Re: [leaf-user] SSH login takes 40 seconds
I don't like the /etc/hosts solution either, but its the one I use as well. Doug Date: Wed, 17 Nov 2004 08:18:51 +0100 From: Erich Titl [EMAIL PROTECTED] To: cpu memhd [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: [leaf-user] SSH login takes 40 seconds Hi cpu memhd wrote: Bering uClibc 2.2 - I got SSH working a few weeks ago. Now for some reason it takes 40 seconds to display a console screen after I login. I have read that this is likely a reverse DNS problem. But why should it matter if I'm using private, 10.x.x.x IPs? Also, I don't recall making any changes between the time SSH worked and now. Any ideas? If you have a working DNS server then it should just return an NXDOMAIN and you should be fine. If not, sshd will try to reverse lookup your address and finally time out. One possible solution is to include your management station in the /etc/hosts file (not that I specifically like this solution) Erich --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re:[leaf-user] vpn capability router
Well, yes that is usually the case - otherwise what would be the point of setting up a VPN. As far as controlling what has access to what in a LEAF / Shorewall / OpenVPN setup - if it is setup correctly, you would use the Shorewall rules and policies to determine what access the vpn segments have to the fw and to the loc network. Doug chiew yock sang [EMAIL PROTECTED] 05/19/04 04:14AM Are u trying to say that without vpn, the network segment wouldn't be able to ping to another network segment? thanks! From: Doug Hite [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re:[leaf-user] vpn capability router Date: Thu, 06 May 2004 08:04:48 -0500 Well, the most obvious way to tell it is working is that the network subnets that are being connected can communicate with each other. Say the local network segment on router A is 192.168.1.0, and on router B is 192.168.2.0. If after the VPN is up, and if the Shorewall rules allow vpn to loc and loc to vpn access on both sides, then you should be able to comminicate (ping, etc) from one network segment to another. Its hard to do these setups in a vacuum. The best way to do it is to get a router working - duplicate that to a second router - different external ip and network segment and confirm that works. You may need client on the internal sides of these routers to confirm they are working correctly. Once all that is working - add the VPN stuf to connect the 2 routers. The clients can be any networked computer that connects to the local subnet. Windows, linux, whatever - its used to represent the clients that will actually be on the networks and using the VPN link (that would be the point of a VPN after all). Doug chiew yock sang [EMAIL PROTECTED] 05/06/04 04:29AM How to know the vpn router is working fine? Do I need to make the 2nd router before I can determine the router is working fine? Do i need to configure the client? and how? Please help me. I'm quite new in leaf, but with your help, I have achieved a lot. Thanks for your help and looking forward for your reply From: Doug Hite [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re:[leaf-user] vpn capability router Date: Wed, 05 May 2004 09:01:42 -0500 If I were pressed on time, I would do this - Use Bering 1.2 stock. Set up 1 router, and get it working. add the ifconfig and openvpn packages as found here - http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/ http://lrp.steinkuehler.net/Packages.htm add tun.o as found here - http://download.sourceforge.net/leaf/Bering_1.2_modules_2.4.20.tar.gz Set up openvpn using the instructions here and here - http://leaf.sourceforge.net/doc/guide/buopenvpn.html http://www.shorewall.net/OPENVPN.html Duplicate to 2nd router, and adjust configuration. I set up a test vpn using these steps in about an hour. Its very easy if you have experience with LEAF. Things to watch out for - 1) Watch the size on the disk - you will need to remove unused packages 2) In setting up the VPN, use shorewall clear and get it working, then reactivate the firewall and test again. 3) If you follow the shorewall steps exactly - the firewall will not have access to the vpn, so testing connection from the firewall to the remote vpn may not be the best place to do it. Use clients behind the firewall, or open up access. Doug I'm currently studying, my lecturer asked me to do a router with VPN capability with floppy disk(s). I have tried a for quite long and still haven get the result. I don't know what has gone wrong. Can anyone show me the proper way to start? I'm willing to start all over again to make sure I'm in the right track. I'm just hoping I can finish this project on time. Thanks. --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id149alloc_idn66op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html _ Download the latest MSN Messenger http://messenger.msn.com.my _ Are you in love? Find a date on MSN Personals http://match.msn.com.my/ --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id%62alloc_ida84op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists
Re:[leaf-user] vpn capability router
