[Leaf-user] dachstein and port forwarding

[David Goodrich]

I am running the most recent version of dachstein, and i cannot figure out
how to forward ports (most notably port 80) to machines on my internal net.
i.e. send http request on port 80 to [static ip] and have the firewall send
the request to [internal webserver] while still looking like it came from
[static ip].  thanks in advance.
 -david goodrich

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] dachstein and port forwarding (again)

[David Goodrich]

earlier...
I am running the most recent version of dachstein, and i cannot figure out
how to forward ports (most notably port 80) to machines on my internal net.
i.e. send http request on port 80 to [static ip] and have the firewall send
the request to [internal webserver] while still looking like it came from
[static ip].  
...

on the advice of guitarlynn, i un-commented these lines in network.conf 
  EXTERN_TCP_PORT0="0/0 www" 
and 
  INTERN_WWW_SRVER=192.168.1.11 
 
and it doesn't work...

the internal webserver is accessible on the internal network, the router is
nat'ing packets just fine (i'm writing this email from behind it) and...
yeah... i don't know what more information you need from me, but let me know
what you do need. if you have any idea what's wrong, i'd appreciate the help
:]  thanks again
 -david goodrich

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] dachstein and port forwarding (again)

[David Goodrich]

i tried using the "_" and it didn't work.  unless being on the internal
network has something to do with it ... http://complex.wox.org... any ideas?
thanks in advance
 -david
 

-Original Message-
From: David B. Cook
To: David Goodrich
Cc: '[EMAIL PROTECTED]'
Sent: 1/19/02 7:47 AM
Subject: Re: [Leaf-user] dachstein and port forwarding (again)

First, validae that 192.168.1.11 is your valid internal address.
Second, the EXTERN_TCP_PORT0="0/0 www" 
should read "0/0_www". Notice the _ between the 0/0 and www.

dbc.
 
On Fri, 18 
Jan 2002, David Goodrich wrote:

> earlier...
> I am running the most recent version of dachstein, and i cannot figure
out
> how to forward ports (most notably port 80) to machines on my internal
net.
> i.e. send http request on port 80 to [static ip] and have the firewall
send
> the request to [internal webserver] while still looking like it came
from
> [static ip].  
> ...
> 
> on the advice of guitarlynn, i un-commented these lines in
network.conf 
>   EXTERN_TCP_PORT0="0/0 www" 
> and 
>   INTERN_WWW_SRVER=192.168.1.11 
>  
> and it doesn't work...
> 
> the internal webserver is accessible on the internal network, the
router is
> nat'ing packets just fine (i'm writing this email from behind it)
and...
> yeah... i don't know what more information you need from me, but let
me know
> what you do need. if you have any idea what's wrong, i'd appreciate
the help
> :]  thanks again
>  -david goodrich
> 
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> 

-- 
 
David B. Cook, <[EMAIL PROTECTED]>
Linux -- up 10 days because it can.
8:45am up 10 days, 8:41, 1 user, load average: 0.00, 0.00, 0.00

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] /devttyS0 error...

[David Goodrich]

i'm attempting to run a null-modem cable from my router to my main pc to
manage my router w/o a monitor & keyboard permanently attached... so as
instructed in the serial-howto, i typed
echo "hello world" > /dev/ttyS0
to test the serial link...it returned
cannot create /dev/ttyS0: error 19
i haven't found anything about this error on the web, and was wondering if
anyone here has had similar experience... thanks
 -david
__
http://complex.wox.org

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] dhcpd.leases

[david goodrich]

Is there a dhcpd.leases or equivalent file where I can determine which
computers have leased which ip's?  one would /think/ something like this
exists, but I can't find it... I'm running dachstein 1.0.2 floppy, w/
the included dhcpd.  Thanks. 
 -david


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] serial console...

[david goodrich]

I followed the Serial-HOWTO on lrp.steinkuehler.net and I'm still not
getting console messages on my dachstein 1.0.2 floppy setup... however,
from the boot logs...

Jan 29 00:39:40 firewall kernel: Warning: unable to open an
initial console. 
Jan 29 00:39:40 firewall kernel: Serial driver version 4.27 with
MANY_PORTS MULTIPORT SHARE_IRQ enabled\

So to me it looks like it's trying to find a console, /then/
initializing the serial port.  I start the serial port with the serial.o
module referenced in /etc/modules ... is there a way of doing it so it
initializes earlier in the boot process?


