[leaf-user] shorewall rule help

[Andrew Nance]

Hello,

I was trying to allow outside connections to my local computer using windows
remote desktop.
The shorewall rule I am using is not working, in fact it disables internet
traffic, at the very least, from my local computers out to the internet.
I was hoping someone could help me out.




ACTION  SOURCE  DESTPROTO   DESTSOURCE  ORIGINAL
RATEUSER/   PORTPORT(S) DEST
LIMIT  GROUP

DNATnet loc:192.168.1.110 tcp   3389-
24.227.166.196:3389


If you need to know more info about my setup and/or the exact errors please
just let me know which ones you need and how to get them.

Thank you 
andrew


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] shorewall rule help

[Andrew Nance]

Thank you for your response Tom,

I deleted the :port and now it works correctly.
I guess I am just a little :port crazy!!

Andrew



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom Eastep
Sent: Friday, May 11, 2007 8:05 PM
To: Andrew Nance
Cc: leaf-user@lists.sourceforge.net
Subject: Re: [leaf-user] shorewall rule help

Andrew Nance wrote:
 Hello,
 
 I was trying to allow outside connections to my local computer using
windows
 remote desktop.
 The shorewall rule I am using is not working, in fact it disables internet
 traffic, at the very least, from my local computers out to the internet.
 I was hoping someone could help me out.
 
 
 
 
 ACTIONSOURCE  DESTPROTO   DESTSOURCE
ORIGINAL
 RATE  USER/   PORTPORT(S) DEST
 LIMITGROUP
 
 DNAT  net loc:192.168.1.110 tcp   3389-
 24.227.166.196:3389

The reason that the rule is disabling internet traffic is that it is an
invalid rule. The ORIGINAL DEST column can't include :port; where
did you get the notion that it could?

-Tom
-- 
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key



-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] ipsec

[Andrew Nance]

I was wondering if there is any documentation for using ipsec or some form
of vpn and Bering uClibc.

Specifically, I am using 3.0 beta 2 BuC with a standard 3 nic setup.  I was
wanting to setup (a secure) remote desktop to multiple windows servers on my
dmz and possibly also a workstation on the local network.  I have read that
a vpn will be the most secure way to access these machines.
Any help or tips you can give me will be much appreciated.

Thanks,
Andrew


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] usb keyboard

[Andrew Nance]

No replies yet on my question.

What package do I need to use a usb keyboard on my Bering-uClibc 3.0 beta 2
firewall.
I am using a basic desktop computer.

Thanks, 
Andrew


-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] usb keyboard

[Andrew Nance]

What package do I need to use a usb keyboard on my Bering-uClibc 3.0 beta 2
firewall.
I am using a basic desktop computer.

Thanks, 
Andrew


-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] multiple ip's

[Andrew Nance]

Hey guys,

What is the text to add multiple external static ip's to eth0 in the
interfaces file (Bering uClibc 3.0)?

Thanks,
Andrew


-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] booting from flash ide drive

[Andrew Nance]

Thanks Eric (and the rest of the team),

Using initrd_ide.lrp instead of initrd_ide_cd.lrp worked.
However, there was not a copy of this file in
http://leaf.sourceforge.net/packages/uclibc-0.9/20,
Instead, I had to go to
http://leaf.sourceforge.net/packages/uclibc-0.9/20/2.4.31 to get it. Does it
make a difference to LEAF?  FYI, I am using the latest stable release
2.4.2.

Any idea why this package wasn't there?  

One other question... when 3.0 becomes stable, will you create a new folder
under packages called /30?

Thanks Again,
Andrew


---Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric Spakman
Sent: Wednesday, September 20, 2006 1:46 PM
To: Andrew Nance
Cc: leaf-user@lists.sourceforge.net
Subject: Re: [leaf-user] booting from flash ide drive

Hi Andrew,

Very strange... Can you try the initrd_ide.lrp package instead?

Eric

 I am at a loss here.  I tried doing it all over and get the same result.
 I really want to get this going.


