Re: [leaf-user] LEAF Print Server
You don't need me to tell you that shouldn't run a print server on a router. Am I missing something, again? Just security. The traditional view is that a firewall is so important to the network, you cannot have it screw up. May I add: 1)the more stuff you have on a firewall, the more chances there may be an exploitable flaw, and 2)if routing is all it does, and it comes under a determined attack, you can always just power-down. LEAF will run on any old piece of junk you've got lying around, and do well. Dedicate it to the job. There is no reason to run a print server on a router, to do what? Offer print services to the whole wide world? Print services should always be inside the router/DMZ. Routers are NOT servers. Paul Rogers ([EMAIL PROTECTED]) http://www.xprt.net/~pgrogers/ Rogers' Second Law: Everything you do communicates. (I do not personally endorse any additions after this line. TANSTAAFL :-) - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] The old floppy question
Lets make a poll to find out how many of us are booting bering from a floppy and decide from there. I still favor use Bering 1.2 floppies. I like the security of the write-protect slider. And part of the idea about Linux, and Bering firewalls in particular, is repurposing old hardware for a new useful task. It's not so hard to find boxes of an appropriate horsepower for the task that came with floppies. Paul Rogers ([EMAIL PROTECTED]) http://www.xprt.net/~pgrogers/ Rogers' Second Law: Everything you do communicates. (I do not personally endorse any additions after this line. TANSTAAFL :-) - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] The old floppy question
Lets make a poll to find out how many of us are booting bering from a floppy and decide from there. I still favor use Bering 1.2 floppies. I like the security of the write-protect slider. And part of the idea about Linux, and Bering firewalls in particular, is repurposing old hardware for a new useful task. It's not so hard to find boxes of an appropriate horsepower for the task that came with floppies. Paul Rogers ([EMAIL PROTECTED]) http://www.xprt.net/~pgrogers/ Rogers' Second Law: Everything you do communicates. (I do not personally endorse any additions after this line. TANSTAAFL :-) - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] WLM 54G (Aneesh Pande)
Hi Aneesh, I've had the same problem with setting up Leaf as WAP. You've followed the doc that Martin so generously provided? It was a huge help for me, but for some reason there was a gap between finishing those steps and connecting to my shiny new Soekris. For me, I think it was a knowledge gap between what is merely routine for experts and my decidedly ,uh network-challenged condition. At any rate, I did figure it out eventually, and you will too- you're that close. One of the things I noticed was hostapd either wasn't running or wasn't sourcing that hostapd.conf file I spent so long modifying. 'iwconfig' didn't reflect the changes I'd made in ssid, for example. 'ps' didn't show hostapd running either. You seem to have those bases covered. My next brick-upside-the-head-moment^H^H^H hurdle was the realization that the nic in my VAIO would not support WPA, so make sure you're compatible on that end. Sorry to wait so long to post so little on this thread. I'm happy to cut-n-paste any logs or confs you might find useful, and again, thanks to Martin, and all the whole Leaf crew, past and present -Ben [EMAIL PROTECTED] wrote: Send leaf-user mailing list submissions to leaf-user@lists.sourceforge.net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/leaf-user or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of leaf-user digest... Today's Topics: 1. Re: WLM 54G (Aneesh Pande) -- Message: 1 Date: Thu, 5 Jul 2007 21:21:46 +0200 From: Aneesh Pande [EMAIL PROTECTED] Subject: Re: [leaf-user] WLM 54G To: leaf-user@lists.sourceforge.net Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed I'm trying to implement a wireless access point using Bering but haven't been able to run it successfully yet. I can see the access point from an external laptop but can't connect to it. THe /etc/network/interfaces file looks like this: auto ath0 iface ath0 inet static address 192.168.1.254 netmask 255.255.255.0 broadcast 192.168.1.255 wireless-channel 1 The output of lsmod |grep ath is the following: ath_pci60292 0 ath_rate_sample 7872 0 [ath_pci] wlan 129916 1 [wlan_xauth wlan_tkip wlan_ccmp wlan_acl ath_p] ath_hal 174288 1 [ath_pci ath_rate_sample] When trying to connect to the AP from an external laptop I get the following error message: firewall# hostapd /etc/hostapd/hostapd.conf Configuration file: /etc/hostapd/hostapd.conf madwifi_set_privacy: enabled=0 BSS count 1, BSSID mask ff:ff:ff:ff:ff:ff (0 bits) ath0: IEEE 802.11 Fetching hardware channel/rate support not supported. madwifi_sta_deauth: addr=ff:ff:ff:ff:ff:ff reason_code=3 ioctl[IEEE80211_IOCTL_SETMLME]: Invalid argument Could not connect to kernel driver. Mode: IEEE 802.11g Channel: 60 Frequency: 0 MHz madwifi_del_key: addr=00:00:00:00:00:00 key_idx=0 madwifi_del_key: addr=00:00:00:00:00:00 key_idx=1 madwifi_del_key: addr=00:00:00:00:00:00 key_idx=2 madwifi_del_key: addr=00:00:00:00:00:00 key_idx=3 Using interface ath0 with hwaddr 00:80:48:7e:6b:c9 and ssid 'AneeshAP' madwifi_set_ieee8021x: enabled=1 madwifi_configure_wpa: group key cipher=1 madwifi_configure_wpa: pairwise key ciphers=0xa madwifi_configure_wpa: key management algorithms=0x2 madwifi_configure_wpa: rsn capabilities=0x0 madwifi_configure_wpa: enable WPA=0x3 madwifi_set_privacy: enabled=0 madwifi_set_key: alg=TKIP addr=00:00:00:00:00:00 key_idx=1 madwifi_set_privacy: enabled=1 l2_packet_receive - recvfrom: Network is down Wireless event: cmd=0x8c03 len=20 ath0: STA 00:1b:77:02:6c:96 IEEE 802.11: associated New STA ath0: STA 00:1b:77:02:6c:96 WPA: event 1 notification madwifi_del_key: addr=00:1b:77:02:6c:96 key_idx=0 ath0: STA 00:1b:77:02:6c:96 WPA: start authentication madwifi_del_key: addr=00:1b:77:02:6c:96 key_idx=0 madwifi_set_sta_authorized: addr=00:1b:77:02:6c:96 authorized=0 ath0: STA 00:1b:77:02:6c:96 IEEE 802.1X: unauthorizing port ath0: STA 00:1b:77:02:6c:96 WPA: sending 1/4 msg of 4-Way Handshake IEEE 802.1X: 125 bytes from 00:1b:77:02:6c:96 IEEE 802.1X: version=1 type=3 length=121 ath0: STA 00:1b:77:02:6c:96 WPA: received EAPOL-Key frame (2/4 Pairwise) ath0: STA 00:1b:77:02:6c:96 WPA: invalid MIC in msg 2/4 of 4-Way Handshake ath0: STA 00:1b:77:02:6c:96 WPA: EAPOL-Key timeout ath0: STA 00:1b:77:02:6c:96 WPA: sending 1/4 msg of 4-Way Handshake IEEE 802.1X: 125 bytes from 00:1b:77:02:6c:96 IEEE 802.1X: version=1 type=3 length=121 ath0: STA 00:1b:77:02:6c:96 WPA
Re: [leaf-user] Ping failed to server in DMC
- Oorspronkelijk bericht - Van: Erich Titl [mailto:[EMAIL PROTECTED] Verzonden: donderdag, maart 29, 2007 11:03 AM Aan: [EMAIL PROTECTED] CC: leaf-user@lists.sourceforge.net Onderwerp: Re: [leaf-user] Ping failed to server in DMC Hi Jan [EMAIL PROTECTED] wrote: Hi Erich ... My conclusion is that my router forwards the packets to my server. And my server is capable of replying a ping packet (see tst2). But for some reason he doesn't reply a packet from my loc zone. Because I don't see a packet returning on eth2. There is no sign of a packet entering eth2 (dmz). I think my router is routing packets between loc and dmz. (chain from loc2dmz) Yep My server can respond to ping. No proof, as there are no packets on eth2_fwd But when I ping from my router to my server, my server respons to it. (see test2) Or can't I link this behaviour with that conclusion? And firewall isn't blocking packets from dmz to loc. Why aren't there packet's entering my eth2 heading for my laptop? :o) Use tcpdump to see if they are entering eth2 at all. I will search how I should do that. And see if I get a litle more info from there. Erich Thanks Jan - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Ping failed to server in DMC
Have you check the tcp/ip setting on your server especially subnet mask. Also as Tom suggested have you check the default gateway on the server. Can you get to the internet from the server. Since you can not ping 192.168.1.254 made me suspect the subnet mask on your server. I treat that as on the same network What do you mean by that last sentence? Server ip: 192.168.3.2 subnet mask: 255.255.255.0 default gateway: 192.168.3.1 Thanks Jan - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Ping failed to server in DMC
I suggest that you shorwall clear then try to ping the IP address of your firewall's *local* interface (not the *DMZ* interface) from your server. If that ping does not succeed then you have a routing problem. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key Actually, I made a mistake to say the ping failes. And this is a huge mistake from me. When I try to ping 192.168.1.254 (ip address local interface) it just says Network unreachable. Probably a huge difference! Thanks, Jan - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Ping failed to server in DMC
