.168.3.0/24
VPN: 192.168.2.0/24

My IP addres: 192.168.1.145

I can ping to 192.168.1.254 (the ipaddres of my router (loc))
I can ping to 192.168.3.1 (the ipaddres of my router (dmz), but I understand 
that this is normal because the ip address belongs to my machine and not to an 
interface)

I can ping from my router to 192.168.3.2 (ip addres of my server)
I can ping from my server to 192.168.3.1 (ip address of my router (dmz))
I can’t ping from my server to 192.168.1.254 (ip address of my router (loc), 
this I find strange))
I can’t ping from my server to 192.168.1.145 (my own ip)

I checked my configuration a few times. But I don’t find a configuration 
setting that can explain this behaviour. So I tried to set everything open 
between dmz and loc (bad way to work with a firewall, but I didn’t know what to 
do anymore). Nothing works.

Below you find all the information I thougt would be interesting to know and to 
analyse my problem. If you have not enough information to help me, please tell 
me so I can provide you with the nessesary information.

PS: I tried to followe the following website: 
http://www.shorewall.net/three-interface.htm
But as an inexperienced user, I hope I did it good.

Thanks in advance,

Jan



RouterJan# uname -a
Linux RouterJan 2.4.33 #1 Mon Sep 4 15:52:08 CEST 2006 i686 unknown

RouterJan# ip addr show
1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: BROADCAST,MULTICAST,NOTRAILERS,UP mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:d0:b7:4c:6e:3b brd ff:ff:ff:ff:ff:ff
inet 213.118.207.166/24 brd 213.118.207.255 scope global eth0
4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:90:27:a5:00:40 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1
5: eth2: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:90:27:ed:3c:69 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.1/24 brd 192.168.3.255 scope global eth2
6: tun0: POINTOPOINT,MULTICAST,NOARP,UP mtu 1500 qdisc pfifo_fast qlen 100
link/[65534]
inet 192.168.2.1 peer 192.168.2.2/32 scope global tun0

RouterJan# ip route show
192.168.2.2 dev tun0  proto kernel  scope link  src 192.168.2.1
213.118.207.0/24 dev eth0  proto kernel  scope link  src 213.118.207.166
192.168.3.0/24 dev eth2  proto kernel  scope link  src 192.168.3.1
192.168.2.0/24 via 192.168.2.2 dev tun0
192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.254
default via 213.118.207.1 dev eth0

RouterJan# iptables -nvL
Chain PREROUTING (policy ACCEPT 11963 packets, 3525K bytes)
 pkts bytes target prot opt in out source   destination 
 9490 3312K net_dnat   all  --  eth0   *   0.0.0.0/00.0.0.0/0

Chain POSTROUTING (policy ACCEPT 65 packets, 7148 bytes)
 pkts bytes target prot opt in out source   destination 
  825 40533 eth0_masq  all  --  *  eth00.0.0.0/00.0.0.0/0

Chain OUTPUT (policy ACCEPT 64 packets, 7088 bytes)
 pkts bytes target prot opt in out source   destination 
Chain eth0_masq (1 references)
 pkts bytes target prot opt in out source   destination
  772 36943 MASQUERADE  all  --  *  *   192.168.1.0/24   0.0.0.0/0

Chain net_dnat (1 references)
 pkts bytes target prot opt in out source   destination
0 0 DNAT   tcp  --  *  *   0.0.0.0/00.0.0.0/0

RouterJan# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 11963 packets, 3525K bytes)
 pkts bytes target prot opt in out source   destination
 9490 3312K net_dnat   all  --  eth0   *   0.0.0.0/00.0.0.0/0

Chain POSTROUTING (policy ACCEPT 65 packets, 7148 bytes)
 pkts bytes target prot opt in out source   destination 
  825 40533 eth0_masq  all  --  *  eth00.0.0.0/00.0.0.0/0
  

[leaf-user] Site error

[[EMAIL PROTECTED]]

I was in Bering uClibc Changelog page and entered cvs in the search box.

XML Parsing Error: mismatched tag. Expected: /dt. Location:
http://leaf.sourceforge.net/bering-uclibc/index.php Line Number 546,
Column 19: /dl --^


Paul Rogers  ([EMAIL PROTECTED])
http://www.xprt.net/~pgrogers/
Rogers' Second Law: Everything you do communicates.
(I do not personally endorse any additions after this line. TANSTAAFL :-)



-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] cvs

[[EMAIL PROTECTED]]

Ya know guys, it's all well and good to say, It's in the CVS when, as
MOST sites, one supplies a link to access the CVS from a web browser. 
But when you don't, and I've been looking for that rabbit hole for half
an hour, you really tend to frustrate people!  I'm not a Linux
developer.  I don't have CVS installed.  I'm not going to install
CVS.  And just recompiling my aic7xxx drivers for this EISA box isn't
working out because of a lot of undefined references.  Let me guess,
EISA support isn't built into the kernel?  I need to recompile the
kernel too?  Sorry for my ranting, but this isn't turning into a very
good day, and the Bering site isn't making it any easier  AARRGGGH!


Paul Rogers  ([EMAIL PROTECTED])
http://www.xprt.net/~pgrogers/
Rogers' Second Law: Everything you do communicates.
(I do not personally endorse any additions after this line. TANSTAAFL :-)



-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Modules

[[EMAIL PROTECTED]]

The scsi modules, including AIC7XXX are already included (PCI). Only 
they are not compiled with EISA an VL support. But EISA and VL are 
obsoleted for at least 10 years.

That's why we get these old boxes to make into useful firewalls!  ;-)

Some keep trying to tell me floppies are obsolete too.

Paul Rogers  ([EMAIL PROTECTED])
http://www.xprt.net/~pgrogers/
Rogers' Second Law: Everything you do communicates.
(I do not personally endorse any additions after this line. TANSTAAFL :-)




-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Modules

[[EMAIL PROTECTED]]

-- Eric Spakman [EMAIL PROTECTED] wrote:
I see, in the kernel config the next option is not enabled:
CONFIG_AIC7XXX_PROBE_EISA_VL

I did do some looking around to see if there was a kernel config file
or documentation without finding it.  That could have been helpful.

If you have access to a linux machine, you can compile a 2.4.32 
kernel with only this module and option enabled. Otherwise let me 
know and I will compile such a module.

That's a module?  If it were a module on a SCSI drive, we'd have a
Catch-22, wouldn't we?  (Unless it were in an initrd, of course.)

I do have a LFS 2.4.31 system, but I admit I'm not quite capable of
playing with different system levels with the secure knowledge I won't
mess up my production system in an way.  I see there's a Patch 34 out,
so I could upgrade to patch level 32, and recompile there.  Would I be
able to import that module, even though probably everything else about
my production system is different than the Bering-uClibc development
environment?

OTOH, let me ask if perhaps it shouldn't be an update to the
Bering-uClibc-2.4.2 kernel/modules?  Somebody else might need it.  If
you compile it, then it could get fixed for everybody.  (OK, I admit,
_most_ Bering users are going to run on more minimal systems without
SCSI hard-drives.  Still...   ;-)


-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] Modules

[[EMAIL PROTECTED]]

I need the eisa module(s) for Bering uClibc-2.4.2.  Can anybody direct
me to a URL?


Paul Rogers  ([EMAIL PROTECTED])
http://www.xprt.net/~pgrogers/
Rogers' Second Law: Everything you do communicates.
(I do not personally endorse any additions after this line. TANSTAAFL :-)



-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] Problem with VPN configuration

[[EMAIL PROTECTED]]

Hello,

A few weeks ago I stumbled on the Bering UClibc Firewall and even for a Linux 
newbee it was easy to build a good working router.

Now I want to configure Openvpn. But it's giving me headaches. I struggled a 
couple of days to configure the boot combination with a floppy and CD. But 
that's working now. The problem I'm working on now, is a bigger one.