 I am using Bering uClibc 2.4.2 and for initrd.lrp I am using
 http://leaf.sourceforge.net/packages/uclibc-0.9/20/initrd_ide_cd.lrp


 Here are the last things on the screen I am able to see after it crashes
 during bootup:

 insmod: unresolved symbol ide_unregister_module
 insmod: unresolved symbol cdrom_media_changed
 -
 12 more insmod's I omitted for brevity's sake
 -
 insmod: unresolved symbol ide_add_setting
 Using /boot/lib/modules/ide-detect.o
 insmod: unresolved symbol ideprobe_init_module
 insmod: unresolved symbol ideprobe_cleanup module
 Using /boot/lib/modules/isofs.o
 LINUXRC: Mounting a 6M TMPFS filesystem...
 LINUXRC: PKGPATH is empty or unset. can not install packages.
 LINUXRC: LRP= is empty or unset. can not install packages.
 .: 285: Can't open /var/lib/lrpkg/root.dev.own
 Kernel panic: Attempted to kill init!


 Thanks,
 Andrew



 -
  Take Surveys. Earn Cash. Influence the Future of IT
 Join SourceForge.net's Techsay panel and you'll get the chance to share
 your opinions on IT  business topics through brief surveys -- and earn
 cash
 http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
  
  leaf-user mailing list: leaf-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 Support Request -- http://leaf-project.org/





-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/


-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] booting from flash ide drive

[Andrew Nance]

Hi all,

I am trying get my 2.4.2 Bering uClibc firewall to boot from a 32 MB flash
ide module.
The computer is a DELL Pentium 3 machine with 3 nics.

I have been trying to follow theses directions: 
http://leaf.sourceforge.net/doc/bk02ch11s03.html
and
http://leaf.sourceforge.net/doc/bk02ch11s05.html

I am getting stuck trying to replace the extracted disk's initrd.lrp (286
kB) with initrd_ide_cd.lrp (which is 387 kB).
My floppy is too full to replace the file.

Can someone help me?
Do I need to load some files to the flash drive at first and then load more
from another floppy.
Or should I try doing it with a CD?

I am running Windows xp but I also have ubuntu too if that helps.
The more explanation the better, since I am very much a novice here.

TIA,
Andrew


-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] booting from flash ide drive

[Andrew Nance]

Thanks for the advice.

I installed the (dos formatted, bootable) flash drive to my windows xp
computer and extracted the files from the windows executable directly to the
flash drive.

I then replaced the original initrd.lrp with the renamed, ide one onto the
flash drive.
I copied hdsupp.lrp to the flash drive.

Now, it is my understanding that I just need to modify syslinux.cfg and
leaf.cfg to point to hda1.  Do I need to use a program like dos2unix and/or
unix2dos?  If so, can someone tell me exactly how?

Then install the flash drive into the firewall, set the bios to boot from
it, and power up?  Is that it?

The man pages say to not do auto settings in bios for the flash drive, but
when I went to my bios it was set to use LBA.  Did you guys change your bios
to something in particular?

Andrew


-Original Message-
From: Erich Titl [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, September 19, 2006 2:30 AM
To: Andrew Nance
Cc: leaf-user@lists.sourceforge.net
Subject: Re: [leaf-user] booting from flash ide drive

Hi

Andrew Nance wrote:
 Hi all,
 
 I am trying get my 2.4.2 Bering uClibc firewall to boot from a 32 MB flash
 ide module.
 The computer is a DELL Pentium 3 machine with 3 nics.
 
 I have been trying to follow theses directions: 
 http://leaf.sourceforge.net/doc/bk02ch11s03.html
 and
 http://leaf.sourceforge.net/doc/bk02ch11s05.html
 
 I am getting stuck trying to replace the extracted disk's initrd.lrp (286
 kB) with initrd_ide_cd.lrp (which is 387 kB).
 My floppy is too full to replace the file.

You want to place those files on the DOM. One way to do it is to attach
it to your linux host and load all necessary files to it. then put it to
your router and boot from it. I modified an old system to have the IDE
connector on the front panel for this purpose :-)

Another way, boot from CD or floppy, partition and format the DOM, copy
everything needed and boot.

Remember, once booted from the floppy, it is not needed anymore, you can
take another one to copy files from.

cheers

Erich


-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] booting from flash ide drive

[Andrew Nance]

I don't really know how to use the dos2unix program but I used a text editor
in ubuntu to edit leaf.cfg and syslinux.cfg
I changed the fd0u1680 part to hda1 in both files.
I also added hdsupp in the lrp list in the leaf.cfg file.  Is this right?