My problem is solved. What it was??? I don't know! But I think I was misreading a bad standard gateway. I did the folowing: 1:I checked my ip settings from my server. I tought everything was ok. 2:I tried to ping from my server (192.168.3.1) to my loc router (192.198.1.254) Result was. Could not reach network. 3:Then I set up my router (dnsmasq) to give ipaddresses on network 192.168.3.0. And let my server get an dhcp address. (my server got: 192.168.3.83) 4:I tried again to ping from my server to my loc router. This time the ping whas succesful. 5:Than I tried to ping from my local pc to the server. This also whas succesful. 6:I checked what standard gateway the server got from dhcp (route -nee). And it checked out to be the same as I tought I gave it the first time fixed before... 7:I gave my server back a fixed ip address (192.168.3.83) and the standard gateway (192.168.3.1) and subnetmask (255.255.255.0) 8:Tried both pings again and they were succesfull. 9:I gave my server back his old ip address (192.168.3.2) and tried the pings again. Both were succesfull. 10:I stopped dhcp on network 192.168.3.0 and restarted dnsmasq. Tried both pings again and they were still succesfull. So I don't have a clue wath went wrong the last few day's. Because I whas so sure I did entered the same standard gateway. Could it be that I had this problem because I put in my /etc/shorewall/interfaces file the following rule: dmzeth2detect dhcp And if so. wich word should there be in place of the dhcp word when you only have static IP's in your dmz zone... Thanks for all the help to everyone!!! Greetings Jan - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Ping failed to server in DMC
Hi Erich If you reset the counters before testing it is easier to read. Try to minimize all other traffic durng your tests, it will become clear what is happening If you want us to understand your test, please note _exactly_ what test1,2,3 is. Please conduct only one test at a time. I tried to folow your advice: So i did a shorwall reset. Than I did a ping from my local pc (located in loc, etc1) to my server (in DMZ eth2) Pingen naar 192.168.3.2 met 32 byte gegevens: Time-out bij opdracht. Time-out bij opdracht. Time-out bij opdracht. Time-out bij opdracht. Ping-statistieken voor 192.168.3.2: Pakketten: verzonden = 4, ontvangen = 0, verloren = 4 (100% verlies). And than I made as fast as I could: iptables -nvL tst1.txt The result is tst1.txt: Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- lo * 0.0.0.0/00.0.0.0/0 1 485 eth0_inall -- eth0 * 0.0.0.0/00.0.0.0/0 91 6042 eth1_inall -- eth1 * 0.0.0.0/00.0.0.0/0 0 0 eth2_inall -- eth2 * 0.0.0.0/00.0.0.0/0 0 0 tun_in all -- tun+ * 0.0.0.0/00.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/00.0.0.0/0 0 0 ULOG all -- * * 0.0.0.0/00.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `Shorewall:INPUT:REJECT:' queue_threshold 1 0 0 reject all -- * * 0.0.0.0/00.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 eth0_fwd all -- eth0 * 0.0.0.0/00.0.0.0/0 4 240 eth1_fwd all -- eth1 * 0.0.0.0/00.0.0.0/0 0 0 eth2_fwd all -- eth2 * 0.0.0.0/00.0.0.0/0 0 0 tun_fwdall -- tun+ * 0.0.0.0/00.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/00.0.0.0/0 0 0 ULOG all -- * * 0.0.0.0/00.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `Shorewall:FORWARD:REJECT:' queue_threshold 1 0 0 reject all -- * * 0.0.0.0/00.0.0.0/0 Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * lo 0.0.0.0/00.0.0.0/0 0 0 ACCEPT udp -- * eth00.0.0.0/00.0.0.0/0 udp dpts:67:68 0 0 ACCEPT udp -- * eth10.0.0.0/00.0.0.0/0 udp dpts:67:68 0 0 ACCEPT udp -- * eth20.0.0.0/00.0.0.0/0 udp dpts:67:68 0 0 fw2net all -- * eth00.0.0.0/00.0.0.0/0 51 4208 fw2loc all -- * eth10.0.0.0/00.0.0.0/0 0 0 all2allall -- * tun+0.0.0.0/00.0.0.0/0 0 0 fw2dmz all -- * eth20.0.0.0/00.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/00.0.0.0/0 0 0 ULOG all -- * * 0.0.0.0/00.0.0.0/0 ULOG copy_range 0 nlgroup 1 prefix `Shorewall:OUTPUT:REJECT:' queue_threshold 1 0 0 reject all -- * * 0.0.0.0/00.0.0.0/0 Chain Drop (1 references) pkts bytes target prot opt in out source destination 0 0 reject tcp -- * * 0.0.0.0/00.0.0.0/0 tcp dpt:113 1 485 dropBcast all -- * * 0.0.0.0/00.0.0.0/0 0 0 ACCEPT icmp -- * * 0.0.0.0/00.0.0.0/0 icmp type 3 code 4 0 0 ACCEPT icmp -- * * 0.0.0.0/00.0.0.0/0 icmp type 11 1 485 dropInvalid all -- * * 0.0.0.0/00.0.0.0/0 0 0 DROP udp -- * * 0.0.0.0/00.0.0.0/0 multiport dports 135,445 0 0 DROP udp -- * * 0.0.0.0/00.0.0.0/0 udp dpts:137:139 0 0 DROP udp -- * * 0.0.0.0/00.0.0.0/0 udp spt:137 dpts:1024:65535 0 0 DROP tcp -- * * 0.0.0.0/00.0.0.0/0 multiport dports 135,139,445 0 0 DROP udp -- * * 0.0.0.0/00.0.0.0/0 udp dpt:1900 0 0
Re: [leaf-user] Ping failed to server in DMC
Hi Erich Did you look at the log files? Do those pings appear there? If not, is unlikely it is the firewall. I did, but It's very confusing. As far as I can analize the log file, there is no sign of my ping. But at the moment I'm at work, so I will double check this in a few hours when I'm back at home. Please look at shorewall status for iptables settings. This is something I don't understand. Because the: /sbin/shorewall status just tell's me that shorewall is up. (see my first mail. It's somewhere between all the info) And I expected a litle more info from that command. How can I check the iptables settings because I understand that shorewall is an wrap around iptables. So when it's not a firewall problem, where would you start looking for the problem? Thanks for your reply and help. Kind regards Jan - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Ping failed to server in DMC
Hello everyone, After a few days trying to get this to work, I'm out of possibilitys. I read all documentation I could found. I read many post about this subject. And I tried some thinks I found on the net. The one thing I try to do is setup my router with 3 network interfaces to give me a working dmz. My network is working wonderfull. But I can’t get my dmz to do what I want. I want to set up a webserver but I want to be able to do the maintance on my server from my local network. (server is a machine without keyboard and monitor). The problem: I can’t ping to my server. I think my firewall is blocking the reply packets. Loc: 192.168.1.0/24 DMZ: 192.168.3.0/24 VPN: 192.168.2.0/24 My IP addres: 192.168.1.145 I can ping to 192.168.1.254 (the ipaddres of my router (loc)) I can ping to 192.168.3.1 (the ipaddres of my router (dmz), but I understand that this is normal because the ip address belongs to my machine and not to an interface) I can ping from my router to 192.168.3.2 (ip addres of my server) I can ping from my server to 192.168.3.1 (ip address of my router (dmz)) I can’t ping from my server to 192.168.1.254 (ip address of my router (loc), this I find strange)) I can’t ping from my server to 192.168.1.145 (my own ip) I checked my configuration a few times. But I don’t find a configuration setting that can explain this behaviour. So I tried to set everything open between dmz and loc (bad way to work with a firewall, but I didn’t know what to do anymore). Nothing works. Below you find all the information I thougt would be interesting to know and to analyse my problem. If you have not enough information to help me, please tell me so I can provide you with the nessesary information. PS: I tried to followe the following website: http://www.shorewall.net/three-interface.htm But as an inexperienced user, I hope I did it good. Thanks in advance, Jan RouterJan# uname -a Linux RouterJan 2.4.33 #1 Mon Sep 4 15:52:08 CEST 2006 i686 unknown RouterJan# ip addr show 1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: BROADCAST,MULTICAST,NOTRAILERS,UP mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:d0:b7:4c:6e:3b brd ff:ff:ff:ff:ff:ff inet 213.118.207.166/24 brd 213.118.207.255 scope global eth0 4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:90:27:a5:00:40 brd ff:ff:ff:ff:ff:ff inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1 5: eth2: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:90:27:ed:3c:69 brd ff:ff:ff:ff:ff:ff inet 192.168.3.1/24 brd 192.168.3.255 scope global eth2 6: tun0: POINTOPOINT,MULTICAST,NOARP,UP mtu 1500 qdisc pfifo_fast qlen 100 link/[65534] inet 192.168.2.1 peer 192.168.2.2/32 scope global tun0 RouterJan# ip route show 192.168.2.2 dev tun0 proto kernel scope link src 192.168.2.1 213.118.207.0/24 dev eth0 proto kernel scope link src 213.118.207.166 192.168.3.0/24 dev eth2 proto kernel scope link src 192.168.3.1 192.168.2.0/24 via 192.168.2.2 dev tun0 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254 default via 213.118.207.1 dev eth0 RouterJan# iptables -nvL Chain PREROUTING (policy ACCEPT 11963 packets, 3525K bytes) pkts bytes target prot opt in out source destination 9490 3312K net_dnat all -- eth0 * 0.0.0.0/00.0.0.0/0 Chain POSTROUTING (policy ACCEPT 65 packets, 7148 bytes) pkts bytes target prot opt in out source destination 825 40533 eth0_masq all -- * eth00.0.0.0/00.0.0.0/0 Chain OUTPUT (policy ACCEPT 64 packets, 7088 bytes) pkts bytes target prot opt in out source destination Chain eth0_masq (1 references) pkts bytes target prot opt in out source destination 772 36943 MASQUERADE all -- * * 192.168.1.0/24 0.0.0.0/0 Chain net_dnat (1 references) pkts bytes target prot opt in out source destination 0 0 DNAT tcp -- * * 0.0.0.0/00.0.0.0/0 RouterJan# iptables -t nat -nvL Chain PREROUTING (policy ACCEPT 11963 packets, 3525K bytes) pkts bytes target prot opt in out source destination 9490 3312K net_dnat all -- eth0 * 0.0.0.0/00.0.0.0/0 Chain POSTROUTING (policy ACCEPT 65 packets, 7148 bytes) pkts bytes target prot opt in out source destination 825 40533 eth0_masq all -- * eth00.0.0.0/00.0.0.0/0