Also...
The weblet-cgi failed to respond when my logs-ramdisk filled... is there
any way of automatically purging the logs when it fills the ramdisk?
 Thanks.
 -david


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] ip filtering

[david goodrich]

This is something of an odd request, but here goes... I'm a college
student, and use my dachstein 1.0.2 floppy firewall to keep my servers
away from all the hacktivity on the local net... I forward the necessary
services to my servers, easy enough.  But here's the deal: my floor
wants to put on a game tournament to raise money, and we want to make
sure that nobody else gets to the game server except ip's that have paid
the entry fee.  I tried using

[from /etc/network.conf]
EXTERN_TCP_PORT4="[ip of paid-for user]/32 27015"
EXTERN_TCP_PORT5="[another paid-for ip]/32 27015"
[and so on and so forth]

and then pointed to the port 27015 server with

[from /etc/network.conf]
INTERN_SERVERS="... tcp_${EXTERN_IP}_27015_192.168.1.11_27015
..."

but that only works for the EXTERN_TCP_PORTx ip with the highest x-value
(only the last referenced ip address can get in, none of the others)...
i'd like to allow only the ip addresses in the list to access port
27015, and it's not just a subnet.. it will be a list of (essentially)
random ip addresses.  I think maybe ipchains can do it, but I'm
extremely new to this whole lrp game.  Thanks for your help.  
 -david


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] ip filtering

[david goodrich]

Hm... it seems to be working now.  I had them not-in-sequence (i.e.
0,3,4,&5 were rules, but 1&2 forwarded other things... I put the rules
in sequential order and it seemed to work.  Odd.  Well, thanks for the
help :]
 -david

-Original Message-
From: Charles Steinkuehler [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, January 29, 2002 7:04 PM
To: david goodrich; [EMAIL PROTECTED]
Subject: Re: [Leaf-user] ip filtering

> This is something of an odd request, but here goes... I'm a college
> student, and use my dachstein 1.0.2 floppy firewall to keep my servers
> away from all the hacktivity on the local net... I forward the
necessary
> services to my servers, easy enough.  But here's the deal: my floor
> wants to put on a game tournament to raise money, and we want to make
> sure that nobody else gets to the game server except ip's that have
paid
> the entry fee.  I tried using
>
> [from /etc/network.conf]
> EXTERN_TCP_PORT4="[ip of paid-for user]/32 27015"
> EXTERN_TCP_PORT5="[another paid-for ip]/32 27015"
> [and so on and so forth]
>
> and then pointed to the port 27015 server with
>
> [from /etc/network.conf]
> INTERN_SERVERS="... tcp_${EXTERN_IP}_27015_192.168.1.11_27015
> ..."
>
> but that only works for the EXTERN_TCP_PORTx ip with the highest
x-value
> (only the last referenced ip address can get in, none of the
others)...
> i'd like to allow only the ip addresses in the list to access port
> 27015, and it's not just a subnet.. it will be a list of (essentially)
> random ip addresses.  I think maybe ipchains can do it, but I'm
> extremely new to this whole lrp game.  Thanks for your help.

You're on the right track...what you list above ought to work (assuming
your
EXTERN_TCP_PORTx settings start with x=zero and increment with no
missing
numbers).

Can you provide the output of "net ipfilter list"?

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] LRP Oxygen CD and floppy disk boot question

[david goodrich]

In regards to your question about using static ip's on the internal
machines, there's two different dhcp-related modules... there's
dhclient, which is a dhcp client for your router, enabling your router
to pick up an external IP automatically.  I gather from what you said
that you have a static external ip, so you're not using this.  HOWEVER
this does not preclude you from using the other dhcp-related module,
dhcpd.  dhcpd is the dhcp-daemon, which acts as a dhcp server on your
router allows internal machines to automatically grab their ip addresses
from the router, so you don't have to pick and choose ip addresses for
your internal machines.  You can use dhcpd without dhclient with no
problems (I do on my dachstein router).  Hope this helps
 -david

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of malik
menzong
Sent: Tuesday, January 29, 2002 10:59 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question

Thanks Mark and David D.
I found out about the disk image formatting the hard way I guess. I also

find out that once it is set up for 1.440 you really cant do much to
change 
it. So I got some image files on the cd (oxygen) that were self
contained 
and did not need to look for packages and services from the cd. Those
images 
were formatted to 1.68M (actually when I look at the file size in
windows 
explorer it says 1.62M max). They do work fine. And in order to back up
any 
config changes that I make I load the cd first and let it back up on on
the 
floppy. It makes things a lot quicker since the cd has a nice interface.