Anyway, the firewall is actually booting from the flash drive now.  I had
failed to run syslinux -s c: after formatting the flash drive in dos.

However, it is crashing during the boot up.

These are the last visible lines on the screen after crashing:


insmod: unresolved symbol ide_unregister_module
insmod: unresolved symbol cdrom_media_changed
-
12 more insmod's, similar to the others, I omitted for brevity's sake
-
insmod: unresolved symbol ide_add_setting
Using /boot/lib/modules/ide-detect.o
insmod: unresolved symbol ideprobe_init_module
insmod: unresolved symbol ideprobe_cleanup module
Using /boot/lib/modules/isofs.o
LINUXRC: Mounting a 6M TMPFS filesystem...
LINUXRC: PKGPATH is empty or unset. can not install packages.
LINUXRC: LRP= is empty or unset. can not install packages.
.: 285: Can't open /var/lib/lrpkg/root.dev.own
Kernel panic: Attempted to kill init!




Andrew



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric Spakman
Sent: Tuesday, September 19, 2006 2:29 PM
To: Andrew Nance
Cc: leaf-user@lists.sourceforge.net
Subject: Re: [leaf-user] booting from flash ide drive

Hello Andrew,

 Thanks for the advice.


 I installed the (dos formatted, bootable) flash drive to my windows xp
 computer and extracted the files from the windows executable directly to
 the flash drive.

 I then replaced the original initrd.lrp with the renamed, ide one onto
 the flash drive. I copied hdsupp.lrp to the flash drive.


 Now, it is my understanding that I just need to modify syslinux.cfg and
 leaf.cfg to point to hda1.  Do I need to use a program like dos2unix
 and/or unix2dos?  If so, can someone tell me exactly how?

To be on the safe size I would indeed use dos2unix or a decent editor
which understands unix lf.

 Then install the flash drive into the firewall, set the bios to boot from
  it, and power up?  Is that it?

You have to install syslinux on the flashdrive, but I think you did by
reading the above.

 The man pages say to not do auto settings in bios for the flash drive,
 but when I went to my bios it was set to use LBA.  Did you guys change
 your bios to something in particular?

I use a pcengines WRAP board which defaults to CHS, I never tried LBA. But
if the manpage say not to use auto settings, I would use CHS to be sure.

 Andrew

Eric



 -Original Message-
 From: Erich Titl [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, September 19, 2006 2:30 AM
 To: Andrew Nance
 Cc: leaf-user@lists.sourceforge.net
 Subject: Re: [leaf-user] booting from flash ide drive


 Hi


 Andrew Nance wrote:

 Hi all,


 I am trying get my 2.4.2 Bering uClibc firewall to boot from a 32 MB
 flash ide module. The computer is a DELL Pentium 3 machine with 3 nics.


 I have been trying to follow theses directions:
 http://leaf.sourceforge.net/doc/bk02ch11s03.html
 and http://leaf.sourceforge.net/doc/bk02ch11s05.html


 I am getting stuck trying to replace the extracted disk's initrd.lrp
 (286
 kB) with initrd_ide_cd.lrp (which is 387 kB). My floppy is too full to
 replace the file.

 You want to place those files on the DOM. One way to do it is to attach
 it to your linux host and load all necessary files to it. then put it to
 your router and boot from it. I modified an old system to have the IDE
 connector on the front panel for this purpose :-)

 Another way, boot from CD or floppy, partition and format the DOM, copy
 everything needed and boot.

 Remember, once booted from the floppy, it is not needed anymore, you can
 take another one to copy files from.

 cheers

 Erich



 -
  Take Surveys. Earn Cash. Influence the Future of IT
 Join SourceForge.net's Techsay panel and you'll get the chance to share
 your opinions on IT  business topics through brief surveys -- and earn
 cash
 http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
  
  leaf-user mailing list: leaf-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 Support Request -- http://leaf-project.org/





-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org

[leaf-user] FW: usb boot

[Andrew Nance]

Hi group,

Is there a Bering uClibc download that I can put on a usb flash drive to run
my firewall?  If so, which one is it?
If not, can you tell me how to go about doing this or point me to
instructions?
I want to do the usb install because I have too many problems with floppies.