[leaf-user] Site error
I was in Bering uClibc Changelog page and entered cvs in the search box. XML Parsing Error: mismatched tag. Expected: /dt. Location: http://leaf.sourceforge.net/bering-uclibc/index.php Line Number 546, Column 19: /dl --^ Paul Rogers ([EMAIL PROTECTED]) http://www.xprt.net/~pgrogers/ Rogers' Second Law: Everything you do communicates. (I do not personally endorse any additions after this line. TANSTAAFL :-) - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] cvs
Ya know guys, it's all well and good to say, It's in the CVS when, as MOST sites, one supplies a link to access the CVS from a web browser. But when you don't, and I've been looking for that rabbit hole for half an hour, you really tend to frustrate people! I'm not a Linux developer. I don't have CVS installed. I'm not going to install CVS. And just recompiling my aic7xxx drivers for this EISA box isn't working out because of a lot of undefined references. Let me guess, EISA support isn't built into the kernel? I need to recompile the kernel too? Sorry for my ranting, but this isn't turning into a very good day, and the Bering site isn't making it any easier AARRGGGH! Paul Rogers ([EMAIL PROTECTED]) http://www.xprt.net/~pgrogers/ Rogers' Second Law: Everything you do communicates. (I do not personally endorse any additions after this line. TANSTAAFL :-) - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Modules
The scsi modules, including AIC7XXX are already included (PCI). Only they are not compiled with EISA an VL support. But EISA and VL are obsoleted for at least 10 years. That's why we get these old boxes to make into useful firewalls! ;-) Some keep trying to tell me floppies are obsolete too. Paul Rogers ([EMAIL PROTECTED]) http://www.xprt.net/~pgrogers/ Rogers' Second Law: Everything you do communicates. (I do not personally endorse any additions after this line. TANSTAAFL :-) - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Modules
-- Eric Spakman [EMAIL PROTECTED] wrote: I see, in the kernel config the next option is not enabled: CONFIG_AIC7XXX_PROBE_EISA_VL I did do some looking around to see if there was a kernel config file or documentation without finding it. That could have been helpful. If you have access to a linux machine, you can compile a 2.4.32 kernel with only this module and option enabled. Otherwise let me know and I will compile such a module. That's a module? If it were a module on a SCSI drive, we'd have a Catch-22, wouldn't we? (Unless it were in an initrd, of course.) I do have a LFS 2.4.31 system, but I admit I'm not quite capable of playing with different system levels with the secure knowledge I won't mess up my production system in an way. I see there's a Patch 34 out, so I could upgrade to patch level 32, and recompile there. Would I be able to import that module, even though probably everything else about my production system is different than the Bering-uClibc development environment? OTOH, let me ask if perhaps it shouldn't be an update to the Bering-uClibc-2.4.2 kernel/modules? Somebody else might need it. If you compile it, then it could get fixed for everybody. (OK, I admit, _most_ Bering users are going to run on more minimal systems without SCSI hard-drives. Still... ;-) - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Modules
I need the eisa module(s) for Bering uClibc-2.4.2. Can anybody direct me to a URL? Paul Rogers ([EMAIL PROTECTED]) http://www.xprt.net/~pgrogers/ Rogers' Second Law: Everything you do communicates. (I do not personally endorse any additions after this line. TANSTAAFL :-) - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Problem with VPN configuration
Hello, A few weeks ago I stumbled on the Bering UClibc Firewall and even for a Linux newbee it was easy to build a good working router. Now I want to configure Openvpn. But it's giving me headaches. I struggled a couple of days to configure the boot combination with a floppy and CD. But that's working now. The problem I'm working on now, is a bigger one. I'm trying to follow the steps in the bering UClibc documentation: Chapter 7: Configuring openvpn. I'm using the LEAF Bering-uClibc 3.0 beta 2. I think all the packages needed are loaded. When they start to talk about the modules they lost me a bit. What I did was searching for the tun.so module on my CD. When I found the module I copied the module to /lib/modules and added tun to the /etc/modules. Then they start to talk about the keys. Step one: Setup for key generation on your Bering-uClibc box. I think my /etc/easy-rsa/vars config is good. And the clean all command was successful. But when I try the next step: Build your own Root Certification Authority (CA) certificate/key. The build-ca command gives me an error: can’t load library ‘libcrypto.so.0.9.7’ I didn’t expected that one :o( Now after a few days working on the problem, I can’t find an other possible solution to my problem. I hope there is someone who can guide me to the solution. If there is more information you need, just ask. The router gets a dynamic IP-address from my ISP. Thanks in advance for helping. Greetings Jan - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] help: documentation unreachable
An error has been encountered in accessing this page. 1. Server: leaf.sourceforge.net 2. URL path: /doc/guide/bk07.html 3. Error notes: File does not exist: /home/groups/l/le/leaf/htdocs/doc/guide/bk07.html 4. Error type: 404 5. Request method: GET 6. Request query string: 7. Time: 2006-06-19 22:39:14 PDT (1150781954) Reporting this problem: The problem you have encountered is with a project web site hosted by SourceForge.net. This issue should be reported to the SourceForge.net-hosted project (not to SourceForge.net). If this is a severe or recurring/persistent problem, please do one of the following, and provide the error text (numbered 1 through 7, above): Contact the project via their designated support resources. Contact the project administrators of this project via email (see the upper right-hand corner of the Project Summary page for their usernames) at [EMAIL PROTECTED] If you are a member of the project that maintains this web content, please refer to the Site Documentation regarding the project web service for further assistance. mail2web - Check your email from the web at http://mail2web.com/ . leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Re: Syslogd and Epia mobos
/etc/init.d/syslogd the syslog part seems to take around 3 minutes to start. (I didn't time it, but it takes a really long time). even just running start-stop-daemon for the /sbin/syslogd line from the init script take a long time? I was just wondering if anyone has experinced this and what other things I can check to see what's going on and it seems pretty strange. I once experienced something similar when I was renaming a hostname, but forgot to make sure the new name was in /etc/hosts. Sysklogd tried to find the new name on the network, thinking it was supposed to log there, and timed-out. Paul Rogers ([EMAIL PROTECTED]) http://www.xprt.net/~pgrogers/ Rogers' Second Law: Everything you do communicates. (I do not personally endorse any additions after this line. TANSTAAFL :-) --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid0944bid$1720dat1642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Sangoma and Leaf uclibc
Hello, Did anybody try sangoma wan adapters with leaf uclibc? I have seen the wanpipe.o in the module package. What else in required? Appreciate any help or reference to a webpage describing the installation requirements/process. Thanks. Sherif bahaa mail2web - Check your email from the web at http://mail2web.com/ . --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid3432bid#0486dat1642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Bering-uclibc on DiskOnChip from M-systems and other question
Hello, The current documentation details installiung Bering on Diskonchip. Can this apply also to Bering-uclibc? The second question, does the current version's (Bering uclibc 2.3) modules.lrp support 3com's 3c905 PCI adapters? Thanks. Sherif bahaa mail2web - Check your email from the web at http://mail2web.com/ . --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid3432bid#0486dat1642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] 3Com driver
Eric, The modules tarball for the kernel 2.4.31 does not include 3c905c. It includes 3c501, 503, 505, 507, 509, 515 and 59x. I have however seen some sites that mentions that the 3c59x supports 3c905c. Can you kindly confirm that the 3c59x.o is the driver to support 3c905c adapter. Thanks. Sherif mail2web - Check your email from the web at http://mail2web.com/ . --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid3432bid#0486dat1642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] modules_ipv6 and Realtek ethernet