OpenVPN, and IPSec are different VPN standards. There difference are listed here - http://www.netheaven.com/TunnelTypes.html For ease of setup - when you have control of both ends, and speed of setup is an issue - openvpn is what I would use. As for wireless use - the docs in the Bering User manual go through using OpenVPN for use with a wireless network - but you can ignore the 2nd half of that document if you are doing a router to router link, and use the Shorewall docs for that piece. For testing the VPN ... well, I'm doing it by testing the applications that I have running through that link to the new subnet. I guess I could also sniff the wire using ethereal or something to see that the traffic was encrypted. The logs also show that the link is active, and with the verbose level turned up - you can probably get all kinds of info in the log file. Doug chiew yock sang [EMAIL PROTECTED] 05/05/04 10:48PM Can you tell me what is the difference between openVPN and IPSec? Is it openVpn only meant for wireless client? How to know the VPN capability router is working? In other words, how to test it? Thanks P/s I have setup a router and it is working now From: Doug Hite [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re:[leaf-user] vpn capability router Date: Wed, 05 May 2004 09:01:42 -0500 If I were pressed on time, I would do this - Use Bering 1.2 stock. Set up 1 router, and get it working. add the ifconfig and openvpn packages as found here - http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/ http://lrp.steinkuehler.net/Packages.htm add tun.o as found here - http://download.sourceforge.net/leaf/Bering_1.2_modules_2.4.20.tar.gz Set up openvpn using the instructions here and here - http://leaf.sourceforge.net/doc/guide/buopenvpn.html http://www.shorewall.net/OPENVPN.html Duplicate to 2nd router, and adjust configuration. I set up a test vpn using these steps in about an hour. Its very easy if you have experience with LEAF. Things to watch out for - 1) Watch the size on the disk - you will need to remove unused packages 2) In setting up the VPN, use shorewall clear and get it working, then reactivate the firewall and test again. 3) If you follow the shorewall steps exactly - the firewall will not have access to the vpn, so testing connection from the firewall to the remote vpn may not be the best place to do it. Use clients behind the firewall, or open up access. Doug I'm currently studying, my lecturer asked me to do a router with VPN capability with floppy disk(s). I have tried a for quite long and still haven get the result. I don't know what has gone wrong. Can anyone show me the proper way to start? I'm willing to start all over again to make sure I'm in the right track. I'm just hoping I can finish this project on time. Thanks. --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id149alloc_idü66op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html _ Are you in love? Find a date on MSN Personals http://match.msn.com.my/ --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re:[leaf-user] vpn capability router
If I were pressed on time, I would do this - Use Bering 1.2 stock. Set up 1 router, and get it working. add the ifconfig and openvpn packages as found here - http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/ http://lrp.steinkuehler.net/Packages.htm add tun.o as found here - http://download.sourceforge.net/leaf/Bering_1.2_modules_2.4.20.tar.gz Set up openvpn using the instructions here and here - http://leaf.sourceforge.net/doc/guide/buopenvpn.html http://www.shorewall.net/OPENVPN.html Duplicate to 2nd router, and adjust configuration. I set up a test vpn using these steps in about an hour. Its very easy if you have experience with LEAF. Things to watch out for - 1) Watch the size on the disk - you will need to remove unused packages 2) In setting up the VPN, use shorewall clear and get it working, then reactivate the firewall and test again. 3) If you follow the shorewall steps exactly - the firewall will not have access to the vpn, so testing connection from the firewall to the remote vpn may not be the best place to do it. Use clients behind the firewall, or open up access. Doug I'm currently studying, my lecturer asked me to do a router with VPN capability with floppy disk(s). I have tried a for quite long and still haven get the result. I don't know what has gone wrong. Can anyone show me the proper way to start? I'm willing to start all over again to make sure I'm in the right track. I'm just hoping I can finish this project on time. Thanks. --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id149alloc_id66op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: Vonage and Bering
Just to add to this discussion - I too am investigating this option. There has been some discussion of Vonage on the Shorewall mailing lists - you can search them at shorewall.net - keyword vonage. Looks like users on that list have gotten it to work - and a listing of the rules can be found there. Also you may want to check out http://www.voicepulse.com/default.aspx This is the other company I have heard mentioned on /. Not as much information on firewalls, but they use a different phone, so maybe its more NAT friendly. Not as much coverage though if having a local number is wanted. I'm wondering if a 3 nic DMZ setup would be in order for a home deployment of this - where the only device in the DMZ was the phone. Might that reduce some of the security issues ? Doug --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70alloc_id638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] which VPN to use ?
