Re: [Leaf-user] DHCPd on Bering
Gufler, I'm working toward a two local interface firewall with a DMZ and of course the Internet. At the moment I'm stalled on the tulip driver for a quad NIC card so nothing I've done on shorewall is tested. -- Sincerely, David Smead http://www.amplepower.com. On Fri, 5 Apr 2002, Gufler Markus wrote: > Hi all, > > Two questions: > How can I enable/start a DHCP-Server on Bering? > Is there some example how to configure networks and shorewall for more > then one internal ethernet interface? > > Markus > > > > ___ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] tulip problems
I'm trying to get LEAF Bering up using a Quad NIC, the D-LINK DFE-570TX. Errors are reported by the tulip.o module as shown below. Loading modules: tulip - Using /lib/modules/tulip.o Linux Tulip driver version 0.9.15-pre9 (Nov 6, 2001) PCI: No IRQ known for interrupt pin A of device 01:04:0 \ Please try using pci=biosirq. 01:04:0 PCI Cache line size set incorrectly (0 bytes) by \ BIOS/FW, correcting to 16. tulip0: Missing EEPROM, this interface may not work correctly. in /etc/modules I changed from just tulip to: tulip pci=biosirq Now I get: insmod: invalid parameter pci Suggestions anyone? Thanks. -- Sincerely, David Smead http://www.amplepower.com. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] tulip problems
Bad etiquette replying to myself, but since then I've discovered the the pci=biosirq is a kernel paramemeter, so I put it in the right place. That got rid of the suggestion to use the statement, but PCI now complains about not finding devices 01:20, 01:28, 01:30 and 01:38. And IRQ is still set to 0 for the four NICs. Bios is reported as version 2.10 but I haven't found information yet on what is required. -- Sincerely, David Smead http://www.amplepower.com. On Thu, 4 Apr 2002, David Smead wrote: > I'm trying to get LEAF Bering up using a Quad NIC, the D-LINK DFE-570TX. > Errors are reported by the tulip.o module as shown below. > > Loading modules: > tulip - Using /lib/modules/tulip.o > Linux Tulip driver version 0.9.15-pre9 (Nov 6, 2001) > PCI: No IRQ known for interrupt pin A of device 01:04:0 \ > Please try using pci=biosirq. > > 01:04:0 PCI Cache line size set incorrectly (0 bytes) by \ > BIOS/FW, correcting to 16. > > tulip0: Missing EEPROM, this interface may not work correctly. > > in /etc/modules I changed from just tulip to: > tulip pci=biosirq > > Now I get: > insmod: invalid parameter pci > > Suggestions anyone? Thanks. > > ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Compact Flash vs CD Rom
It's easy enough to put a switch on the adapters. I have two of them and will provide some details later. -- Sincerely, David Smead http://www.amplepower.com. On Fri, 5 Apr 2002, Charles Steinkuehler wrote: > Any of the standard CF to IDE adaptors should work with these devices... > > Charles Steinkuehler > http://lrp.steinkuehler.net > http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) > > > pn] It's about time. Anyone know of an IDE interface for these? > > > > --- Charles Steinkuehler <[EMAIL PROTECTED]> wrote: > > > > It is now - here's 2 links > > > > > > > > http://www.embedone.com/e-main4flashmemory1.htm > > > > http://www.quantum.com.pl/produkty_Flash_Com.html > > > > > > Great links...I especially like the second, which indicates it's running > on > > > a QNX based web-server. Now that's commitment to the embedded > marketplace > > > :) > > > > > > Charles Steinkuehler > > > http://lrp.steinkuehler.net > > > http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) > > > ___ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Issues with double-NATing or NoCatAuth?