Hope that may help someone out there.

Moving on...One more thing (contribution) I have to say is that for
anyone 
using the 3com905 nics they should look for the module 3c59x.o instead
of 
the 3c905.o for their cards. It does not seems intuitive but I read and 
tried it and my oxygen box does sees both my network cards now.

the new technical/philosophical issue is that: on my oxygen box I gave
the 
eth0 card the IP address of one machine (A) and I assigned a "picked" IP

address to the eth1 card that goes to the hub. this hub is supposed to
serve 
many internal machines that will use the router as their port to the 
internet. since the original machine (A) had a fixed IP, I did not
enable 
dhcp on the router. So I am thinking that I should pick and choose the
ip 
address of the machines behind the router myself.
Does that sound right?
I will do some more research and fill you all up.
Regards,
-M

>From: Mark Plowman <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>CC: [EMAIL PROTECTED]
>Subject: Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question
>Date: Sun, 27 Jan 2002 11:18:26 +0100 (CET)
>
>malik,
>
> > From: "malik menzong" <[EMAIL PROTECTED]>
> > Date: Sun, 27 Jan 2002 04:26:23 +
> >
>
> >
> > 1)Once Im at the root I am prompted to choose b/w some options to 
>configure
> > the router. I found out how I can change and move out of each file
that 
>is
> > presented to me, but when trying to save it (back up) it comes with
the
> > following error
> > end_request, I/O error dev 02:2c(floppy), sector 19
> > end_request, I/O error dev 02:2c(floppy), sector 20
> > At first I thought it was a bad floppy but when I tried some brand
new 
>disk
> > the error persisted and nothing got copied. Does that sound like a 
>common
> > thing? Is it the disk? should I make a image file from the cd first?
>
>A normal 1.4 M Bytes floppy has 18 sectors per side.
>
>Seeing mention of sectors 19 and 20 in the error message, it's
>probable that you forgot to format the floppy for 1.68 M Bytes (20
>sectors per side)
>
>Can't help about the rest I am afraid.
>
>
>Greetings
>
>Mark
>
>
>
>___
>Leaf-user mailing list
>[EMAIL PROTECTED]
>https://lists.sourceforge.net/lists/listinfo/leaf-user




_
Send and receive Hotmail on your mobile device: http://mobile.msn.com


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] udhcp package

[David Goodrich]

thanks for the good work, it's nice to have a smaller dhcp server :] 
but i am curious... is there any way to use a "traditional" dhcpd.conf
instead of the user-friendly udhcpd.conf you have provided?  thanks.
 -david goodrich

On Mon, 2002-02-18 at 05:11, guitarlynn wrote:
> The udhcp.lrp package for Dachstein/mountain releases is ready
> for testing. This package includes both a dhcp server and client
> and weighs in at 22.6KB total. Full support for everything except
> aliased interfaces should be there and working.
> 
> You can get it at:
> http://leaf.sourceforge.net/devel/guitarlynn/images/udhcp.lrp
> 
> I'll see if I can get a non-release specific package up within
> a couple of days.
> 
> Throw me some bugs and enjoy!
> -- 
> 
> ~Lynn Avants
> aka Guitarlynn
> 
> guitarlynn at users.sourceforge.net
> http://leaf.sourceforge.net
> 
> If linux isn't the answer, you've probably got the wrong question!
> 
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] udhcp package

[David Goodrich]

well, i am hoping to do some static leases, which worked fine under the
isc dhcpd... i'll do some looking and try to figure it out.  thanks
 -david