Hello all, I have been using Bering (regular) very successfully for awhile here, and I will need to be setting up a VPN to connect our office in Texas with a newly opening office in Florida. I will have full control over both endpoints, and having interoperability between my VPN endpoints, and other companies is not an issue, nor do I foresee it being an issue anytime soon. Question: What would be the best VPN package to use ? CIPE, IPSEC, something else ??? Also - We are considering using IP Telephony to tie together the phone systems. The phone vendor recommends getting a managed VPN from some provider to ensure quality phone conversations, I guess by maintaining and managing the bandwidth between the endpoints ... but I am not sure. If we opt for this option, does it take the place of the VPN, so that the provider is doing the VPN part ? Any interoperable issues with this setup with Bering ? Any suggestions welcome. Thanks. Doug --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] sshd taking too long ?
Hello all - I am trying to troubleshoot my Bering 1.0 router install with sshd (from http://leaf.sourceforge.net/devel/jnilo/ ) The first time I try to connect with an ssh client it takes anywhere from 25 to 50 seconds. I can then immediately disconnect, and reconnect, and this time it does it almost immediately. I can leave it disconnected for a few hours, and then try again, and it will take 25 to 50 seconds to connect again. I have turned on the debugging - and have attached a sample of one of these long waits. I also included an entry that seems to be in the log about once per hour - where it is regenerating the RSA key. My working guess is that the long wait happens with the first connection after a new key has generated. Has anyone else had this problem ? I did look for an entry about reverse DNS lookup failing in the AUTH log, and did not find anything like that. Here is the log section- Mar 31 12:11:08 firewall sshd[30296]: Generating new 768 bit RSA key. Mar 31 12:11:09 firewall sshd[30296]: RSA key generation complete. Mar 31 13:24:25 firewall sshd[9276]: Connection from 192.168.3.50 port 1509 Mar 31 13:24:25 firewall sshd[30296]: debug1: Forked child 9276. Mar 31 13:24:26 firewall sshd[9276]: debug1: Client protocol version 1.99; client software version 3.2.2 SSH Secure Shell for Windows Mar 31 13:24:26 firewall sshd[9276]: debug1: no match: 3.2.2 SSH Secure Shell for Windows Mar 31 13:24:26 firewall sshd[9276]: debug1: Enabling compatibility mode for protocol 2.0 Mar 31 13:24:26 firewall sshd[9276]: debug1: Local version string SSH-1.99-OpenSSH_3.5p1 Mar 31 13:24:26 firewall sshd[9276]: Failed none for root from 192.168.3.50 port 1509 ssh2 Mar 31 13:24:30 firewall sshd[9276]: Accepted password for root from 192.168.3.50 port 1509 ssh2 Mar 31 13:24:30 firewall sshd[9276]: debug1: monitor_child_preauth: root has been authenticated by privileged process Mar 31 13:24:30 firewall sshd[9276]: debug1: newkeys: mode 0 Mar 31 13:24:30 firewall sshd[9276]: debug1: newkeys: mode 1 Mar 31 13:24:30 firewall sshd[9276]: debug1: Entering interactive session for SSH2. Mar 31 13:24:30 firewall sshd[9276]: debug1: fd 3 setting O_NONBLOCK Mar 31 13:24:30 firewall sshd[9276]: debug1: fd 5 setting O_NONBLOCK Mar 31 13:24:30 firewall sshd[9276]: debug1: server_init_dispatch_20 Mar 31 13:24:30 firewall sshd[9276]: debug1: server_input_channel_open: ctype session rchan 0 win 1 max 512 Mar 31 13:24:30 firewall sshd[9276]: debug1: input_session_request Mar 31 13:24:30 firewall sshd[9276]: debug1: channel 0: new [server-session] Mar 31 13:24:30 firewall sshd[9276]: debug1: session_new: init Mar 