Steve, I'm posing questions here, not answering. At some point in the future I plan to set up a wireless AP here, and I'd like to not only use it to access my local intranet, but also to allow users next door at the coffee shop to access the internet, (one of whom might be me). Have you considered methods to allow some wireless client to pass through the firewall to the local net? SSH would seem to be the most likely prospect. I plan to put the AP in the DMZ. It should run dhcp-server for the wireless connections and then NAT/gateway them to the firewall. It would also be nice to serve first request for port 80 to a `splash' page before passing the request to the Internet. As I said, these are more questions, not answers. -- Sincerely, David Smead http://www.amplepower.com. On Fri, 5 Apr 2002, Steve Cayford wrote: > > On Friday, April 5, 2002, at 12:42 PM, [EMAIL PROTECTED] wrote: > > > So, you will run NoCat in the DMZ. > > NoCat is the Wireless gateway/Authenicator that will > > allow authenticated wireless users Internet Access > > through your Oxygen router. > > > > NoCat issues it's own ip addresses to DCHP wireless > > clients on a DIFFERENT subnet than the DMZ and then > > NAT's that through the Oxygen router? > > That's my theory, unless anyone has other recommendations... > > > > > Well, in theory I supose that should work depending on > > the ipchains rules, etc. If you do do this, write it > > up as I'm sure NoCat and LEAF could use the how to. > > Will do. (If I get it to work.) > > -Steve > > > -sp > > > > Steve Cayford wrote > > > >> > >> Hi. I've been running Oxygen on a router at home for > > most of a year now > >> with no problems. Thanks to all for your excellent > > work. > >> > >> I'm planning to try running a wireless subnet in my > > house and hopefully > >> broadcast it outside as well -- I'd like to sit at > > the coffee shop > >> across the street and still go online. I've been > > thinking about joining > >> the free wireless crowd and using something like > > NoCatAuth to share > >> wireless access. I haven't looked at the details of > > the system much, but > >> my initial impression is they use perl and apache to > > control > >> masquerading on a router. > >> > >> My thought is to run NoCatAuth on a separate machine > > in a DMZ off of my > >> primary router. (Definitely not on my internal > > network!) Does this sound > >> reasonable? Am I going to run into weird problems by > > chaining IP > >> masquerading like that? > >> > >> Thanks for any suggestions. > >> > >> -Steve > >> > >> > >> ___ > >> Leaf-user mailing list > >> [EMAIL PROTECTED] > >> https://lists.sourceforge.net/lists/listinfo/leaf-user > > > > > > > ___ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] tulip problems
Charles, Thanks for the `steer'. The machine I'm trying to turn into a firewall is a P75, Dell Optiplex XMT 575. Apparently there is no flash upgrade for it. I plugged the quad NIC into my debian box and booted Bering with the tulip driver. All interfaces came up! But I also see a dummy interface and am curious what is it for? Back on the P75: I scrounged 4 NICs, 3com, 3C509B on the ISA bus. I booted with each one individually and copied down their MAC address. I can plug any two of them in and the lo and dummy interface comes up, along with eth0 and eth1. Adding two more for eth2 and eth3 has no effect. I supppose this has to do with plug and play. I don't have any Windows machines around, but I do have a DOS 6.22 floppy that boots. I'm just now trying to find out how to defeat PnP or work around it. Any and all clues are most welcome. -- Sincerely, David Smead http://www.amplepower.com. On Fri, 5 Apr 2002, Charles Steinkuehler wrote: > > Bad etiquette replying to myself, but since then I've discovered the the > > pci=biosirq is a kernel paramemeter, so I put it in the right place. > > > > That got rid of the suggestion to use the statement, but PCI now complains > > about not finding devices 01:20, 01:28, 01:30 and 01:38. And IRQ is still > > set to 0 for the four NICs. > > > > Bios is reported as version 2.10 but I haven't found information yet on > > what is required. > > Sounds like some sort of low-level problem with your PCI > chipset/bios/kernel. > > What sort of sytem (motherboard/CPU/chipset) are you running? > > Can you get another OS (windows, linux, or maybe a linux rescue CD...most > linux install disks have a "rescue" mode of some form) to see the cards? > > Charles Steinkuehler > http://lrp.steinkuehler.net > http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) > > ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] tulip problems