Hello, I have leaf bearing-uclibc v2.2.3 uclibc-0.9.20 running OK with solid state IDE disk with IPv4 and Realtek 8100B ethernet ports on a VIA motherboard. I have installed modules_ipv6 as a first step to configure ipv6 (ch 10, bearing uclibc documentation). However, after swapping the existing modules.lrp with modules_ipv6.lrp and booting the machine, I received the following during the boot process: Configuring network interfaces: cannnot find device eth0 SIOCGIFFLAGS: no such device. The same message applies for the other eth1. questions: 1. I believe as if there no proper driver in modules_ipv6.lrp for the Realtek? (I made sure that all drivers is uncommented in modules config file like the working unit) 2. Is there a possibility that some network devices will not work with IPv6? appreciate any help. Sherif Bahaa mail2web - Check your email from the web at http://mail2web.com/ . --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37alloc_id865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] OT: why is WRAP much more expensive than normal routers
Hello! the difference is that you can put 10 to 20 customers ona wrap and have them all busy and go on and on...but with a dlink/linksys/etc, you put 10 customers on it and try to do anything, and they will lock up within a few minutes. you certainly do not want to put one of those CHEAP APs into service for customes to use... will only bring trouble. bottom line... the WRAP has FAR more ass. Jerryf -- M Lu [EMAIL PROTECTED] wrote: I got my 1st WRAP box and with all help I got here and Erich's ready image, I could boot it up and see it running. I paid more than US $200 (board, case, 64M CF, shipping) for it and that's without the wireless. I just wonder why it is so much more expensive than the routers they sell in Best Buy, CompUSA (Linksys, DLink...). Apart from the OS control you have on WRAP, are there any hardware advantages or something else compared to the other? I would like to defend myself in case my friends think I am crazy -:) M Lu. --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] starting the firewall script upon booting the Bering-uclibc
Hello, I am using fwbuilder to build and download an iptables script to Bering-uclibc. The script is downloaded to /etc. Can someone please guide me how to get the script initiated as and when the machine is re-booted. Thanks. Sherif mail2web - Check your email from the web at http://mail2web.com/ . --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] starting the firewall script upon booting the Bering-uclibc
Thanks for your help, I will give it a try. Sherif Original Message: - From: Erich Titl [EMAIL PROTECTED] Date: Tue, 21 Jun 2005 06:47:03 + To: [EMAIL PROTECTED], leaf-user@lists.sourceforge.net Subject: Re: [leaf-user] starting the firewall script upon booting the Bering-uclibc Sherif [EMAIL PROTECTED] wrote: Hello, I am using fwbuilder to build and download an iptables script to Bering-uclibc. The script is downloaded to /etc. I am downloading the fwbuilder output to /etc/firewall/firewall.fw . I have a fwb.lrp which handles starting and stopping. You can get my fwb.lrp file at http://leaf.think.ch/styx/pre/packages/fwb.lrp feel free to holler if you have questions cheers Erich mail2web - Check your email from the web at http://mail2web.com/ . --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] fwbuilder and bering-uclibc
Hello, I have a Bering-uclibc v2.2.3 installed on DOM. I am trying to use Fwbuilder v2.0.5 to download and activate the script. I can find the script under /etc after installing the script through ssh. But things goes dead after that. I do not believe it is the script. I have found different references to downloading and activating the script, but would like to make sure if somesone can kindly help with the latest on these methods and if there is something specific to Bering-uclibc. I have also the verbose listing of the script download process if someone can help me with to verify ubnormalities. Appreciate any assistance. Sherif Bahaa mail2web - Check your email from the web at http://mail2web.com/ . --- This SF.Net email is sponsored by Yahoo. Introducing Yahoo! Search Developer Network - Create apps using Yahoo! Search APIs Find out how you can build Yahoo! directly into your own Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] fwbuilder and bering-uclibc
Hello, Here is the ourput of the loading process: Summary:* firewall name : commbots * user name : root * management address : 1.2.3.4 * platform : iptables * host OS : linux24 * Loading configuration from file /opt/fwbuilder/configurations/commbots3int.fwb Copying /opt/fwbuilder/configurations/commbots.fw - /etc [EMAIL PROTECTED]'s password: --**--**-- Logged in SSH session terminated, exit status: OK Activating new policy Running command '/usr/bin/fwbuilder -X -t -t -v [EMAIL PROTECTED] echo '--**--**--'; sh /etc/commbots.fw (echo 'Cancel previously scheduled reboot'; /sbin/shutdown -c; echo 'Policy activated') OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: needpriv 0 debug1: Connecting to 1.2.3.4 [1.2.3.4] port 22. debug1: Connection established. debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version dropbear_0.43 debug1: no match: dropbear_0.43 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.5p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server-client 3des-cbc hmac-sha1 none debug1: kex: client-server 3des-cbc hmac-sha1 none debug1: dh_gen_key: priv key bits set: 201/384 debug1: bits set: 508/1024 debug1: sending SSH2_MSG_KEXDH_INIT debug1: expecting SSH2_MSG_KEXDH_REPLY debug1: Host '1.2.3.4' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:1 debug1: bits set: 505/1024 debug1: ssh_rsa_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey,password debug1: next auth method to try is publickey debug1: try privkey: /root/.ssh/identity debug1: try privkey: /root/.ssh/id_rsa debug1: try privkey: /root/.ssh/id_dsa debug1: next auth method to try is password [EMAIL PROTECTED]'s password: debug1: ssh-userauth2 successful: method password debug1: channel 0: new [client-session] debug1: send channel open 0 debug1: Entering interactive session. debug1: ssh_session2_setup: id 0 debug1: channel request 0: pty-req debug1: Sending command: echo '--**--**--'; sh /etc/commbots.fw (echo 'Cancel previously scheduled reboot'; /sbin/shutdown -c; echo 'Policy activated') debug1: channel request 0: exec debug1: fd 3 setting TCP_NODELAY debug1: channel 0: open confirm rwindow 6000 rmax 1400 LEAF Bering-uClibc Commbots 2.4.26 #1 Mon Jun 28 20:08:59 CEST 2004 --**--**-- Logged in RTNETLINK answers: File exists cd: 153: can't cd to /lib/modules/2.4.26/kernel/net/ipv4/netfilter/ ls: *_conntrack_*: No such file or directory ls: *_nat_*: No such file or directory Activating firewall script generated Mon May 30 23:32:02 2005 EEST by root Rule 0 (NAT) Rule 1 (NAT) Rule 2 (NAT) Rule 3 (NAT) Rule 4 (NAT) Rule 5 (NAT) Rule 0 (eth0) Rule 1 (eth0) Rule 2 (eth0) Rule 3 (eth0) Rule 4 (eth0) Rule 0 (eth1) Rule 1 (eth1) Rule 2 (eth1) Rule 3 (eth1) Rule 4 (eth1) Rule 5 (eth1) Rule 6 (eth1) Rule 7 (eth1) Rule 0 (lo) Rule 0 (eth2) Rule 1 (eth2) Rule 2 (eth2) Rule 3 (eth2) Rule 4 (eth2) Rule 5 (eth2) Rule 6 (eth2) Rule 0 (global) Rule 1 (global) Rule 2 (global) Rule 3 (global) Rule 4 (global) Rule 5 (global) Rule 6 (global) Rule 7 (global) Cancel previously scheduled reboot shutdown: cannot find pid of running shutdown. Policy activated debug1: channel 0: rcvd eof debug1: channel 0: output open - drain debug1: channel 0: obuf empty debug1: channel 0: close_write debug1: channel 0: output drain - closed debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: channel 0: rcvd close debug1: channel 0: close_read debug1: channel 0: input open - closed debug1: channel 0: almost dead debug1: channel 0: gc: notify user debug1: channel 0: gc: user detached debug1: channel 0: send close debug1: channel 0: is dead debug1: channel 0: garbage collecting debug1: channel_free: channel 0: client-session, nchannels 1 Connection to 1.2.3.4 closed. debug1: Transferred: stdin 0, stdout 0, stderr 31 bytes in 0.8 seconds debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 36.8 debug1: Exit status 0 SSH session terminated, exit status: OK Done Question 1: Anything abnormal? Question 2: Do I have to effectively start the script after the loading, or this is done automatically from the fwbuilder loading script? Sherif Bahaa Original Message: - From: Erich Titl [EMAIL PROTECTED] Date: Tue, 31 May 2005 07:12:03 + To: [EMAIL
[leaf-user] (no subject)
Hello, When I disabled the modules loading, things are much better. Thanks. Sherif mail2web - Check your email from the web at http://mail2web.com/ . --- This SF.Net email is sponsored by Yahoo. Introducing Yahoo! Search Developer Network - Create apps using Yahoo! Search APIs Find out how you can build Yahoo! directly into your own Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Beringuclibc 2.2.3 on Hard disk
Hello, I am a new comer to Bering. I managed to install Bering-uclibc 2.2.3 and create a bootable hard drive. I have two questions: 1. If I would like to add other packages at a later stage to the hard disk, what is the best way through a lan? 2. During installation, the userguide (section 4.3. Create a bootable HD)mentions using second floppy with hdsupp.lrp and installing it to get fdisk, etc. To do that it uses the command lprkg -i hdsupp fdisk /dev/hda . I could not find anything about lprkg, package? what? where? To overcome this step I added hdsupp to the leaf.cfg. Any help is appreciated. Sherif mail2web - Check your email from the web at http://mail2web.com/ . --- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_ids93alloc_id281op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Help, PATH at Boot time ?