I'm trying to follow the steps in the bering UClibc documentation: Chapter 7: 
Configuring openvpn. I'm using the LEAF Bering-uClibc 3.0 beta 2.

I think all the packages needed are loaded.
When they start to talk about the modules they lost me a bit. What I did was 
searching for the tun.so module on my CD. When I found the module I copied the 
module to /lib/modules and added tun to the /etc/modules.

Then they start to talk about the keys.
Step one: Setup for key generation on your Bering-uClibc box.
I think my /etc/easy-rsa/vars config is good. And the clean all command was 
successful. But when I try the next step: Build your own Root Certification 
Authority (CA) certificate/key.

The build-ca  command gives me an error:  can’t load library 
‘libcrypto.so.0.9.7’
I didn’t expected that one :o(  

Now after a few days working on the problem, I can’t find an other possible 
solution to my problem. I hope there is someone who can guide me to the 
solution. 
If there is more information you need, just ask. The router gets a dynamic 
IP-address from my ISP.

Thanks in advance for helping.

Greetings

Jan




-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] help: documentation unreachable

[[EMAIL PROTECTED]]

An error has been encountered in accessing this page. 

1. Server: leaf.sourceforge.net
2. URL path: /doc/guide/bk07.html
3. Error notes: File does not exist:
/home/groups/l/le/leaf/htdocs/doc/guide/bk07.html
4. Error type: 404
5. Request method: GET
6. Request query string: 
7. Time: 2006-06-19 22:39:14 PDT (1150781954)

Reporting this problem: The problem you have encountered is with a project
web site hosted by SourceForge.net. This issue should be reported to the
SourceForge.net-hosted project (not to SourceForge.net). 

If this is a severe or recurring/persistent problem, please do one of the
following, and provide the error text (numbered 1 through 7, above): 

Contact the project via their designated support resources. 
Contact the project administrators of this project via email (see the upper
right-hand corner of the Project Summary page for their usernames) at
[EMAIL PROTECTED]
If you are a member of the project that maintains this web content, please
refer to the Site Documentation regarding the project web service for
further assistance. 



mail2web - Check your email from the web at
http://mail2web.com/ .





leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] Re: Syslogd and Epia mobos

[[EMAIL PROTECTED]]

/etc/init.d/syslogd the syslog part seems to take around 3 minutes to
start.  (I didn't time it, but it takes a really long time).  even just
running start-stop-daemon for the /sbin/syslogd line from the init
script take a long time?

I was just wondering if anyone has experinced this and what other things
I can check to see what's going on and it seems pretty strange.

I once experienced something similar when I was renaming a hostname, but forgot 
to make sure the new name was in /etc/hosts.  Sysklogd tried to find the new 
name on the network, thinking it was supposed to log there, and timed-out.

Paul Rogers  ([EMAIL PROTECTED])
http://www.xprt.net/~pgrogers/
Rogers' Second Law: Everything you do communicates.
(I do not personally endorse any additions after this line. TANSTAAFL :-)






---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] Sangoma and Leaf uclibc

[[EMAIL PROTECTED]]

Hello,

Did anybody try sangoma wan adapters with leaf uclibc?
I have seen the wanpipe.o in the module package. What else in required? 
Appreciate any help or reference to a webpage describing the installation
requirements/process.

Thanks.

Sherif bahaa


mail2web - Check your email from the web at
http://mail2web.com/ .




---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid3432bid#0486dat1642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] Bering-uclibc on DiskOnChip from M-systems and other question

[[EMAIL PROTECTED]]

Hello,

The current documentation details installiung Bering on Diskonchip. Can
this apply also to Bering-uclibc?

The second question, does the current version's (Bering uclibc 2.3)
modules.lrp support 3com's 3c905 PCI adapters? 

Thanks.

Sherif bahaa




mail2web - Check your email from the web at
http://mail2web.com/ .




---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid3432bid#0486dat1642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] 3Com driver

[[EMAIL PROTECTED]]

Eric,

The modules tarball for the kernel 2.4.31 does not include 3c905c. It
includes 3c501, 503, 505, 507, 509, 515 and 59x. I have however seen some
sites that mentions that the 3c59x supports 3c905c.

Can you kindly confirm that the 3c59x.o is the driver to support 3c905c
adapter.

Thanks.

Sherif  


mail2web - Check your email from the web at
http://mail2web.com/ .




---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid3432bid#0486dat1642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] modules_ipv6 and Realtek ethernet

[[EMAIL PROTECTED]]

Hello,

I have leaf bearing-uclibc v2.2.3 uclibc-0.9.20 running OK with solid state
IDE disk with IPv4 and Realtek 8100B ethernet ports on a VIA motherboard. 

I have installed modules_ipv6 as a first step to configure ipv6 (ch 10,
bearing uclibc documentation). However, after swapping the existing
modules.lrp with modules_ipv6.lrp and booting the machine, I received the
following during the boot process:

Configuring network interfaces: cannnot find device eth0
SIOCGIFFLAGS: no such device.

The same message applies for the other eth1.

questions:
1. I believe as if there no proper driver in modules_ipv6.lrp for the
Realtek? (I made sure that all drivers is uncommented in modules config
file like the working unit)
2. Is there a possibility that some network devices will not work with IPv6?

appreciate any help.

Sherif Bahaa


mail2web - Check your email from the web at
http://mail2web.com/ .




---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37alloc_id865op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] OT: why is WRAP much more expensive than normal routers

[[EMAIL PROTECTED]]

Hello!

the difference is that you can put 10 to 20 customers ona wrap and have them
all busy and go on and on...but with a dlink/linksys/etc, you put 10
customers on it and try to do anything, and they will lock up within a few
minutes.  you certainly do not want to put one of those CHEAP APs into
service for customes to use... will only bring trouble.

bottom line... the WRAP has FAR more ass.

Jerryf


-- M Lu [EMAIL PROTECTED] wrote:
 I got my 1st WRAP box and with all help I got here and Erich's ready image,

 I could boot it up and see it running. I paid more than US $200 (board, 
 case, 64M CF, shipping) for it and that's without the wireless. I just 
 wonder why it is so much more expensive than the routers they sell in Best 
 Buy, CompUSA (Linksys, DLink...). Apart from the OS control you have on 
 WRAP, are there any hardware advantages or something else compared to the 
 other?
 
 I would like to defend myself in case my friends think I am crazy -:)
 
 M Lu.
 
 
 
 
 
 ---
 This SF.Net email is sponsored by the 'Do More With Dual!' webinar
happening
 July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
 core and dual graphics technology at this free one hour event hosted by HP,
 AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar
 
 leaf-user mailing list: leaf-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 Support Request -- http://leaf-project.org/
 



---
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] starting the firewall script upon booting the Bering-uclibc

[[EMAIL PROTECTED]]

Hello,

I am using fwbuilder to build and download an iptables script to
Bering-uclibc. The script is downloaded to /etc.

Can someone please guide me how to get the script initiated as and when the
machine is re-booted.

Thanks.

Sherif


mail2web - Check your email from the web at
http://mail2web.com/ .




---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] starting the firewall script upon booting the Bering-uclibc

[[EMAIL PROTECTED]]

Thanks for your help,

I will give it a try. 

Sherif

Original Message:
-
From: Erich Titl [EMAIL PROTECTED]
Date: Tue, 21 Jun 2005 06:47:03 +
To: [EMAIL PROTECTED], leaf-user@lists.sourceforge.net
Subject: Re: [leaf-user] starting the firewall script upon booting the
Bering-uclibc


Sherif

[EMAIL PROTECTED] wrote:
 Hello,
 
 I am using fwbuilder to build and download an iptables script to
 Bering-uclibc. The script is downloaded to /etc.

I am downloading the fwbuilder output to /etc/firewall/firewall.fw . I
have a fwb.lrp which handles starting and stopping.

You can get my fwb.lrp file at

http://leaf.think.ch/styx/pre/packages/fwb.lrp

feel free to holler if you have questions

cheers

Erich




mail2web - Check your email from the web at
http://mail2web.com/ .