Ray, In fact the machine has 6 ISA slots, 2 of which are shared with PCI slots. I can get two interfaces up, eth0 at 0x210, irq 15, and eth1 at 0x300, irq 10. I'm running LEAF Bering and Shorewall. I've yet to learn how to use ip which replaces ifconfig, so that's slowing me down. The combination appears to be coming up on my `good' machine, which I don't want to waste just running a firewall. But if I can get it working there with the quad NIC and tulip then moving it the the grunt P75 will have to deal with ISA NICs. BTW, does anyone know how to detemine which RJ45 is which interface on the D_LINK DFE-570TX with the tulip driver? -- Sincerely, David Smead http://www.amplepower.com. On Wed, 10 Apr 2002, Ray Olszewski wrote: > At 05:39 PM 4/10/02 -0700, David Smead wrote: > [...] > > > >Back on the P75: I scrounged 4 NICs, 3com, 3C509B on the ISA bus. I > >booted with each one individually and copied down their MAC address. I > >can plug any two of them in and the lo and dummy interface comes up, along > >with eth0 and eth1. Adding two more for eth2 and eth3 has no effect. I > >supppose this has to do with plug and play. > [...] > > If these NICs are 3c509s on the ISA bus, they aren't PnP. It's hard to > understand how *any* two work together, since they should have fixed IRQ > assignments that will often conflict. Some pairs might work, but if all > possible pairs work, then so should all possible triples and quads (except > that I didn't realize that you could find P75s with 4 isa slots). > > When you say adding the other two "has no effect" ... what effects have you > looked for? Most interface-related commands report only *configured* > interfaces. The command "ifconfig -a" is the important exception (it's the > main reason I'm unhappy when ifconfig isn't part of distros). Do you see any > reports of the NICs during boot/init? If you try to hand configure eth2 or > eth3 from the command line, what happens? > > While there is something wrong with your setup, what you've told us isn't > quite enough to identify what that something is. > > -- > "Never tell me the odds!"--- > Ray Olszewski-- Han Solo > Palo Alto, CA [EMAIL PROTECTED] > > > ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] tulip problems
Thanks for your help, but I'm about ready to buy some new hardware. I have 5 of the 3C509B NICs. I downloaded the 3Com PNP tools which are a self expanding .exe. That didn't do me any good, because it expects to have a hard drive in the system for the expansion. I really don't want to install M$ on a hard drive!! But I discovered the isapnp site, ock.demon.co.uk/isapnptools/ and from there found a dos version that lets me boot dos, then swap disks and run a couple of tools to configure the cards. The tools say they configure with the io and irqs that I set. However, that doesn't work with Bering. I still get just two interfaces instead of four. I've tried linking to 3c509.o to make it look like I have another driver, and I've copied 3c509.o to another filename and listed that in /etc/modules and I still get operation not supported by device. I have a couple of other old NICs that aren't PNP, but without enough information to know what driver they take. I don't want to waste a good machine for a firewall, but it's looking more like that will have to be done. How is everyone else handling more than two interfaces? -- Sincerely, David Smead http://www.amplepower.com. On Thu, 11 Apr 2002, Charles Steinkuehler wrote: > > BTW, does anyone know how to detemine which RJ45 is which interface on the > > D_LINK DFE-570TX with the tulip driver? > > IIRC, the "top" connector (the one farthest from the PCI connector) is the > first interface to get recognized (ie eth0 if this is the only card in the > system), and the connector closest to the PCI connector is the "last" > interface (ie eth3). > > Regarding your ISA problems: Make sure you have the cards set for unique > I/O and IRQ values. You'll probably also have to pass the values to the > driver for it to recognize all the cards. One word of warning...not all > network drivers will support an arbitrary number of cards. It's possible > (but unlikely with the 3com cards) the driver will not recognize more than > two NIC's. If this is the case, there are a couple work-arounds you can > try, including using a different driver (I think there are at least 2 linux > drivers for most 3com stuff), and loading the same driver again with a > different name (ie copy your driver.o file to driver2.o, and make another > entry in /etc/modules for it). > > Charles Steinkuehler > http://lrp.steinkuehler.net > http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) > > ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] more than 2 3c509 NIC (was tulip problems)
Brad and others, Thanks for your great help - I didn't have to install DOS onto a hard drive!! I downloaded the 3c5x9cfg.exe, about 230 kB. Before using it to configure the cards you have to disable pnp. That's done using the same executable, but with some command line args. I found pnpdsabl.bat which does the trick. fog.bio.unipd.it/pub/Networking/Drivers/3Com/3Com509-3Com509B/Disk2/pnpdsabl.bat After that I got five cards configured and when Bering boots they load at the correct addresses and show the selected IRQ!! cat /proc/ioports looks good, however cat/proc/interrupts doesn't show any interrupts for the cards. I don't have any cables plugged in at this point - are interrupts actually required before /proc/interrupts show up? I used irqs 3,5,7,11 and 15. What I get for cat /proc/interrupts is: CPU0 0: 886070 XT-PIC timer 1: 1190XT-PIC keyboard 2: 0 XT-PIC cascade NMI:0 ERR:0 I'm guessing that the column under the CPU0 is the count of occurence since it goes up every time I run the command. So where are my other interrupts???? -- Sincerely, David Smead http://www.amplepower.com. On Sun, 14 Apr 2002, Brad Fritz wrote: > > My apologies for the rather long reply inline... > > On Sat, 13 Apr 2002 21:42:51 PDT David Smead wrote: > > > I have 5 of the 3C509B NICs. > > I have 6 3c509b cards in two of my firewalls. One is Dachstein > and the other is Bering. I can testify that all 12 