RE: [leaf-user] lets talk about something--anything!

[David Pitts]

 
I have this problem as well!  I rely on someone else to compile but
luckily I use standard packages or someone is always good enough to do
that for me!

More power to the list!

Regarding the difficulty of setting LEAF up, sure it's a steep learning
curve for a Linux newbie but I am living proof that it can be done with
the support you guys provide!  My only experience before Linux was Dos!!

David Pitts  
IT Services Manager
Reid Library 
University of Western Australia  
 
Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Adam
Niedzwiedzki
Sent: Thursday, 30 June 2005 6:08 AM
To: Eric Spakman
Cc: leaf-user@lists.sourceforge.net
Subject: Re: [leaf-user] lets talk about something--anything!

Hi Eric,

Thanks for that, but (now don't laugh at me) that's the problem I have
is not even knowing where to begin with compiling it. I know my way
around a leaf machine with my eyes shut, installing modules,setting up
just about anything, I've rolled out around 8 leaf box's on various
networks, but for the life of me learning to setup a box to
compile/build packages has me lost :(

I know there is documentation on it, but because I'm not a fluent *nix
user I'm lost with it...

Cheers
Ad
- Original Message -
From: Eric Spakman [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, June 29, 2005 4:47 PM
Subject: Re: [leaf-user] lets talk about something--anything!


 Ad,

 If you use Bering-uClibc and buildtool, you will see that ulogd's 
 buildtool.mk file already has the lines to compile the mysql plugin:

 (cd $(ULOGD_DIR) ; CC=$(TARGET_CC) LD=$(TARGET_LD) 
 CFLAGS=$(BT_COPT_FLAGS) ./configure --prefix=/usr --sysconfdir=/etc
)
 # (cd $(ULOGD_DIR) ; CC=$(TARGET_CC) LD=$(TARGET_LD) 
 CFLAGS=$(BT_COPT_FLAGS) \
 # 
 ./configure --prefix=/usr --sysconfdir=/etc
--with-mysql=$(BT_STAGING_DIR)/usr

 If you comment the first line and uncomment the next two lines, the
plugin 
 will be compiled. The only thing you have to do is add the plugin to
the 
 ulogd package and configure it.

 Eric Spakman

 Hmm let me rephrase that..

 Not knowing what to do with ulogd *grin*, I know my way round
php/mysql
 just
 fine.
 So I'm just after ulogd compiled with the mysql plugin working.
 (something
 about static linking but I have no idea what that means).

 Then I can build my own php/mysql interface LOL..

 *ugh* it's been a long day...

 Ad
 - Original Message -
 From: Adam Niedzwiedzki [EMAIL PROTECTED]
 To: leaf-user@lists.sourceforge.net
 Sent: Wednesday, June 29, 2005 2:52 PM
 Subject: Re: [leaf-user] lets talk about something--anything!


  Hmm how about someone compiling a ulogd module for bering-uclibc
that
 has
  mysql support so I can have shorewall log packets to mysql :)
  Could make some very nice php web graphing to go with it..
 
  *grin*
 
  I have tried but not being a programmer, really have no idea what
I'm
  doing
 
  Cheers
  Ad
 
 
  ---
  SF.Net email is sponsored by: Discover Easy Linux Migration
Strategies
  from IBM. Find simple to follow Roadmaps, straightforward articles,
  informative Webcasts and more! Get everything you need to get up to
  speed, fast.
http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click
 


  leaf-user mailing list: leaf-user@lists.sourceforge.net
  https://lists.sourceforge.net/lists/listinfo/leaf-user
  Support Request -- http://leaf-project.org/
 



 ---
 SF.Net email is sponsored by: Discover Easy Linux Migration
Strategies
 from IBM. Find simple to follow Roadmaps, straightforward articles,
 informative Webcasts and more! Get everything you need to get up to
 speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click


 leaf-user mailing list: leaf-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 Support Request -- http://leaf-project.org/



 



---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/




---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up

RE: [leaf-user] lets talk about something--anything!

[David Pitts]

 
LEAF is very nice!  I started as a Linux newbie (still applies!!) but I
managed with the help of this list to set up a firewall/router on an old
Pentium with DHCP, VPN and SSH all on a 1.44 floppy!!  Works like a
bought one!  And much more fun to play with!!

Thanks folks.

PS.  Its about time I upgraded to a later version so I thought maybe
some nice words (but very true!!) might make you all more likely to help
when I need it!!

PS   That was a joke!

David Pitts  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of ciprian
niculescu
Sent: Tuesday, 28 June 2005 5:22 PM
To: leaf-user@lists.sourceforge.net
Subject: Re: [leaf-user] lets talk about something--anything!

i coulndt get it to work, the only answer that i got was to RTFM, i did
i reask still nothing, so ill put debian :P but leaf sounded nice

c

P.S. with this small amount of mails i forgot to unsubscribe :)

James Neave wrote:
 Maybe it's been perfected? ^^
 
 Jim.
 
 -Original Message-
 From: cpu memhd [mailto:[EMAIL PROTECTED]
 Sent: 28 June 2005 07:55
 To: leaf-user@lists.sourceforge.net
 Subject: [leaf-user] lets talk about something--anything!
 
 Only 64 messages this month. Are less and less people using leaf, what

 is going on with everyone? I have been slowley rolling out leaf boxes 
 to about 16 locations. I couldn't have asked for a better 
 firewall/router. I'd like to very much thank the leaf developers for 
 their continued efforts. -cpu
 
 The information in this email is confidential and may be legally
privileged.  It is intended solely for the addressee.  Access to this
email by anyone else is unauthorised.
 
 If you are not the intended recipient, any disclosure, copying,
distribution or any action taken or omitted to be taken in reliance on
it is prohibited and may be unlawful.
 
 The contents of an attachment to this email may contain software
viruses that could damage your own computer systems.  Whilst The Spur
Group of Companies has taken every precaution to minimise the risk, we
cannot accept liability for any damage that you sustain as a result of
software viruses.
 
 
 
 ---
 SF.Net email is sponsored by: Discover Easy Linux Migration Strategies

 from IBM. Find simple to follow Roadmaps, straightforward articles, 
 informative Webcasts and more! Get everything you need to get up to 
 speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=click
 --
 -- leaf-user mailing list: leaf-user@lists.sourceforge.net 
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 Support Request -- http://leaf-project.org/


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/




---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] Shorewall Log Rotation

[David Pitts]

G'day folks.  Happy New Year.

I am hoping someone is still out there that might be able to give me a
clue on an interesting problem.  

I have these scripts in my cron.daily directory:

-rwxr-xr-x1 root root 3552 Jan 13 10:36 multicron-d
-rwxr-xr-x1 root root  169 Jul  7  2002 savelog-sh-httpd
-rwxr-xr-x1 root root  242 Jan 17  2004 tinyproxy
-rwxr-xr-x1 root root  237 Jan 14  2003 ulogd

My crontab file looks like:

# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file.
# This file also has a username field, that none of the other crontabs
do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user  command
00 5* * *   rootrun-parts --report /etc/cron.daily
47 6* * 7   rootrun-parts --report /etc/cron.weekly
52 61 * *   rootrun-parts --report /etc/cron.monthly

If I execute this command:

run-parts --report /etc/cron.daily

my logs all rotate nicely, but when the command is run by cron, the
ulogd script doesn't appear to work.  The shorewall log doesn't rotate
but tinyproxy does.

Any ideas?

Thanks.



---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95alloc_id396op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] WINSCP dropbear and editing LEAF conf files

[David Pitts]

WinSCP is also wonderful for upgrading because it allows you to copy
your configured .lrps to your Windows box, change the extension to .tgz
and open them up in WinRAR or some other product, then copy your config
files back to an otherwise updated router.  

This assumes your updated router has internal networking and Dropbear
working, but everything else becomes a doddle (assuming the old config
files will still work, which they usually do in my limited expereince).

Works for me!!

David Pitts  


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Victor
McAllister
Sent: Thursday, 23 September 2004 12:27 PM
To: [EMAIL PROTECTED]
Subject: [leaf-user] WINSCP dropbear and editing LEAF conf files


I couldn't get WINSCP to connect with dropbear in uClibC.  I found a 
post from David Pits in the archives.
Thought I would add to his post.  To make WINWSCP work with dropbear:

Open Winscp3

Under advanced options in the left hand panel

Click  SCP under Environment
Under shell - click the Enter radio button and type in /bin/sh in 
the panel

Under Other Options  uncheck Lookup user groups

under Remote directories type:  / 

under local directories: c:\yourdirectory name

Save the session with a name - maybe dropbear

load the session 

Enter 192.168.1.254

root  your password

save the session again - same name - dropbear if you like

now load and connect with clicks and move files back and forth with 
encription. 

* * * A potential use for WINSCP

WINSCP lets you edit a file on your leaf box by right clicking the file.

It allows COPY  and PASTE so you can copy old configuration stuff from 
one version to another or just paste a problem configuration into an 
email.  The editor is setup by default for Linux LF so when you save the

file on the LEAF box it should be Unix compatible.





---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] RE: BPALogin query

[David Pitts]

Hi Dave.  The problem was caused by my router listening for heartbeats
from on:

sm-server = 255.255.255.255

When sm-server is actually:

61.9.240.13

I needed to add:

61.9.240.13 sm-server   sm-server.wa.bigpond.net.au

Into my etc/hosts file.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012


-Original Message-
From: Dave Burt [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, 24 August 2004 2:00 PM
To: David Pitts
Subject: BPALogin query


Hi Mr Pitts,

I'm having the same problem as the one you listed on LEAF's
sourceforge.net:
http://sourceforge.net/mailarchive/message.php?msg_id=7003041

I was therefore wondering what your resolution to this problem was (if
any).

Thanks for your time,
Dave





---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink  Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] RE: BPALogin query

[David Pitts]

No problem.  I sent my reply to you to the leaf-user list.  If there is
a way of connecting it directly to the thread I don't know it.  But I am
quite happy for you to do it!

Enjoy.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012


-Original Message-
From: Dave Burt [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, 24 August 2004 7:59 PM
To: David Pitts
Subject: Re: BPALogin query


Thanks very much for the information.

May I (or would you) post this info on SourceForge against your problem
at http://sourceforge.net/mailarchive/message.php?msg_id=7003041 ?

Cheers,
Dave

- Original Message - 
From: David Pitts [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 4:18 PM
Subject: RE: BPALogin query


Hi Dave.  The problem was caused by my router listening for heartbeats
from on:

sm-server = 255.255.255.255

When sm-server is actually:

61.9.240.13

I needed to add:

61.9.240.13 sm-server   sm-server.wa.bigpond.net.au

Into my etc/hosts file.

David Pitts
IT Services Manager
Reid Library
University of Western Australia

Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012


-Original Message-
From: Dave Burt [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 24 August 2004 2:00 PM
To: David Pitts
Subject: BPALogin query


Hi Mr Pitts,

I'm having the same problem as the one you listed on LEAF's
sourceforge.net:
http://sourceforge.net/mailarchive/message.php?msg_id=7003041

I was therefore wondering what your resolution to this problem was (if
any).

Thanks for your time,
Dave





---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink  Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Shorewall logs

[David Pitts]

Thanks Chris but I already have this setting.  What makes this script
run?  Does the cron executable run all scripts in cron.daily?

If I run that script manually it works fine, but it doesn't seem to be
running automatically.

Thanks again.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012


-Original Message-
From: Chris Lee [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, 18 August 2004 3:43 PM
To: David Pitts; [EMAIL PROTECTED]
Subject: RE: [leaf-user] Shorewall logs


Dear David,

I see ulogd file at /etc/cron.daily which seems to do the job:
--
cchvpn# cat ulogd
#!/bin/sh
# Save daily LOGDEPTH versions of syslogfile
LOGDEPTH=4
# syslogfile name
LOGFILE=/var/log/shorewall.log

if [ -f $LOGFILE ]; then
savelog -g wheel -m 640 -u root -c $LOGDEPTH $LOGFILE /dev/null
/etc/init.d/ulogd reload
fi


Hope this help.

Regards,
Chris Lee




---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink  Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Any feedback for Bering-uClibc packages in testing?

[David Pitts]

I also use etherw and it works fine.  I have not tried to use ethers.

I have pptpd set up and it works locally.  I can't get it to work
remotely but I don't know what the problem might be.  I don't think
anything in the various networks is blocking but I can't get my router
to 'see' any remote connection attempts.  I would be happy to work with
anyone more knowledgable than me to track down the problem either with
my setup or the package.

I have tproxy setup but it doesn't work well for me.  I may have a DNS
problem but again I'm not knowledgable enough to track it down.  Again I
would be happy to work with anyone to find out whether its me or the
package.

Thanks for all your efforts folks.  Let me know if I can help.


David Pitts   
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jaap
Eldering
Sent: Monday, 9 August 2004 8:15 AM
To: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Any feedback for Bering-uClibc packages in
testing?

On Sat, Aug 07, 2004 at 08:20:49PM +0200, K.-P. Kirchdrfer wrote:
 The Bering-uClibc team has provided in the past a few packages (most 
 of them due to user requests) for testing. None of these has been 
 tested in a production environment by the team, some of them has been 
 build for special hardware we don't even have around.
 
 If you are a user of one of this packages please give a short feedback

 if it works for you, or what you have done to make it work or if it 
 completly failed - so we can either move it to offical packages 
 repository, fix it or delete it.

I'm using two of these packages: beep.lrp and etherw.lrp.

Beep works just fine.

Ether-wake also works without problems. Only thing is, that the
/etc/ethers lookup function doesn't work, but I suppose this might have
to do with support by uClibc? If there is interest for it, I'm willing
to write a quick and dirty patch to read this ethers file.

Anyways thanks for packaging and if I have some time, I'll test some
other packages.

Jaap Eldering


---
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html





---
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] pptpd uclibc

[David Pitts]

Tomaso, I have pptpd working in Bering uCLib 1.2 (I think!!  Definitely
is uCLib though).

I used the packages here:

http://leaf.sourceforge.net/mod.php?mod=userpagemenu=91017page_id=51

I don't recall having much trouble once I had loaded all the necessary
kernel modules.


David Pitts

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tomaso
Scarsi
Sent: Tuesday, 13 July 2004 2:40 PM
To: [EMAIL PROTECTED]
Subject: [leaf-user] pptpd uclibc

Someone get pptpd working on bering-uclibc?