After I get my firewall configuration working properly on the usb drive,
then I want to copy it over to an ide flash module.  Any tips to doing this?
I am not very good at this but want to learn.

TIA,
Andrew


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

RE: [leaf-user] multiple static ip address router/firewall

[Andrew Nance]

It is hard to estimate but somewhere around 750 Kbps to 1.5 Mbps total
bandwidth.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Arne Bernin
Sent: Wednesday, July 13, 2005 11:32 AM
To: [EMAIL PROTECTED]
Subject: RE: [leaf-user] multiple static ip address router/firewall

On Wed, 2005-07-13 at 10:06 -0500, Andrew Nance wrote:
 I plan on having multiple video streams going through this router/firewall
 nearly 24/7. (i.e. Lots of bandwidth, very few connections) Do you think I
 need the extra cpu of a regular computer or will the wrap be able to
handle
 it?
 

Can you estimate how much bandwidth you use (average/peek) ?

 Thanks,
 Andrew

--arne

-- 
Arne Bernin [EMAIL PROTECTED]

http://www.ucBering.de





---
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/



---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] ide flash drive question

[Andrew Nance]

I want to run a 32 MB IDE flash memory as my HD for bering uclibc 2.2.3.
According to the directions, I need to give it a first bootable partition
and DOS format it.

Call me a stupid noob but I don't know how to do that.  The drive is 6
months old but I have never ever used it before.

Would someone please give me instructions on how to do this using windows
XP. I could also  but could also use knoppix if its easier.

Thanks,
Andrew



---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

RE: [leaf-user] multiple static ip address router/firewall

[Andrew Nance]

Thanks George,

That's what I was afraid of.  It looks like my options now are to build (or
buy cheep dell ($300 w/ no OS)) computer to handle firewall/routing or go
with the wrap or soekris.
I plan on having multiple video streams going through this router/firewall
nearly 24/7. (i.e. Lots of bandwidth, very few connections) Do you think I
need the extra cpu of a regular computer or will the wrap be able to handle
it?

Thanks,
Andrew

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of George Metz
Sent: Wednesday, July 13, 2005 5:27 AM
To: leaf-user@lists.sourceforge.net
Subject: Re: [leaf-user] multiple static ip address router/firewall

None of the over-the-counter router-in-a-boxes are going to be able to 
handle multiple static IPs, with the possible exception of a Linksys 
that's had it's firmware replaced with a Linux-based one from the 
hardware hacking groups.

An entry level Cisco is hideously expensive; I found two on Pricewatch 
for $389 USD from a retailer with truly bad reviews. Last time I looked 
for one (which, admittedly, was a couple of years ago) the same model 
was going for $1500 USD refurbished.

I adore Cisco equipment and the IOS, but it is way too pricey if you're 
not running a major site - and even then, it's questionable. You're 
going to be far better off with Bering uClibc and any kind of hardware 
than you are spending the money a Cisco will cost, especially since most 
of them you'll need to buy a second ethernet card for your external 
interface and actually get a license for IOS.

George


Andrew Nance wrote:
 Hi group,
 I have been using Bering uClibc for a couple of years now.  It has been
rock
 solid and great.  My thanks go out to everyone.
 I currently use my leaf box with 5 static ip's without any major problems.
 
 But my question to you guys and gals is do you know of an over the counter
 firewall/router (like Linksys, D-Link, or Netgear) that can route multiple
 public static IP's for a single cable or dsl connection?
 If there are no cheaper solutions, what would an entry level cisco model
 be? 
 How would these solutions compare price wise to a WRAP running uClibc?
 
 
 Thanks in advance,
 Andrew
 
 
 
 ---
 This SF.Net email is sponsored by the 'Do More With Dual!' webinar
happening
 July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
 core and dual graphics technology at this free one hour event hosted by
HP,
 AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar
 
 leaf-user mailing list: leaf-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 Support Request -- http://leaf-project.org/
 


---
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/



---
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] multiple static ip address router/firewall

[Andrew Nance]

Hi group,
I have been using Bering uClibc for a couple of years now.  It has been rock
solid and great.  My thanks go out to everyone.
I currently use my leaf box with 5 static ip's without any major problems.