---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] fwbuilder and bering-uclibc

[[EMAIL PROTECTED]]

Hello,

I have a Bering-uclibc v2.2.3 installed on DOM. I am trying to use
Fwbuilder v2.0.5 to download and activate the script.

I can find the script under /etc after installing the script through ssh.
But things goes dead after that. I do not believe it is the script. 

I have found different references to downloading and activating the script,
but would like to make sure if somesone can kindly help with the latest on
these methods and if there is something specific to Bering-uclibc.

I have also the verbose listing of the script download process if someone
can help me with to verify ubnormalities.

Appreciate any assistance. 

Sherif Bahaa   


mail2web - Check your email from the web at
http://mail2web.com/ .




---
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] fwbuilder and bering-uclibc

[[EMAIL PROTECTED]]

Hello,

Here is the ourput of the loading process:

Summary:* firewall name : commbots
* user name : root
* management address : 1.2.3.4
* platform : iptables
* host OS : linux24
* Loading configuration from file
/opt/fwbuilder/configurations/commbots3int.fwb

Copying /opt/fwbuilder/configurations/commbots.fw - /etc
[EMAIL PROTECTED]'s password: 
--**--**--
Logged in
SSH session terminated, exit status: OK
Activating new policy
Running command '/usr/bin/fwbuilder -X -t -t -v [EMAIL PROTECTED] 
echo '--**--**--';
sh /etc/commbots.fw  (echo 'Cancel previously scheduled reboot';
/sbin/shutdown -c; echo 'Policy activated')
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to 1.2.3.4 [1.2.3.4] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version dropbear_0.43
debug1: no match: dropbear_0.43
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.5p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server-client 3des-cbc hmac-sha1 none
debug1: kex: client-server 3des-cbc hmac-sha1 none
debug1: dh_gen_key: priv key bits set: 201/384
debug1: bits set: 508/1024
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host '1.2.3.4' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: bits set: 505/1024
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password
debug1: next auth method to try is publickey
debug1: try privkey: /root/.ssh/identity
debug1: try privkey: /root/.ssh/id_rsa
debug1: try privkey: /root/.ssh/id_dsa
debug1: next auth method to try is password
[EMAIL PROTECTED]'s password: 
debug1: ssh-userauth2 successful: method password
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: ssh_session2_setup: id 0
debug1: channel request 0: pty-req
debug1: Sending command: 
echo '--**--**--';
sh /etc/commbots.fw  (echo 'Cancel previously scheduled reboot';
/sbin/shutdown -c; echo 'Policy activated')
debug1: channel request 0: exec
debug1: fd 3 setting TCP_NODELAY
debug1: channel 0: open confirm rwindow 6000 rmax 1400
LEAF Bering-uClibc Commbots 2.4.26 #1 Mon Jun 28 20:08:59 CEST 2004
--**--**--
Logged in

RTNETLINK answers: File exists
cd: 153: can't cd to /lib/modules/2.4.26/kernel/net/ipv4/netfilter/
ls: *_conntrack_*: No such file or directory
ls: *_nat_*: No such file or directory
Activating firewall script generated Mon May 30 23:32:02 2005 EEST by root
Rule 0 (NAT)
Rule 1 (NAT)
Rule 2 (NAT)
Rule 3 (NAT)
Rule 4 (NAT)
Rule 5 (NAT)
Rule 0 (eth0)
Rule 1 (eth0)
Rule 2 (eth0)
Rule 3 (eth0)
Rule 4 (eth0)
Rule 0 (eth1)
Rule 1 (eth1)
Rule 2 (eth1)
Rule 3 (eth1)
Rule 4 (eth1)
Rule 5 (eth1)
Rule 6 (eth1)
Rule 7 (eth1)
Rule 0 (lo)
Rule 0 (eth2)
Rule 1 (eth2)
Rule 2 (eth2)
Rule 3 (eth2)
Rule 4 (eth2)
Rule 5 (eth2)
Rule 6 (eth2)
Rule 0 (global)
Rule 1 (global)
Rule 2 (global)
Rule 3 (global)
Rule 4 (global)
Rule 5 (global)
Rule 6 (global)
Rule 7 (global)
Cancel previously scheduled reboot
shutdown: cannot find pid of running shutdown.
Policy activated
debug1: channel 0: rcvd eof
debug1: channel 0: output open - drain
debug1: channel 0: obuf empty
debug1: channel 0: close_write
debug1: channel 0: output drain - closed
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: rcvd close
debug1: channel 0: close_read
debug1: channel 0: input open - closed
debug1: channel 0: almost dead
debug1: channel 0: gc: notify user
debug1: channel 0: gc: user detached
debug1: channel 0: send close
debug1: channel 0: is dead
debug1: channel 0: garbage collecting
debug1: channel_free: channel 0: client-session, nchannels 1
Connection to 1.2.3.4 closed.
debug1: Transferred: stdin 0, stdout 0, stderr 31 bytes in 0.8 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 36.8
debug1: Exit status 0
SSH session terminated, exit status: OK
Done

Question 1: Anything abnormal?
Question 2: Do I have to effectively start the script after the loading, or
this is done automatically from the fwbuilder loading script?

Sherif Bahaa

Original Message:
-
From: Erich Titl [EMAIL PROTECTED]
Date: Tue, 31 May 2005 07:12:03 +
To: [EMAIL

[leaf-user] (no subject)

[[EMAIL PROTECTED]]

Hello,

When I disabled the modules loading, things are much better. Thanks.

Sherif


mail2web - Check your email from the web at
http://mail2web.com/ .




---
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] Beringuclibc 2.2.3 on Hard disk

[[EMAIL PROTECTED]]

Hello,

I am a new comer to Bering. 
I managed to install Bering-uclibc 2.2.3 and create a bootable hard drive.

I have two questions:

1. If I would like to add other packages at a later stage to the hard disk,
what is the best way through a lan? 
2. During installation, the userguide (section 4.3. Create a bootable
HD)mentions using second floppy with hdsupp.lrp and installing it to get
fdisk, etc. To do that it uses the command 

 lprkg -i hdsupp
fdisk /dev/hda
.

I could not find anything about lprkg, package? what? where?

To overcome this step I added hdsupp to the leaf.cfg.

Any help is appreciated.

Sherif
 


mail2web - Check your email from the web at
http://mail2web.com/ .




---
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_ids93alloc_id281op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Help, PATH at Boot time ?

[[EMAIL PROTECTED]]

Hi all

I've got a a question about Boot sequence I hope someone can answer.

At which point or in which script (?), in the Boot sequence, is the last PATH 
set ?

Thanks
 Roberto


Cerchi un laboratorio fotografico aperto 24 ore su 24?
Stampa le tue foto digitali su Kataweb e le ricevi a domicilio in 48 ore.
http://www.kataweb.it/foto




---
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7393alloc_id=16281op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] PATH setting permanently

[[EMAIL PROTECTED]]

Hello all

I'm trying to add a permanent PATH to LEAF/BERING Shorewall

I tried to write this:

PATH=${PATH}:/opt/mplayer-sound/bin/
export PATH

into several .conf files including

/etc/profile
/etc/crontab
/etc/shorewall/shorewall.conf
/etc/shorewall/start

but nothing changes whatsoever

echo $PATH gives:

/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin

Typing as root:

PATH=${PATH}:/opt/mplayer-sound/bin/

I get:

/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/opt/mplayer-sound/bin/

which is ok.

Please, how can I set it permanently ?

Thanks Roberto

uname -a ---  2.4.18-guylhem #6 Thu Dec 19 01 51 48 CET 2002 i586 unknown


Cerchi un laboratorio fotografico aperto 24 ore su 24?
Stampa le tue foto digitali su Kataweb e le ricevi a domicilio in 48 ore.
http://www.kataweb.it/foto




---
This SF.Net email is sponsored by: NEC IT Guy Games.
Get your fingers limbered up and give it your best shot. 4 great events, 4
opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] hda: write_intr error1:

[[EMAIL PROTECTED]]

hello!