Hi all I've got a a question about Boot sequence I hope someone can answer. At which point or in which script (?), in the Boot sequence, is the last PATH set ? Thanks Roberto Cerchi un laboratorio fotografico aperto 24 ore su 24? Stampa le tue foto digitali su Kataweb e le ricevi a domicilio in 48 ore. http://www.kataweb.it/foto --- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7393alloc_id=16281op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] PATH setting permanently
Hello all I'm trying to add a permanent PATH to LEAF/BERING Shorewall I tried to write this: PATH=${PATH}:/opt/mplayer-sound/bin/ export PATH into several .conf files including /etc/profile /etc/crontab /etc/shorewall/shorewall.conf /etc/shorewall/start but nothing changes whatsoever echo $PATH gives: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin Typing as root: PATH=${PATH}:/opt/mplayer-sound/bin/ I get: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/opt/mplayer-sound/bin/ which is ok. Please, how can I set it permanently ? Thanks Roberto uname -a --- 2.4.18-guylhem #6 Thu Dec 19 01 51 48 CET 2002 i586 unknown Cerchi un laboratorio fotografico aperto 24 ore su 24? Stampa le tue foto digitali su Kataweb e le ricevi a domicilio in 48 ore. http://www.kataweb.it/foto --- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] hda: write_intr error1:
hello! I'm running Bering 1.2 on a CF nowdays I have a Problem with my CF if I write some things to my CF it come alot of messages hda: write_intr error1:. on my console so that I can't do anything. (cause bad sector) my question ist can I disable this message? Regard Phuoc --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Write error on CF
Hello, I'm runing Bering 1.2 nowdays I have the problem that I can't write on my CompactFlash anymore. In my syslog there is a message: Mar 3 10:26:41 phuoc kernel: Filesystem panic (dev 03:01). Mar 3 10:26:41 phuoc kernel: fat_free: deleting beyond EOF Mar 3 10:26:41 phuoc kernel: File system has been set read-only how can I solve this problem? thank you Phuoc /var/log/syslog Mar 3 10:26:36 phuoc kernel: Cannot find map file. Mar 3 10:26:36 phuoc kernel: Linux version 2.4.20 ([EMAIL PROTECTED]) (gcc version 2.95.4 20011002 (Debian prerelease)) #1 Sun May 11 18:53:34 CEST 2003 Mar 3 10:26:36 phuoc kernel: BIOS-e820: - 000a (usable) Mar 3 10:26:36 phuoc kernel: BIOS-e820: 000f - 0010 (reserved) Mar 3 10:26:36 phuoc kernel: BIOS-e820: 0010 - 0dff (usable) Mar 3 10:26:36 phuoc kernel: BIOS-e820: 0dff - 0dff3000 (ACPI NVS) Mar 3 10:26:36 phuoc kernel: BIOS-e820: 0dff3000 - 0e00 (ACPI data) Mar 3 10:26:36 phuoc kernel: BIOS-e820: - 0001 (reserved) Mar 3 10:26:36 phuoc kernel: On node 0 totalpages: 57328 Mar 3 10:26:36 phuoc kernel: zone(0): 4096 pages. Mar 3 10:26:36 phuoc kernel: zone(1): 53232 pages. Mar 3 10:26:36 phuoc kernel: zone(2): 0 pages. Mar 3 10:26:36 phuoc kernel: Kernel command line: BOOT_IMAGE=linux initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0 boot=/dev/hda1:msdos PKGPATH=/dev/hda1 LRP=root,etc,local,modules,iptables,keyboard,beep,daemontl,isdn,ntpdate,dosfs,sshd Mar 3 10:26:36 phuoc kernel: Detected 999.838 MHz processor. Mar 3 10:26:36 phuoc kernel: Console: colour VGA+ 80x25 Mar 3 10:26:36 phuoc kernel: Calibrating delay loop... 1992.29 BogoMIPS Mar 3 10:26:36 phuoc kernel: Mount-cache hash table entries: 4096 (order: 3, 32768 bytes) Mar 3 10:26:36 phuoc kernel: Buffer-cache hash table entries: 16384 (order: 4, 65536 bytes) Mar 3 10:26:36 phuoc kernel: Page-cache hash table entries: 65536 (order: 6, 262144 bytes) Mar 3 10:26:36 phuoc kernel: CPU: Centaur VIA Nehemiah stepping 05 Mar 3 10:26:36 phuoc kernel: POSIX conformance testing by UNIFIX Mar 3 10:26:36 phuoc kernel: Initializing RT netlink socket Mar 3 10:26:36 phuoc kernel: Starting kswapd Mar 3 10:26:36 phuoc kernel: pty: 256 Unix98 ptys configured Mar 3 10:26:36 phuoc kernel: RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize Mar 3 10:26:36 phuoc kernel: ip_conntrack version 2.1 (1791 buckets, 14328 max) - 320 bytes per conntrack Mar 3 10:26:36 phuoc kernel: ip_tables: (C) 2000-2002 Netfilter core team Mar 3 10:26:36 phuoc kernel: arp_tables: (C) 2002 David S. Miller Mar 3 10:26:36 phuoc kernel: VFS: Mounted root (minix filesystem). Mar 3 10:26:36 phuoc kernel: ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx Mar 3 10:26:36 phuoc kernel: VP_IDE: IDE controller on PCI bus 00 dev 89 Mar 3 10:26:36 phuoc kernel: VP_IDE: detected chipset, but driver not compiled in! Mar 3 10:26:36 phuoc kernel: PCI: No IRQ known for interrupt pin A of device 00:11.1. Please try using pci=biosirq. Mar 3 10:26:36 phuoc kernel: VP_IDE: chipset revision 6 Mar 3 10:26:36 phuoc kernel: VP_IDE: not 100%% native mode: will probe irqs later Mar 3 10:26:36 phuoc kernel: hda: SanDisk SDCFH-64, ATA DISK drive Mar 3 10:26:36 phuoc kernel: ide0 at 0x1f0-0x1f7,0x3f6 on irq 14 Mar 3 10:26:36 phuoc kernel: VFS: busy inodes on changed media. Mar 3 10:26:37 phuoc ipppd: Warning - secret file /etc/ppp/pap-secrets has world and/or group access Mar 3 10:26:37 phuoc kernel: VFS: Can't find a Minix or Minix V2 filesystem on device 03:01. Mar 3 10:26:41 phuoc kernel: Filesystem panic (dev 03:01). Mar 3 10:26:41 phuoc kernel: fat_free: deleting beyond EOF Mar 3 10:26:41 phuoc kernel: File system has been set read-only Mar 3 10:26:44 phuoc ipppd: Warning - secret file /etc/ppp/pap-secrets has world and/or group access Mar 3 10:26:46 phuoc kernel: hda: read_intr: status=0x59 { DriveReady SeekComplete DataRequest Error } Mar 3 10:26:46 phuoc kernel: hda: read_intr: error=0x40 { UncorrectableError }, LBAsect=13453, sector=13536 Mar 3 10:26:46 phuoc kernel: end_request: I/O error, dev 03:01 (hda), sector 13536 Mar 3 10:26:46 phuoc kernel: hda: read_intr: status=0x59 { DriveReady SeekComplete DataRequest Error } Mar 3 10:26:46 phuoc kernel: hda: read_intr: error=0x40 { UncorrectableError }, LBAsect=13569, sector=13537 ... .. . -- --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https
[leaf-user] Bering-uclibcworking with fwbuilder
hello, I would like to work with fwbuilder and download its iptables scripts to Bering-uclibc. I have seen long time mails that refers to fwbuild.lrp. However, I was not able to locate it. Can somebody help? If it is no longer supported, where should I copy the scripts and whether anything else needs to be considered. Appreciate your help guys. Sherif mail2web - Check your email from the web at http://mail2web.com/ . --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95alloc_id396op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] strange problem with bering 1.2
Hello, I've a problem with bering 1.2 networking that I can't imagine. once I've install my bering 1.2 network # # Loopback interface. auto lo eth0 iface lo inet loopback # # Option 1.2: eth0 / Fixed IP (assumed to be 1.2.3.4). # (broadcast/gateway optional) iface eth0 inet static address 10.0.0.150 masklen 24 gateway 10.0.0.100 if I ping for example 66.102.11.99 # ping 66.102.11.99 PING 66.102.11.99 (66.102.11.99): 56 data bytes 64 bytes from 66.102.11.99: icmp_seq=0 ttl=247 time=44.0 ms 64 bytes from 66.102.11.99: icmp_seq=1 ttl=247 time=43.4 ms 64 bytes from 66.102.11.99: icmp_seq=2 ttl=247 time=42.8 ms 64 bytes from 66.102.11.99: icmp_seq=3 ttl=247 time=44.5 ms --- 66.102.11.99 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 42.8/43.6/44.5 ms but if I start my test program to connect to server I have problem. # ./test 66.102.11.99 hostname: 66.102.11.99 gethostbyname(hostname) /gethostbyname(hostname) create socket /create socket (3) bind any port number /bind any port number connect to server// problem to connect -- # here is the source code of the test program -- int port=80; int testServer(char *hostname) { int sd, rc, i; struct sockaddr_in localAddr, servAddr; struct hostent *h; printf(hostname: %s\n,hostname); printf(gethostbyname(hostname)\n); h = gethostbyname(hostname); printf(/gethostbyname(hostname)\n); if(h==NULL) { printf(unknown host \n); return 1; //exit(1); } servAddr.sin_family = h-h_addrtype; memcpy((char *) servAddr.sin_addr.s_addr, h-h_addr_list[0], h-h_length); servAddr.sin_port = htons(port); /* create socket */ printf(create socket\n); sd = socket(AF_INET, SOCK_STREAM, 0); if(sd0) { printf(cannot open socket ); return 1; //exit(1); } printf(/create socket (%d)\n,sd); /* bind any port number */ localAddr.sin_family = AF_INET; localAddr.sin_addr.s_addr = htonl(INADDR_ANY); localAddr.sin_port = htons(0); printf(bind any port number\n); rc = bind(sd, (struct sockaddr *) localAddr, sizeof(localAddr)); if(rc0) { printf(cannot bind port TCP\n); return 1; //exit(1); } printf(/bind any port number\n); /* connect to server */ printf(connect to server %s\n,servAddr); rc = connect(sd, (struct sockaddr *) servAddr, sizeof(servAddr)); if(rc0) { printf(cannot connect ); printf(error %d - %s\n, errno, strerror(errno)); return 1; //exit(1); } printf(/connect to server\n); close(sd); printf(Test OK! \n); return 0; } int main(int argc,char *argv[]) { if(argc==2)testServer(argv[1][0]); } I can't imagine because with the same configuration on my RedHat it's working fine. ./test 66.102.11.99 hostname: 66.102.11.99 gethostbyname(hostname) /gethostbyname(hostname) create socket /create socket (3) bind any port number /bind any port number connect to server /connect to server Test OK! I'm very tankfull for any solution/idea/... Phuoc --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] connect to external server