I had a working pptpd on bering 1.2, now I wanted to upgrade to
bering-uclibc but id does not work;

the configuration is the same and I cannot find out where is the
problem, I cannot see nothing strange on the logfiles;

I've tried with bering-uclibc 2.1.1 and bering-uclibc 2.2

thank for your help


Tomaso Scarsi



---
This SF.Net email sponsored by Black Hat Briefings  Training.
Attend Black Hat Briefings  Training, Las Vegas July 24-29 - digital
self defense, top technical experts, no vendor pitches, unmatched
networking opportunities. Visit www.blackhat.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html





---
This SF.Net email sponsored by Black Hat Briefings  Training.
Attend Black Hat Briefings  Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] RE: Some questions about bpalogin

[David Pitts]

Jonathon, you are better off sorting this out on list.  There are many better brains 
than mine on there.
 
However, bpalogin has nothing to do with ip addresses.  I think you should get your ip 
for eth0 from your ISP before bpalogin runs ie via pump, dhclient etc.  And it won't 
be one of the non-routable ips.  
 
I use ods.org for dynamic dns and it works a treat.
 
Good luck.



From: Jonathan Chang [mailto:[EMAIL PROTECTED]
Sent: Thu 6/17/2004 10:02 AM
To: David Pitts
Subject: Re: Some questions about bpalogin



Hi, David,

Thanks a lot for your reply. Just another question:
After bpalogin succeeds, the corresponding network interface (e.g., eth0)
will obtain a valid IP (not 192.168.x.x. or 172.x.x.x), right? Because I
would like to use bpalogin with ddns such that my registered hostname in
www.dyndns.org can be updated once my IP changes. Thanks in advance.

Regards,

Jonathan


On Wed, Jun 16, 2004 at 12:43:35PM +0800, David Pitts wrote:
 My conf file

 # bpalogin.conf for bpalogin-lrp
 # packaged by andrew fort 001027-02

 username xx
 password xx

 authserver 61.9.240.13
 logging syslog
 debuglevel 0
 localport 5050
 minheartbeatinterval 60

 Shorewall Rules:

 # Allow BPALogin to communicate with Bigpond Authentication server
 #
 ACCEPT  net   fwudp 5050
 ACCEPT  fwnet   udp 5050
 ACCEPT  fwnet   tcp 5050
 ACCEPT  net   fwtcp 5050

 I am not sure that I need to specify two way access, but it works!!

 Your authserver might be different as well.  This is for WA.

 Its pretty straight forward if you have the addresses and ports right,
 and if you're using the right package.  It must be!  I could do it!

 David Pitts
 IT Services Manager
 Reid Library
 University of Western Australia
 
 Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012

 -Original Message-
 From: Jonathan Chang [mailto:[EMAIL PROTECTED]
 Sent: Wednesday, 16 June 2004 12:18 PM
 To: David Pitts
 Subject: Some questions about bpalogin

 Hi, David,

 I saw your email on leaf-user mailing list, and hope you can do me a big
 favor. If you have successfully got bpalogin working with Bering-uClibc,
 would you please tell me your setup instructions?  For example, your
 bpalogin.conf will be very helpful (except your account and password of
 course). BTW, I guess shorewall's config should be modified, too. So
 could you also send me the shorewall configuration files?

 Best regards,

 --
 Chia-Sheng Jonathan Chang
 Delta Networks, INC
 Tel: 886-2-87972088 ext 3066
 E-Mail: [EMAIL PROTECTED]





--
Chia-Sheng Jonathan Chang
Delta Networks, INC
Tel: 886-2-87972088 ext 3066
E-Mail: [EMAIL PROTECTED]






---
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] RE: Some questions about bpalogin

[David Pitts]

My conf file

# bpalogin.conf for bpalogin-lrp
# packaged by andrew fort 001027-02

username xx
password xx

authserver 61.9.240.13
logging syslog
debuglevel 0
localport 5050
minheartbeatinterval 60

Shorewall Rules:

# Allow BPALogin to communicate with Bigpond Authentication server
#
ACCEPT  net   fwudp 5050
ACCEPT  fwnet   udp 5050
ACCEPT  fwnet   tcp 5050
ACCEPT  net   fwtcp 5050

I am not sure that I need to specify two way access, but it works!!

Your authserver might be different as well.  This is for WA.

Its pretty straight forward if you have the addresses and ports right,
and if you're using the right package.  It must be!  I could do it!

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012

-Original Message-
From: Jonathan Chang [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, 16 June 2004 12:18 PM
To: David Pitts
Subject: Some questions about bpalogin

Hi, David,

I saw your email on leaf-user mailing list, and hope you can do me a big
favor. If you have successfully got bpalogin working with Bering-uClibc,
would you please tell me your setup instructions?  For example, your
bpalogin.conf will be very helpful (except your account and password of
course). BTW, I guess shorewall's config should be modified, too. So
could you also send me the shorewall configuration files?

Best regards,

--
Chia-Sheng Jonathan Chang
Delta Networks, INC
Tel: 886-2-87972088 ext 3066
E-Mail: [EMAIL PROTECTED]






---
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Tiny Proxy Setup Problem

[David Pitts]

 everything which is _not_ specifically allowed by the
filter file. # #FilterDefaultDeny Yes

#
# If an Anonymous keyword is present, then anonymous proxying is
enabled. # The headers listed are allowed through, while all others are
denied. If # no Anonymous keyword is present, then all header are
allowed through. # You must include quotes around the headers. #
#Anonymous Host #Anonymous Authorization

#
# This is a list of ports allowed by tinyproxy when the CONNECT method #
is used.  To disable the CONNECT method altogether, set the value to 0.
# If no ConnectPort line is found, all ports are allowed (which is not #
very secure.) # # The following two ports are used by SSL. # ConnectPort
443 ConnectPort 563

Firewall Rule/Policy

#  Tiny Proxy
ACCEPT  net   fwtcp 
fw  net ACCEPT


Is it possible that my problem is caused by extreme slowness.  I am on a
very fast like at work, proxying through my home PC which has a cable
connection which has traditionally been fast(ish).

Any advice?

Any assistance gratefully accepted!

Thanks.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia

Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012




---
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id%62alloc_ida84op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Re: [leaf-devel] ANN: Bering-uClibc 2.2 beta2

[David Pitts]

I also use Winimage to backup my LEAF.  Lets me have an executable on my Windows 
box(es) that I just double click to create a new LEAF!!  A backup on a floppy sounds 
like a contradiction to me!

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012


-Original Message-
From: K.-P. Kirchdörfer [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, 12 May 2004 12:49 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: [leaf-user] Re: [leaf-devel] ANN: Bering-uClibc 2.2 beta2


The Bering-uClibc team releases Bering-uClibc 2.2 beta2

This release moves to new linuxrc and leaf.cfg written by Charles 
Steinkuehler.
Please note we currently use the Bering way of module loading and will look at 
alternatives (like Charles Steinkuehlers last modifications) during beta 
cycle.

Other changes are modularized ip_conntrack, replaced arp with busybox arp 
applet.

Due to new linuxrc backupdisk is broken and has been removed. 
With scp and dd support it shouldn't be a problem though - will anyone miss 
this feature? 

For a complete changelog please read: 
http://leaf.sourceforge.net/mod.php?mod=userpagemenu=91003page_id=39

You'll find the image plus ipv6 drop-in replacement in FRS: 
http://sourceforge.net/project/showfiles.php?group_id=13751package_id=67534release_id=237410

Suggestions, reports and fixes are welcome.
kp


---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson  Lucent use to 
deliver higher performing products faster, at low TCO. 
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3

leaf-user mailing list: [EMAIL PROTECTED] 
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson  Lucent use to
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Wake-on-LAN Proxy

[David Pitts]

Thanks Erik!  I will let you know.
 
Also, I have set up pptpd.lrp and it seems to work ok.  I can connect no
trouble from a local workstation which must mean the package is ok?  I
am having trouble getting it to connect remotely, and it can be very
slow when surfing.  But it seems to work ok generally.
 
Thanks again.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012


-Original Message-
From: Eric Spakman [mailto:[EMAIL PROTECTED] 
Sent: Friday, 7 May 2004 10:28 PM
To: David Pitts; [EMAIL PROTECTED]; Jay Langford
Subject: RE: [leaf-user] Wake-on-LAN Proxy


David,

I have created etherwake and wol proxy packages for uClibc, you can 
find them in: 
http://cvs.sourceforge.net/viewcvs.py/leaf/bin/packages/uclibc-
0.9/20/testing/
(wold.lrp and etherw.lrp)

Please provide any feedback about succes or failure.

Regards,
Eric Spakman
Bering-uClibc team member

 David,
  Is this what you want?
 
 I haven't tested it, let me know how you go...
 
 http://zovirl.com/2004/software/bering/wold/howto
 
 ~jay
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of David 
 Pitts
 Sent: Friday, 7 May 2004 2:53 PM
 To: [EMAIL PROTECTED]
 Subject: [leaf-user] Wake-on-LAN Proxy
 
 
 Does anyone have a WOL proxy working on their Bering uCLIB firewall?  
 It would be a useful facility for me.
 
 There is a package available but it appears to need etherw.lrp which 
 isn't in the list of packages available for uCLIB.
 
 Anyone working with this?
 
 Thanks.
 
 
 
 ---
 This SF.Net email is sponsored by Sleepycat Software
 Learn developer strategies Cisco, Motorola, Ericsson  Lucent use to
 deliver higher performing products faster, at low TCO.

http://www.sleepycat.com/telcomwpreg.php?From---

 -
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
 
 
 
 ---
 This SF.Net email is sponsored by Sleepycat Software
 Learn developer strategies Cisco, Motorola, Ericsson  Lucent use to
 deliver higher performing products faster, at low TCO.
 http://www.sleepycat.com/telcomwpreg.php?From


 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
 






---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson  Lucent use to
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Wake-on-LAN Proxy

[David Pitts]

I assume then that the software you referred to was for Bering 1.2?

Thanks for your attempt anyway!

David Pitts


-Original Message-
From: Jay Langford [mailto:[EMAIL PROTECTED] 
Sent: Friday, 7 May 2004 1:47 PM
To: David Pitts; [EMAIL PROTECTED]
Subject: RE: [leaf-user] Wake-on-LAN Proxy


Whoops *Uclib*

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Pitts
Sent: Friday, 7 May 2004 2:53 PM
To: [EMAIL PROTECTED]
Subject: [leaf-user] Wake-on-LAN Proxy


Does anyone have a WOL proxy working on their Bering uCLIB firewall?  It
would be a useful facility for me.

There is a package available but it appears to need etherw.lrp which
isn't in the list of packages available for uCLIB.

Anyone working with this?

Thanks.



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson  Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From---

-
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html





---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson  Lucent use to
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Wake-on-LAN Proxy

[David Pitts]

Does anyone have a WOL proxy working on their Bering uCLIB firewall?  It
would be a useful facility for me.

There is a package available but it appears to need etherw.lrp which
isn't in the list of packages available for uCLIB.

Anyone working with this?

Thanks.



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson  Lucent use to
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] pptpd VPN Settings

[David Pitts]

Hi.  Thanks for this.  The debug options are set in both places already
and I get no logs.  But I don't understand the bit about putting that
statement in syslog.  Syslog is where syslogd writes the logs?

Thanks.

David Pitts

-Original Message-
From: Peter Mueller [mailto:[EMAIL PROTECTED] 
Sent: Saturday, 1 May 2004 3:21 AM
To: [EMAIL PROTECTED]
Subject: RE: [leaf-user] pptpd VPN Settings


 on a Win2000 machine.  If I telnet to my router on port 1723 from work

 it connects briefly which seems indicate neither my work network or my

 home ISP is blocking port 1723??  Does that sound right?  I have been 
 told that my ISP doesn't block protocol 47 (GRE) but I'm not 
 absolutely

Put this in your syslog, touch /var/log/debug, then restart syslog.

# PPTP debug logging
#*.debug;mail.none   /var/log/debug

Put debug in your /etc/pptpd.conf.  Put debug in
/etc/ppp/options.pptpd.
Restart pptpd.  Now try to connect and mail the logs back here.   You
might
want to try [EMAIL PROTECTED] as well.

Cheers,

P


---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.

Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id149alloc_id66op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] pptpd VPN Settings

[David Pitts]

Hi everyone.  I am hoping there is some simple thing I have overlooked
here that you can help me with.  Info on my setup is included.  Let me
know if there is something important missing.

I am trying to setup a pptpd VPN on my Bering uCLIB firewall.  I have it
to the stage where I can connect from my internal network on a WindowsXP
machine and get to the internet but I can't connect externally from work
on a Win2000 machine.  If I telnet to my router on port 1723 from work
it connects briefly which seems indicate neither my work network or my
home ISP is blocking port 1723??  Does that sound right?  I have been
told that my ISP doesn't block protocol 47 (GRE) but I'm not absolutely
sure about my work network, although I can connect from home via pptp
VPN to work, which seems to indicate GRE is not blocked.

On a separate note, ULOG seems to log connections on port 1723 sometimes
and not on others.  Any ideas on why that might be so??

I am totally lost on this (which is not specially hard to do) and any
assistance/thoughts would be gratefully received!

Thanks.

Shorewall rules:

#PPTPd
ACCEPT:ULOG net   fw47
ACCEPT  fwnet   47
ACCEPT:ULOG net   fwtcp 1723
ACCEPT:ULOG fwnet   tcp 1723

ACCEPT:ULOG loc   fw47
ACCEPT  fwloc   47
ACCEPT:ULOG loc   fwtcp 1723
ACCEPT:ULOG fwloc   tcp 1723

Shorewall Interfaces


##
#ZONE   INTERFACE   BROADCAST   OPTIONS
net eth0detect  dhcp,routefilter,norfc1918
loc eth1detect
loc ppp+-
dmz eth2detect


Shorewall Tunnels
# TYPE  ZONEGATEWAY GATEWAY
pptpserver  net 0.0.0.0/0

Modules

# Modules needed for PPTP connection
slhc
ppp_generic
ppp_async
ppp_mppe

pptpd.conf is pretty much as the sample.  I have uncommented the debug
option and used:

localip 192.168.1.254
remoteip 192.168.1.200

pptpd-options
## turn pppd syslog debugging on
debug

## change 'servername' to whatever you specify as your server name in
chap-secrets
name vpn
## change the domainname to your local domain
domain private.network

## these are reasonable defaults for Win clients
## for the security related settings
auth
require-mschap
require-mschap-v2
require-mppe-128

## Fill in your addresses
ms-dns 10.0.0.1
ms-wins 10.0.0.1

## Fill in your netmask
netmask 255.255.255.0

## some defaults
nodefaultroute
proxyarp
lock

I don't know anything about the wins side of things but I thought that
these settings would work as a basic setup?