On Mon, 2002-02-18 at 13:49, guitarlynn wrote:
> On Monday 18 February 2002 11:27, David Goodrich wrote:
> > thanks for the good work, it's nice to have a smaller dhcp server :]
> > but i am curious... is there any way to use a "traditional"
> > dhcpd.conf instead of the user-friendly udhcpd.conf you have
> > provided?  thanks. -david goodrich
> 
> Unfortunately no, the environmental variables are not the same and in
> one or two non-existant (netmask). I've thought about scrapping some
> of it to make it easier, but I figured as soon as I did that someone
> would be looking for an option I eliminated. You _should_ be able to
> take your info from dhcpd.conf and place it under the same/similar
> options under the examples header towards the bottom of udhcpd.conf
> to get the same effect as a custom dhcpd.conf anyway.
> 
> Let me know how it works!
> -- 
> 
> ~Lynn Avants
> aka Guitarlynn
> 
> guitarlynn at users.sourceforge.net
> http://leaf.sourceforge.net
> 
> If linux isn't the answer, you've probably got the wrong question!
> 
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] How to reach my internal web server from aninternal machine via an external web page?

[David Goodrich]

due to the one-way nature of the ipforwarding rules, you cannot take
advantage of the portforwarding your firewall does... i.e. htting
http://external.ip: will not show you what you see when you go to
http://192.168.1.10: ... to test your firewall rules, you need a net
connection that isn't behind your firewall.  or what i do, since my
discussion board gets twitchy whenever you try to view it from anything
other than the domain name, is i run an internal dns server, and map
complex.wox.org to 192.168.1.11, my webserver.  the other computers get
dns entries, but those are name.complex.wox.org ... it's more of a
workaround than a fix, but eh, what can ya do? :]  having an internal
dns server is helpful anyway... keeps you from having to type in ip's or
update hosts files every time a computer gets added.
 -david

On Sun, 2002-02-24 at 01:24, Frank Sergeant wrote:
> I have a basic Dachstein-PPPoE floppy firewall setup with port  
> opened on the firewall and forwarded to port  on an internal
> machine (192.168.1.10) which is running a web server on that port.
> 
> Sitting at another internal machine (192.168.1.40), I can access the web
> server via its local network address, e.g. http://192.168.1.10:.
> 
> However, I have a web page hosted on an external site that has a
> link to my internal web server via my firewall's external IP.  From
> a machine outside my network, that link works fine, reaching my
> internal web server.  However, if I connect to the external web page
> from the internal network (e.g. 192.168.1.40), clicking on the link to 
> my internal web page fails.
> 
> Can anyone suggest what I should do or where I should look in order
> to solve this?
> 
> 
> -- Frank
> [EMAIL PROTECTED]
> 
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] multiple IP's...

[David Goodrich]

I tried adding a second static IP to my dachstein floppy 1.0.2 ... so i go
into /etc/network.conf and uncommented the line
eth0_IP_EXTRA_ADDRS="w.x.y.z" (where w.x.y.z is my new static ip)

and reloaded (svi network reload)... no luck.  so i went to the instructions
for configuring network.conf, which said there was an option for
eth0_ALIAS0, so i commented out the IP_EXTRA_ADDRS and added
eth0_ALIAS0=w.x.y.z

reloaded, and also no luck... any ideas?  thanks
 -david

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] multiple ip's (an addendum)

[David Goodrich]

sorry, sent that last email with the wrong email account... should have
been [EMAIL PROTECTED] ... sorry for the inconvenience
 -david




___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] multiple ip's

[David Goodrich]

i mean when i tried to connect to that ip with an outside-the-firewall
connection none of the port forwards worked...

# ip addr list
...
2: eth0:  mtu 1500 qdisc pfifo_fast qlen 100
link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet 64.113.72.222/24 brd 64.113.72.255 scope global eth0
inet 64.113.72.219/24 scope global eth0
...


my portforwards in network.conf are
INTERN SERVERS="tcp_${EXTERN_IP}.. so since i use the variable extern_ip
i should be listening on both ip's (in theory) but when i svi network ipfilter
list portfw it only shows portforwards from the first ip, not to the second.
attempts to connect to the second ip, however, do not go through.  i'm confused
because ip shows that it's listening on both ip's... is there something i'm
missing?