work fine > when properly configured with 3c5x9cfg.exe. More on that below. > > > I downloaded the 3Com PNP tools which are a > > self expanding .exe. That didn't do me any good, because it expects to > > have a hard drive in the system for the expansion. I really don't want to > > install M$ on a hard drive!! > > All you really need is the 226k 3c5x9cfg.exe. Someone has a > copy posted at > http://www.urz.uni-heidelberg.de/Netzdienste/nm/misc/3comnic/ > I ran a comparison of the md5 checksum with a known good copy > from 3com and they match. > > [brad@brad-nb tmp]$ wget \ >http://www.urz.uni-heidelberg.de/Netzdienste/nm/misc/3comnic/3c5x9cfg.exe \ >2> /dev/null > [brad@brad-nb tmp]$ md5sum /tmp/3c5x9cfg.exe > acd53047824a7438c097e7d58be5bdcd 3c5x9cfg.exe > [brad@brad-nb tmp]$ md5sum /mnt/disk/3c5x9cfg.exe > acd53047824a7438c097e7d58be5bdcd /mnt/disk/3c5x9cfg.exe > > IIRC, you only need MS DOS to extract the 3c509x1.exe disk > image...still it's a shame it's not a plain self-extracting zip > file. > > > > But I discovered the isapnp site, ock.demon.co.uk/isapnptools/ and from > > there found a dos version that lets me boot dos, then swap disks and run a > > couple of tools to configure the cards. The tools say they configure with > > the io and irqs that I set. > > >From your description, I can't tell if you found 3c5x9cfg.exe at > the url above or some other tool. Either way, you definitely want > to make sure you disable PnP on the cards and, as other list members > have said, give each separate IO and IRQ addresses. Here's the setup > from one of my firewalls. > ># cat /proc/ioports > [..] >0300-030f : 3c509 >0310-031f : 3c509 >0320-032f : 3c509 >0330-033f : 3c509 >0340-034f : 3c509 >0350-035f : 3c509 > [..] > ># cat /proc/interrupts > [..] > 5: 14051544 XT-PIC eth0 > 7:3714433 XT-PIC eth1 > 8: 47 XT-PIC rtc > 9: 61372 XT-PIC eth2 > 10: 0 XT-PIC eth3 > 11: 0 XT-PIC eth4 > 12: 0 XT-PIC eth5 > [..] > > (I don't use the parallel port or any sound cards on this > machine.) > > You should probably check that all NICs are using the same > transceiver types and duplex values from 3c5x9cfg.exe too. > > > If you jot down the MAC addresses from 3c5x9cfg.exe and > physically arrange the cards in order ascending or descending > MAC address it makes it much easier to keep track of which > NIC maps to which ethN interface. > > > > However, that doesn't work with Bering. I still get just two interfaces > > instead of four. I've tried linking to 3c509.o to make it look like I > > have another driver, and I've copied 3c509.o to another filename and > > listed that in /etc/modules and I still get operation not supported by > > device. > > Sure sounds like you still have an IO port or IRQ conflict. If > you configure the cards properly with 3c5x9cfg.exe, you will only > need a single > > 3c509 > > line in /etc/modules and the driver will autmagically recognize &g
[Leaf-user] Interrupts
I'm working on a LEAF Bering machine. It appears that it loads the 3c509 module properly, and assigns it io port addresses, but not an interrupt. cat /proc/ioports and cat /proc/interrupts. On the same machine using tomsrtbt, the nic comes up with an interrupt. PNP has been disabled and the cards configured with known address and IRQ. Both Bering and tomsrtbt come up with the expected io ports. I'm using Bering 2.4.18 #3 Mar 15. -- Sincerely, David Smead http://www.amplepower.com. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] cat /proc/interrupts
Can anyone running Bering tell me what they be when executing the command: cat /proc/interrupts Thanks. -- Sincerely, David Smead http://www.amplepower.com. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] motherboard with no vid card
www.soekris.com -- Sincerely, David Smead http://www.amplepower.com. On Fri, 26 Apr 2002, Bernie Berg wrote: > howdy... I'd like to make a minimalistic "network appliance" looking bearing >firewall box... Is there a motherboard out there that will boot without a video >card? since after the load all that would be needed is a network or serial >connection... > > thanks for the info > > bernie > > ___ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] cat /proc/interrupts
Jacques, Thanks for the input. I'm not showing interrupts, but the drivers seem to load, and I/O space is assigned. >From dmesg: eth0: 3c5x9 at 0x300, 10baseT port, address 00 50 04 04 7c 94, IRQ 15. 3c509.c:1.18a [EMAIL PROTECTED] http://www.scyld.com/network/3c509.html eth1: 3c5x9 at 0x310, 10baseT port, address 00 60 97 79 11 7b, IRQ 3. 3c509.c:1.18a [EMAIL PROTECTED] http://www.scyld.com/network/3c509.html eth2: 3c5x9 at 0x320, 10baseT port, address 00 60 97 c3 46 10, IRQ 11. 3c509.c:1.18a [EMAIL PROTECTED] http://www.scyld.com/network/3c509.html eth3: 3c5x9 at 0x330, 10baseT port, address 00 60 97 c3 47 5b, IRQ 7. 3c509.c:1.18a [EMAIL PROTECTED] http://www.scyld.com/network/3c509.html eth4: 3c5x9 at 0x340, 10baseT port, address 00 a0 24 ed c0 8d, IRQ 5. 