And I haven't changed any of the ppp settings.  I have thought about
changing them because they refer to modems and dialing etc, although I
am on cable.  But I haven't seen any good instructions on what to modify
them to, and anyway the thing works fine from a local workstation.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia

Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id149alloc_id66op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] WinScp3 and dropbear

[David Pitts]

AL, you need to tell WinScp3 what shell to use.  In Environment/SCP
under Shell click the Enter radio button and enter /bin/sh in the edit
box.  That will fix that.

You may get some other errors about Groups when you try to connect but
just click ok and it should be fine.  Mine is!

HTH

-Original Message-
From: ALParada [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, 28 April 2004 9:02 PM
To: [EMAIL PROTECTED]
Subject: [leaf-user] WinScp3 and dropbear


Hello Everyone,

Started my upgrade (sidegrade?) from Bering 1.2 to uClibc 2.0. I started
to setup dropbear but am having a problem connecting using WinScp3. I
can connect using Putty and pscp but not with WinScp3. When I launch it
says connecting, authenticating, starting the session and then times
out. If I cancel it says your shell is probably incompatible with the
application (BASH is recommended). I thought that WinScp was compatible
with dropbear. I also tried to go to the dropbear site but could not get
to it. Is there some configuration necessary on WinScp?

BTW I did download the newest dropbear patched for pscp.

TIA



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.

Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id149alloc_id66op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Shorewall version with Bering

[David Pitts]

G'day folks.

I am having some difficulty getting a pptp VPN running on my LEAF box.
I seem to be able to connect locally but not remotely.  I can see my
remote connection request coming in to my router (I've turned logging
on) but the connection is not made.

Do I need to install conntrack modules?  If so, where would I find them
for download?

Thanks.

-Original Message-
From: Tim Wegner [mailto:[EMAIL PROTECTED] 
Sent: Thursday, 29 April 2004 10:59 AM
To: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Shorewall version with Bering


KP asked (referring to the 2.X version of shorewall in my Bering- uClibc
setup):

 Sounds good; how big is shorwall.lrp?

My configured three interface Shorewall 2.x version is 83563 bytes . 
That is 15000 or so bytes bigger than my 1.4X version. As I said the 
upgrade was painless. My Bering three interface setup took a second 
floppy drive. After migrating to Bering-uClibc, I'm down to one 
floppy. A lot of that is dropbear vs Openssh.

In my earlier email I expressed heartfelt thanks to several Leaf 
people and teams, I dunno how I forgot to add Tom Eastep to that 
list!!! Thanks Tom!

Tim



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.

Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id149alloc_id66op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Shorewall version with Bering

[David Pitts]

I apologise unreservedly for that but I certainly didn't mean to do it
and I usually start a new thread with a new subject.


-Original Message-
From: Tom Eastep [mailto:[EMAIL PROTECTED] 
Sent: Thursday, 29 April 2004 12:27 PM
To: David Pitts
Cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Shorewall version with Bering


David Pitts wrote:

 G'day folks.
 
 I am having some difficulty getting a pptp VPN running on my LEAF box.

 I seem to be able to connect locally but not remotely.  I can see my 
 remote connection request coming in to my router (I've turned logging
 on) but the connection is not made.
 
 Do I need to install conntrack modules?  If so, where would I find 
 them for download?
 

I find it extremely annoying when people are too lazy to start their own

thread and just ask their question is response to someone else's post. 
Your question has absolutely nothing to do with the subject of this 
thread (Shorewall version with Bering) -- and you didn't even bother 
to change the subject!!!

Some of us use threaded mail clients and this sort of nonsense makes 
threads impossible to track.

And please read http://shorewall.net/PPTP.htm before posting further 
question on your topic (hopefully on a new thread).

-Tom
Grumpy after a long day.
-- 
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]





---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id149alloc_id66op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Trouble with PuTTY and Dropbear.

[David Pitts]

I do exactly this with Dropbear and WinSCP3 and I have no problems.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012


-Original Message-
From: Matt Johnston [mailto:[EMAIL PROTECTED] 
Sent: Thursday, 22 April 2004 1:56 AM
Cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Trouble with PuTTY and Dropbear.


On Wed, Apr 21, 2004 at 08:35:39AM -0400, Stirling Westrup wrote:
 I've managed to fix my last problem (libc207 had somehow become
 corrupted...), and am now stuck on another one:
 
 I've set up dropbear on my firewall and I am using PuTTY to 
 communicate with
 it from my WinXP box. This part of things is working fine. Now I would
like 
 to use pscp to copy some files from my winbox to the firewall, but
this is 
 the response I always get:
 
 C:\pscp test.txt [EMAIL PROTECTED]:/tmp/test.txt 
 [EMAIL PROTECTED]'s password:
 Fatal: Server refused to start a shell/command
 
 Does anyone have any ideas as to what could be causing this? Its not
 mentioned in pscp's documentation and dropbear doesn't seem to have
any.

It seems you've found a bug in Dropbear.

pscp is trying to use sftp first, which fails because Dropbear has been
compiled without sftp support. pscp is then retrying with scp, however
Dropbear has a bug where only the first request per session is
recognised
- it should be only recognising the first _successful_ request per
session.

I've made a patch which fixes the issue, however I don't have a build
environment for LEAF(-uclibc) handy. I've attached it if someone wants
to build an updated package for LEAF. I'll include this fix in my next
release.

In the meantime, using a different scp client such as WinSCP should
probably work, though you might need to force it not to try sftp. 

Thanks for the report, apologies for the inconvenience.

Cheers,
Matt 

... The list wouldn't let me send a patch, so I've put it at 
http://matt.ucc.asn.au/fixed-pscp.patch
Dropbear Developer



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70alloc_id638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Looking for a VPN Solution

[David Pitts]

Eric Spakman has just compiled pptpd for Bering uClib which I have got
working.  I haven't finished testing my set up yet but its looking good!
The .lrp package is in the Testing area of the uClib packages download
page.

So now I have a single 1.44 floppy router/firewall with dhcpd, pump,
ezipupdate, bpalogin, weblet, dropbear (SSH and SCP!) and VPN!!  Plus
some other things that I can probably do without!  

Very functional, cheap, and a lot of fun!!

And for those who think floppies are unreliable, I agree entirely which
is why I keep an executable image of my router disk on a couple of
workstations around the place so I can remake the router disk quickly.
I have been playing with this stuff for a couple of years now and I have
had a couple of disks fail while I have been playing (maybe because I
have been playing??) but none in operation and given that once your
image is settled you should not need to reboot the router for a long
time, floppy reliability is not so much of an issue.  Except maybe if
your router is an environmentally unfriendly area.

Beauuudiful!!

Thanks folks.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012


-Original Message-
From: Martin Hejl [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, 24 March 2004 4:21 AM
To: JamesSturdevant
Cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Looking for a VPN Solution



JamesSturdevant wrote:
 I am running Bering 1.2 and am looking for a VPN solution for one of 
 my
 users.
 
 Her ISP is Earthlink and she reports that here IP address changes
 frequently (every 30 minutes). She will be connecting with a Windows 
 client.
 
 I have Freeswan working for others but their IPs are static. I have
 tried OpenVPN but the LEAF software seg faults when a UDP connection
is 
 made from a Windows Client and constantly reset if a TCP connection is

 made. Does anyone know what kernel version this code was compiled for?
It shouldn't matter. For all I know, OpenVPN is completely independant 
of the kernel version (unlike IPSEC), since it runs completely in 
user-space.

Unless there is a compelling reason not to (like, extensive setup 
already done on Bering, or software that's not available for Bering 
uClibc), you might also want to consider switching to Bering uClibc - I 
maintain the OpenVPN package for Bering uClibc (I also wrote a patch to 
enable OpenVPN to work with ip instead of ipconfig, which has found 
it's way into the latest version), and it's been _very_ stable for me 
(I'm currently running two OpenVPN links - one over the internet where 
both ends are dynamic and change IPs once a day, and one over a wireless

connection, which goes up and down a lot, since it's used for testing 
wireless equipment). I'm not trying to sell Bering uClibc to you, I 
just don't like it that a fine piece of software like OpenVPN is being 
dropped in favour of something less secure, just because of a seemingly 
faulty package (and sorry, no, I can't help with fixing the package on 
Bering).

Martin



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70alloc_id638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] not found error

[David Pitts]

Eric, this what a find gives me:

/mnt/pptpd.lrp
/etc/pptpd.conf
/etc/init.d/pptpd
/etc/ppp/pptpd-options
/var/lib/lrpkg/pptpd.conf
/var/lib/lrpkg/pptpd.help
/var/lib/lrpkg/pptpd.list
/var/lib/lrpkg/pptpd.version
/usr/sbin/pptpd
/usr/sbin/pptpctrl

The top entry is from the floppy mounted as /mnt.  Is this what you
mean?

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012


-Original Message-
From: Eric Spakman [mailto:[EMAIL PROTECTED] 
Sent: Friday, 19 March 2004 3:33 PM
To: David Pitts
Subject: Re: [leaf-user] not found error


David,

Note the description of the package:
pptp.lrp
pptp client for Linux  --
Homepage: http://pptpclient.sourceforge.net
LEAF Package by [EMAIL PROTECTED], 2004-01-10

The pptp package contains the pptp client (pptp), not the pptp daemon
(pptpd). There isn't currently a daemon package available. From what I
remember I had some problems compiling it.

Eric




 Hi.  I am trying to get pptpd running on my Bering 2 uClib box.  I 
 downloaded the .lrp from here: 
 http://leaf.sourceforge.net/mod.php?mod=userpagemenu=91017page_id=51
 
 and it installed fine (no errors).  All the files appear to be where 
 they should be and I can configure it.  But when I try to execute 
 pptpd it tells me:
 
 pptpd: not found
 
 I have had no trouble with other packages.
 
 Any ideas what this might mean?  Any basic Linux knowledge I am 
 missing here?
 
 Thansk.
 
 David Pitts
 IT Services Manager
 Reid Library
 University of Western Australia
 
 Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012
 
 
 
 ---
 This SF.Net email is sponsored by: IBM Linux Tutorials
 Free Linux tutorial presented by Daniel Robbins, President and CEO of 
 GenToo technologies. Learn everything from fundamentals to system 
 administration.http://ads.osdn.com/?ad_id70alloc_id638op=click
 --
 --
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html






---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70alloc_id638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Compile pptpd for uClib?

[David Pitts]

I appear to have told you all something that is not true!  I couldn't
have downloaded the pptpd.lrp package from the url I said I did.  It
must have come from the Bering/latest directory which are obviously not
uClib compatible.  And Eric tells me he hasn't compiled the PPTPD
package for uClib.  My apologies for misleading you.

Is anyone willing to compile the package?  I am trying to stick with a
single floppy system and pptpd is nice and small.

All assistance gratefully accepted as usual.

Thanks.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70alloc_id638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] not found error

[David Pitts]

Hi.  I am trying to get pptpd running on my Bering 2 uClib box.  I
downloaded the .lrp from here:
http://leaf.sourceforge.net/mod.php?mod=userpagemenu=91017page_id=51

and it installed fine (no errors).  All the files appear to be where
they should be and I can configure it.  But when I try to execute pptpd
it tells me:

pptpd: not found

I have had no trouble with other packages.

Any ideas what this might mean?  Any basic Linux knowledge I am missing
here?

Thansk.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia

Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70alloc_id638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Shorewall Log File Management

[David Pitts]

Hi folks.  Easy question for you!

I am running Bering uClib latest version with HSorewall 1.4.9 and I
would like to reduce the huge number of entries in my logs that seem
repetitive and contain no new information.  It makes them hard to read.
I would like to be able to parse my logs and modify my logging
configuration to stop logging repeated rejections.  

Is there any way to have Shorewall do that itself?  I don't really
understand what Lograte and Logburst in Shorewall.conf do.

Any comments?  Do you think it would be too processor intensive?


David Pitts
IT Services Manager
Reid Library 
University of Western Australia

Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70alloc_id638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Three-interface Bering sample

[David Pitts]

Thanks for this.  I have been given the location of the three-interface
sample and there is one other difference you may not have noticed.  That
is in the masq file where the entries look like:

#INTERFACE  SUBNET  ADDRESS
eth0eth1
eth0eth2

Thanks for your help.

David Pitts

  -Original Message-
 From: Andrew Gray [mailto:[EMAIL PROTECTED] 
 Sent: Friday, 27 February 2004 11:28 AM
 To:   David Pitts; [EMAIL PROTECTED]
 Subject:  RE: [leaf-user] Three-interface Bering sample
 
 I didn't worry about finding a config for multi interface on the
 latest versions.   All that is needed is to declare the interfaced in
 the /etc/network/interfaces file then add the rules to the shorewall
 files.   Here is the example I use now with 2 internal interfaces,
 only 1 of which has access to the internet, a dmz and ppp dialup
 internet access to the net.
 