Hallo, I've have a problem with my Bering 1.2 network configuration and hope all of you can help me. I've configure my Bering Box like this: /etc/network/interfaces address 192.168.2.65 masklen 24 gateway 192.168.2.1 /etc/network/options ip_forward=yes spoofprotect=yes syncoockies=no /etc/hosts 127.0.0.1 localhosts 192.168.2.65 phuoc /etc/hostname phuoc /etc/network/interfaces nameserver 127.0.0.1 nameserver 217.237.150.97 /etc/hosts.allow ALL: ALL it's working fine with this network configuration. my problem ist if I change to another NET with IP: 10.0.0.65 and gateway 10.0.0.100 /etc/network/interfaces address 10.0.0.65 masklen 24 gateway 10.0.0.100 /etc/network/options ip_forward=yes spoofprotect=yes syncoockies=no /etc/hosts 127.0.0.1 localhosts 10.0.0.65 phuoc /etc/hostname phuoc /etc/network/interfaces nameserver 127.0.0.1 nameserver 217.237.150.97 /etc/hosts.allow ALL: ALL I just can ping out but I can conntect to external server. If I try to connect for examples with www.google.de I will get a connection timeout. I'm very confused now does someone have any idea what my problem is? thanks in advance best regards Phuoc --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering 1.2
Hi! I have a very basic question. how do I restart my network interface without reboot my bering BOX? I do changes in: /etc/network/interfaces /etc/hosts /etc/resolv.conf I'm running Bering 1.2 thank you very much Phuoc --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] editing lrp files in windows
I am running Bering uClibc 2.1.3 and am going to upgrade to 2.2. Since I am happy with most of my settings in my current 2.1.3 I wanted to copy and paste a lot of my settings from the old to the new. I only have windows OS machines so I was hoping there might be some text editor that runs in windows xp to copy text from my .lrp files and paste them to the new release. If not, then I will write all my settings down by hand and then retype it in the new release. . What a beating!!! Thanks, Andrew Get your name as your email address. Includes spam protection, 1GB storage, no ads and more Only $1.99/ month - visit http://www.mysite.com/name today! --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering-uClibc 2.1.3 ProxyARP and DMZ settings again
Please help!! I really need some input here. Thanks. Andrew The best thing to hit the Internet in years - Juno SpeedBand! Surf the Web up to FIVE TIMES FASTER! Only $14.95/ month - visit www.juno.com to sign up today! --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering-uClibc 2.1.3 ProxyARP and DMZ settings again
loc fw udp 53 accept loc fw tcp 80 #last line I made no changes to MAC list file In Masq file I didn't make any changes but it reads: #interface subnet address eth0eth1 #last line In ProxyARP file I have: #addressinterface externalhave route 24.227.166.197 eth2eth0no 24.227.166.198 eth2eth0no #last line I have made no changes in any other files from File 10 (Stopped) to File 28 (Template) On my dmz servers my network connections are : ip address: 24.227.166.197 or .198 subnet mask 255.255.255.248 default gateway 24.227.166.193 dns1 24.93.40.62 dns2 24.93.40.63 Here are my current outputs from Weblet: ::Interfaces:: (Copyclipped from Weblet) 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 2: dummy0: mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 52:54:05:c0:26:8f brd ff:ff:ff:ff:ff:ff inet 24.227.166.194/29 brd 24.227.166.255 scope global eth0 inet 24.227.166.195/29 brd 24.227.166.255 scope global secondary eth0:1 inet 24.227.166.196/29 brd 24.227.166.255 scope global secondary eth0:2 4: eth1: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:c0:26:62:82:20 brd ff:ff:ff:ff:ff:ff inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1 5: eth2: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:05:5d:4b:e3:6e brd ff:ff:ff:ff:ff:ff inet 192.168.2.254/24 brd 192.168.2.255 scope global eth2 ::Routes:: (Copyclipped from Weblet) 24.227.166.198 dev eth2 scope link 24.227.166.197 dev eth2 scope link 24.227.166.192/29 dev eth0 proto kernel scope link src 24.227.166.194 192.168.2.0/24 dev eth2 proto kernel scope link src 192.168.2.254 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254 default via 24.227.166.193 dev eth0 Kernel:Linux firewall 2.4.24 #3 Sun Feb 22 19:25:40 CET 2004 i686 unknown Modules: softdog 1508 1 ip_nat_irc 2128 0 (unused) ip_nat_ftp 2736 0 (unused) ip_conntrack_irc2864 1 ip_conntrack_ftp3472 1 8139too11624 2 mii 2108 0 [8139too] ne2k-pci4044 1 83905784 0 [ne2k-pci] crc32 2648 0 [8139too 8390] ::Installed Packages:: (Copyclipped from Weblet) NameVersionDescription ===-==-== initrd V2.1.3 uClibc- LEAF Bering initial filesystem rootV2.1.3 uClibc- Core LEAF Bering-uClibc package config 0.2Core config and backup system package etc V2.1.3 uClibc- local V2.1.3 uClibc- LEAF Bering local package modules V2.1.3 uClibc- Define contain your LEAF Bering modules iptables1.2.9 IP packet filter administration tools for 2.4. dhcpcd 1.3.22pl4-7 Re dhcpcd is a RFC2131 and RFC1541 compliant DHCP keyboard0.3Define your keyboard settings shorwall1.4.10eShoreline Firewall (Shorewall) ulogd 1.02 The Netfilter Userspace Logging Daemon dnscache1.05a A fast secure proxy DNS server, patched for dropbear0.42 Dropbear SSH 2 server and scp client weblet 1.2.4 Rev 2LEAF status via a small web server The best thing to hit the Internet in years - Juno SpeedBand! Surf the Web up to FIVE TIMES FASTER! Only $14.95/ month - visit www.juno.com to sign up today! --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering-uClibc 2.1.3 ProxyARP and DMZ settings
: #interface subnet address eth0eth1 #last line In ProxyARP file I have: #addressinterface externalhave route 24.227.166.197 eth2eth0no 24.227.166.198 eth2eth0no #last line I have made no changes in any other files from File 10 (Stopped) to File 28 (Template) On my dmz servers my network connections are : ip address: 24.227.166.197 or .198 subnet mask 255.255.255.248 default gateway 24.227.166.193 dns1 24.93.40.62 dns2 24.93.40.63 Here are my current outputs from Weblet: ::Interfaces:: (Copyclipped from Weblet) 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 2: dummy0: mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 52:54:05:c0:26:8f brd ff:ff:ff:ff:ff:ff inet 24.227.166.194/29 brd 24.227.166.255 scope global eth0 inet 24.227.166.195/29 brd 24.227.166.255 scope global secondary eth0:1 inet 24.227.166.196/29 brd 24.227.166.255 scope global secondary eth0:2 4: eth1: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:c0:26:62:82:20 brd ff:ff:ff:ff:ff:ff inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1 5: eth2: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:05:5d:4b:e3:6e brd ff:ff:ff:ff:ff:ff inet 192.168.2.254/24 brd 192.168.2.255 scope global eth2 ::Routes:: (Copyclipped from Weblet) 24.227.166.198 dev eth2 scope link 24.227.166.197 dev eth2 scope link 24.227.166.192/29 dev eth0 proto kernel scope link src 24.227.166.194 192.168.2.0/24 dev eth2 proto kernel scope link src 192.168.2.254 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254 default via 24.227.166.193 dev eth0 Kernel:Linux firewall 2.4.24 #3 Sun Feb 22 19:25:40 CET 2004 i686 unknown Modules: softdog 1508 1 ip_nat_irc 2128 0 (unused) ip_nat_ftp 2736 0 (unused) ip_conntrack_irc2864 1 ip_conntrack_ftp3472 1 8139too11624 2 mii 2108 0 [8139too] ne2k-pci4044 1 83905784 0 [ne2k-pci] crc32 2648 0 [8139too 8390] ::Installed Packages:: (Copyclipped from Weblet) NameVersionDescription ===-==-== initrd V2.1.3 uClibc- LEAF Bering initial filesystem rootV2.1.3 uClibc- Core LEAF Bering-uClibc package config 0.2Core config and backup system package etc V2.1.3 uClibc- local V2.1.3 uClibc- LEAF Bering local package modules V2.1.3 uClibc- Define contain your LEAF Bering modules iptables1.2.9 IP packet filter administration tools for 2.4. dhcpcd 1.3.22pl4-7 Re dhcpcd is a RFC2131 and RFC1541 compliant DHCP keyboard0.3Define your keyboard settings shorwall1.4.10eShoreline Firewall (Shorewall) ulogd 1.02 The Netfilter Userspace Logging Daemon dnscache1.05a A fast secure proxy DNS server, patched for dropbear0.42 Dropbear SSH 2 server and scp client weblet 1.2.4 Rev 2LEAF status via a small web server The best thing to hit the Internet in years - Juno SpeedBand! Surf the Web up to FIVE TIMES FASTER! Only $14.95/ month - visit www.juno.com to sign up today! --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Dropbear and sshd in Bering_uClibc 2.1.3
HI AGAIN, I am new to LEAF and have just got my Leaf system running. However, I have been reading about dropbear, dropbearkeys, and SSH and it seems if these have to do with some sort of remote admin packages. Am I right? Is there some good beginer information you could point me to to read about these topics? Or could you tell me what they do and their benefits? Thanks, Andrew The best thing to hit the Internet in years - Juno SpeedBand! Surf the Web up to FIVE TIMES FASTER! Only $14.95/ month - visit www.juno.com to sign up today! --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Firewall error on Weblet