3c509.c:1.18a [EMAIL PROTECTED] http://www.scyld.com/network/3c509.html >From /proc/ioports: -001f : dma1 0020-003f : pic1 0040-005f : timer 0060-006f : keyboard 0080-008f : dma page reg 00a0-00bf : pic2 00c0-00df : dma2 00f0-00ff : fpu 0300-030f : 3c509 0310-031f : 3c509 0320-032f : 3c509 0330-033f : 3c509 0340-034f : 3c509 03c0-03df : vga+ 0cf8-0cfb : PCI conf2 >From /proc/interrupts: CPU0 0:8241668 XT-PIC timer 1:400 XT-PIC keyboard 2: 0 XT-PIC cascade NMI: 0 ERR: 0 Any ideas about how this happens are appreciated. This is running on a Dell Optiplex 575 - P75 with 24 MB ram, no ide cables plugged in. All nics have pnp disabled and were configured as the dmesg shows. Distribution is Bering, 2.4.18, #3, March 15. -- Sincerely, David Smead http://www.amplepower.com. On Fri, 26 Apr 2002, Jacques Nilo wrote: > Here you are: > > firewall: -root- > # cat /proc/interrupts >CPU0 > 0: 42026 XT-PIC timer > 1:117 XT-PIC keyboard > 2: 0 XT-PIC cascade > 9: 1 XT-PIC NE2000 > 10:356 XT-PIC eth1 > 11:158 XT-PIC eth0 > 13: 0 XT-PIC fpu > NMI: 0 > ERR: 0 > > firewall: -root- > # > Jacques > http://leaf.sourceforge.net/devel/jnilo > - Original Message - > From: "David Smead" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, April 26, 2002 7:35 AM > Subject: [Leaf-user] cat /proc/interrupts > > > > Can anyone running Bering tell me what they be when executing the command: > > cat /proc/interrupts > > > > ___ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] looking for Linux distribution just for LAN DHCPserver (1 NIC)
Alan, Any Linux machine can be configured to be a dhcp server, if that's all you want it to do. This includes the LEAF varieties. How often I hear people say that they don't have time to try out Linux, yet would like to have some canned Linux solution to a problem not so easily accomplished by Micros~1 machines. I think people who are `glued' to such, are simply aiding their own victimization, and finding an excuse not to learn more about Linux is just another way of admitting intellectual laziness. -- Sincerely, David Smead http://www.amplepower.com. On Sun, 28 Apr 2002, Alan Tu wrote: > Hi, I found out about LEAF from the Langa List and was attracted to it > because it could do broadband routing on a computer, just by booting from a > CD or floppy. Unfortunately, our family is glued to Windows, and we don't > have time to learn to build/compile Linux, etc, but the LEAF instructions > seemed easy (just burn an ISO image and do some configuring). > > My problem is, before we get broadband, we already have a home network > (Windows boxes and now a Mac). We want a DHCP server to assign IP addresses, > and I want to use a Linux distribution on a spare box to do so. > Unfortunately, LEAF requires two NIC's because it is a full LAN/WAN router. > I was wondering if there is a good distribution just as easy and small as > LEAF that can just do DHCP serving over Ethernet? > > Thanks in advance. > > Regards, > > Alan Tu > > > > ___ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] looking for Linux distribution just for LAN DHCPserver (1 NIC)
Alan, True, no one is going to learn Linux overnight, although anyone can learn to use Linux applications as easily as Micros~1 application. But one doesn't learn to ski by sitting in the club house. You learn to ski by going up the hill and pointing the skis downhill. LEAF is not the place to start, particularly if you're planning to use some old hardware with likely issues of compatibility. The place to start is with a CD box set including a manual from RedHat or Mandrake. They make installation as easy on the novice as possible - sort of the bunny slope. Once you understand the issues of networking, card/driver matching, and administration via files, then LEAF will be an excellent tool. At that point you'll be skiing with the experts and might even want to compile a kernel just for fun. Generally there's no need to do so otherwise. -- Sincerely, David Smead http://www.amplepower.com. On Sun, 28 Apr 2002, Alan Tu wrote: > David, > > > How often I hear people say that they don't have time to try out Linux, > > yet would like to have some canned Linux solution to a problem not so > > easily accomplished by Micros~1 machines. > > You should not hold it against people who know that Unix is a much better > network OS, and have a particular interest in using Linux in this way. One > cannot switch a house full of Windows boxes (and a Mac) to Linux overnight, > and I have never used Linux. Today I cannot snap my fingers and compile a > correct microdistribution. I can, however, have a willingness to try and use > Linux in a practical, needed application. If this makes me lazy, so be it. > If this makes me less smart and less knowledgeable than you, yes, it does. > If the only good way to try/use Linux is to fully partition and install > Linux on a hard drive, or compiling your own distribution, (anything else > can probably be considered canned), then much fewer people will consider > trying it. > > Alan > > > > ___ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [leaf-user] Dachstein /proc/pci missing
Scott PCI? ISA? ISA cards get assigned addresses according to mac address with eth0 getting the lowest mac address. You will want to disable pnp for ISA bus cards, and load that driver first to grap eth0. PCI cards appear to get assigned in slot order with the lowest number going to the slot closest to the computer. -- Sincerely, David Smead http://www.amplepower.com. On Tue, 30 Apr 2002, Scott Ritchie wrote: > Please ignore my last post. > > New question... > > I have 2x 10/100 tulip nics and one 10baseT nic. How do I assign what eth# > to each nic. Currently eth0=10/100, eth1=10/100, eth2=10bT > I need eth0=10bT(adsl), eth1=10/100(lan), eth2=10/100(dmz)? > > Thanks inadvance > Scott > > >
Re: [leaf-user] Dachstein /proc/pci missing