 Hope this is of some help to you.
 Andrew G. Gray
 MCSE
 
 Phone:(07) 4124 6303
 Mobile:   0418 734 078
 
 
 # Shorewall 1.4 /etc/shorewall/zones
 #ZONE DISPLAY COMMENTS
 net   Net Internet
 loc   Local   Local networks
 loc1  Local1  Local Network Children
 dmz   DMZ Demilitarized zone
 #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
 
 # Shorewall 1.4 -- Interfaces File
 #ZONE  INTERFACE  BROADCAST   OPTIONS
 netppp0   -
 loceth0   192.168.2.255
 loc1   eth1   192.168.3.255
 dmzeth2   detect
 
 # /etc/shorewall/rules
 #ACTION  SOURCE   DESTPROTO   DESTSOURCE
 ORIGINAL  RATEUSER
 # PORTPORT(S)DEST
 LIMIT
 #
 # Accept DNS connections from the firewall
 #
 ACCEPT fw net tcp 53
 ACCEPT fw net udp 53
 #
 # Accept SSH connections from the local network for administrative
 purposes.
 #
 ACCEPT locfw  tcp 22
 #
 # Allow ping to and from the firewall
 #
 # ping to firewall
 ACCEPT locfw  icmp8
 ACCEPT loc1   fw  icmp8
 ACCEPT dmzfw  icmp8
 # Ping between networks
 ACCEPT locloc1icmp8
 ACCEPT loc1   loc icmp8
 ACCEPT locdmz icmp8
 ACCEPT loc1   dmz icmp8
 ACCEPT netfw  icmp8
 # Ping from firewall
 ACCEPT fw loc icmp8
 ACCEPT fw loc1icmp8
 ACCEPT fw dmz icmp8
 ACCEPT fw net icmp8
 #
 # Bering specific rules
 # allow loc to fw udp/53 for dnscache to work
 # allow loc to fw tcp/80 for weblet to work
 #
 ACCEPT locfw  udp 53
 ACCEPT locfw  tcp 80
 ACCEPT fw loc tcp 80
 #
 # Allow loc to fw tcp/9100:9102 for print server
 #
 ACCEPT locfw  tcp 9100:9102
 DROP   netfw  tcp 9100:9102
 #
 # Allow VPN access to server on internal network
 #
 ACCEPT netloc:192.168.2.30 tcp1723
 ACCEPT netloc:192.168.2.30 47 
 #
 
 # /etc/shorewall/policy
 #SOURCE   DESTPOLICY  LOG
 LIMIT:BURST
 # LEVEL
 loc   net ACCEPT
 loc   loc1ACCEPT
 loc1  loc ACCEPT
 loc   dmz ACCEPT
 loc1  dmz ACCEPT
 #
 net   all DROPinfo
 #
 # THE FOLLOWING POLICY MUST BE LAST
 # 
 all   all REJECT  info 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED] Behalf Of David
 Pitts
  Sent: Thursday, 26 Feb 2004 13:25
  To: [EMAIL PROTECTED]
  Subject: [leaf-user] Three-interface Bering sample
  
  
  Hi.  Can someone point me to the current three-interface Shorewall
  config for Bering 2 and Shorewall 1.4.9?
  
  Thanks.
  
  David Pitts
  IT Services Manager
  Reid Library 
  University of Western Australia
   
  Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012
  
  
  
  ---
  SF.Net is sponsored by: Speed Start Your Linux Apps Now.
  Build and deploy apps  Web services for Linux with
  a free DVD software kit from IBM. Click Now!
  http://ads.osdn.com/?ad_id56alloc_id438op=ick
  --
  --
  leaf-user mailing list: [EMAIL PROTECTED]
  https://lists.sourceforge.net/lists/listinfo/leaf-user
  SR FAQ: http://leaf

[leaf-user] Three-interface Bering sample

[David Pitts]

Hi.  Can someone point me to the current three-interface Shorewall
config for Bering 2 and Shorewall 1.4.9?

Thanks.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56alloc_id438op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] BPALogin uClib Problem

[David Pitts]

My problems are over!!  Well, this particular set of problems anyway!

It all started with my desire to update to Bering uClib.  My first issue
was with dhcpcd.  It appeared to half convince my ISP that I was coming
from a different MAC address.  I still have no idea why but I found that
pump doesn't do it so now I use pump!

My second issue was with bpalogin and was caused by the package somehow
deciding that the heartbeat required to maintain the connection was
going to come from sm server = 255.255.255.255 when it wasn't!  So when
it got the heartbeat from the correct source it discarded it, and
eventually disconnected.  The solution was to tell the system the
correct sm-server IP address in the hosts file and bingo, Bob's your
uncle and hey presto, everything works!!

Thanks again for your wonderful work supporting this package!! 

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012


-Original Message-
From: David Pitts 
Sent: Thursday, 19 February 2004 3:04 PM
To: [EMAIL PROTECTED]
Subject: [leaf-user] BPALogin uClib Problem


Hi.  Anyone out there know anything about BPALogin?

It is a login client for Bigpond Australia cable that uses a heartbeat
to keep the connection up.  I connect ok but ehn get disconnected
because the heartbeat is not being accepted.  Can anyone give me a clue
what might be happening?

These are extracts from my daemon log showing a successful connection,
disconnection and reconnection.

Feb 19 12:31:42 firewall bpalogin[3213]: BPALogin v2.0.2 - portable
BigPond Broadband login client Feb 19 12:31:42 firewall bpalogin[3213]:
Auth host = 61.9.240.13:5050 Feb 19 12:31:42 firewall bpalogin[3213]:
Listening on port 5050 Feb 19 12:31:43 firewall bpalogin[3213]: Will
accept heartbeats from sm-server = 255.255.255.255 Feb 19 12:31:43
firewall bpalogin[3213]: Logged on as dpitts - successful at Thu Feb 19
12:31:43 2004

Feb 19 12:42:12 firewall bpalogin[3213]: Received a heartbeat from
unexpected source 61.9.240.13:5051 Feb 19 12:42:12 firewall
bpalogin[3213]: Badly structured packet received - discarding Feb 19
12:47:19 firewall bpalogin[3213]: Received a heartbeat from unexpected
source 61.9.240.13:5051 Feb 19 12:47:19 firewall bpalogin[3213]: Badly
structured packet received - discarding Feb 19 12:52:32 firewall
bpalogin[3213]: Received a heartbeat from unexpected source
61.9.240.13:5051 Feb 19 12:52:32 firewall bpalogin[3213]: Badly
structured packet received - discarding Feb 19 12:59:32 firewall
bpalogin[3213]: Timed out waiting for heartbeat
- logging on
Feb 19 12:59:32 firewall bpalogin[3213]: Will accept heartbeats from
sm-server = 255.255.255.255 Feb 19 12:59:32 firewall bpalogin[3213]:
Logged on as dpitts - successful at Thu Feb 19 12:59:32 2004

This looks pretty straight forward to me in that the messages seem to
indicate the client doesn't like something about the heartbeat that the
server is sending, so its not accepting it.

Is there anything I can do from my end to fix that or is it a server
side problem?

If anyone knows anything about BPAlogin, I would be very pleased to hear
from you.

Thanks.


David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56alloc_id438op=ick

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56alloc_id438op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] BPALogin uClib Problem

[David Pitts]

Hi.  Anyone out there know anything about BPALogin?

It is a login client for Bigpond Australia cable that uses a heartbeat
to keep the connection up.  I connect ok but ehn get disconnected
because the heartbeat is not being accepted.  Can anyone give me a clue
what might be happening?

These are extracts from my daemon log showing a successful connection,
disconnection and reconnection.

Feb 19 12:31:42 firewall bpalogin[3213]: BPALogin v2.0.2 - portable
BigPond Broadband login client
Feb 19 12:31:42 firewall bpalogin[3213]: Auth host = 61.9.240.13:5050
Feb 19 12:31:42 firewall bpalogin[3213]: Listening on port 5050
Feb 19 12:31:43 firewall bpalogin[3213]: Will accept heartbeats from
sm-server = 255.255.255.255
Feb 19 12:31:43 firewall bpalogin[3213]: Logged on as dpitts -
successful at Thu Feb 19 12:31:43 2004

Feb 19 12:42:12 firewall bpalogin[3213]: Received a heartbeat from
unexpected source 61.9.240.13:5051
Feb 19 12:42:12 firewall bpalogin[3213]: Badly structured packet
received - discarding
Feb 19 12:47:19 firewall bpalogin[3213]: Received a heartbeat from
unexpected source 61.9.240.13:5051
Feb 19 12:47:19 firewall bpalogin[3213]: Badly structured packet
received - discarding
Feb 19 12:52:32 firewall bpalogin[3213]: Received a heartbeat from
unexpected source 61.9.240.13:5051
Feb 19 12:52:32 firewall bpalogin[3213]: Badly structured packet
received - discarding
Feb 19 12:59:32 firewall bpalogin[3213]: Timed out waiting for heartbeat
- logging on
Feb 19 12:59:32 firewall bpalogin[3213]: Will accept heartbeats from
sm-server = 255.255.255.255
Feb 19 12:59:32 firewall bpalogin[3213]: Logged on as dpitts -
successful at Thu Feb 19 12:59:32 2004

This looks pretty straight forward to me in that the messages seem to
indicate the client doesn't like something about the heartbeat that the
server is sending, so its not accepting it.

Is there anything I can do from my end to fix that or is it a server
side problem?

If anyone knows anything about BPAlogin, I would be very pleased to hear
from you.

Thanks.


David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56alloc_id438op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Odd DHCPC Behaviour

[David Pitts]

To update:  I guess you all realised that Bering doesn't include
dhclient?  But it does include dhcpcd which is what was I was using.  I
replaced it with pump and now on my development Bering disk I get the IP
address I always get on my production Bering disk.  Which must be a good
thing.  Dhcpcd must send MAC address information?  Now I don't have to
turn off my cable modem to get a connection but it still stops after a
while.  That maybe an issue with my login client so I will continue
working in that direction.  If anyone has anything they care to add,
please do!



Hi.  

I have just decided to upgrade my lovely Bering firewall to take
advantage of uCLib.  I have put together my Bering 2 floppy and almost
everything works fine!  The fly in the ointment is the connection to my
ISP.  I am on BigPond Cable and I use udhcpc and BPALogin in my working
Bering floppy.  Udhcpc doesn't seem to have been recompiled for uCLib so
I am using dhclient and BPALogin in my uCLib version.  

The oddness is that using udhcp I get a particular IP Address (call it
IPudhcp) but with dhclient I get a totally different IP (call it
Ipdhclient).  But my hardware is the same so my MAC addresses don't
change.  This is repeatable ie if I boot with my udhcp disk, I get
IPudhcp every time, then if I boot my dhclient floppy I get IPdhclient
every time.  This seems odd to me because all I have read indicates that
IP addresses might be allocated on the basis of stored MAC addresses,
not some characteristic of the dhcp client.

The reason this is an issue is because BPAlogin for the dhclient floppy
won't login!  It says it can't find the authentication server.  The
settings are the same as for the udhcp floppy and I use the dotted quad
IP address to point to the server.  However, I find that if I turn my
modem off for about 5 minutes with my router off, then turn the modem
back on, and reboot the router, it will connect.  This sort of behaviour
is typically associated with clearing the MAC address stored by the
modem, but I don't see why it makes any difference to me because my MAC
Address doesn't change!

Then after about 5 minutes my connection disappears!  When I look at my
Shorewall logs following the disconnection I find that there are entries
showing rejection of connections from the Authentication server to port
5050 (which is the BigPond heartbeat port) but to Ipudhcp, not
IPdhclient!  So the rejection logs show that the authentication server
has tried to contact my router on the IP address that would have been
allocated if I had used udhcpc!  And because the connection was
rejected, I am logged out!


This is all very weird.  It appears that dhclient is connecting ok using
the allocated IP address but 'something' in the Auth server is still
associating my MAC address with the IP address I would have been given
if I was using udhcp.

I am after any advice anyone can offer on what might cause this or how
to get around it. Is there any connection between MAC Address and the
dhcp client?  Does the dhcp client send a MAC address to the auth
server?  I would like to try another dhcp client and I see Pump has been
recompiled so I will try that first.  Lynn, are you planning to
recompile udhcpc because I would like to try that as well.

Thanks folks, as usual!


David Pitts
IT Services Manager
Reid Library 
University of Western Australia

Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56alloc_id438op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Odd DHCPC Behaviour

[David Pitts]

Hi.  

I have just decided to upgrade my lovely Bering firewall to take
advantage of uCLib.  I have put together my Bering 2 floppy and almost
everything works fine!  The fly in the ointment is the connection to my
ISP.  I am on BigPond Cable and I use udhcpc and BPALogin in my working
Bering floppy.  Udhcpc doesn't seem to have been recompiled for uCLib so
I am using dhclient and BPALogin in my uCLib version.  

The oddness is that using udhcp I get a particular IP Address (call it
IPudhcp) but with dhclient I get a totally different IP (call it
Ipdhclient).  But my hardware is the same so my MAC addresses don't
change.  This is repeatable ie if I boot with my udhcp disk, I get
IPudhcp every time, then if I boot my dhclient floppy I get IPdhclient
every time.  This seems odd to me because all I have read indicates that
IP addresses might be allocated on the basis of stored MAC addresses,
not some characteristic of the dhcp client.

The reason this is an issue is because BPAlogin for the dhclient floppy
won't login!  It says it can't find the authentication server.  The
settings are the same as for the udhcp floppy and I use the dotted quad
IP address to point to the server.  However, I find that if I turn my
modem off for about 5 minutes with my router off, then turn the modem
back on, and reboot the router, it will connect.  This sort of behaviour
is typically associated with clearing the MAC address stored by the
modem, but I don't see why it makes any difference to me because my MAC
Address doesn't change!

Then after about 5 minutes my connection disappears!  When I look at my
Shorewall logs following the disconnection I find that there are entries
showing rejection of connections from the Authentication server to port
5050 (which is the BigPond heartbeat port) but to Ipudhcp, not
IPdhclient!  So the rejection logs show that the authentication server
has tried to contact my router on the IP address that would have been
allocated if I had used udhcpc!  And because the connection was
rejected, I am logged out!


This is all very weird.  It appears that dhclient is connecting ok using
the allocated IP address but 'something' in the Auth server is still
associating my MAC address with the IP address I would have been given
if I was using udhcp.

I am after any advice anyone can offer on what might cause this or how
to get around it. Is there any connection between MAC Address and the
dhcp client?  Does the dhcp client send a MAC address to the auth
server?  I would like to try another dhcp client and I see Pump has been
recompiled so I will try that first.  Lynn, are you planning to
recompile udhcpc because I would like to try that as well.

Thanks folks, as usual!


David Pitts
IT Services Manager
Reid Library 
University of Western Australia

Telephone:   (08) 6488 3492 Fax:  (08) 6488 1012



---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56alloc_id438op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] rtl8139 unresolved symbol pci_register

[David Pitts]

As I recall, rtl8139.o requires pci-scan, but 8139too.o requires mii.o
only.

Pci-scan must be loaded before rtl8139.o.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 9380 3492 Fax:  (08) 9380 1012


-Original Message-
From: S Mohan [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, 13 August 2003 11:50 AM
To: Phil Moors; leaf-user
Subject: RE: [leaf-user] rtl8139 unresolved symbol pci_register


I use 8139 interface. I load mii first and then 8139too and it works. I
do not use pci-scan.

Mohan

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Phil Moors
Sent: Wednesday, August 13, 2003 8:19 AM
To: leaf-user
Subject: [leaf-user] rtl8139 unresolved symbol pci_register



Hi,

I have a LEAF firewall running on Oxygen that I'm trying to switch over
to Bering 1.2. I can't get the rtl8139 driver to load. I've tried
loading the mii.o module and that doesn't help. I've seen references to
a pci-scan module on this mailing list, however, it isn't included in
the modules tar-ball. I do see pci_scan_bus and friends in /proc/ksyms
though I don't know if it's related.