On Mon, 2002-03-04 at 09:05, Charles Steinkuehler wrote:
> > I tried adding a second static IP to my dachstein floppy 1.0.2 ... so i
> > go into /etc/network.conf and uncommented the line
> > eth0_IP_EXTRA_ADDRS="w.x.y.z" (where w.x.y.z is my new static ip)
> >
> > and reloaded (svi network reload)... no luck.  so i went to the
> > instructions for configuring network.conf, which said there was an
> > option for eth0_ALIAS0, so i commented out the IP_EXTRA_ADDRS and added
> > eth0_ALIAS0=w.x.y.z
> >
> > reloaded, and also no luck... any ideas?  thanks
> 
> Um...what do you mean by "no luck"?  How were you testing your new IP?  What
> was the output of "ip addr list"?  Did you open the firewall for desired new
> external services (including ICMP for pings) and port-forward appropriately?
> 
> Charles Steinkuehler
> http://lrp.steinkuehler.net
> http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
> 



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] kernel compile howto

[David Goodrich]

i'd like to compile support for a null-modem console into my kernel so i
see boot messages and can dispense with the monitor currently attached
to my lrp box... running dachstein floppy 1.0.2... is there a howto i
missed?  thanks in advance
 -david

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] ssh/sftp through dachstein firewall

[David Goodrich]

I set up portforwarding to point ssh to my fileserver, in the hopes that i
would be able to secure-ftp into it, but it doesn't seem to like the
portforwarding.

svi network ipfilter list portfw says that port 22 is pointed to the
apropriate internal machine, and i can ssh/sftp into it from the internal
network, just not from the external network.  i'm using dach. 1.02 floppy...
any thoughts?  thanks in advance
 -david

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] ssh/sftp through dachstein firewall

[David Goodrich]

yes.  64.x.x.x
 -david
- Original Message - 
From: "rwtech.com" <[EMAIL PROTECTED]>
To: "David Goodrich" <[EMAIL PROTECTED]>
Sent: Friday, March 29, 2002 4:02 PM
Subject: Re: [Leaf-user] ssh/sftp through dachstein firewall


> do both dachstein boxes have external (real)ips?  
> brett
> 
> --- David Goodrich <[EMAIL PROTECTED]>
> wrote:
> > i did a bit more testing.  the first external box i
> > was testing on is also
> > behind a dachstein firewall, but a /different/
> > dachstein firewall.  I
> > ssh'ing into my server from one of the lab
> > computers, and didn't have any
> > problem.  is this some weird dachstein-dachstein
> > interaction?
> >  -david
> > 
> > - Original Message -
> > From: "rwtech.com" <[EMAIL PROTECTED]>
> > To: "David Goodrich"
> > <[EMAIL PROTECTED]>
> > Sent: Friday, March 29, 2002 3:49 PM
> > Subject: Re: [Leaf-user] ssh/sftp through dachstein
> > firewall
> > 
> > 
> > > that is odd, i can both ssh and stfp into my
> > machine
> > > from the outside.  i always thought if one works
> > so
> > > would the other.
> > > sorry, i have nothing helpful at this point.
> > > brett
> > >
> > > --- David Goodrich
> > <[EMAIL PROTECTED]>
> > > wrote:
> > > > yes, i did.  and it turns out i can ssh into it,
> > > > just not sftp.  both ssh
> > > > and sftp work on the internal network.
> > > >  -david
> > > >
> > > > ----- Original Message -
> > > > From: "rwtech.com" <[EMAIL PROTECTED]>
> > > > To: "David Goodrich"
> > > > <[EMAIL PROTECTED]>
> > > > Sent: Friday, March 29, 2002 2:00 PM
> > > > Subject: Re: [Leaf-user] ssh/sftp through
> > dachstein
> > > > firewall
> > > >
> > > >
> > > > > hi,
> > > > > did you open tcp port 22 on the firewall?
> > > > >
> > > > > --- David Goodrich
> > > > <[EMAIL PROTECTED]>
> > > > > wrote:
> > > > > > I set up portforwarding to point ssh to my
> > > > > > fileserver, in the hopes that i
> > > > > > would be able to secure-ftp into it, but it
> > > > doesn't
> > > > > > seem to like the
> > > > > > portforwarding.
> > > > > >
> > > > > > svi network ipfilter list portfw says that
> > port
> > > > 22
> > > > > > is pointed to the
> > > > > > apropriate internal machine, and i can
> > ssh/sftp
> > > > into
> > > > > > it from the internal
> > > > > > network, just not from the external network.
> > > > i'm
> > > > > > using dach. 1.02 floppy...
> > > > > > any thoughts?  thanks in advance
> > > > > >  -david
> > > > > >
> > > > > >
> > ___
> > > > > > Leaf-user mailing list
> > > > > > [EMAIL PROTECTED]
> > > > > >
> > > > >
> > > >
> > >
> >
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> > > > >
> > > > >
> > > > >
> > __
> > > > > Do You Yahoo!?
> > > > > Yahoo! Greetings - send holiday greetings for
> > > > Easter, Passover
> > > > > http://greetings.yahoo.com/
> > > >
> > > >
> > >
> > >
> > > __
> > > Do You Yahoo!?
> > > Yahoo! Greetings - send holiday greetings for
> > Easter, Passover
> > > http://greetings.yahoo.com/
> > 
> > 
> 
> 
> __
> Do You Yahoo!?
> Yahoo! Greetings - send holiday greetings for Easter, Passover
> http://greetings.yahoo.com/