All the questions about buses weren't answered, nor the way the drivers are loaded in /etc/modules. As a test, load only the driver for the 10bt modules in /etc/modules. See that it gets eth0 assigned. Now load the driver for the other nics. They should get 1 and 2. I would think you would get the same thing by ordering the drivers in /etc/modules, but if not, you can always script load as suggested. -- Sincerely, David Smead http://www.amplepower.com. On Tue, 30 Apr 2002, Scott Ritchie wrote: > Their all PCI, all use tulip.o, > > I've tried mixing the nic's around to see if there is order to this, oddly > regardless of what slot the 10bT nic is in it is always comes up eth2. > While the other two can be interchanged. Though this motherboard seems to > assign eth0 starting on the nic furthest from the io ports. Could this be > an ordering issue inside the driver? the 10bT probably uses a earlier > variation than the other two. > > > Just in case it matters... > Bering 1.0 rc2 > 2x SMC 1255TX (10/100) > 1x D-Link 530 CT (10bT) has digital 21041-PB > Motherboard ASUS TXP4, 32MB ram, P166 > > Scott > > > > > > PCI? ISA? > > > > ISA cards get assigned addresses according to mac address with eth0 > > getting the lowest mac address. You will want to disable pnp for ISA bus > > cards, and load that driver first to grap eth0. > > > > PCI cards appear to get assigned in slot order with the lowest number > > going to the slot closest to the computer. > > > > -- > > Sincerely, > > > > David Smead > > http://www.amplepower.com. > > > > On Tue, 30 Apr 2002, Scott Ritchie wrote: > > > > > Please ignore my last post. > > > > > > New question... > > > > > > I have 2x 10/100 tulip nics and one 10baseT nic. How do I assign what > eth# > > > to each nic. Currently eth0=10/100, eth1=10/100, eth2=10bT > > > I need eth0=10bT(adsl), eth1=10/100(lan), eth2=10/100(dmz)? > > > > > > Thanks inadvance > > > Scott > > > > > > > > > > > > > > >
RE: [leaf-user] Is it worth making LEAF work on 386?
Steve, You will indeed learn a lot from this project, and of course you can do that learning while tethered to the power pole. Having dealt with alternate energy systems since 1985, including remote sites operating radio and telecommunications gear, I can assure you that you will not be operational for any length of time using solar/battery power unless you are willing to spend many times the cost of an AP for solar panels, batteries, and energy management equipment. Even using an off-the-shelf AP, (two if you want to repeat), is not a simple excercise using solar power. To my knowledge, there is no AP today that has been designed with minimal energy usage as a primary goal. By all means play with LEAF and wireless networking, but don't expect much from a surplus 386. Even an old laptop would suck too much energy to run on a simple solar/battery system. Have fun. -- Sincerely, David Smead http://www.amplepower.com. On Wed, 1 May 2002, steve wrote: > Hi Brock > Thanks for your concerns on power consumption and I would have to agree > about using an AP, particularly if buying everything from the start it > would be better. > > The wireless cards only cost me $13USD each and I have everything else > except coax and connectors so even with the extra power consumption it > will work out a bit cheaper for me to use a LEAF system. I can put > money that would be spent on an AP towards the extra required for solar > panel. It's also a project for me to learn more about > Linux/routing/wireless etc. > > Another big advantage for me is if there is a problem with hardware I > have spare cards and mother boards as replacements. Along with a friend > that can do the replacing if I'm away. > > Again if I had nothing in my junk bin and starting with nothing, AP's > would be the best way. > > Steve. > > > > > Not wanting to rain on anyone's parade, but I am of the > > opinion that this is > > a *bad* idea... for one main reason: > > > > Power Consumption. > > > > As Steve alluded to, solar equipment is not cheap. I think > > the key to a > > cost-effective solution is to buy a real access point that > > can function as a > > repeater. The smaller and simpler the better. What you pay for this > > hardware over and above the cost of a LEAF box will likely be > > less than the > > additional solar panels, batteries and grief of building and > > maintaining a > > LEAF install in a less than hospitable environment. The AP > > is more likely > > to keep going in the cold of winter and heat of summer than > > that 386 is. > > > > A simple repeater has no need for firewall abilities, dhcp, > > ssh or any of > > the other goodies in LEAF! These abilities are better used > > at the ends to > > prevent unauthorized access via the repeater. If you can get > > the repeater > > concept to go, perhaps something like nocatauth from > > nocat.net would be a > > better solution to keep the neighbours from stealing your > > bandwidth (if > > that's a concern). > > > > Brock > > > > | > I'm putting in a wireless link from friends in city to > > farm for faster > > | > Internet access and need to have a remote repeater site > > on hill running > > | > from battery and solar power. LEAF should be ideal for > > this. I will make > > | > a power supply to run the mother board direct from the > > battery to reduce > > | > losses (about %15) from using Inverter and PC supply. > > Sun power might > > | > be free but solar panels are not cheap, so the lower the > > losses and > > | > power requirements the better. > > > > > > > > > > >