Can anyone point me in the right direction?

Thanks,

Phil



---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01
/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01
/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Interesting Issue?

[David Pitts]

Hi guys.

I have just fallen over an interesting (I think) issue with firewalls in
general that I'm hoping you can give me some ideas about.

I'm trying to access an online tax return service provided by the
Australian Tax Office.  They're using some sort of SSL protocol for
security.  They won't tell me what ports it requires open because they
say that impacts on their security.  I have found a list of SSL ports
required for various protocols (ie ftp ssl, http ssl etc) but I'm not
sure which protocols the Tax Office is using and there's no guarantee
they've used standard ports anyway.

Anyone have any ideas how to get a round this?  If I booted my Bering as
a router only (ie not firewall) would that help?  I think I can select
that option from the Network configuration file?

If that's not an option, I would like to have a play with allowing net
to loc on all the ports I can find that look like they might have an SSL
association.  Do I just add an:

ACCEPT  net loc tcp 443
ACCEPT  net loc tcp 990 etc

or do I need to DNAT each port to the to the particular loc IP?

Whatever I do I wouldn't keep it as a permanent thing.

Thanks for your thoughts.

David Pitts



---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Interesting Issue?

[David Pitts]

Tom, my logs are showing nothing.  I take it from your comment that my
logs should be showing blocked traffic on whatever port is being used?

David Pitts

-Original Message-
From: Tom Eastep [mailto:[EMAIL PROTECTED] 
Sent: Thursday, 17 July 2003 11:14 AM
To: David Pitts; [EMAIL PROTECTED]
Subject: Re: [leaf-user] Interesting Issue?


On Thu, 17 Jul 2003 10:59:20 +0800, David Pitts
[EMAIL PROTECTED] 
wrote:


 or do I need to DNAT each port to the to the particular loc IP?

If you are using masquerading then the answer is YES.

 Thanks for your thoughts.

Doesn't anyone ever look at their logs?

-Tom
-- 
Tom Eastep\ Shorewall - iptables made easy
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]




---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Interesting Issue?

[David Pitts]

Just a bit more.  

The connection is made from a client provided by the Tax Office.
However, on their website they say that to use the software you must
have a browser capable of 128 bit SSL installed, so its possible they're
using the browser protocol (HTTP?) and port.  

I don't even know for sure that the thing will work through a NATted
firewall at all.

Does the lack of any relevant entries in my log (shorewall.log) mean
that there is no relevant traffic being blocked?  I do have some
shorewall.log entries showing rejected connections.  Should every
rejected attempt to access any port be logged, unless there is a
statement that specifically stops the logging?

What I need to know is whether the lack of logs means there is no
blocking or I'm not logging the right thing.

Thanks.

David Pitts


-Original Message-
From: Ray Olszewski [mailto:[EMAIL PROTECTED] 
Sent: Thursday, 17 July 2003 11:31 AM
To: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Interesting Issue?


At 10:59 AM 7/17/2003 +0800, David Pitts wrote:
Hi guys.

I have just fallen over an interesting (I think) issue with firewalls 
in general that I'm hoping you can give me some ideas about.

I'm trying to access an online tax return service provided by the 
Australian Tax Office.  They're using some sort of SSL protocol for 
security.  They won't tell me what ports it requires open because they 
say that impacts on their security.

You should think carefully before you trust sensitive information to a
site 
that is run by someone who thinks he can keep secret the ports an active

service uses. Put more bluntly, if someone really told you that, he or
she 
is a jackass.

I have found a list of SSL ports
required for various protocols (ie ftp ssl, http ssl etc) but I'm not 
sure which protocols the Tax Office is using and there's no guarantee 
they've used standard ports anyway.

How are you making the initial connection? If it is from a browser, the 
browser has to know what destination port to send to. Even sniffing the
LAN 
will get you that much info ... SSL does not encrypt the IP and TCP
headers 
(it cannot, since intermediaries need to read them to route the
packets).

Anyone have any ideas how to get a round this?  If I booted my Bering 
as a router only (ie not firewall) would that help?  I think I can 
select that option from the Network configuration file?

It depends. If you currently use NAT for your LAN, then you need to run
a 
firewall, not just a router ... NAT'ing is part of what a firewall does.

About the only ways I can think of to sort this one out without
cooperation 
from the other end are:

1. Bypass the Bering firewall entirely and connect your workstation 
directly to the Internet. You can assess the risks of this approach.

2. Check the logs on the Bering router to see what ports it is DENYing 
traffic to or from that involve connections to the Tax Office site (I 
assume they don't think they can keep their IP address secret too). You
may 
have to increase Bering's logging to accomplish this.

3. Open -AND- port forward to your workstation any likely destination
ports.

4. Complain to the Aussie equivalent of your Congressman.

But before you muck with any of this, you might want to get a better 
understanding of this some sort of SSL protocol fuzziness. Opening and

forwarding ports accomplishes nothing if your workstation does not have 
something listening on each of the ports, and people (even WIndows
users) 
typically do not have a haphazard assortment of servers running just in 
case someone wants to run a bizarre and secretive security protocol.

If that's not an option, I would like to have a play with allowing net 
to loc on all the ports I can find that look like they might have an 
SSL association.  Do I just add an:

ACCEPT  net loc tcp 443
ACCEPT  net loc tcp 990 etc

or do I need to DNAT each port to the to the particular loc IP?

Yes. In this context, DNAT is what I refer to above as port forwarding.
But 
note my caveat above as well; I don't think doing all of this will
actually 
help you.

Whatever I do I wouldn't keep it as a permanent thing.

If I were faced with this problem, I'd take #2 of my suggested
approaches. 
I don't think #3 will actually work for you, and #1 requires more trust
in 
government (and the Internet) than I have for *any* government (or
system 
on the far side of my firewall).





---
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] RealTek nic problem

[David Pitts]

In my messings about with this stuff, I seemed to frequently get my versions mixed up. 
 It would be worthwhile to check that the mii.o and the 8139too modules are compiled 
against the kernel you are using.

I have used mii and 8139too in the past without any trouble.  PCI-Scan and rtl8139 is 
probably a more mainstream combination though?

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 9380 3492 Fax:  (08) 9380 1012


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Friday, 13 June 2003 9:42 PM
To: Lynn Avants
Cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] RealTek nic problem


In /etc/modules it appears to depend only on mii.o that I loaded.

Anny further sugestion ?

Alex

Cópia Lynn Avants [EMAIL PROTECTED]:

 On Thursday 12 June 2003 03:40 pm, [EMAIL PROTECTED] wrote:
  I have a NIC with a RealTek chipset that in full linux
 distributions
  works with the 8139too module.
  In Bering 1.2 I loded the mii.o module then when I try to load the 
  8139too.o module I got the error:
  insmod: init_module: 8139too.o: Operation not supported by device
 
  What am I missing ?
 
 A dependant module like possibly pci-scan.o and mii.o, IIRC, the 
 /etc/modules file listed the dependant modules next to the actual NIC 
 module.
 --
 ~Lynn Avants
 Linux Embedded Appliance Firewall Developer
 http://leaf.sourceforge.net
 http://guitarlynn.homelinux.org:81
 
 
 ---
 This SF.NET email is sponsored by: eBay
 Great deals on office technology -- on eBay now! Click here: 
 http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
 --
 --
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
 


---
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here: 
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5

leaf-user mailing list: [EMAIL PROTECTED] 
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Router Stops

[David Pitts]

Thanks Eric.  I have noticed what seems to be a huge number of
connections when my kids start up IE 6.  In the order of 50 even when
they're not actually doing anything.  I thought that might be ads?

How many connections could a router reasonably be expected to handle?

And what would I expect to happen if I exceeded that number?

Thanks for your help.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 9380 3492 Fax:  (08) 9380 1012


-Original Message-
From: eric wolzak [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, 28 May 2003 3:15 AM
To: David Pitts; [EMAIL PROTECTED]
Subject: Re: [leaf-user] Router Stops


Hello David, All

My router stops periodically and I can restart it by restarting
Shorewall. Lynn has suggested it might be a memory problem.  Any
suggestions how I can monitor RAM usage?  Commands built into Bering?
Packages I can run?

1. The Ram usage can be viewed from the weblet .
2 activate Spacecheck  in  lrp  settings file  and you get an email as
the disks fill ( as long as your router isn't stopped yet ;))

3. But I don't think  the  RAM is the cause  ,sorry I didn't follow this
treat before, What do you mean by router stops. I suppose you mean, you
cannot get connections to the internet anymore. Restarting Shorewall
does reinstall the firewall rules. and  detects some broadcasts thereby
setting a route Only restarting shorewall doesn't delete files. ( and
doesn't create more space on the Filesystem so why should the router
function after the restart if it was a disk ram problem ) It might
however stop remaining unused connections and clear your  table from
outdated connections The same should be done by takeing your external
interface down and up again. I have seen a pseudo none functional router
after someone playing network games on theinternal net and requesting
for free gameserver. just filled the tables. ( kind of unpurposed DOS ;)
) Try useing weblet to view the active connections or with the different
shorewall commands If you have to much active connections weblet will
time out.

Regards
Eric Wolzak
member of the Bering Crew


David Pitts
IT Services Manager
Reid Library
University of Western Australia

Telephone:   (08) 9380 3492 Fax:  (08) 9380 1012







---
This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore.
Now part of Progress Software. http://www.objectstore.net/sourceforge

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] lshd

[David Pitts]

I didn't have any trouble once I had a valid key.  Putty connected
straight away and I don't have any special LSHD options selected.
Unfortunately, I have far to little technical expertise to comment on
your error messages.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 9380 3492 Fax:  (08) 9380 1012


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] 
Sent: Wednesday, 28 May 2003 7:29 AM
To: [EMAIL PROTECTED]
Subject: [leaf-user] lshd


thanks for the help regarding key generation with lshd.  running the
commads directly appear to have worked just fine.

however, i am still unable to connect to my bering box.

i use putty from a windoze machine, and on attempting to connect i get i
get the following:

internal fault: chaos in in the ssh 2 transport layer

followed by:  connection closed by remote host

i (appear) to have valid public/private keys in /etc (lsh_host_key).  i
have the host.allow file set up, as well as shorewall.  i also changed
inetd.conf and pointed ssh at /usr/sbin/lshd.

is there something i am missing in setting up lshd.  i noted a number of
options with 'lshd--help, but i am uncertain if i need any of them, and
what they should be.

thanks again.

ted




---
This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore. Now
part of Progress Software. http://www.objectstore.net/sourceforge

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore.
Now part of Progress Software. http://www.objectstore.net/sourceforge

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] More on Behaviour of uDHCPD

[David Pitts]

Hi everyone, Lynn

I had a bit of a play with uDHCPD last night and it appears that it
works fine in most instances.  The one I find where it doesn't work is
renew/refresh after the router has been rebooted while the workstation
is up.  And unfortunately that is the thing I tried to do when fiddling
with my set up.  Ie make a change, reboot router, attempt refresh to
test uDHCPD.  This may seem an odd way of doing business to you but
until you told me svi udhcpd restart the other day, that is what I have
been doing!  Fortunately, this behaviour doesn't hurt the system because
if the workstation has stayed up, then it retains its IP info (ie
refresh not required).  So all is pretty much ok I think.

However, I have noticed that when booting the router Shorewall tries to
run once immediately after uDHCPC initiates, but fails because the
system hasn't set up eth1 and eth2 yet, then it runs again successfully
immediately after uDHCPD initiates.  Is that expected behaviour?

Also, the router crashes quite frequently.  The machine itself is still
up and I can log in, but Shorewall seems to be down which blocks all the
interfaces.  Eth0 and eth1 are unreachable.  When I try to restart
Shorewall it gets as far as saying that's it doing something with
/etc/shorewall/params then freezes.  Cntrl-c gets me back to the prompt.
The same thing happens with Shorewall stop, refresh etc.  I think I have
a problem with my logs filling up (I use ulogd.lrp and logging level of
ULOG).  Could that have this effect?  Rebooting the router fixes
everything!!

Phew.  Glad that's all down!

Thanks guys.



---
This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore.
Now part of Progress Software. http://www.objectstore.net/sourceforge

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] uCLIB Driver Modules

[David Pitts]

Hi.  Just one more question?

I almost have this thing working!  Ie I have everything I need on one floppy.  But I 
have one remaining problem, which is that the SMC Ultra driver I have doesn't work.  
It works fine with Bering stable 1.0 so I assume it's a compile thing?  Do I need to 
get an SMC-Ultra.o driver that has been compiled with uCLIB?  I also use an rtl8139.o 
driver but there is one of those on the uCLIB CD so I assume that will work.

Thanks.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 9380 3492 Fax:  (08) 9380 1012


-Original Message-
From: Jacques Nilo [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, 1 April 2003 3:17 AM
To: Peter Lourens; [EMAIL PROTECTED]
Subject: Re: [leaf-user] increasing size of root filesystem


Le Lundi 31 Mars 2003 20:52, Peter Lourens a écrit :
 Hi,

 Does anyone know howto increase the size of the root (/). Since there 
 are a lot of packages nowadays it is difficult to fit them in the 
 initial 6MB. Even after deleting everyhing I don't need I can't get 
 everything on the 6MB :( It's strange; in the user and devel 
 mailinglists no one complaints about this...Am I the only one?
syst_size=10M in the syslinux.cfg will do the trick
This is in the doc by the way ... 
http://leaf.sourceforge.net/devel/jnilo/biaddrm.html#AEN636
Jacques


---
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server 
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/

leaf-user mailing list: [EMAIL PROTECTED] 
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.net email is sponsored by: ValueWeb:
Dedicated Hosting for just $79/mo with 500 GB of bandwidth!
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] uCLIB Bering Question

[David Pitts]

Hi again.  With the advent of uCLIB I thought I would return to my
original plan to create a single floppy disk Bering with SSHD instead of
wasting a CDROM drive.  

The packages I need seem to fit on a floppy no trouble but I get an odd
error when packages I didn't source from the Bering uCLIB CD.  I need to
run ez-ipupdate, bpalogin (Big Pond Australia cable login script) and
udhcp.  I have added them to the floppy and syslinux.cfg.  They load
fine.  Then when the try to run I get variations of the following error
message:

Starting /usr/sbin/bpalogin...
/etc/rc2.d/s46bpalogin: /usr/sbin/bpalogin: not found

The same thing occurs for ez-ipupdate, udhcpc and udhcpd but with  a
different number ie not 46.  The number relates to the sequence of
starting the packages.