I'm running Bering 1.2 on a CF
nowdays I have a Problem with my CF
if I write some things to my CF it come alot of messages hda:
write_intr error1:. 
on my console so that I can't do anything. (cause bad sector)

my question ist can I disable this message?

Regard
Phuoc





---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Write error on CF

[[EMAIL PROTECTED]]

Hello,

I'm runing Bering 1.2 nowdays I have the problem that I can't write on
my CompactFlash anymore.
In my syslog there is a message:

Mar  3 10:26:41 phuoc kernel: Filesystem panic (dev 03:01).
Mar  3 10:26:41 phuoc kernel:   fat_free: deleting beyond EOF
Mar  3 10:26:41 phuoc kernel:   File system has been set read-only

how can I solve this problem?

thank you

Phuoc

  /var/log/syslog

Mar  3 10:26:36 phuoc kernel: Cannot find map file.
Mar  3 10:26:36 phuoc kernel: Linux version 2.4.20 ([EMAIL PROTECTED]) (gcc
version 2.95.4 20011002 (Debian prerelease)) #1 Sun May 11 18:53:34 CEST
2003
Mar  3 10:26:36 phuoc kernel:  BIOS-e820:  -
000a (usable)
Mar  3 10:26:36 phuoc kernel:  BIOS-e820: 000f -
0010 (reserved)
Mar  3 10:26:36 phuoc kernel:  BIOS-e820: 0010 -
0dff (usable)
Mar  3 10:26:36 phuoc kernel:  BIOS-e820: 0dff -
0dff3000 (ACPI NVS)
Mar  3 10:26:36 phuoc kernel:  BIOS-e820: 0dff3000 -
0e00 (ACPI data)
Mar  3 10:26:36 phuoc kernel:  BIOS-e820:  -
0001 (reserved)
Mar  3 10:26:36 phuoc kernel: On node 0 totalpages: 57328
Mar  3 10:26:36 phuoc kernel: zone(0): 4096 pages.
Mar  3 10:26:36 phuoc kernel: zone(1): 53232 pages.
Mar  3 10:26:36 phuoc kernel: zone(2): 0 pages.
Mar  3 10:26:36 phuoc kernel: Kernel command line: BOOT_IMAGE=linux
initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0 boot=/dev/hda1:msdos
PKGPATH=/dev/hda1
LRP=root,etc,local,modules,iptables,keyboard,beep,daemontl,isdn,ntpdate,dosfs,sshd

Mar  3 10:26:36 phuoc kernel: Detected 999.838 MHz processor.
Mar  3 10:26:36 phuoc kernel: Console: colour VGA+ 80x25
Mar  3 10:26:36 phuoc kernel: Calibrating delay loop... 1992.29 BogoMIPS

Mar  3 10:26:36 phuoc kernel: Mount-cache hash table entries: 4096
(order: 3, 32768 bytes)
Mar  3 10:26:36 phuoc kernel: Buffer-cache hash table entries: 16384
(order: 4, 65536 bytes)
Mar  3 10:26:36 phuoc kernel: Page-cache hash table entries: 65536
(order: 6, 262144 bytes)
Mar  3 10:26:36 phuoc kernel: CPU: Centaur VIA Nehemiah stepping 05
Mar  3 10:26:36 phuoc kernel: POSIX conformance testing by UNIFIX
Mar  3 10:26:36 phuoc kernel: Initializing RT netlink socket
Mar  3 10:26:36 phuoc kernel: Starting kswapd
Mar  3 10:26:36 phuoc kernel: pty: 256 Unix98 ptys configured
Mar  3 10:26:36 phuoc kernel: RAMDISK driver initialized: 16 RAM disks
of 4096K size 1024 blocksize
Mar  3 10:26:36 phuoc kernel: ip_conntrack version 2.1 (1791 buckets,
14328 max) - 320 bytes per conntrack
Mar  3 10:26:36 phuoc kernel: ip_tables: (C) 2000-2002 Netfilter core
team
Mar  3 10:26:36 phuoc kernel: arp_tables: (C) 2002 David S. Miller
Mar  3 10:26:36 phuoc kernel: VFS: Mounted root (minix filesystem).
Mar  3 10:26:36 phuoc kernel: ide: Assuming 33MHz system bus speed for
PIO modes; override with idebus=xx
Mar  3 10:26:36 phuoc kernel: VP_IDE: IDE controller on PCI bus 00 dev
89
Mar  3 10:26:36 phuoc kernel: VP_IDE: detected chipset, but driver not
compiled in!
Mar  3 10:26:36 phuoc kernel: PCI: No IRQ known for interrupt pin A of
device 00:11.1. Please try using pci=biosirq.
Mar  3 10:26:36 phuoc kernel: VP_IDE: chipset revision 6
Mar  3 10:26:36 phuoc kernel: VP_IDE: not 100%% native mode: will probe
irqs later
Mar  3 10:26:36 phuoc kernel: hda: SanDisk SDCFH-64, ATA DISK drive
Mar  3 10:26:36 phuoc kernel: ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
Mar  3 10:26:36 phuoc kernel: VFS: busy inodes on changed media.
Mar  3 10:26:37 phuoc ipppd: Warning - secret file /etc/ppp/pap-secrets
has world and/or group access
Mar  3 10:26:37 phuoc kernel: VFS: Can't find a Minix or Minix V2
filesystem on device 03:01.
Mar  3 10:26:41 phuoc kernel: Filesystem panic (dev 03:01).
Mar  3 10:26:41 phuoc kernel:   fat_free: deleting beyond EOF
Mar  3 10:26:41 phuoc kernel:   File system has been set read-only
Mar  3 10:26:44 phuoc ipppd: Warning - secret file /etc/ppp/pap-secrets
has world and/or group access
Mar  3 10:26:46 phuoc kernel: hda: read_intr: status=0x59 { DriveReady
SeekComplete DataRequest Error }
Mar  3 10:26:46 phuoc kernel: hda: read_intr: error=0x40 {
UncorrectableError }, LBAsect=13453, sector=13536
Mar  3 10:26:46 phuoc kernel: end_request: I/O error, dev 03:01 (hda),
sector 13536
Mar  3 10:26:46 phuoc kernel: hda: read_intr: status=0x59 { DriveReady
SeekComplete DataRequest Error }
Mar  3 10:26:46 phuoc kernel: hda: read_intr: error=0x40 {
UncorrectableError }, LBAsect=13569, sector=13537
...
..
.
--






---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https

[leaf-user] Bering-uclibcworking with fwbuilder

[[EMAIL PROTECTED]]

hello,

I would like to work with fwbuilder and download its iptables scripts to
Bering-uclibc. I have seen long time mails that refers to fwbuild.lrp.
However, I was not able to locate it.

Can somebody help?

If it is no longer supported, where should I copy the scripts and whether
anything else needs to be considered. 

Appreciate your help guys.

Sherif 


mail2web - Check your email from the web at
http://mail2web.com/ .