HI, I am new to leaf and am running bering_uclibc 2.1.3. Ihave only just recently got my firewall up and runnng, protecting my local network using the default shorewall settings. However,in Weblet, I have a red light for Firewall under LEAF status and it says error. When I click on the red stop light it says, You have 113 denied or rejected packets in your recent packet logs. The other two traffic light are green (OK). When I look at my logs they have come in the 4 hours. Should I be worried about this? Do others get this many hits on there IP's? By the way, I am running 3 public ip's on my LEAF. Only two of them are getting the traffic. Let me know if you want to see the logs. Let me know which logs you would want: sorted by IP, Port, pretty log, or the regular one. Thank, Andrew The best thing to hit the Internet in years - Juno SpeedBand! Surf the Web up to FIVE TIMES FASTER! Only $14.95/ month - visit www.juno.com to sign up today! --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] initial config problems with Bering-uClibc 2.1.3 (was : Please be kind to the Newbie!! new email)
That was it Ray!!! My WinXP host had a default gateway of 192.168.1.255 I changed it to 192.168.1.255 Now the laptop surfs the net perfectly, as far as I can tell. I did a port scan from the internet to check the firewall and EVERYTHING was blocked. Wonderful Now let me ask you a couple questions for me next baby steps. Is it possible to connect a Linksys router to the LEAF firewall (internal NIC) and let the Linksys router set up my local network? I guess it would just be acting like a switch at this point. Especially if I continued to run static internal addresses. My next step is to run all my (5) static external ip addresses through my Firewall. I have a few more NIC's lying around. I believe I want all 5 ip's to come in through eth0. I read some of the posts and I think I will try the eth0:0 through eth0:4. After that I am sort of lost. I only have immediate plans to use two more of the ips, one as a web server, one as a media server. I might run double duty on the media server as a ftp server as well. Anyway, my question was could you give me a general overview of the specific modules, settings, files that I would need to change/update. I guess it would be best to masquerade the ip's?? Truthfully Ray, the main reason I wanted to use the firewall besides local network security was to protect my web and media server. Is there someway to block bad people doing bad things while allowing everybody else in? I worry because in the past I had to open and forward port 80 (and other specific ports on the media sever). It seems to me like I was just putting a lock on my door but leaving the door wide open. Thanks for your help Ray. The best thing to hit the Internet in years - Juno SpeedBand! Surf the Web up to FIVE TIMES FASTER! Only $14.95/ month - visit www.juno.com to sign up today! --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] initial config problems with Bering-uClibc 2.1.3 (wa s : Please be kind to the Newbie!! new email)
Ray, I did mean 192.168.1.254, oops. What I thought I would do is this: Connect cable modem to eth0 of firewall Where all five static ips run throught this line. Then from firewall eth1 have wire connected to the uplink port on my Lynsis wireless router (with built in 4 port switch). From the Linksys I would set up my home network for file/print/internet sharing where I would connect all my personal computers.(LAN) I guess this would run double NAT in this configuration. Should I change the 192.168.1.XXX network addresses on the Linksys router so they are different from the LEAF Firewall? Maybe something like 127.0.0.0? Then on eth2 I would run DMZ via a crossover cable to my Web Server. Then on eth3 I would run DMZ via a crossover cable to my Media Server. My two servers are actually one machine (a xeon cpu with 2 onboard nic's) I am running MS Server 2003 Enterprise Edition. I assign one nic for IIS and one for Windows Media Server. I have one public IP for each nic so that they can both have a port 80. I found that a lot people trying to see my video, couldn't, because their firewall rules blocked transmissions that weren't originated on port 80. MS Server 2003 Enterprise Editionhas port blocking at the nic level so i have it set to block everything except port 80. Do you think LEAF will add some protection to my setup or not? The best thing to hit the Internet in years - Juno SpeedBand! Surf the Web up to FIVE TIMES FASTER! Only $14.95/ month - visit www.juno.com to sign up today! --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] initial config problems with Bering-uClibc 2.1.3 (w a s : Please be kind to the Newbie!! new email)
Thanks for the tips The best thing to hit the Internet in years - Juno SpeedBand! Surf the Web up to FIVE TIMES FASTER! Only $14.95/ month - visit www.juno.com to sign up today! --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] initial config problems with Bering-uClibc 2.1.3 (was: Please be kind to the Newbie!! new email)
HI again Ray, Thanks for keeping an eye on me. I had some things messed up before that by typing this email to you I started to see. So I will tell you what my new settings are now and my new outputs. I have made some very remarkable improvements now. I AM the same guy who was aking about the five static IP's. However, I am just trying to get one static ip address working for now. You know the saying, KISS! I have the external firewall nic connected to the cable modem, the internal firewall nic connected to a laptop via a switch wich acts as a crossover cable. One of my main signs of success is if I can surf the internet from my laptop. Ok, from Network Configuration-Interfaces File I have the Fixed IP setting unremarked (less #) , Specifically: auto eth0 iface eth0 inet static address 24.227.166 netmask 255.255.255.248 broadcast 24.227.166.255 gateway 24.227.166.193 Then further down on Step 2 I have the default setting unremarked, specifically: auto eth1 iface eth1 inet static address 192.168.1.254 netmask 255.255.255.0 broadcast 192.168.1.255 Then on Network configuration - Resolv.comf I have my dns nameservers entered. Nameserver 24.93.40.62 Nameserver 24.93.40.63 Then on Packages - Modules -Kernel modules to load at boot I have unremarked: crc32 8390 ne2k-pci mii 8139too This was done to make my NIC's function. I wasn't sure if I needed to actually put the files on the disk so I put the ones I could find on there, specifically: mii, 8390, and ne2k-pci. I could not find crc32 or 8139too. Do i need them? Do I need the others that are already on the disk or can I remove them? I cannot think of ANYTHING else I have done. I mean it. If there is some stupid thing that I needed to do and I did not write about doing it, then it has not been done. Uname -a: Linux firewall 2.4.24 #3 Sun Feb 22 19:25:40 CET 2004 i686 unknown LSMOD: Module Size Used byNot tainted softdog 1508 1 ip_nat_irc 2128 0 (unused) ip_nat_ftp 2736 0 (unused) ip_conntrack_irc2864 1 ip_conntrack_ftp3472 1 8139too11624 1 mii 2108 0 [8139too] ne2k-pci4044 1 83905784 0 [ne2k-pci] crc32 2648 0 [8139too 8390] IP addr show: 1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 52:54:05:c0:26:8f brd ff:ff:ff:ff:ff:ff inet 24.227.166.196/29 brd 24.227.166.255 scope global eth0 4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:c0:26:62:82:20 brd ff:ff:ff:ff:ff:ff inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1 IP Route Show: 24.227.166.192/29 dev eth0 proto kernel scope link src 24.227.166.196 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254 default via 24.227.166.193 dev eth0 Ping: can the WinXP host ping the LEAF router? Ping 192.168.1.254 0% loss can the WinXP host ping the ISP's default gateway? Ping 24.227.166.193 100% loss can the WinXP host ping the DNS servers? Ping 24.93.40.62100 % loss can the WinXP host ping a known-good Internet address? Probably not? can the LEAF router ping the WinXP host? can the LEAF router ping the ISP's default gateway? can the LEAF router ping the DNS servers? can the LEAF router ping a known-good Internet address? It looks like it is successfully pinging the winxp host, default gateway, and the dns servers but it just keep going and going, pinging over and over. How do you stop that? Finally, from my winxp host, when I get on Internet Explorer and try to go to Yahoo.com it tells me The page cannot be displayed The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings. However, When I go to 192.168.1.254 Weblet does open and I am able to brouse around it, it is very cool. The best thing to hit the Internet in years - Juno SpeedBand! Surf the Web up to FIVE TIMES FASTER! Only $14.95/ month - visit www.juno.com to sign up today! --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https
[leaf-user] Please be kind to the Newbie!!