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] some hosts not connecting

[David Goodrich]

I emailed the list about certain hosts not being able to ssh into my
firewall.  I've done a bit more testing, and it seems to be a mostly
arbitrary distinction between who can and cannot connect... I've gotten
connections from as far away as italy successfully, and some people that
live just a few feet away (i'm in a college dorm) have been unable to
connect.  i'm running a pretty standard dachstein 1.02 floppy firewall with
dual 3c905b's ... pentium 133, 64mb ram... i'm absolutely baffled .. if you
all could, try to connect to http://complex.wox.org and let me know
(offlist) if you can get to me or not..  unless somebody's seen this before?
the connection just times out, and it seems to be arbitrary which computers
can and cannot connect... thanks
 -david


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] dachstein serial kernel

[David Goodrich]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I'm trying to get boot messages posted to the serial port with my dachstein
1.0.2 floppy fw, instead of just the screen.  I assume, then, that i need a
kernel with serial support compiled into it, instead of loading serial.o as
a kernel module.  is it as simple as grabbing root.lrp from the dachstein CD
image and putting it on my floppy?  tia
 -david


-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use 

iQA/AwUBPLI3vtemHuGGnm+XEQKTKgCgvpAj3aDKPkjkFkBWzjw0vG7B7OkAoNgX
CT+A0qOLzuZiSqHcznxEBGbj
=6lYa
-END PGP SIGNATURE-


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Sponsored by http://www.ThinkGeek.com/

Re: [Leaf-user] dachstein serial kernel

[David Goodrich]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


yup, that did it.  thanks for the help!
 -david

- - Original Message -
From: "Joey Officer" <[EMAIL PROTECTED]>
To: "David Goodrich" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Tuesday, April 09, 2002 11:30 AM
Subject: RE: [Leaf-user] dachstein serial kernel


> No, there is a linux kernel available from the Charles' website, below is
> the direct link.  Save this as a file on your floppy (overwriting the
> 'linux' file) then you will also need to modify the syslinux.cfg file.
> There is a very extensive HOW-TO available on the website that talks about
> this.  If you have any further questions, please ask...
>
>
http://lrp.steinkuehler.net/files/kernels/Dachstein-normal/linux-2.2.19-3-LE
> AF-normal.zImage.upx
>
> copy the above file to 'linux' on the floppy, and you should be good to
> go...
>
> joey
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of David Goodrich
> Sent: Monday, April 08, 2002 7:37 PM
> To: [EMAIL PROTECTED]
> Subject: [Leaf-user] dachstein serial kernel
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> I'm trying to get boot messages posted to the serial port with my
dachstein
> 1.0.2 floppy fw, instead of just the screen.  I assume, then, that i need
a
> kernel with serial support compiled into it, instead of loading serial.o
as
> a kernel module.  is it as simple as grabbing root.lrp from the dachstein
CD
> image and putting it on my floppy?  tia
>  -david
>
>
> -BEGIN PGP SIGNATURE-
> Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBPLI3vtemHuGGnm+XEQKTKgCgvpAj3aDKPkjkFkBWzjw0vG7B7OkAoNgX
> CT+A0qOLzuZiSqHcznxEBGbj
> =6lYa
> -END PGP SIGNATURE-
>
>
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
>
> Sponsored by http://www.ThinkGeek.com/
>
-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPLMzldemHuGGnm+XEQIdAwCg+eVgQP1BsI78fkL7Qndggv2Ki2gAn0jw
PxMve4Wje8OMEpCymS79fCzR
=V/xU
-END PGP SIGNATURE-