---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95alloc_id396op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] strange problem with bering 1.2

[[EMAIL PROTECTED]]

Hello,

I've a problem with bering 1.2 networking that I can't imagine.
once I've install my bering 1.2 network 

#
# Loopback interface.
auto lo eth0
iface lo inet loopback
#
# Option 1.2: eth0 / Fixed IP (assumed to be 1.2.3.4).
#   (broadcast/gateway optional)
iface eth0 inet static
address 10.0.0.150
masklen 24
gateway 10.0.0.100


if I ping for example 66.102.11.99
# ping 66.102.11.99
PING 66.102.11.99 (66.102.11.99): 56 data bytes
64 bytes from 66.102.11.99: icmp_seq=0 ttl=247 time=44.0 ms
64 bytes from 66.102.11.99: icmp_seq=1 ttl=247 time=43.4 ms
64 bytes from 66.102.11.99: icmp_seq=2 ttl=247 time=42.8 ms
64 bytes from 66.102.11.99: icmp_seq=3 ttl=247 time=44.5 ms

--- 66.102.11.99 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 42.8/43.6/44.5 ms

but if I start my test program to connect to server I have problem.
# ./test 66.102.11.99
hostname: 66.102.11.99
gethostbyname(hostname)
/gethostbyname(hostname)
create socket
/create socket (3)
bind any port number
/bind any port number
connect to server// problem to connect

--
# here is the source code of the test program
--

int  port=80;

int testServer(char *hostname) 
{
  int sd, rc, i;
  struct sockaddr_in localAddr, servAddr;
  struct hostent *h;

  printf(hostname: %s\n,hostname);
  
  printf(gethostbyname(hostname)\n);
  h = gethostbyname(hostname);
  printf(/gethostbyname(hostname)\n);
  
  if(h==NULL) {
printf(unknown host \n);
return 1;
//exit(1);
  }
   
  servAddr.sin_family = h-h_addrtype;
  memcpy((char *) servAddr.sin_addr.s_addr, h-h_addr_list[0],
h-h_length);
  servAddr.sin_port = htons(port);

  /* create socket */  
  printf(create socket\n);

  sd = socket(AF_INET, SOCK_STREAM, 0);
  if(sd0) {
printf(cannot open socket );
return 1;
//exit(1);
  }

  printf(/create socket (%d)\n,sd);
  
  /* bind any port number */
  
  localAddr.sin_family = AF_INET;
  localAddr.sin_addr.s_addr = htonl(INADDR_ANY);
  localAddr.sin_port = htons(0);
  
  printf(bind any port number\n);
  rc = bind(sd, (struct sockaddr *) localAddr, sizeof(localAddr));
  if(rc0) {
printf(cannot bind port TCP\n);
return 1;
//exit(1);
  }

  printf(/bind any port number\n);

  /* connect to server */
  
  printf(connect to server %s\n,servAddr);
  rc = connect(sd, (struct sockaddr *) servAddr, sizeof(servAddr));  
  if(rc0) {  
printf(cannot connect );
printf(error %d - %s\n, errno, strerror(errno));
return 1;
//exit(1);
  }
  
  printf(/connect to server\n);
  
  close(sd); 
  
  printf(Test OK! \n);
  
  return 0;
  
}


int main(int argc,char *argv[])
{
 if(argc==2)testServer(argv[1][0]);
}

I can't imagine because with the same 
configuration on  my RedHat it's working fine.

./test 66.102.11.99
hostname: 66.102.11.99
gethostbyname(hostname)
/gethostbyname(hostname)
create socket
/create socket (3)
bind any port number
/bind any port number
connect to server
/connect to server
Test OK!

I'm very tankfull for any solution/idea/...

Phuoc





---
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] connect to external server

[[EMAIL PROTECTED]]

Hallo,

I've have a problem with my Bering 1.2 network configuration
and hope all of you can help me.

I've configure my Bering Box like this:

/etc/network/interfaces
address 192.168.2.65
masklen 24
gateway 192.168.2.1

/etc/network/options
ip_forward=yes
spoofprotect=yes
syncoockies=no

/etc/hosts
127.0.0.1 localhosts
192.168.2.65 phuoc

/etc/hostname
phuoc

/etc/network/interfaces
nameserver 127.0.0.1
nameserver 217.237.150.97

/etc/hosts.allow
ALL: ALL

it's working fine with this network configuration.

my problem ist if I change to another NET
with IP: 10.0.0.65 and gateway 10.0.0.100

/etc/network/interfaces
address 10.0.0.65
masklen 24
gateway 10.0.0.100

/etc/network/options
ip_forward=yes
spoofprotect=yes
syncoockies=no


/etc/hosts
127.0.0.1 localhosts
10.0.0.65 phuoc

/etc/hostname
phuoc


/etc/network/interfaces
nameserver 127.0.0.1
nameserver 217.237.150.97

/etc/hosts.allow
ALL: ALL

I just can ping out but I can conntect to external server.
If I try to connect for examples with www.google.de
I will get a connection timeout.

I'm very confused now
does someone have any idea what  my problem is?


thanks in advance
best regards
Phuoc





---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Bering 1.2

[[EMAIL PROTECTED]]

Hi!

I have a very basic question.
how do I restart my network interface
without reboot my bering BOX?

I do changes in:
/etc/network/interfaces
/etc/hosts
/etc/resolv.conf

I'm running Bering 1.2

thank you very much

Phuoc






---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] editing lrp files in windows

[[EMAIL PROTECTED]]

I am running Bering uClibc 2.1.3 and am going to upgrade to 2.2.
Since I am happy with most of my settings in my current 2.1.3 I wanted to copy and 
paste a lot of my settings from the old to the new.  I only have windows OS machines 
so I was hoping there might be some text editor that runs in windows xp to copy text 
from my .lrp files and paste them to the new release.
If not, then I will write all my settings down by hand and then retype it in the new 
release. . What a beating!!!

Thanks,
Andrew


Get your name as your email address.
Includes spam protection, 1GB storage, no ads and more
Only $1.99/ month - visit http://www.mysite.com/name today!


---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering-uClibc 2.1.3 ProxyARP and DMZ settings again

[[EMAIL PROTECTED]]

Please help!!
I really need some input here.
Thanks.
Andrew


The best thing to hit the Internet in years - Juno SpeedBand!
Surf the Web up to FIVE TIMES FASTER!
Only $14.95/ month - visit www.juno.com to sign up today!


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Bering-uClibc 2.1.3 ProxyARP and DMZ settings again

[[EMAIL PROTECTED]]

  loc fw  udp 53
accept  loc fw  tcp 80
#last line

I made no changes to MAC list file

In Masq file I didn't make any changes but it reads:
#interface  subnet  address
eth0eth1
#last line

In ProxyARP file I have:
#addressinterface   externalhave route
24.227.166.197  eth2eth0no
24.227.166.198  eth2eth0no
#last line

I have made no changes in any other files from File 10 (Stopped) to File 28 (Template)


On my dmz servers my network connections are :
ip address: 24.227.166.197 or .198
subnet mask 255.255.255.248
default gateway 24.227.166.193
dns1 24.93.40.62
dns2 24.93.40.63

Here are my current outputs from Weblet:

::Interfaces:: (Copyclipped from Weblet)
1: lo:  mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: dummy0:  mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0:  mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 52:54:05:c0:26:8f brd ff:ff:ff:ff:ff:ff
inet 24.227.166.194/29 brd 24.227.166.255 scope global eth0
inet 24.227.166.195/29 brd 24.227.166.255 scope global secondary eth0:1
inet 24.227.166.196/29 brd 24.227.166.255 scope global secondary eth0:2
4: eth1:  mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:c0:26:62:82:20 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1
5: eth2:  mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:05:5d:4b:e3:6e brd ff:ff:ff:ff:ff:ff
inet 192.168.2.254/24 brd 192.168.2.255 scope global eth2


::Routes::  (Copyclipped from Weblet)
24.227.166.198 dev eth2  scope link 
24.227.166.197 dev eth2  scope link 
24.227.166.192/29 dev eth0  proto kernel  scope link  src 24.227.166.194 
192.168.2.0/24 dev eth2  proto kernel  scope link  src 192.168.2.254 
192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.254 
default via 24.227.166.193 dev eth0 


Kernel:Linux firewall 2.4.24 #3 Sun Feb 22 19:25:40 CET 2004 i686 unknown
  
 
Modules:
softdog 1508   1
ip_nat_irc  2128   0 (unused)
ip_nat_ftp  2736   0 (unused)
ip_conntrack_irc2864   1
ip_conntrack_ftp3472   1
8139too11624   2
mii 2108   0 [8139too]
ne2k-pci4044   1
83905784   0 [ne2k-pci]
crc32   2648   0 [8139too 8390]