When I look around I find the packages are actually, the executables do
exist in the places where they are supposed to be, but if I try to run
them, I get not found, even from the directory the executable is in.  Is
this a permissions problem?  Root doesn't have rights to the
executables?

On another issue, is the lshd.lrp package in Bering a replacement for
the latest version of sshd??

Any assistance gratefully accepted.

Thanks heaps as always.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 9380 3492 Fax:  (08) 9380 1012




---
This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There!
NetWorld+Interop Las Vegas 2003 -- Register today!
http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] CUSeeMe

[David Pitts]

Hi all again!  I am having trouble finding source code for the Bering
kernel.  I thought it would be in here:
http://leaf.sourceforge.net/devel/jnilo/bering/latest/development/kernel
/
But there doesn't seem to be a kernel in there at all let alone the
source code.  Is it available or does it need to be made up from the
basic 2.4.20 kernel (available from Kernel.org?).

Thanks again.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 9380 3492 Fax:  (08) 9380 1012


-Original Message-
From: David Pitts 
Sent: Tuesday, 18 March 2003 11:32 AM
To: Lynn Avants
Cc: [EMAIL PROTECTED]
Subject: RE: [leaf-user] CUSeeMe


Thanks Lynn.  I will check the conf file.  The other things are all
true.  Ie I use 192.168.1.xxx and eth1.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 9380 3492 Fax:  (08) 9380 1012


-Original Message-
From: Lynn Avants [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, 18 March 2003 11:16 AM
To: David Pitts
Cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] CUSeeMe


On Monday 17 March 2003 08:21 pm, David Pitts wrote:

 Thanks Lynn.

 The uDHCP package did work better but still not quite right.  The
 client was fine, worked like a charm, first time.  The server appears 
 to load but doesn't serve addresses.  I don't remember if I said that 
 before, but it was doing the same thing before you modified it.  I 
 just copied the package to my floppy and edited syslinux.cfg to add it

 and remove pump and dhcpd.  Is that the right process?

Yes, that is the right order. I haven't had any problems with the server
portion working with Bering-1.0. By chance, are you using eth1 for an
internal interface, the 192.168.1.0 network addressing for your LAN,
and enabled dhcp for the loc section of Shorewall?

If any changes are made from the default Bering settings that affect
these things, you must also make the proper changes to /etc/udhcpd.conf
for the program to work. Just a WAG since I haven't had any problems
myself in testing.


 On the other question (cuseeme) I have contacted a fella who has
 developed a couple of patches which are available on patch-o-matic. 
 However, I don't have the resources to make any thing of that.  He is 
 prepared to compile the things for me though if he can.  Can you tell 
 me what flavour of Linux LEAF is based on?  I believe its Debian from 
 memory?  And can you tell me if the kernel 'newnat' support?  Or maybe

 Jaques can?

Debian Slink for the userland stuff and Debain Woody for the kernel.
Jacques has the necessary patches posted in his /devel directory.
newnat is something I can't say I have ever heard of.


 What do you know about patch-o-matic?  Can it create modules or must
 it patch the kernel?

It patches the kernel source.


 I'm sorry if this seems too much off the LEAF track but I would
 appreciate any assistance.

NP

-- 
~Lynn Avants
Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net
http://www.guitarlynn.homelinux.org:81




---
This SF.net email is sponsored by:Crypto Challenge is now open! 
Get cracking and register here for some mind boggling fun and 
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.net email is sponsored by: Does your code think in ink?
You could win a Tablet PC. Get a free Tablet PC hat just for playing.
What are you waiting for?
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] CUSeeMe

[David Pitts]

Sorry. I didn't send this to the list.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 9380 3492 Fax:  (08) 9380 1012


-Original Message-
From: David Pitts 
Sent: Tuesday, 18 March 2003 9:31 AM
To: 'Lynn Avants'
Subject: RE: [leaf-user] CUSeeMe


Thanks Lynn.

The uDHCP package did work better but still not quite right.  The client
was fine, worked like a charm, first time.  The server appears to load
but doesn't serve addresses.  I don't remember if I said that before,
but it was doing the same thing before you modified it.  I just copied
the package to my floppy and edited syslinux.cfg to add it and remove
pump and dhcpd.  Is that the right process?

On the other question (cuseeme) I have contacted a fella who has
developed a couple of patches which are available on patch-o-matic.
However, I don't have the resources to make any thing of that.  He is
prepared to compile the things for me though if he can.  Can you tell me
what flavour of Linux LEAF is based on?  I believe its Debian from
memory?  And can you tell me if the kernel 'newnat' support?  Or maybe
Jaques can?

What do you know about patch-o-matic?  Can it create modules or must it
patch the kernel?

I'm sorry if this seems too much off the LEAF track but I would
appreciate any assistance.

Thanks again.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 9380 3492 Fax:  (08) 9380 1012


-Original Message-
From: Lynn Avants [mailto:[EMAIL PROTECTED] 
Sent: Monday, 17 March 2003 1:39 PM
To: [EMAIL PROTECTED]
Subject: Re: [leaf-user] CUSeeMe


On Sunday 16 March 2003 07:15 pm, David Pitts wrote:
 Morning all.

 Can anyone give me any advice on getting CUSeeMe running through
 Bering 1?  My Googling seems to indicate there are some patches 
 required  but I couldn't find anything compiled.  Can anyone recommend

 a source of the modules I would need?  Or a source of information?

You'll need to use h323 support, IIRC. There should be ipmasq/iptables
modules (or config) to add/use this support.

BTW, did the updated udhcp package work better for you?
-- 
~Lynn Avants
Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net
http://www.guitarlynn.homelinux.org:81


---
This SF.net email is sponsored by:Crypto Challenge is now open! 
Get cracking and register here for some mind boggling fun and 
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.net email is sponsored by:Crypto Challenge is now open!
Get cracking and register here for some mind boggling fun and
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] CUSeeMe

[David Pitts]

Thanks Lynn.  I will check the conf file.  The other things are all
true.  Ie I use 192.168.1.xxx and eth1.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 9380 3492 Fax:  (08) 9380 1012


-Original Message-
From: Lynn Avants [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, 18 March 2003 11:16 AM
To: David Pitts
Cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] CUSeeMe


On Monday 17 March 2003 08:21 pm, David Pitts wrote:

 Thanks Lynn.

 The uDHCP package did work better but still not quite right.  The 
 client was fine, worked like a charm, first time.  The server appears 
 to load but doesn't serve addresses.  I don't remember if I said that 
 before, but it was doing the same thing before you modified it.  I 
 just copied the package to my floppy and edited syslinux.cfg to add it

 and remove pump and dhcpd.  Is that the right process?

Yes, that is the right order. I haven't had any problems with the server
portion working with Bering-1.0. By chance, are you using eth1 for an
internal interface, the 192.168.1.0 network addressing for your LAN,
and enabled dhcp for the loc section of Shorewall?

If any changes are made from the default Bering settings that affect
these things, you must also make the proper changes to /etc/udhcpd.conf
for the program to work. Just a WAG since I haven't had any problems
myself in testing.


 On the other question (cuseeme) I have contacted a fella who has 
 developed a couple of patches which are available on patch-o-matic. 
 However, I don't have the resources to make any thing of that.  He is 
 prepared to compile the things for me though if he can.  Can you tell 
 me what flavour of Linux LEAF is based on?  I believe its Debian from 
 memory?  And can you tell me if the kernel 'newnat' support?  Or maybe

 Jaques can?

Debian Slink for the userland stuff and Debain Woody for the kernel.
Jacques has the necessary patches posted in his /devel directory.
newnat is something I can't say I have ever heard of.


 What do you know about patch-o-matic?  Can it create modules or must 
 it patch the kernel?

It patches the kernel source.


 I'm sorry if this seems too much off the LEAF track but I would 
 appreciate any assistance.

NP

-- 
~Lynn Avants
Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net
http://www.guitarlynn.homelinux.org:81




---
This SF.net email is sponsored by:Crypto Challenge is now open!
Get cracking and register here for some mind boggling fun and
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] CUSeeMe

[David Pitts]

Morning all.

Can anyone give me any advice on getting CUSeeMe running through Bering
1?  My Googling seems to indicate there are some patches required  but I
couldn't find anything compiled.  Can anyone recommend a source of the
modules I would need?  Or a source of information?

Thanks.



---
This SF.net email is sponsored by:Crypto Challenge is now open!
Get cracking and register here for some mind boggling fun and
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Bering CD Alternate Method (Long)

[David Pitts]

Thanks Victor.  All good stuff that I think I can get good value from.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 9380 3492 Fax:  (08) 9380 1012


-Original Message-
From: Victor McAllister [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, 4 March 2003 1:38 PM
To: [EMAIL PROTECTED]
Subject: [leaf-user] Bering CD Alternate Method (Long)


Simplified step by step.

MAKING A BOOT CD for Bering (Alternate Method). (formating probably 
messed as text).

I used this to get an older box that would not boot a CD ROM to boot 
from a combination CD and floppy. I used the uClibc Bering 1.1 iso
image.

1. Download the iso and burn the CD for uClibc Bering.
1.1 Use Winimage to make a bootable diskette from the file bootdisk.ima 
that is on the CD.

2. Mark this diskette Bering Setup
2.1 boot this diskette with the uClibc CD in the drive.
2.2 login as root. q to quit the menu
2.3 mount -t msdos /dev/fd0 /mnt
cd /mnt
2.4 ae syslinux.cfg and delete everything starting with LRP= to the end 
of the line. Make sure there is only one carriage return at the end of 
the line.
Your syslinux.cfg file should now look like this:

display syslinux.dpy
timeout 0
default linux initrd=initrd.lrp init=linuxrc rw root=/dev/rom0 
boot=dev/fd0:msdos PKGPATH=/dev/cdrom:iso9660,/dev/fd0:msdos

PS There is a message from Charles who built the parent to Bering that 
the boot= has to do with where the files are backed up to - not where 
they boot from. I leave the boot=/dev/fd0:msdos.

2.5 ae lrpkg.cfg
make a single line with all the packages you want separated by commas 
with a single carriage return at the end of the line. For example:
etc,local,modules,iptables,shorwall,dhcpd,dnscache,tinydns,libz,weblet,s
shd,ulogd

2.6 Boot this diskette. The LRPs in lrpkg.cfg will load from the CD. If 
everything loads correctly, then make a copy of this diskette and mark 
it Boot Loader. You can make a copy using diskcopy on a Windows 
machine. Set this diskette aside for making your bootable CD later.

3. Configure the router / firewall
3.1 Boot the floppy / CD combo using the Bering Setup diskette. The 
packages listed in lrpkg.cfg should all load from the CD.
3.2 Configure the router using the instructions from the Bering and 
Shorewall sites.
To find the modules for your network cards
cd /cdmnt/lib/modules/2.4.20/kernel/drivers/net
If you need the tulip driver it is in a subdirectory
cd tulip
cp tulip.o /lib/modules/tulip.o
cd /lib/modules and delete unused modules to save space on the floppy.
rm ne.o rm 8390.o etc etc ... (The original Dachstein loaded the modules
right off the CD - don't know 
why Bering doesn't)

3.3 To make the ssh encryption keys
passwd and give root a secure password with letters and numerals. Don't 
forget it. You may have to replace the etc.lrp if you forget the
password. cd /cdmnt lrpkg -i sshkey makekey 3.4 Change the backup
destination for the packages that you modified to 
full fd0. For example: from the backup menu: d 3 and select 1 for fd0 
full backup. Do not backup any programs that you have not modified - or 
you will run out of room on the 1.44 boot diskette. LRPs that you DO NOT

need to backup are: root, weblet, libz, ulogd, local, dnscache, 
iptables. Packages that you will need to backup are etc, modules, 
shorwall, sshd

NOTE: YOU CAN'T BACKUP to a mounted fd0. umount /mnt before backing up.

3.5 mount -t msdos /dev/fd0 /mnt
ae lrpkg.cfg
add a :R to the programs that you have full backups on the floppy.
etc:R,local,modules:R,iptables,shorwall:R,dhcpd:R,dnscache,tinydns:R,ulo
gd,libz,weblet,sshd:R,ulogd
3.6 use df to check how much space you have left on your boot floppy.
3.7 type reboot 3.8 The system should boot by loading unmodified LRPs
from the CD and 
modified ones from the floppy.
3.9 Continue to make adjustments to your scripts until everything works.

Backup the changed LRPs to the Bering Setup floppy. At this stage you 
have a functional router / firewall that boots from a floppy and loads 
programs from the CD and from the floppy.

4 I added this to the end of the system wide profile - 2 - 5 from the 
beginning of the lrcfg menu
umount /cdmnt
backup etc to save
I don't like the idea of running the Bering box with the CD mounted. I 
know it is Read Only - but there are utilities on the CD . . .

4.1 If you change the name of your firewall you must change it in two 
places.
/etc/hosts does not have a carriage return at the end of the file
hostname has a single carriage return. be careful about adding an extra
carriage return in either of these 
locations. If you do - the boot will hang for 2 minutes at klogd.


AN ALTERNATE METHOD FOR BUILDING A BOOTABLE CD

1. If you have made any changes to your lrpkg.cfg then using the Bering

Setup diskette
Mount -t msdos /dev/fd0 /mnt
cp /mnt/lrpkg.cfg /tmp/lrpkg.cfg
unount /mnt
ae /tmp/lrpkg.cfg
remove all the :Rs. Make sure there is only a single carriage return at 
the end of the line.
Put

[leaf-user] Bootable Bering CD

[David Pitts]

Good afternoon (for me anyway).

I have a very nice 2 floppy  Bering router setup but in the interests of
never being satisfied, I want to burn it all to CD.  I have followed the
steps in the Bering User Manual and all goes well but the CDs I burn
won't boot.  I should say that I have only tried to boot from one
machine but that machine will boot Windows based CDs.  I will try on
others.

However, can anyone point me to a troubleshooting page or give me some
ideas on what might be going wrong?  Or point me to an archived thread
that covers this?

Thanks yet again for your help.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 9380 3492 Fax:  (08) 9380 1012



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Set Root Password

[David Pitts]

Hi again.  I just know this is a silly question but I can't find the
answer anywhere!

Can somebody please tell me how to set a root password in Bering?  Or
how to create another user?

Thanks as usual for your support.