Hi everyone, I was trying to setup a very simple firewall and then build up from there. I am using Bering uClibc 2.1.2 my setup is a cable modem with a static IP (I actually have 5 ip's but i'm trying to keep it simple to start) going to the firewall in the first nic port, then from the firewall's second nic port to a switch (because i don't own a crossover cable), then to a laptop. I have been messing around with Network configurations: interfaces file. From step 1 I have tried to setup option 1.2 but i don't understand the settings completely since they look a little different from my standard Linksys router. What do I fill in for address, broadcast, and gateway? My Isp gave me a subnet mask of 255.255.255.248 with my static ips. I used to input dns1 and dns2 in my Linksys Router, do i still have to do this? Then for step 2 I left it alone (default settings looked ok to me) for eth 1. I thought i would first try to get on the internet with the laptop but it doesn't get to the internet. Is there a simple setting I need to change to fix this? I don't even know if the nics are talking to the LEAF? How do I know which is Eth1 and Eth0? Is there a way to determine if leaf has installed the nic cards properly or at all? I didn't load any special drivers because it looked like maybe they will work if the nics are common enough. I haven't messed with anything else in the system. do i need to change some settings in shorewall in order for the laptop to access the internet? Then of course there are the laptop settings, I am running Windows XP Pro. I have given it the following fixed ip settings: ip address: 192.168.1.5 seb net mask: 255.255.255.0 default gateway: 192.168.1.1 DNS1 and DNS2: the supplied info from my ISP btw, how do I change the login and password when LEAF boots up? Please be kind to the noob, I really want to learn this and I really appreciate all the detail and over-simplification you can stand to type. I know a very little about Routing, less about firewalls, and absolutely nothing about Linux. I have been sucking on the Microsoft tit forever. Thank you in advance, Andrew The best thing to hit the Internet in years - Juno SpeedBand! Surf the Web up to FIVE TIMES FASTER! Only $14.95/ month - visit www.juno.com to sign up today! --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Please be kind to the Newbie!!
gateway? can the LEAF router ping the DNS servers? can the LEAF router ping a known-good Internet address? all pinging results: ping: sendto: Network is unreachable In any case that is a NO, your report to us should include the failure message that ping reports back (there are 4 or more of these for Linux ping, and they are diagnostic). I don't even know if the nics are talking to the LEAF? How do I know which is Eth1 and Eth0? Is there a way to determine if leaf has installed the nic cards properly or at all? I didn't load any special drivers because it looked like maybe they will work if the nics are common enough. Next time, please tell us what makes and models of NICs you are using. Some wook out of the box, while others require add-in modules we can't guess which kind you have, and as a beginner, you shouldn't be guessing on your own. The nic that is connected to the cable modem is a [Realtek RTL8139 Family PCI Fast Ethernet NIC] The nic that is connected to the switch (which goes to the laptop) is a [Realtek RTL8029(AS) based Ethernet Adaptor (Generic)] Th info in the [...] is exactly what windows XP calls the cards when xp is running. Check what interfaces have been created with the command ip link show It will also tell you if they have been initialized (that is, assigned IP addresses). ip link show results::: 1: lo: LOOPBACK mtu 16436 qdisc noop link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff ip addr show results::: [same as (ip link show)] uname -a results::: Linux Firewall 2.4.26 #1 Sun Jun 6 11:44:34 CEST 2004 i686 unknown ip route show results::: [nothing] lsmod results: Module SizeUsed by Not tainted softdog 15081 ipt_state 336 2 ipt_helper 464 0 (unused) ipt_conntrack 820 0 ipt_REDIRECT554 0 (unused) ipt_MASQUERADE 10560 (unused) ip_nat_irc 21520 (unused) ip_nat_ftp 27920 (unused) iptable_nat 15716 2 [ipt_REDIRECT ipt_MASQUERADE ip_nat_irc ip_nat_ftp] ip_conntrack_irc28761 ip_conntrack_ftp34841 ip_conntrack18312 2 [ipt_state ipt_helper ipt_conntrack ipt_REDIRECT ipt_MASQUERADE ip_nat_irc ip_nat_ftp iptable_nat ip_conntrack_irc ip_conntrack_ftp] Then of course there are the laptop settings, I am running Windows XP Pro. I have given it the following fixed ip settings: ip address: 192.168.1.5 seb net mask: 255.255.255.0 default gateway: 192.168.1.1 DNS1 and DNS2: the supplied info from my ISP These are fine. Should the default gateway be 192.168.1.255? A previous reply told you to change the password with the command passwd. You don't change the login, though you can add other userids than root (though on a router, there is really no reason to). Got the password fixed. I have a new question. Does it matter if I am logged into the firewall (LEAF Configuation Menu on the screen) or not logged in (Firewall# prompt on the screen) for the firewall to operate properlly when I have all the settings correct? Do I have to reboot after I make and backup system changes for them to be in effect? The best thing to hit the Internet in years - Juno SpeedBand! Surf the Web up to FIVE TIMES FASTER! Only $14.95/ month - visit www.juno.com to sign up today! --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] login and password
Hi, I am new to Leaf. I am also new to Linux. I am also new to firewalling. I thought I would try to learn more about them and run Bering uClibc. I am having trouble right out of the gate though. I have read lots of FAQ's and archives but have not had any luck. My future setup: I was hoping to use a Pentium 3 computer (and extra NIC cards) that was just lying around and use it for a firewall. I have 5 static IP's from my cable ISP. I host a web page with one, a media server with another, and have my local network (4 or so computers) on the third, two of the IP's aren't being used currently. 1.) I am concerned that with my media and web server that I need packet filtering or something more than just NAT and port forwarding. Am I right in assuming this and is Leaf or even uClibc a good solution? 2.) Do you think uClibc 2.2 beta 4 is stable enough for a noob like myself or should I just use 2.1.2? 3.) I have tried running both versions but I am stuck at the same place on both. What is the Firewall login and password? Am I just an idiot? Thanks for your help, Andrew The best thing to hit the Internet in years - Juno SpeedBand! Surf the Web up to FIVE TIMES FASTER! Only $14.95/ month - visit www.juno.com to sign up today! --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Point to Point from lan
Original Message: - That is a HUGE swath of ip addresses to claim will only be used for Oracle database connections. Thanks for the reply, I did confuse you though, sorry for my misleading, the 208.x.x.x was meant to imply a single internet address. I do understand your reply though. Thanks again. Robert Szabo mail2web - Check your email from the web at http://mail2web.com/ . --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] bering: cannot get dhcp lease from ISP
Hello Erich your ISP may expect your external NIC to have a specific MAC address. You may consider trying to use the same NIC connected to the ISP's line (physically removing the NIC from the old router and plugging it in the new one) or configuring the new NIC to publish the old MAC address. According to my experience with Cablecom you can also call the support and have them setup your cable modem to accept a new NIC. Allegedly with Cablecom MAC addresses are stored for 24 hours, so after that period a new NIC can be given out a lease. Hope this helps to solve your problem. Regards, Kiril On Saturday 31 August 2002 10:05, Erich Titl wrote: Hello everybody I am trying to get my bering firewall up on the net, but cannot get a lease from my ISP. If I connect the firewall's external NIC to my internal network which is served by my own dhcpd I perfectly get a lease. The line to the ISP is OK because I can get a lease on my other Linux server which was used as a firewall in the past. I tried dhclient and pump. Both failed to get a lease. I am running dhclient V3.0rc10 on the old Linux server. The dhclient used by bering seems to be a lesser version. Does anyone have a recent release of dhclient for bering. Thanks Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?rurceforge1refcode1Ó3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html