___

Sponsored by:
Looking for hip toys and fun scwag.  There is no better place
then the good friends at ThinkGeek. http://www.ThinkGeek.com/
___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] tulip problems

[David Goodrich]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


> If these NICs are 3c509s on the ISA bus, they aren't PnP

not true.  about half of mine are, half aren't.  apparently you can change
whether or not it's PnP, but i haven't been able to find the utility.  you
can change the irq addresses with 3c5x9cfg.exe ... 3com doesn't have it on
their site any more but i've got a copy if anybody wants it.  i have two
3c509's running in my backup firewall with no problems.
 -david

- - - Original Message -
From: "Ray Olszewski" <[EMAIL PROTECTED]>
To: "David Smead" <[EMAIL PROTECTED]>; "Charles Steinkuehler"
<[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, April 10, 2002 8:29 PM
Subject: Re: [Leaf-user] tulip problems


> At 05:39 PM 4/10/02 -0700, David Smead wrote:
> [...]
> >
> >Back on the P75:  I scrounged 4 NICs, 3com, 3C509B on the ISA bus.  I
> >booted with each one individually and copied down their MAC address.  I
> >can plug any two of them in and the lo and dummy interface comes up,
along
> >with eth0 and eth1.  Adding two more for eth2 and eth3 has no effect.  I
> >supppose this has to do with plug and play.
> [...]
>
> If these NICs are 3c509s on the ISA bus, they aren't PnP. It's hard to
> understand how *any* two work together, since they should have fixed IRQ
> assignments that will often conflict. Some pairs might work, but if all
> possible pairs work, then so should all possible triples and quads (except
> that I didn't realize that you could find P75s with 4 isa slots).
>
> When you say adding the other two "has no effect" ... what effects have
you
> looked for? Most interface-related commands report only *configured*
> interfaces. The command "ifconfig -a" is the important exception (it's the
> main reason I'm unhappy when ifconfig isn't part of distros). Do you see
any
> reports of the NICs during boot/init? If you try to hand configure eth2 or
> eth3 from the command line, what happens?
>
> While there is something wrong with your setup, what you've told us isn't
> quite enough to identify what that something is.
>
> --
> "Never tell me the odds!"---
> Ray Olszewski-- Han Solo
> Palo Alto, CA[EMAIL PROTECTED]
> 
>
>
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user




-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use 

iQA/AwUBPLTsY9emHuGGnm+XEQL5cQCfd7HfZN0TqPTuVtrTM5AX0Y/0mYsAnirn
fQxlGv6YhOpJTZLTKeWic6ZF
=pLTW
-END PGP SIGNATURE-


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[leaf-user] ftp server through dachstein

[David Goodrich]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

i'm not having any luck getting proftpd to be accessible through my
dachstein 1.02 floppy firewall.  i tried going in active mode and forwarding
tcp 20 & 21 to the server, but no luck.  has anyone done this before?  tia
 -david

:.:. ::: :: .::. .:.. . :..:
http://complex.wox.org


-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use 

iQA/AwUBPNvhf9emHuGGnm+XEQJJvACfX8PPkqA17ys5Ljv47juMgwkpn/oAoOlL
80Mx5nn99qrvW4opIA40p5XZ
=u4oZ
-END PGP SIGNATURE-


___

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: [EMAIL PROTECTED]


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] ftp server through dachstein

[David Goodrich]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

sorry for being so vague, but by "no luck" i meant that no-one sees a
password prompt or is allowed to connect.  my firewall rules are at
http://complex.wox.org/random/fwrules.htm and my proftpd.conf is at
http://complex.wox.org/random/proftpd.conf .. the server works just fine on
my internal net but no-one is allowed to connect from the "real" world.
thanks
 -david

- - Original Message -
From: "Michael D. Schleif" <[EMAIL PROTECTED]>
To: "David Goodrich" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, May 10, 2002 10:21 AM
Subject: Re: [leaf-user] ftp server through dachstein