But my question to you guys and gals is do you know of an over the counter
firewall/router (like Linksys, D-Link, or Netgear) that can route multiple
public static IP's for a single cable or dsl connection?
If there are no cheaper solutions, what would an entry level cisco model
be? 
How would these solutions compare price wise to a WRAP running uClibc?


Thanks in advance,
Andrew



---
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

RE: [leaf-user] Shorewall problem

[Andrew Nance]

Tom,

The link you sent in your email doesn't work!!
http://xxx.xxx.xxx.xxx/yy.htm just 
returns  The page cannot be 
displayed Cannot find server or DNS Error

This must be an error with shorewall

Thanks in advance,
ADN

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom Eastep
Sent: Friday, April 15, 2005 10:12 AM
To: [EMAIL PROTECTED]
Cc: Bering List
Subject: Re: [leaf-user] Shorewall problem

Joel Louis Blom wrote:
 Tom,
 I followed your suggestion but no result.
 I am a little farther however. It seems that the entry is blocked via
 the RFC1918 rule list as the error is logdrop:
 
 Apr 15 15:54:15 renault Shorewall:logdrop:DROP: IN=eth0 OUT=
 MAC=00:01:02:0c:f0:b1:00:05:5f:eb:38:8d:08:00 SRC=xxx.xxx.xxx.xxx
 DST=xxx.xxx.xxx.xxx LEN=60 TOS=00 PREC=0x00 TTL=62 ID=38469 CE DF
 PROTO=TCP SPT=46244 DPT=22 SEQ=1930172565 ACK=0 WINDOW=5840 SYN URGP=0 
 

You don't tell us what version of Shorewall you are running.
You obfuscate the facts with this xxx.xxx... crap.
Yet you expect our help.

The only thing that I can possibly guess is that:

a) You are running an ancient version of Shorewall that doesn't support
the 'nobogons' option. This means that bogons are listed in the
'rfc1918' file.

b) You haven't updated your rfc1918 file in years
(http://shorewall.net/errata.htm).

c) The xxx.xxx.xxx.xxx after SRC= matches a bogon entry in your rfc1918
file.

To correct this problem.

1) xtgyo spiteys 988674 flsiey8 http://xxx.xxx.xxx.xxx/yy.htm
2) psyyt witii sopom dspslosy
3) soppllmo soppoym splo

-Tom
-- 
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key


---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] NIC Module?

[Andrew Nance]

It's me again, trying to get the Kingston KNE111TX working
I am running Bering-uClibc 2.2.0
With a 3 nic setup:
Eth0 is internet - currently Realtek 8029(AS){trying to switch to Kingston}
Eth1 is lan - currently Realtek 8139
Eth2 is dmz - currently Realtek 8139

My system was working fine before, but I wanted to replace my eth0 nic
(8029) with this Kingston KNE111TX because it has activity led's. I like to
watch the blinking lights.
I simply swopped the eth0 nic and unremarked tulip module but it still
doesn't work yet.  Any help is greatly appreciated.

Modules loaded are:
Crc32
8390
ne2k-pci
mii
8139too
tulip

Here are my outputs:

uname -a
Linux firewall 2.4.26 #1 Mon Jun 28 20:08:59 CEST 2004 i686 unknown

ip route show
24.227.166.192/29 dev eth0  proto kernel  scope link  src 24.227.166.194 
192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.254 
default via 24.227.166.193 dev eth0

ip addr show
1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue 
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop 
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:c0:26:62:82:20 brd ff:ff:ff:ff:ff:ff
inet 24.227.166.194/29 brd 24.227.166.255 scope global eth0
4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:05:5d:4b:e3:6e brd ff:ff:ff:ff:ff:ff
inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1

LSMOD
Module  Size  Used byNot tainted
softdog 1508   1
ipt_state336   2
ipt_helper   464   0 (unused)
ipt_conntrack820   0
ipt_REDIRECT 544   0 (unused)
ipt_MASQUERADE  1056   0 (unused)
ip_nat_irc  2152   0 (unused)
ip_nat_ftp  2792   0 (unused)
iptable_nat15716   2 [ipt_REDIRECT ipt_MASQUERADE ip_nat_irc
ip_nat_ftp]
ip_conntrack_irc2876   1
ip_conntrack_ftp3484   1
ip_conntrack   18312   2 [ipt_state ipt_helper ipt_conntrack
ipt_REDIRECT ipt_MASQUERADE ip_nat_irc ip_nat_ftp iptable_nat
ip_conntrack_irc ip_conntrack_ftp]
8139too12584   2
mii 2108   0 [8139too]
83905784   0
crc32   2648   0 [8139too 8390]



---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] NIC Module?