---
This SF.net email is sponsored by: Scholarships for Techies!
Can't afford IT training? All 2003 ictp students receive scholarships.
Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
www.ictp.com/training/sourceforge.asp

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] ANNOUNCE: New udhcp packages available

[David Pitts]

Bewdy Lynn.  I will give it a go!

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 9380 3492 Fax:  (08) 9380 1012


-Original Message-
From: Lynn Avants [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, 20 February 2003 2:03 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: [leaf-user] ANNOUNCE: New udhcp packages available


Alright everyone,

In light of an user having problems using my 'udhcp' package with a
Bering image, I have done a large amount of code cleanup reducing the
size and also setup the 'generic' udhcp.lrp package to work with
Shorewall out of the box.

You can get the package that works with Bering and Shorewall (or other
libc-2.0 variants after editing '/etc/udhcpc.hooks' appropiately) here:

http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/devel/guitarlynn/udh
cp.lrp?rev=1.5content-type=text/vnd.viewcvs-markup

The Dachstein specific package is here:

http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/devel/guitarlynn/udh
cp.lrp.dachstein?rev=1.5content-type=text/vnd.viewcvs-markup

In case the URL wraps badly, both are linked from:
http://leaf.sf.net/devel/guitarlynn

Enjoy!
-- 
~Lynn Avants
Linux Embedded Firewall Project developer http://leaf.sourceforge.net


---
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The
most comprehensive and flexible code editor you can use. Code faster.
C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] rtl8139.o and Bering 1.1

[David Pitts]

I have successfully been using this combination as well.  ie 8139too.o
and mii.o.   What is preferred for rtl8139 based adaptors?

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 9380 3492 Fax:  (08) 9380 1012


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, 19 February 2003 5:05 AM
To: Chris Hackett
Cc: '[EMAIL PROTECTED]'
Subject: Re: [leaf-user] rtl8139.o and Bering 1.1




I've been using 8139too.o which I believe requires mii.o
  for a long time.
I forget the issues.





Chris Hackett [EMAIL PROTECTED] on 02/18/2003 02:05:55 PM

To:   '[EMAIL PROTECTED]'
[EMAIL PROTECTED]
cc:(bcc: Phillip Watts/austin/Nlynx)

Subject:  [leaf-user] rtl8139.o and Bering 1.1



Hello List!

I'm trying to build a Bering 1.1 disk and am wondering if there are any
known issues with the rtl8139.o and the Bering 1.1 image?  I have put it
in the /lib/modules and made the appropriate mods to get it to load.
During the boot process, I see something like this:


Loading modules
rtl8139 - using /lib/modules
insmod: unresolved symbol pci_drv_unregister
insmod: unresolved symbol pci_drv_register

I'm using the rtl8139.o in the same machine with the Eiger2Beta image,
and I don't see the unresolved symbol messages with that image.  Does
anyone have ideas?  Are these messages even important?  Or can they
safely be ignored?

Also, after the image laods, when I log into the box, an ip link shows
only the 'lo interface .. no eth0 or eth1 that I can find.

If anyone can point me in the right direction, I'd sure appreciate it.

Thanks!!
Chris Hackett


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html






---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] It Works!!

[David Pitts]

There's obviously Pitts' everywhere!!

I'm using the three interface Shorewall config (which, once I'd figured
out how to set rules, works beautifully and easily), no ipsec.  Eth1 is
on 192.168.1.0, eth2 on 192.168.2.0.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 9380 3492 Fax:  (08) 9380 1012


-Original Message-
From: Lynn Avants [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, 13 February 2003 11:45 PM
To: [EMAIL PROTECTED]
Subject: Re: [leaf-user] It Works!!


On Wednesday 12 February 2003 07:24 pm, David Pitts wrote:
 Lynn, maybe you mean me, not 'Dan'??

 Anyway, I was/am using a Bering stable 1.0 with ezipupdt.lrp and 
 BPALogin.lrp.  I deleted some packages I didn't need like bridge.lrp, 
 keyboard.lrp, ppp.lrp and pppoe.lrp.  I also had pump and dhcpd out 
 when I was playing with uDHCP.

Sorry about the wrong name there David brainfart, I have a co-worker
named Dan Pitts and I guess I get confused sometimes.  ;-)

Thanks for the information, further you have added ipsec correct? Have
you changed the internal subnet from 1922.168.1.0?
-- 
~Lynn Avants
Linux Embedded Appliance Firewall developer http://leaf.sourceforge.net


---
This SF.NET email is sponsored by: FREE  SSL Guide from Thawte are you
planning your Web Server Security? Click here to get a FREE Thawte SSL
guide and find the answers to all your  SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your  SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] It Works!!

[David Pitts]

Lynn, maybe you mean me, not 'Dan'??

Anyway, I was/am using a Bering stable 1.0 with ezipupdt.lrp and
BPALogin.lrp.  I deleted some packages I didn't need like bridge.lrp,
keyboard.lrp, ppp.lrp and pppoe.lrp.  I also had pump and dhcpd out when
I was playing with uDHCP.

Thanks.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 9380 3492 Fax:  (08) 9380 1012


-Original Message-
From: Lynn Avants [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, 12 February 2003 10:05 PM
To: [EMAIL PROTECTED]
Subject: Re: [leaf-user] It Works!!


On Wednesday 12 February 2003 01:27 am, Jeff Newmiller wrote:
 On Tue, 11 Feb 2003, Lynn Avants wrote:
  On Tuesday 11 February 2003 09:28 pm, David Pitts wrote:
   That was the odd thing.  No error messages that I could see, it 
   just didn't work on boot, although it was fine from the command 
   line.
 
  OK, come to think about it there is another possible init problem 
  that I haven't considered. If two or more init scripts share the 
  same rc# only one of the scripts (or none) are run. If there is a 
  conflict with another script on the system, the udhcpd script may 
  not be run at all on boot.

 My understanding it is that the RCDLINKS data are converted to 
 symbolic links in the various runlevel directories, and then the 
 scripts are executed in alphabetical order.  Thus, where the rc#'s are

 the same, the scripts are run in alphabetical order as a fallback... 
 which may or may not meet your sequencing requirements, but should 
 never result in a script not being run.

That is what I thought to, but IIRC, I've run into something similar a
year or two ago . however I don't remember whether the conflict was
with a dependancy of not. I'm going to attempt to duplicate the error
myself and see what happens.

Dan: Could you send me a list of the packages you were using on your
disk?
-- 
~Lynn Avants
Linux Embedded Appliance Firewall developer http://leaf.sourceforge.net


---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] It Works!!

[David Pitts]

I have got it going!  A three interface Bering.  And I guess it should
have been easier than I made it seem but thanks a lot for your help.

Lynn, I gave up on uDHCP and reinstalled the default Pump and DHCP and
everything works fine.

For my next project I will make a bootable CD version and set up SSH on
that.  So we will meet again.

Thanks again.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 9380 3492 Fax:  (08) 9380 1012




---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] It Works!!

[David Pitts]

That was the odd thing.  No error messages that I could see, it just
didn't work on boot, although it was fine from the command line.

I don't actually find any of this frustrating.  I only do it for fun and
learning and I find it very good for both!

Thanks again.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 9380 3492 Fax:  (08) 9380 1012


-Original Message-
From: Lynn Avants [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, 12 February 2003 10:49 AM
To: [EMAIL PROTECTED]
Subject: Re: [leaf-user] It Works!!


On Tuesday 11 February 2003 08:12 pm, David Pitts wrote:
 I have got it going!  A three interface Bering.  And I guess it should

 have been easier than I made it seem but thanks a lot for your help.

 Lynn, I gave up on uDHCP and reinstalled the default Pump and DHCP and

 everything works fine.

Great! I'm glad your up and running. 

Concerning the init order between udhcpc and shorewall:

From /etc/init.d/shorewall
RCDLINKS=2,S41 3,S41 6,K41

From /etc/init.d/udhcpc
RCDLINKS=S,S38 6,K38

Ok, from this udhcpc runs before shorewall in init (38,41). unless
you are having an error message of some type that I don't remember. I'll
see if I can replicate the error sometime in the next week. The only
possibility 
I see is adding 'svi shorewall restart' in the /etc/udhcpc.hooks file
when 
a lease is changed after boot.

 For my next project I will make a bootable CD version and set up SSH 
 on that.  So we will meet again.

Hopefully it will be less frustrating next time. ;-)
-- 
~Lynn Avants
Linux Embedded Appliance Firewall developer http://leaf.sourceforge.net


---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Firewall Zone abbrev in Shorewall

[David Pitts]

Hi.  Just me again.

I'm confused about what I can use in Shorewall Policies and Rules to
indicate the Firewall itself.  The text seems to tell me I must use $fw
but the initially commented out line in the Policy file uses just fw.
Are $fw and fw interchangeable in rules and policies?  Loc, dmz and net
don't need the '$'?

BTW, the other day I mentioned that some standard setup file had
allocated IP addresses in the same subnet to my eth1 and eth2.  The file
that does that is the interfaces file in Bering if you accept the
initially commented out configuration of the eth2 interface.  Have I
missed something here?

Thanks again for your advice.



---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Couple of General Questions

[David Pitts]

First, thanks for your generous support with this 'stuff'.

I am attempting to setup a Bering/Shorewall firewall with a DMZ (just
because I want to!).  And I am making (slow) progress.  I have just run
into a couple of issues that I could do with some advice on.  I haven't
included logs etc because I haven't reached that stage of desperation as
yet but could someone tell me:

1.  Which version of uDHCP is compatible with Bering?  I would like
to eventually make SSH fit on my floppy so I would like to use uDHCP.

2.  Is there anything about the Bering/Shorewall three interface
setup that would stop DHClient picking up IP info?  With my setup (which
is the standard three interface Shorewall setup) DHClient doesn't pick
up IP info on startup, although it seems to run ok, but it works just
fine if Im invoke it from the command line after the router has finished
booting.  Does Shorewall run before DHClient?

3.  Should my local network DHCPD interface and my DMZ interface be
on separate subnets?  I used default packages which have the loc
interface at 192.168.1.254 and the DMZ interface at 192.168.1.100

Thanks for your attention as usual!




---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] H323/NetMeeting support in Bering

[David Pitts]

I would like to use NetMeeting from my Bering protected home network.
My research indicates that requires the H323-conntrack module and maybe
some other configuration.  Please feel free to correct me if that's
wrong.

However, I get the impression NetMeeting will still not be fully
functional.  Is that correct?  Can someone tell me what limitations are
placed on the operation of Net Meeting by the available modules?

Thanks for your time.

David Pitts



---
This SF.net email is sponsored by: Scholarships for Techies!
Can't afford IT training? All 2003 ictp students receive scholarships.
Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
www.ictp.com/training/sourceforge.asp

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Unresolved Symbols

[David Pitts]

Hi all.  Thanks for all your great work on this list.  

I have a general question that is more Linux than LEAF but I expect you
guys will be able to answer it for me.  I tried to add smc-ultra.o to a
Bering distro I'm putting together but when I ran insmod
/lib/modules/smc-ultra.o I got a list of unresolved symbol messages.  I
may have other problems with the NIC I am using so I'm not looking for
specific answers at the moment but can someone point me in the direction
of some instruction of what causes the unresolved symbol messages?

Thanks again for your assistance.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 9380 3492 Fax:  (08) 9380 1012



---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Unresolved Symbols

[David Pitts]

Thanks Ray.  I used the module from the Bering website (6k file) so I
believe it's the right one. I don't suppose different versions of the
Bering software need different versions of the driver??

I will check dependencies.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 9380 3492 Fax:  (08) 9380 1012


-Original Message-
From: Ray Olszewski [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, 21 January 2003 10:36 AM
To: David Pitts; [EMAIL PROTECTED]
Subject: Re: [leaf-user] Unresolved Symbols


At 10:04 AM 1/21/03 +0800, David Pitts wrote:
Hi all.  Thanks for all your great work on this list.

I have a general question that is more Linux than LEAF but I expect you

guys will be able to answer it for me.  I tried to add smc-ultra.o to a

Bering distro I'm putting together but when I ran insmod 
/lib/modules/smc-ultra.o I got a list of unresolved symbol messages.  I

may have other problems with the NIC I am using so I'm not looking for 
specific answers at the moment but can someone point me in the 
direction of some instruction of what causes the unresolved symbol 
messages?

There are two common causes.

1. The module being loaded depends on another module that has not been 
loaded previously (or some kernel feature that has not been compiled 
in).  (Check the appropriate modules.dep file for this, but I don't
believe 
smc-ultra has dependencies in 2.4.x kernels.)

2. There is a version mismatch between the module and the kernel it is 
being insmod'ed to. (Check where you got the module from to see if it
goes 
with your kernel.)




--
---Never tell me the
odds!
Ray Olszewski   -- Han Solo
Palo Alto, California, USA[EMAIL PROTECTED]

---





---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Unresolved Symbols

[David Pitts]

I am using Bering_1.0-stable_img_bering_1680.exe from
http://sourceforge.net/project/showfiles.php?group_id=13751 and
smc-ultra.o (20-Oct-2002 09:03 6k) from
http://leaf.sourceforge.net/devel/jnilo/bering/rc4/modules/2.4.18/kernel
/drivers/net/ 

I haven't added anything to it other than the smc-ultra.o module.  

A couple of other things.  I tried to insmod another module (ne.o), just
for comparison, which came with the distro and had a similar problem.
And when I first mounted the Bering floppy to copy smc-ultra.o to
/lib/modules from /mnt, the directory listing was corrupted (ie the
result of ls /mnt).  All sorts of characters all over the place.  So I
umounted the floppy and rebooted the router PC and everthing looked
fine.

Thanks for your thoughts.

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 9380 3492 Fax:  (08) 9380 1012


-Original Message-
From: Lynn Avants [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, 21 January 2003 10:51 AM
To: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Unresolved Symbols


On Monday 20 January 2003 08:04 pm, David Pitts wrote:
 Hi all.  Thanks for all your great work on this list.

 I have a general question that is more Linux than LEAF but I expect 
 you guys will be able to answer it for me.  I tried to add smc-ultra.o

 to a Bering distro I'm putting together but when I ran insmod 
 /lib/modules/smc-ultra.o I got a list of unresolved symbol messages.  
 I may have other problems with the NIC I am using so I'm not looking 
 for specific answers at the moment but can someone point me in the 
 direction of some instruction of what causes the unresolved symbol 
 messages?