>
> David Goodrich wrote:
> >
> > i'm not having any luck getting proftpd to be accessible through my
> > dachstein 1.02 floppy firewall.  i tried going in active mode and
forwarding
> > tcp 20 & 21 to the server, but no luck.  has anyone done this before?
tia
> >  -david
>
> Difficult to say what is your problem, since you do not tell us.
>
> Nevertheless, I have it working quite well, for many months.
>
> What version are you using?
>
> Do you have something like this in your /etc/proftpd.conf ???
>
> PassivePorts  65520 65529
>
> --
>
> Best Regards,
>
> mds
> mds resource
> 888.250.3987
>
> Dare to fix things before they break . . .
>
> Our capacity for understanding is inversely proportional to how much we
> think we know.  The more I know, the more I know I don't know . . .
-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPNvm29emHuGGnm+XEQJEkwCfVwel7U+5x3tQz438RjCwIDppelUAnjDs
OX3GQn8jge2oCRWBOLG/rqbN
=MvEu
-END PGP SIGNATURE-



___

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: [EMAIL PROTECTED]


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] ftp server

[David Goodrich]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

ipchains input -p tcp -d 64.113.72.222 ftp -j ACCEPT needed to be higher in
the chain, so it works now.  the thing that now baffles me is that i thought
network.conf was supposed to take care of adding the ipchains rule when you
added it to network.conf.  it added it automatically when i port-forwarded
http and ssh.  anyone know why i had to manually add it this time?  tia.


INTERN_SERVERS="
tcp_${EXTERN_IP}_www_192.168.1.11_www
tcp_${EXTERN_IP}_ssh_192.168.1.12_ssh
tcp_${EXTERN_IP}_ftp_192.168.1.12_ftp
tcp_${EXTERN_IP}_20_192.168.1.12_20
"


:.:. ::: :: .::. .:.. . :..:
http://complex.wox.org


-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use 

iQA/AwUBPNvseNemHuGGnm+XEQLcPwCfTgDOqK725eGMcpiy/LS7v2IT6v4AoJIk
xovxiSYQwMq/d/v4RyavD34y
=Lqb4
-END PGP SIGNATURE-


___

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: [EMAIL PROTECTED]


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] RE: IPsec client for windows (free)

[David Goodrich]

Just as a warning, i installed PGP Freeware 7.01's VPN software on my
windows XP box and it renedered my network connection totally nonfunctional,
i had to reinstall the OS.
 -david
__
http://complex.wox.org

-Original Message-
From: Brock Nanson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 22, 2002 9:51 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: [leaf-user] RE: IPsec client for windows (free)


I played with PGPnet about a year ago.  At that time, the 'free' version
would NOT support access to a LAN behind the firewall.  In other words,
you could use it to build a tunnel between two machines only.  The
useful functionality came in the more costly version.  As a matter of
interest, the install at that time was rather fearsome... I spent a few
days cleaning up the mess it left before I could boot cleanly!

I don't think there is a completely 'free' ipsec windows client in
existence.  The closest are Sentinel and PGPNet.  Both are know to work
with FreeS/WAN.

You haven't said what windows version you are running.  As others have
mentioned, 2K and XP both have IPSec built in and can work with
FreeS/WAN without any additional software.

Brock

> Date: Wed, 22 May 2002 09:55:47 -0400 (ART)
> From: Roberto Pereyra <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: [leaf-user] Re: IPsec client for windows (free)
> 
> 
> 
> Hello I have listened that with the last version of PGP 
> (PGPnet) can be installed a VPN with IPSec. 
> 
> Someone has done this?
> 
> 
> Roberto Pereyra
> Gualeguaychu
> Argentina
> http://www.linux-net.com.ar
> GnuPG keyID: BB43E337
> http://pgp.mit.edu


___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] attempt to access beyond end of device

[David Goodrich]

there are lots (stopped counting) of these in my logs:
   Jul 9 08:48:02 firewall kernel: attempt to access beyond end of device
   Jul 9 08:48:02 firewall kernel: 01:01: rw=0, want=6148, limit=6144
   Jul 9 08:48:02 firewall kernel: dev 01:01 blksize=1024 blocknr=6147
sector=12294 size=1024 count=1

i'm running dachstein 1.02 floppy, dual 3c905b nic's, pentium 133/64mb ram.
everything works fine (portforwarding, dhcpd, nat, etc, etc), but my logs
are filling up with these three lines over and over again (that and
dhrequest messages, but that's from the cable modem and not really a
problem).  has anyone seen these before or does anyone know what they mean?
tia
 -david


---
This sf.net email is sponsored by:ThinkGeek
Stuff, things, and much much more.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html