[leaf-user] Forwarding
I'm playing with forwarding using a couple of Debian machines, before finalizing a Bering firewall. I'm missing something. 192.168.3.245 is connected to 192.168.3.254. The latter also has a NIC on 192.168.8.24. There are other machines on the .8.0/24 network. I can ping 192.168.8.24 from 192.168.3.245, but nobody else on the .8.0/24 network. Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 192.168.3.0 0.0.0.0 255.255.255.0 U 000 eth1 192.168.8.0 0.0.0.0 255.255.255.0 U 000 eth0 0.0.0.0 192.168.8.254 0.0.0.0 UG000 eth0 thevenin:/boot# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- localnet/24 anywhere ACCEPT all -- 192.168.3.0/24 anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- localnet/24 192.168.3.0/24 ACCEPT all -- 192.168.3.0/24 localnet/24 Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere localnet/24 ACCEPT all -- anywhere 192.168.3.0/24 -- Sincerely, David Smead http://www.amplepower.com. ___ Hundreds of nodes, one monster rendering program. Now that's a super model! Visit http://clustering.foundries.sf.net/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Forwarding
Tom, Thanks for the reply. Here's route on the 192.168.3.245. eth0 is down, otherwise it would have the route you suggest. knuth:/etc/init.d# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 0.0.0.0 192.168.3.254 0.0.0.0UG0 0 0 eth1 >From 192.167.3.245 I can ping both interfaces on thevenin - 192.168.254 and 192.168.8.24. I figued that some kind of forwarding must be happening there. At the moment I have thevenin mounted on knuth over nfs, so a lot of stuff is working over the .3.0 net. -- Sincerely, David Smead http://www.amplepower.com. On Sat, 18 May 2002, Tom Eastep wrote: > On Sat, 18 May 2002, David Smead wrote: > > > I'm playing with forwarding using a couple of Debian machines, before > > finalizing a Bering firewall. > > > > I'm missing something. > > > > 192.168.3.245 is connected to 192.168.3.254. The latter also has a NIC on > > 192.168.8.24. There are other machines on the .8.0/24 network. > > > > I can ping 192.168.8.24 from 192.168.3.245, but nobody else on the .8.0/24 > > network. > > > > The problem is probably on 192.168.3.245 -- does IT have a route to > 192.168.8.0/24 (either the default route or an explicit net route)? > > -Tom > ___ Hundreds of nodes, one monster rendering program. Now that's a super model! Visit http://clustering.foundries.sf.net/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Forwarding
Tom, thevenin:/etc# cat /proc/sys/net/ipv4/ip_forward 1 I did that explicitly. I probably should have installed shorewall but since all I want to do is forward all traffic between two internal nets I figured it would be easy enough just to dump a few rules into iptables. Wrong! thevenin:/etc/init.d# uname -a Linux thevenin 2.4.18-686 #1 Sun Apr 14 11:32:47 EST 2002 i686 unknown -- Sincerely, David Smead http://www.amplepower.com. On Sat, 18 May 2002, Tom Eastep wrote: > On Sat, 18 May 2002, David Smead wrote: > > > Tom, > > > > Thanks for the reply. Here's route on the 192.168.3.245. eth0 is down, > > otherwise it would have the route you suggest. > > > > knuth:/etc/init.d# route -n > > Kernel IP routing table > > Destination Gateway Genmask Flags Metric Ref Use Iface > > 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > > 0.0.0.0 192.168.3.254 0.0.0.0UG0 0 0 eth1 > > > > From 192.167.3.245 I can ping both interfaces on thevenin - 192.168.254 > > and 192.168.8.24. I figued that some kind of forwarding must be happening > > there. > > No -- no forwarding is required there. > > > At the moment I have thevenin mounted on knuth over nfs, so a lot > > of stuff is working over the .3.0 net. > > > > > > >From the ruleset on your router, it appears that you haven't yet > configured Shorewall -- one of the things that Shorewall does is enable > forwarding via: > > echo 1 > /proc/sys/net/ipv4/ip_forward > > Have you done that via some other means. > > -Tom > ___ Hundreds of nodes, one monster rendering program. Now that's a super model! Visit http://clustering.foundries.sf.net/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Forwarding
Tom, Thanks again for your suggestion - tcpdump showed the problem - no return route. I'm learning, albeit slowly. -- Sincerely, David Smead http://www.amplepower.com. On Sat, 18 May 2002, Tom Eastep wrote: > On Sat, 18 May 2002, David Smead wrote: > > > I probably should have installed shorewall but since all I want to do is > > forward all traffic between two internal nets I figured it would be easy > > enough just to dump a few rules into iptables. > > > > Wrong! > > > > Looks like it's time to dig out tcpdump > > -Tom > ___ Hundreds of nodes, one monster rendering program. Now that's a super model! Visit http://clustering.foundries.sf.net/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Forwarding