 

 
 

::Installed Packages::   (Copyclipped from Weblet)
NameVersionDescription
===-==-==
initrd  V2.1.3 uClibc- LEAF Bering initial filesystem
rootV2.1.3 uClibc- Core LEAF Bering-uClibc package   
config  0.2Core config and backup system package 
etc V2.1.3 uClibc-   
local   V2.1.3 uClibc- LEAF Bering local package 
modules V2.1.3 uClibc- Define  contain your LEAF Bering modules 
iptables1.2.9  IP packet filter administration tools for 2.4.
dhcpcd  1.3.22pl4-7 Re dhcpcd is a RFC2131 and RFC1541 compliant DHCP
keyboard0.3Define your keyboard settings 
shorwall1.4.10eShoreline Firewall (Shorewall)
ulogd   1.02   The Netfilter Userspace Logging Daemon
dnscache1.05a  A fast  secure proxy DNS server, patched for 
dropbear0.42   Dropbear SSH 2 server and scp client  
weblet  1.2.4 Rev 2LEAF status via a small web server 


The best thing to hit the Internet in years - Juno SpeedBand!
Surf the Web up to FIVE TIMES FASTER!
Only $14.95/ month - visit www.juno.com to sign up today!


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Bering-uClibc 2.1.3 ProxyARP and DMZ settings

[[EMAIL PROTECTED]]

:
#interface  subnet  address
eth0eth1
#last line

In ProxyARP file I have:
#addressinterface   externalhave route
24.227.166.197  eth2eth0no
24.227.166.198  eth2eth0no
#last line

I have made no changes in any other files from File 10 (Stopped) to File 28 (Template)


On my dmz servers my network connections are :
ip address: 24.227.166.197 or .198
subnet mask 255.255.255.248
default gateway 24.227.166.193
dns1 24.93.40.62
dns2 24.93.40.63

Here are my current outputs from Weblet:

::Interfaces:: (Copyclipped from Weblet)
1: lo:  mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: dummy0:  mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0:  mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 52:54:05:c0:26:8f brd ff:ff:ff:ff:ff:ff
inet 24.227.166.194/29 brd 24.227.166.255 scope global eth0
inet 24.227.166.195/29 brd 24.227.166.255 scope global secondary eth0:1
inet 24.227.166.196/29 brd 24.227.166.255 scope global secondary eth0:2
4: eth1:  mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:c0:26:62:82:20 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1
5: eth2:  mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:05:5d:4b:e3:6e brd ff:ff:ff:ff:ff:ff
inet 192.168.2.254/24 brd 192.168.2.255 scope global eth2


::Routes::  (Copyclipped from Weblet)
24.227.166.198 dev eth2  scope link 
24.227.166.197 dev eth2  scope link 
24.227.166.192/29 dev eth0  proto kernel  scope link  src 24.227.166.194 
192.168.2.0/24 dev eth2  proto kernel  scope link  src 192.168.2.254 
192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.254 
default via 24.227.166.193 dev eth0 


Kernel:Linux firewall 2.4.24 #3 Sun Feb 22 19:25:40 CET 2004 i686 unknown
  
 
Modules:
softdog 1508   1
ip_nat_irc  2128   0 (unused)
ip_nat_ftp  2736   0 (unused)
ip_conntrack_irc2864   1
ip_conntrack_ftp3472   1
8139too11624   2
mii 2108   0 [8139too]
ne2k-pci4044   1
83905784   0 [ne2k-pci]
crc32   2648   0 [8139too 8390]

 

 
 

::Installed Packages::   (Copyclipped from Weblet)
NameVersionDescription
===-==-==
initrd  V2.1.3 uClibc- LEAF Bering initial filesystem
rootV2.1.3 uClibc- Core LEAF Bering-uClibc package   
config  0.2Core config and backup system package 
etc V2.1.3 uClibc-   
local   V2.1.3 uClibc- LEAF Bering local package 
modules V2.1.3 uClibc- Define  contain your LEAF Bering modules 
iptables1.2.9  IP packet filter administration tools for 2.4.
dhcpcd  1.3.22pl4-7 Re dhcpcd is a RFC2131 and RFC1541 compliant DHCP
keyboard0.3Define your keyboard settings 
shorwall1.4.10eShoreline Firewall (Shorewall)
ulogd   1.02   The Netfilter Userspace Logging Daemon
dnscache1.05a  A fast  secure proxy DNS server, patched for 
dropbear0.42   Dropbear SSH 2 server and scp client  
weblet  1.2.4 Rev 2LEAF status via a small web server
  
 
 



 



The best thing to hit the Internet in years - Juno SpeedBand!
Surf the Web up to FIVE TIMES FASTER!
Only $14.95/ month - visit www.juno.com to sign up today!


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Dropbear and sshd in Bering_uClibc 2.1.3

[[EMAIL PROTECTED]]

HI AGAIN,

I am new to LEAF and have just got my Leaf system running.
However, I have been reading about dropbear, dropbearkeys, and SSH and it seems if 
these have to do with some sort of remote admin packages.  Am I right?  Is there some 
good beginer information you could point me to to read about these topics?  Or could 
you tell me what they do and their benefits?

Thanks,
Andrew


The best thing to hit the Internet in years - Juno SpeedBand!
Surf the Web up to FIVE TIMES FASTER!
Only $14.95/ month - visit www.juno.com to sign up today!


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Firewall error on Weblet

[[EMAIL PROTECTED]]

HI,

I am new to leaf and am running bering_uclibc 2.1.3.  Ihave only just recently got my 
firewall up and runnng, protecting my local network using the default shorewall 
settings. However,in Weblet, I have a red light for Firewall under LEAF status and it 
says error.  When I click on the red stop light it says, You have 113 denied or 
rejected packets in your recent packet logs.  The other two traffic light are green 
(OK).  When I look at my logs they have come in the 4 hours.  Should I be worried 
about this?  Do others get this many hits on there IP's?  By the way, I am running 3 
public ip's on my LEAF.  Only two of them are getting the traffic.  Let me know if you 
want to see the logs.  Let me know which logs you would want: sorted by IP, Port, 
pretty log, or the regular one.


Thank,
Andrew


The best thing to hit the Internet in years - Juno SpeedBand!
Surf the Web up to FIVE TIMES FASTER!
Only $14.95/ month - visit www.juno.com to sign up today!


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] initial config problems with Bering-uClibc 2.1.3 (was : Please be kind to the Newbie!! new email)

[[EMAIL PROTECTED]]

That was it Ray!!!

My WinXP host had a default gateway of 192.168.1.255
I changed it to 192.168.1.255

Now the laptop surfs the net perfectly, as far as I can tell.
I did a port scan from the internet to check the firewall and EVERYTHING was blocked.  
Wonderful

Now let me ask you a couple questions for me next baby steps.

Is it possible to connect a Linksys router to the LEAF firewall (internal NIC) and let 
the Linksys router set up my local network?  I guess it would just be acting like a 
switch at this point.  Especially if I continued to run static internal addresses.

My next step is to run all my (5) static external ip addresses through my Firewall.  I 
have a few more NIC's lying around.  I believe I want all 5 ip's to come in through 
eth0. I read some of the posts and I think I will try the eth0:0 through eth0:4.  

After that I am sort of lost.  I only have immediate plans to use two more of the ips, 
one as a web server, one as a media server.  I might run double duty on the media 
server as a ftp server as well.  Anyway, my question was could you give me a general 
overview of the specific modules, settings, files that I would need to change/update.  
I guess it would be best to masquerade the ip's??

Truthfully Ray, the main reason I wanted to use the firewall besides local network 
security was to protect my web and media server.  Is there someway to block bad people 
doing bad things while allowing everybody else in?  I worry because in the past I had 
to open and forward port 80 (and other specific ports on the media sever).  It seems 
to me like I was just putting a lock on my door but leaving the door wide open.