31 13:24:30 firewall sshd[9276]: debug1: session_new: session 0 Mar 31 13:24:30 firewall sshd[9276]: debug1: session_open: channel 0 Mar 31 13:24:30 firewall sshd[9276]: debug1: session_open: session 0: link with channel 0 Mar 31 13:24:30 firewall sshd[9276]: debug1: server_input_channel_open: confirm session Mar 31 13:24:30 firewall sshd[9276]: debug1: server_input_channel_req: channel 0 request pty-req reply 0 Mar 31 13:24:30 firewall sshd[9276]: debug1: session_by_channel: session 0 channel 0 Mar 31 13:24:30 firewall sshd[9276]: debug1: session_input_channel_req: session 0 req pty-req Mar 31 13:24:30 firewall sshd[9276]: debug1: Allocating pty. Mar 31 13:24:30 firewall sshd[9276]: debug1: session_pty_req: session 0 alloc /dev/ttyp0 Mar 31 13:24:30 firewall sshd[9276]: debug1: server_input_channel_req: channel 0 request shell reply 1 Mar 31 13:24:30 firewall sshd[9276]: debug1: session_by_channel: session 0 channel 0 Mar 31 13:24:30 firewall sshd[9276]: debug1: session_input_channel_req: session 0 req shell Mar 31 13:24:30 firewall sshd[9276]: debug1: fd 4 setting TCP_NODELAY Mar 31 13:24:30 firewall sshd[9276]: debug1: channel 0: rfd 7 isatty Mar 31 13:24:30 firewall sshd[9276]: debug1: fd 7 setting O_NONBLOCK Mar 31 13:24:30 firewall sshd[15082]: debug1: Setting controlling tty using TIOCSCTTY. Mar 31 13:24:30 firewall sshd[9276]: debug1: server_input_channel_req: channel 0 request window-change reply 0 Mar 31 13:24:30 firewall sshd[9276]: debug1: session_by_channel: session 0 channel 0 Mar 31 13:24:30 firewall sshd[9276]: debug1: session_input_channel_req: session 0 req window-change Mar 31 13:24:58 firewall sshd[15082]: debug1: permanently_set_uid: 0/0 ** notice the time is only a few seconds until that last step - 28 seconds. What is happening here ? addtional note : router is a Pentium 233 - 32 meg running from a 5 meg compact flash. 2 different ssh clients tested - they both seem to have the same wait issue. Doug --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
[leaf-user] moving from seawall to shorewall
I am upgrading one of our work routers, and have a few questions about shorewall setup in a multi-nic setup. This router has one external interface (eth0), and 3 internal nics (eth1-3). The external nic is connected to an isdn router, and the internal nics service the 3 internal lan segments we have. This router is the primary ip router for all the lan segments, and is also used by the majority of the company for outgoing internet access. Questions - 1) For the 3 local nics, do I need just one loc in the zones file, or do I need loc1, loc2, ... ? The 3 internal segments need traffic to flow between them without restriction. 2) If I only have one loc, do I then add 3 entries in the shorewall hosts file to map the interface to the segment ? 3) Anyone have any examples of Multi-Local shorewall setups ? I am having some issues in this switchout - in particular one of our Netware servers on our internal network will not communicate with other lan segments under my Bering setup, but when I put the EigerStien/Seawall router back - it works. I suspect my Shorewall setup is not quite right yet, so I want to check on the above before I start to gather better diagnotics. Thanks - Doug --- This SF.net email is sponsored by: Tablet PC. Does your code think in ink? You could win a Tablet PC. Get a free Tablet PC hat just for playing. What are you waiting for? http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] CF boot problems