[Andrew Nance]

I'm not sure how to answer but I will read off what I can from the PCI card.
There are 2 large chips on the board
There is a long, skinny chip closer to the Ethernet jack, It has only 16
connectors to the card and reads:
Delta
LF8221M
0026
Then there is another chip that is almost square and very short, it has a
whole lot of connectors to the card (too many to count) and reads:

Kingston
KT98200
090
M0025
TN1519B1
37FDX

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Luis.F.Correia
Sent: Wednesday, October 27, 2004 2:41 AM
To: [EMAIL PROTECTED]
Subject: RE: [leaf-user] NIC Module?

Hi! 

 -Original Message-
 From: Andrew Nance [mailto:[EMAIL PROTECTED] 
 Sent: Tuesday, October 26, 2004 7:14 PM
 To: [EMAIL PROTECTED]
 Subject: [leaf-user] NIC Module?
 
 Hi group,
 
 I was hoping to add a Kingston NIC to my Bering-uClibc 2.2 machine
 
 But before I screw anything up, does anybody know the correct 
 NIC modules to
 load for this NIC?
 
 The exact model number is: KNE111TX
 

And which chip is on the board?

Marketing names are a p.i.t.a


 TIA,
 Andrew
 

Luis Correia   
Bering uClibc Team Member

PGP Fingerprint: BC44 D7DA 5A17 F92A CA21 9ABE DFF0 3540 2322 21F6 
Key Server: http://pgp.mit.edu


---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88alloc_id065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] ide flash module

[Andrew Nance]

Hi group,

I was thinking about getting away from booting and saving all info on the
floppy on my Bering-uClibc 2.2 box
I would like to have write protection like on the floppy, where it can be
turned on and off.
A CD boot seems difficult because whenever I want to make a change I have to
burn it to the cd on a different machine.
A regular IDE hard drive doesn't have very good write protection.
I don't have and flash media like SD or CF.
I saw on a previous post an IDE Flash Module.  This looks very good to me,
it's fairly inexpensive and does everything I want:  can physically and
easily turn write protect on or off, reliable, and quick.
Here is the link to it:
http://ec.transcendusa.com/product/ItemDetail.asp?ItemID=TS32MDOM40V

My question is has anyone used this for LEAF?
If so, how did it work?
Since I am a newb, how would I get the firewall software on the module?

Thanks,
Andrew



---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88alloc_id065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] NIC Module?

[Andrew Nance]

Hi group,

I was hoping to add a Kingston NIC to my Bering-uClibc 2.2 machine

But before I screw anything up, does anybody know the correct NIC modules to
load for this NIC?

The exact model number is: KNE111TX

TIA,
Andrew



---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88alloc_id065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Fw: web server behind LEAF

[Andrew Nance]

Hi,
I am running Bering-uClibc 2.2.
I am still very new to all this so your patience is appreciated.
I have multiple static IP addresses and am using the ProxyARP feature to use 
two of my IP addresses for my web server (serving two domain names) and 
another one for my media server.  I have my media server broadcasting using 
the http protocol on port 80 so as to not be blocked by the firewalls of the 
people trying to view the video.
Everything seems to work like it should, the LEAF blocks all port 
scans/requests from the NET to the DMZ except port 80 TCP.
I have also allowed the DMZ full access to the NET in order to install OS 
updates.  I don't surf the internet, check email, or anything not server 
related from the server.
Soon, I believe I will have to open a port (443 I think) for SSL connection 
of my web server.  I will have two SSL's, one for each of my web server 
IP's.

My question is, is there any more I can do to harden my LEAFirewall to 
protect my web server or my firewall for that matter?
Is there module or package I should enable or load to assist in protecting 
my web server?  Or perhaps some shorewall settings?

Thanks,
Andrew 


---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html