Thanks for your help Ray.



The best thing to hit the Internet in years - Juno SpeedBand!
Surf the Web up to FIVE TIMES FASTER!
Only $14.95/ month - visit www.juno.com to sign up today!


---
This SF.Net email sponsored by Black Hat Briefings  Training.
Attend Black Hat Briefings  Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] initial config problems with Bering-uClibc 2.1.3 (wa s : Please be kind to the Newbie!! new email)

[[EMAIL PROTECTED]]

Ray,
 I did mean 192.168.1.254, oops.

What I thought I would do is this:

Connect cable modem to eth0 of firewall  Where all five static ips run throught this 
line.
Then from firewall eth1 have wire connected to the uplink port on my Lynsis wireless 
router (with built in 4 port switch).  From the Linksys I would set up my home network 
for file/print/internet sharing where I would connect all my personal computers.(LAN)  
I guess this would run double NAT in this configuration.  Should I change the 
192.168.1.XXX network addresses on the Linksys router so they are different from the 
LEAF Firewall? Maybe something like 127.0.0.0?

Then on eth2 I would run DMZ via a crossover cable to my Web Server.

Then on eth3 I would run DMZ via a crossover cable to my Media Server.

My two servers are actually one machine (a xeon cpu with 2 onboard nic's)  I am 
running MS Server 2003 Enterprise Edition.  I assign one nic for IIS and one for 
Windows Media Server.  I have one public IP for each nic so that they can both have a 
port 80.  I found that a lot people trying to see my video, couldn't, because their 
firewall rules blocked transmissions that weren't originated on port 80.  MS Server 
2003 Enterprise Editionhas port blocking at the nic level so i have it set to block 
everything except port 80.  Do you think LEAF will add some protection to my setup or 
not?




The best thing to hit the Internet in years - Juno SpeedBand!
Surf the Web up to FIVE TIMES FASTER!
Only $14.95/ month - visit www.juno.com to sign up today!


---
This SF.Net email sponsored by Black Hat Briefings  Training.
Attend Black Hat Briefings  Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] initial config problems with Bering-uClibc 2.1.3 (w a s : Please be kind to the Newbie!! new email)

[[EMAIL PROTECTED]]

Thanks for the tips


The best thing to hit the Internet in years - Juno SpeedBand!
Surf the Web up to FIVE TIMES FASTER!
Only $14.95/ month - visit www.juno.com to sign up today!


---
This SF.Net email sponsored by Black Hat Briefings  Training.
Attend Black Hat Briefings  Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] initial config problems with Bering-uClibc 2.1.3 (was: Please be kind to the Newbie!! new email)

[[EMAIL PROTECTED]]

HI again Ray,  Thanks for keeping an eye on me.

I had some things messed up before that by typing this email to you I started to see.
So I will tell you what my new settings are now and my new outputs. I have made some 
very remarkable improvements now.

I AM the same guy who was aking about the five static IP's.  However, I am just trying 
to get 
one static ip address working for now.  You know the saying, KISS!

I have the external firewall nic connected to the cable modem, the internal firewall 
nic connected to a laptop via a switch wich acts as a crossover cable.
One of my main signs of success is if I can surf the internet from my laptop.

Ok, from Network Configuration-Interfaces File I have the Fixed IP setting unremarked 
(less #) , 
Specifically:
auto eth0
iface eth0 inet static
address 24.227.166
netmask 255.255.255.248
broadcast 24.227.166.255
gateway 24.227.166.193

Then further down on Step 2 I have the default setting unremarked, specifically:
auto eth1
iface eth1 inet static
address 192.168.1.254
netmask 255.255.255.0
broadcast 192.168.1.255

Then on Network configuration - Resolv.comf I have my dns nameservers entered.
Nameserver 24.93.40.62
Nameserver 24.93.40.63

Then on Packages - Modules -Kernel modules to load at boot I have unremarked:
crc32
8390
ne2k-pci
mii
8139too

This was done to make my NIC's function.  I wasn't sure if I needed to actually put 
the files on the disk so I put the ones I could find on there, specifically: mii, 
8390, and ne2k-pci.
I could not find crc32 or 8139too.  Do i need them? Do I need the others that are 
already on the disk or can I remove them?

I cannot think of ANYTHING else I have done.  I mean it.  If there is some stupid 
thing that I needed to do and I did not write about doing it, then it has not been 
done.

Uname -a:

Linux firewall 2.4.24 #3 Sun Feb 22 19:25:40 CET 2004 i686 unknown


LSMOD:

Module  Size  Used byNot tainted

softdog 1508   1

ip_nat_irc  2128   0 (unused)

ip_nat_ftp  2736   0 (unused)

ip_conntrack_irc2864   1

ip_conntrack_ftp3472   1

8139too11624   1

mii 2108   0 [8139too]

ne2k-pci4044   1

83905784   0 [ne2k-pci]

crc32   2648   0 [8139too 8390]


IP addr show:

1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue 

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop 

link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff

3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000

link/ether 52:54:05:c0:26:8f brd ff:ff:ff:ff:ff:ff

inet 24.227.166.196/29 brd 24.227.166.255 scope global eth0

4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000

link/ether 00:c0:26:62:82:20 brd ff:ff:ff:ff:ff:ff

inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1


IP Route Show:

24.227.166.192/29 dev eth0  proto kernel  scope link  src 24.227.166.196 

192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.254 

default via 24.227.166.193 dev eth0 


Ping:

can the WinXP host ping the LEAF router?
Ping 192.168.1.254  0% loss
can the WinXP host ping the ISP's default gateway?
Ping 24.227.166.193 100% loss
can the WinXP host ping the DNS servers?
Ping 24.93.40.62100 % loss
can the WinXP host ping a known-good Internet address?
Probably not?
can the LEAF router ping the WinXP host?
can the LEAF router ping the ISP's default gateway?
can the LEAF router ping the DNS servers?
can the LEAF router ping a known-good Internet address?

It looks like it is successfully pinging the winxp host, default gateway, and the dns 
servers but it just keep going and going, pinging over and over.
How do you stop that?

Finally, from my winxp host, when I get on Internet Explorer and try to go to 
Yahoo.com it tells me  The page cannot be displayed 
The page you are looking for is currently unavailable. The Web site might be 
experiencing technical difficulties, or you may need to adjust your browser settings. 

However, When I go to 192.168.1.254 Weblet does open and I am able to brouse around 
it, it is very cool.


The best thing to hit the Internet in years - Juno SpeedBand!
Surf the Web up to FIVE TIMES FASTER!
Only $14.95/ month - visit www.juno.com to sign up today!


---
This SF.Net email sponsored by Black Hat Briefings  Training.
Attend Black Hat Briefings  Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com

leaf-user mailing list: [EMAIL PROTECTED]
https

[leaf-user] Please be kind to the Newbie!!

[[EMAIL PROTECTED]]

Hi everyone,

I was trying to setup a very simple firewall and then build up from there. I am using 
Bering uClibc 2.1.2

my setup is a cable modem with a static IP (I actually have 5 ip's but i'm trying to 
keep it simple to start) going to the 
firewall in the first nic port, then from the firewall's second nic port to a switch 
(because i don't own a crossover cable), 
then to a laptop.
I have been messing around with Network configurations: interfaces file. From step 1 I 
have tried to setup option 1.2 but i 
don't understand the settings completely since they look a little different from my 
standard Linksys router.  
What do I fill in for address, broadcast, and gateway?  My Isp gave me a subnet mask 
of 255.255.255.248
with my static ips.  I used to input dns1 and dns2 in my Linksys Router, do i still 
have to do this?

Then for step 2 I left it alone (default settings looked ok to me) for eth 1.

I thought i would first try to get on the internet with the laptop but it doesn't get 
to the internet.  Is there a 
simple setting I need to change to fix this?