Jeff, Thanks for you reply. I figured out the return route as the problem based on the output of tcpdump, but your reply is much appreciated by me and I'm sure others trying to learn more about networking will appreciate the information also. In the hopes that I can contribute information I'll explain more about the situation. I'm trying to change something that was done earlier as a quick fix by someone else. In the beginning there was just the internal net, .8.0, and it was shared by both Linux and Windows machines (the latter in accounting). The Windows machines would suffer (more than normal) crashes, which was eventually correlated with big file transfers between Linux machines in engineering - PCB layout files for example. The quick fix was to stuff another NIC in the firewall and let it be the gateway between two subnetworks, (the Windows machines use a Linux/Samba server that also has engineering partitions). That took the traffic off the NICs in the Window boxes and made them as happy as can be expected. The Windows machines are all running on 10Mbs NICs, whereas the Linux machines on the .8.0 net were upgraded to 100 Mbs NICs once they were on a separate subnet. I discovered the connection via the firewall not too long ago when I became involved in upgrading a new server and new firewall. The leaf Bering machine is pretty much ready to deploy. The .8.24 machine will be the new Linux/Samba server once it's in place, so I plugged a 10 Mbs NIC into it on eth1 and cross connected it to another Debian box for testing. My plan of attack is this. 1) Pull the cable out of firewall for the Windows subnet and plug it into the NIC on the `will be' server, with routing setup so that the Window boxes can still access the old server. I'm assuming that the Netgear switch will soon learn the new MAC address for the .3.254 gateway. 2) Get the LEAF Bering firewall deployed - with one less NIC than the present one. 3) Shut off the Windows boxes and move their home directories to the new server. 4) Pull the old server off-line. 5) Give the new server an alias using the IP number of the old server. 6) Turn on the Windows machines. 7) Put on my hard hat. -- Sincerely, David Smead http://www.amplepower.com. On Sat, 18 May 2002, Jeff Newmiller wrote: > On Sat, 18 May 2002, David Smead wrote: > > > Tom, > > > > thevenin:/etc# cat /proc/sys/net/ipv4/ip_forward > > 1 > > > > I did that explicitly. I probably should have installed shorewall but > > since all I want to do is forward all traffic between two internal nets I > > figured it would be easy enough just to dump a few rules into iptables. > > > > Wrong! > > "forward all traffic between two internal nets" = bridging, not routing, > and you would need to use the same network across both sides of the > bridge. > > When it comes to routing, EVERY MACHINE has to know how to get to every > other machine. Mostly this is accomplished with default routes to keep > things sane... but on the internet backbone the routing tables are > horrendous to make up for that localized simplicity. You are starting to > internetwork your own networks, so here is where the rubber hits the road > in terms of learning. You have to look at the routing tables at every > involved machine and ask yourself how they will know to send packets to > the next hop along the way. Every involved machine in this case is at > least three machines: your .3.245, .3.254/.8.24, and whatever machine you > want to communicate with in .8.0/24. And packets have to know how to go > both directions. > > _IF_ your machine with NICs 192.168.3.254 and 192.168.8.24 is set up as > the default route for all other machines on both networks, you should be > able to make this work easily. I suspect 192.168.8.24 is NOT the default > route for all machines on 192.168.8.0/24, so they are dropping the > return packets because they aren't smart enough to know what to do > with those packets yet. You have a couple of choices: > > a) make it so (default routes both directions) > b) put appropriate routing entries in the router that IS the default > route for all machines on 192.168.8.0/24 so that packets destined > for 192.168.3.0/24 get sent to 192.168.8.24 ... this will pass traffic > that traffic across the .8.0 segment twice... inefficient. > c) put extra routing entries in every machine on .8.0/24 so they know to > use 192.168.8.24 > d) use masquerading to give .3.0/24 second class status in .8.0/24 > e) change the machines in .3.0/24 over to .8.0/24 addresses, and bridge > or subnet proxy-arp through the debian box, (or just wire them together). > > > --- > Jeff Newmiller
[leaf-user] BEring/DNS
I'm trying to test a LEAF Bering firewall, with just two interfaces at present. I'm not sure if I have a routing problem, a DNS problem, or a shorewall problem. I downloaded a tcpdump.lrp and the libp, but these were for a 2.2 kernel series. Tcpdump works, but it appears to accumulate a lot of traffic before it displays anything. In other words, I don't trust it. On eth0, I have a dsl connection. eth0 is the default (route) dev. On eth3, I have a test machine, 192.168.8.23 The firewall on eth3 is 192.168.8.22, with the name franklin, and 192.168.8.2, with the name dns2. Interfaces are eth3, and eth3:0. >From the fw and from the test machine, I can ping the gateway on the dsl connection using it's IP number. After some delay, tcpdump shows traffic on eth0. If I ping by name, i.e.yahoo.com, however, there is no eth0 traffic. The test machine can only do a lookup using dns2, which should be dnscache. And it should pass the request up and out on eth0. What am I missing? dnscache shows up in the process list. How can I see what requests it gets? -- Sincerely, David Smead http://www.amplepower.com --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