Well, Google and the leaf-user list archive (searchable) are always your

best friends, but unresolved symbol messages generally indicate 
that the module you are using is not from the actual kernel
you are using. The smc-ultra module doesn't have any dependancies, so 
that's not a problem. We could likely help you more if we know which
version of LEAF you are using (exactly), if you've added a kernel to the
image other than stock, and where you got your module (exactly).

I hope this helps,
-- 
~Lynn Avants
Linux Embedded Appliance Firewall developer http://leaf.sourceforge.net


---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] DHCP stuff (more)

[David Pitts]

I haven't had any resolution to this.  Eigerstein works fine so I don't
feel especially exposed, but I would like to update.  I became a little
frustrated with is and decided I had more important things to do!  I
could get interested again though.

I would be interested to know what IP address your ISP is using as their
DHCP Server.  Mine is using some sort of restricted address that looks
like it gets blocked?  Doesn't happen in Eigerstein though.

Would be interested to know how you go with this!

David Pitts
IT Services Manager
Reid Library 
University of Western Australia
 
Telephone:   (08) 9380 3492 Fax:  (08) 9380 1012


-Original Message-
From: roki [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, 31 July 2002 10:13 AM
To: [EMAIL PROTECTED]
Subject: [leaf-user] DHCP stuff (more)


I have a problem to one similar to an earlier thread posted by  David
Pitts earlier this month here:

http://sourceforge.net/mailarchive/forum.php?thread_id=887924forum_id=5
483

I have read that thread fully but found no answers - David, did you ever
get to the bottom of it?

My cable supplier changed my server location recently and since then I
have been unable to set up a firewall to connect to it's DHCP server.

I was originally using Gnatbox but when this failed I tried Dachstein.
The problem seems to be the same with each.

I can connect to my ISP's DHCP server using Windows 98SE without
problem, but using both Gnatbox and Dachstein, DHCP requests timeout
without any offer or reply from the server.  I have tested my NICs and 
they are fine and correctly orientated.

I get the message DHCPDISCOVER on ETH0 to 255.255.255.255 port 67
repeatedly until a final NO OFFERS WERE RECEIVED message.

Ping requests to external IPs fail on a Type 1 error.  Ping requests and
DHCP on the local network work fine.

I have left DHCLIENT.conf setup as default as I have not needed to
supply any specific information from Windows or Gnatbox in the past.

Any help is most appreciated - I'm surfing unprotected at the moment and
I don't like it :(

Roki

***ADDITIONAL INFO***

Dachstein 1.0.2 / Linux 2.2.19-3-LEAF

ip addr show:

1: lo: LOOPBACK,UP mtu qdisc noqueue
link/loopback 00:00:00:00:00:00: brd 00:00:00:00:00:00
Inet 127.0.0.1/8 brd 127.255.255.255 scope global lo
2: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pf ifo_fast qlen 100
link/ether 00:40:95:65:67:3f brd ff:ff:ff:ff:ff:ff
3: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pf ifo_fast qlen 100
link/ether 00:40:95:65:67:3e brd ff:ff:ff:ff:ff:ff
inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1

ip route show:

192.168.1.0/24 dev eth1 proto kernal scope link src 192.168.1.254






---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code1

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] DHCP Stuff

[David Pitts]

Thanks Tom.  I did that but it made no difference.

Can you tell me how I can turn Shorewall off?  That would prove whether
Shorewall is blocking my DHCP incoming packets, or not.

Thanks.

David Pitts
IT Services Manager
Reid Library
University of Western Australia

Ph:  61 (08) 9380 3492Fax:  61 (08) 9380 1012
Email:  [EMAIL PROTECTED]


-Original Message-
From: Tom Eastep [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, 18 July 2002 9:31 AM
To: David Pitts
Cc: guitarlynn; [EMAIL PROTECTED]
Subject: RE: [leaf-user] DHCP Stuff


On Thu, 18 Jul 2002, David Pitts wrote:

 Could it be that the firewall is blocking the DHCP data from the ISP? 
 They're broadcasting on 10.96.4.1.  That would assume that the 
 Dachstein filters were different to the Eigerstein filters and that 
 Shorewall was blocking the same packets as Dachstein.
 
 Any ideas??
 

The default Bering Shorewall config has the external interface (eth0) 
configured with 'norfc1918' and RFC 1918 addresses are checked before
UDP 
ports 67 and 68 (DHCP).

So it may help to remove the 'norfc1918' from the eth0 entry in 
/etc/shorewall/interfaces.

-Tom 
-- 
Tom Eastep\ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ [EMAIL PROTECTED]





---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] DHCP Stuff

[David Pitts]

Hi.  Me again!

By way of a reminder, I am the bloke who has a perfectly functional
Eigerstein box who wants to upgrade to Dachstein or Bering but found
that Dachstein would recognise the NICs and run the tulip driver as
required, find a good 10baseT link beat, but then DHClient couldn't pick
up IP info and DHCP isn't serving IP info internally. 

I have been playing around with this router of mine with the following
results:

1.  I couldn't find any DHClient and DHCPD logs.  Is that
significant?  When the box boots progress info DOES appear on the
screen.

2.  I tried the Dachstein distro that has been set up for Bigpond
cable but that was the same.

3.  I tried Bering rc3 and that was the same as well.

Could it be that the firewall is blocking the DHCP data from the ISP?
They're broadcasting on 10.96.4.1.  That would assume that the Dachstein
filters were different to the Eigerstein filters and that Shorewall was
blocking the same packets as Dachstein.

Any ideas??

Thanks for your help.

David Pitts
IT Services Manager
Reid Library
University of Western Australia

Ph:  61 (08) 9380 3492Fax:  61 (08) 9380 1012
Email:  [EMAIL PROTECTED]


-Original Message-
From: guitarlynn [mailto:[EMAIL PROTECTED]] 
Sent: Monday, 15 July 2002 10:51 AM
To: [EMAIL PROTECTED]
Subject: Re: [leaf-user] DHCP Stuff


On Sunday 14 July 2002 21:45, David Pitts wrote:
 It is Bigpond I connect to and I do get denied packets and martians 
 when I connect with Eigerstein.  I'm not sure I am using the Dachstein

 supplied with BPALogin.  Can you give a link?  I will get it and try 
 it.

It is linked with a text file for setup from this page:
http://leaf.sourceforge.net/devel/cstein/contrib_disk_images.htm

 Thanks again for your help with this.
NP
-- 

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] RE: [off-list] DHCP Stuff

[David Pitts]

Sorry about replying off list.  I didn't notice I had done that.

It is Bigpond I connect to and I do get denied packets and martians when
I connect with Eigerstein.  I'm not sure I am using the Dachstein
supplied with BPALogin.  Can you give a link?  I will get it and try it.

Thanks again for your help with this.

David Pitts
IT Services Manager
Reid Library
University of Western Australia

Ph:  61 (08) 9380 3492Fax:  61 (08) 9380 1012
Email:  [EMAIL PROTECTED]


-Original Message-
From: guitarlynn [mailto:[EMAIL PROTECTED]] 
Sent: Monday, 15 July 2002 10:29 AM
To: David Pitts
Subject: Re: [off-list] DHCP Stuff


On Sunday 14 July 2002 21:18, David Pitts wrote:
 I use the same NICs so MAC address should not be an issue.  Maybe I 
 could try it without BPALogin?  That would prove whether there was any

 conflict and also should get me under a 255 character limit (Which I 
 wasn't aware of).

 DHClient does run.  When I watch the screen output when the machine is

 booting, I can see the output from DHClient on the screen.  It just 
 doesn't log which is odd in itself??  Any ideas why that would happen?

 It says it gets no lease!

Ahh... that may log in kern.log instead of syslog/messages. 
There are a few oddball programs that do that, we can assume that
dhclient is one of them.  That would eliminate any of the 
other ideas I've had as well. 

You are probably using Big Pond as an ISP and as I remember 
correctly they were running the DHCP server under a private class ip
address. If this was an issue, you should have had DENY'ed packets in
the log files and/or martian errors.

By chance are you using the Dachstein-contributed image that
is built for BPALogin? If not, it might include other changes 
necessary to connect to Big Pond that I am not aware of.
-- 

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Old_Tulip Bering

[David Pitts]

Hi again.  Getting my money's worth!! G

Should Old-Tulip (the 33 kb module) work with Bering?  Does it need
PCI-Scan to work with Bering?

Thanks again!

David Pitts



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] A question for guitarlynn

[David Pitts]

A question for guitarlynn:

Is your DHClient/DHCPserver LRP package also a drop in replacement for
the DHCP packages in Bering?

Also, are there any differences between Dachstein and Bering other than
IPTables and Shorewall?  Should Dachstein packages and modules work with
Bering and vice versa?

Thanks.




---
This sf.net email is sponsored by:ThinkGeek
No, I will not fix your computer.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Tulip and Dachstein

[David Pitts]

Thanks for your responses but I have advanced not one centimetre!  I
can't find tulip_old.o although I can find lots of references to it.
Can anyone point me in the right direction?

Do I need to recompile for Dachstein??



___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Tulip and Dachstein

[David Pitts]

Can anybody tell me if its possible to have the old Tulip driver working
with Dachstein?  Does it need to be re-compiled to work?  I have it
working with Eigerstein, but the Tulip in Dachstein doesn't work for me
so I thought I would try the old version.

Thanks for your assistance.

David Pitts


___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Tulip and Dachstein

[David Pitts]

Thanks you very much for your responses to my questions guitarlynn.  Its
nice to know I'm not just yelling into a bucket!

David Pitts

-Original Message-
From: guitarlynn [mailto:[EMAIL PROTECTED]] 
Sent: Wednesday, 5 June 2002 12:27 PM
To: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Tulip and Dachstein


On Tuesday 04 June 2002 22:28, David Pitts wrote:
 Can anybody tell me if its possible to have the old Tulip driver 
 working with Dachstein?  Does it need to be re-compiled to work?  I 
 have it working with Eigerstein, but the Tulip in Dachstein doesn't 
 work for me so I thought I would try the old version.

There is a tulip_old.o or old_tulip.o module that will work with the
older chipset if the new tulip.o doesn't work. You'll have to get it
from Charles' site for the floppy image (in the small
directory) or it should be on the CD-ROM version.

I hope this helps,
-- 

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!

___

Don't miss the 2002 Sprint PCS Application Developer's Conference August
25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Secure Shell Setup

[David Pitts]

Hi all.

I have been trying to setup OpenSSH but I'm having a problem creating
the key.  I have ssh.lrp, ssh-key.lrp and libz.lrp.  Do I also need
Makekey?  It looks like running ssh will start ssh-keygen which I guess
creates a key??

When I run ssh-keygen or ssh I get an error message saying that
libcrypto.so.0.9.6 can't be found.  The libz I have includes
libcrypt-2.0.7.so.  Does this mean I have some sort of version conflict?

Can anyone point me to a collection of the necessary files without this
conflict?

Thanks for your attention.

David Pitts


___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Secure Shell Setup

[David Pitts]

Thanks.  You are correct in that I want to shell TO the LRP box.  I will
try this.

When you say, put the public key on the LRP box, where would it go?
Which directory?

Thanks for your assistance with this.

David Pitts
IT Services Manager
Reid Library
University of Western Australia

Ph:  61 (08) 9380 3492Fax:  61 (08) 9380 1012
Email:  [EMAIL PROTECTED]


-Original Message-
From: T Burt [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, 4 June 2002 12:52 PM
To: David Pitts
Cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Secure Shell Setup



I will try and jump in here

You did not specify whether you are trying to ssh FROM the LEAF box or 
INTO the LEAF box.

I am going to assume that you want to ssh INTO the LEAF box.

If this is the case, then you want to create the key on the box you are
doing the ssh from.  This could be a PC, a MAC or another *nix box.
Take the public key from the generated pair, and place it on the LEAF
box.  
This will allow you to ssh into the LEAF box using the key as
authentication.

If this is not the case, you can still use the key pair you generate on 
the PC or MAC or other *nix.  In this situation, put the private key on 
the LEAF box, and the public key onto the box that you want to ssh into.

Sigh...  But there is more to setting up ssh.  File and directory 
permissions are critical to ssh and it will fail until you get
everything 
setup correctly.

I believe I coached someone thru setting up SSH on Trinux last year 
sometime.  You might review the postings for November and December of
2001 
in the Trinux-Talk archives.

Try http://trinux.sourceforge.net

... Here it is..  I found it

http://www.geocrawler.com/archives/3/5032/2001/11/50/7034175/

Look around, there are more messages on that board.

I hope this helps...

On Tue, 4 Jun 2002, David Pitts wrote:

 Hi all.
 
 I have been trying to setup OpenSSH but I'm having a problem creating 
 the key.  I have ssh.lrp, ssh-key.lrp and libz.lrp.  Do I also need 
 Makekey?  It looks like running ssh will start ssh-keygen which I 
 guess creates a key??
 
 When I run ssh-keygen or ssh I get an error message saying that 
 libcrypto.so.0.9.6 can't be found.  The libz I have includes 
 libcrypt-2.0.7.so.  Does this mean I have some sort of version 
 conflict?
 
 Can anyone point me to a collection of the necessary files without 
 this conflict?
 
 Thanks for your attention.
 
 David Pitts
 
 
 ___
 
 Don't miss the 2002 Sprint PCS Application Developer's Conference 
 August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
 
 --
 --
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
 

-- 

Timothy Burt
Internet Specialist



___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Dachstein/Eigerstein Differences

[David Pitts]

Hi everybody.  I have a problem you may be able to assist me with.

I have a Eigerstein floppy happily routing away on a Pentium 120 with 16
MB of RAM and two old PCI DEC chipset NICs.  The version of Tulip that
comes with Eigerstein works fine.  My connection is to Bigpond Australia
Cable which uses DHCP.  The DHClient included in Eigerstein works fine.

ButI would like to upgrade to Dachstein or a derivative to take
advantage of advances in security and function (and smaller sizes
because I would like to get SSH working as well).  When I try to run
Dachstein with the same configuration as I have in the Eigerstein, my
Eth0 doesn't receive any DCHP offers.

My question for you gentlemen is 'Do you know of any changes between
Eigerstein and Dachstien that might cause this?'.  Could the Tulip
driver have this sort of effect?  Is there some changes in the
firewalling that might cause this (this is unlikely because I have tried
a Dachstein distribution with BigPond Cable connect that works for
someone else, but it still didn't work for me.  Same problem.)?  Are
there changes to the DHClient software that might do this?   Should the
old version from Eigerstein work with Dachstein?

A lot of words for the one question.  Any advice gratefully accepted.


David Pitts


___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html