I don't even know if the nics are talking to the LEAF?  How do I know which is Eth1 
and Eth0?
Is there a way to determine if leaf has installed the nic cards properly or at all?  I 
didn't load any special drivers
because it looked like maybe they will work if the nics are common enough.

I haven't messed with anything else in the system. do i need to change some settings 
in shorewall in order 
for the laptop to access the internet?

Then of course there are the laptop settings, I am running Windows XP Pro.  I have 
given it the following fixed ip settings:
ip address: 192.168.1.5
seb net mask: 255.255.255.0
default gateway: 192.168.1.1
DNS1 and DNS2: the supplied info from my ISP

btw, how do I change the login and password when LEAF boots up?

Please be kind to the noob, I really want to learn this and I really appreciate all 
the detail and 
over-simplification you can stand to type.  I know a very little about Routing, less 
about firewalls, and absolutely
nothing about Linux.  I have been sucking on the Microsoft tit forever.

Thank you in advance,
Andrew



The best thing to hit the Internet in years - Juno SpeedBand!
Surf the Web up to FIVE TIMES FASTER!
Only $14.95/ month - visit www.juno.com to sign up today!


---
This SF.Net email sponsored by Black Hat Briefings  Training.
Attend Black Hat Briefings  Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Please be kind to the Newbie!!

[[EMAIL PROTECTED]]

 gateway?
can the LEAF router ping the DNS servers?
can the LEAF router ping a known-good Internet address?

all pinging results:
ping: sendto: Network is unreachable


In any case that is a NO, your report to us should include the failure message that 
ping reports back (there are 4 or more of these for Linux ping, and they are 
diagnostic).



I don't even know if the nics are talking to the LEAF? How do I know which is Eth1 and 
Eth0?
Is there a way to determine if leaf has installed the nic cards properly or at all? I 
didn't load any special drivers
because it looked like maybe they will work if the nics are common enough. 

Next time, please tell us what makes and models of NICs you are using. Some wook out 
of the box, while others require add-in modules  we can't guess which kind you 
have, and as a beginner, you shouldn't be guessing on your own.
The nic that is connected to the cable modem is a [Realtek RTL8139 Family PCI Fast 
Ethernet NIC]
The nic that is connected to the switch (which goes to the laptop) is a [Realtek 
RTL8029(AS) based Ethernet Adaptor (Generic)]
Th info in the [...] is exactly what windows XP calls the cards when xp is running.

Check what interfaces have been created with the command


ip link show

It will also tell you if they have been initialized (that is, assigned IP addresses).

ip link show results:::

1: lo: LOOPBACK mtu 16436 qdisc noop
  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop
  link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff

ip addr show results::: 
[same as (ip link show)]

uname -a results:::
Linux Firewall 2.4.26 #1 Sun Jun 6 11:44:34 CEST 2004 i686 unknown

ip route show results:::
[nothing]


lsmod results:
Module  SizeUsed by Not tainted
softdog 15081
ipt_state   336 2
ipt_helper  464 0 (unused)
ipt_conntrack   820 0
ipt_REDIRECT554 0 (unused)
ipt_MASQUERADE  10560 (unused)
ip_nat_irc  21520 (unused)
ip_nat_ftp  27920 (unused)
iptable_nat 15716   2 [ipt_REDIRECT ipt_MASQUERADE ip_nat_irc ip_nat_ftp]
ip_conntrack_irc28761
ip_conntrack_ftp34841
ip_conntrack18312   2 [ipt_state ipt_helper ipt_conntrack ipt_REDIRECT 
ipt_MASQUERADE ip_nat_irc ip_nat_ftp iptable_nat ip_conntrack_irc ip_conntrack_ftp]


Then of course there are the laptop settings, I am running Windows XP Pro. I have 
given it the following fixed ip settings:
ip address: 192.168.1.5
seb net mask: 255.255.255.0
default gateway: 192.168.1.1
DNS1 and DNS2: the supplied info from my ISP 
These are fine.

Should the default gateway be 192.168.1.255?


A previous reply told you to change the password with the command passwd. You don't 
change the login, though you can add other userids than root (though on a router, 
there is really no reason to).

Got the password fixed.

I have a new question.  Does it matter if I am logged into the firewall (LEAF 
Configuation Menu on the screen)
or not logged in (Firewall# prompt on the screen) for the firewall to operate 
properlly when I have all the settings correct?
Do I have to reboot after I make and backup system changes for them to be in effect?




The best thing to hit the Internet in years - Juno SpeedBand!
Surf the Web up to FIVE TIMES FASTER!
Only $14.95/ month - visit www.juno.com to sign up today!


---
This SF.Net email sponsored by Black Hat Briefings  Training.
Attend Black Hat Briefings  Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] login and password

[[EMAIL PROTECTED]]

Hi, I am new to Leaf.
I am also new to Linux.
I am also new to firewalling.
I thought I would try to learn more about them and run Bering uClibc.
I am having trouble right out of the gate though.  I have read lots of FAQ's and 
archives but have not had any luck.

My future setup:
I was hoping to use a Pentium 3 computer (and extra NIC cards) that was just lying 
around and use it for a firewall.  I have 5 static IP's from my cable ISP.  I host a 
web page with one, a media server with another, and have my local network (4 or so 
computers) on the third,  two of the IP's aren't being used currently.

1.) I am concerned that with my media and web server that I need packet filtering or 
something more than just NAT and port forwarding.  Am I right in assuming this and is 
Leaf or even uClibc a good solution?

2.) Do you think uClibc 2.2 beta 4 is stable enough for a noob like myself or should I 
just use 2.1.2?

3.) I have tried running both versions but I am stuck at the same place on both.  What 
is the Firewall login and password?  Am I just an idiot?

Thanks for your help,
Andrew


The best thing to hit the Internet in years - Juno SpeedBand!
Surf the Web up to FIVE TIMES FASTER!
Only $14.95/ month - visit www.juno.com to sign up today!


---
This SF.Net email sponsored by Black Hat Briefings  Training.
Attend Black Hat Briefings  Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Point to Point from lan

[[EMAIL PROTECTED]]

Original Message:
-


That is a HUGE swath of ip addresses to claim will only be used for Oracle
database connections.

Thanks for the reply, I did confuse you though, sorry for my misleading, 
the 208.x.x.x was meant to imply a single internet address.

I do understand your reply though.

Thanks again.


Robert Szabo


mail2web - Check your email from the web at
http://mail2web.com/ .




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] bering: cannot get dhcp lease from ISP

[[EMAIL PROTECTED]]

Hello Erich

your ISP may expect your external NIC to have a specific MAC address. You may 
consider trying to use the same NIC connected to the ISP's line (physically 
removing the NIC from the old router and plugging it in the new one) or 
configuring the new NIC to publish the old MAC address.

According to my experience with Cablecom you can also call the support and 
have them setup your cable modem to accept a new NIC. Allegedly with Cablecom 
MAC addresses are stored for 24 hours, so after that period a new NIC can be 
given out a lease.

Hope this helps to solve your problem.

Regards,

Kiril


On Saturday 31 August 2002 10:05, Erich Titl wrote:
 Hello everybody

 I am trying to get my bering firewall up on the net, but cannot get a lease
 from my ISP. If I connect the firewall's external NIC to my internal
 network which is served by my own dhcpd I perfectly get a lease. The line
 to the ISP is OK because I can get a lease on my other Linux server which
 was used as a firewall in the past. I tried dhclient and pump. Both failed
 to get a lease.

 I am running dhclient V3.0rc10 on the old Linux server. The dhclient used
 by bering seems to be a lesser version. Does anyone have a recent release
 of dhclient for bering.

 Thanks

 Erich

 THINK
 Püntenstrasse 39
 8143 Stallikon
 mailto:[EMAIL PROTECTED]
 PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16



 ---
 This sf.net email is sponsored by: OSDN - Tired of that same old
 cell phone?  Get a new here for FREE!
 https://www.inphonic.com/r.asp?rŸurceforge1refcode1Ó3390
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html