Matt, I have set up some systems using IDE-CF adapters, and am amazed at what seems to trip me up in various configurations. I had one motherboard that would not boot the CF no matter what I did, until I found and updated the bios (this was an older PII motherboard). I currently have a Pentium 100 system that boot with a 32 meg CF ok, but when I tried with a 6 meg, it will not do it. I'm still working on that one. So, here are some things to try - update the bios, try another CF, try fdisk /MBR to see if redoing the dos master boot record on the CF does anything, try another motherboard, try the autodetect and use the settings it finds instead of AUTO... Good luck. Doug == I'm getting a whole lot of nothing when trying to boot my new SanDisk 64MB CF using an ACS IDE-CF adapter. I set the BIOS IDE detection to Auto/Auto, and I left the jumper on the IDE-CF adapter in default position indicating it would be Master. It's installed on the Primary IDE cable. The BIOS found the CF. detected as SDCFB-64. That's all it said. I bootded to DOS-6.22, fdisk'd a primary partition of 12MB and made it active and rebooted and formatted c: /s. I can reboot to DOS-6.22 off the floppy and copy and move files back and forth from C to A and back. But it won't boot. The computer hangs right after post, as if the MBR said go to paritition 1 and load the boot code which never happens. No DOS6.22 message, nothing. I spent hours trying syslinux and whatnot, to no avail. 1If I can't get it to boot DOS, I don't think linux is going to do it. So what is it? Just the CF? I could buy a smaller one, maybe just 16 MB and see what happens. (6.22 fdisk sees it as 60MB not 64). Thanks for any ideas, matt --- This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Current Source for DLink - DFE-570TX ???
Does anybody have a current US source for the DLink - DFE-570TX 4 port Tulip based card ? This card doesn't seem to be made anymore, and the inventory is drying up. Anyone using any other 4 port cards with LEAF ? Doug --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] maybe you LEAF guys/gals can help me with this
http://www.e-smith.org This is not as good a firewall solution, but it can do it, and does a great job at the rest. Personally, I use a combination of LEAF as a firewall, and E-SMITH as back end server. Setup is easy, about 10 questions, then the admin is via a web based application. Doug I am looking for an ALL-IN-ONE solution similar to the software that is used on the 3Com internet/server appliance that was discontinued or like the SUN Cobalt Qube. What I am looking for is a complete, easy to install solution that provides: Firewall Windows File Server Email Server FTP Server Telnet/SSH Server DHCP DNS And can be administrated from a web page on a local machine. I have used Smoothwall and IPCop but these 2 dists are firewall specific. I have been trying to use Debian and Red Hat to do all of this but the setup is murder, and Webmin is very general. Is there currently a project/dist that does this? -- David Batey Network Administration Manger Ohio Valley Cable 812-471-7506 --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Seawall to Shorewall in a dialup
I am currently doing some tests of my new home router, with the configuration previously in EigerSteinBeta using Seawall to Bering using Shorewall. This is a dial-up router using ppp0 as the external interface. In my old router I had to include a line in the /etc/ppp/ip-up file that ran seawall restart when my ip changed. Using Shorewall, I don't see any mention of needing to reset the firewall when the ip changes. Can someone confirm that this is no longer needed in Shorewall ? Thanks. Doug --- This sf.net email is sponsored by: viaVerio will pay you up to $1,000 for every account that you consolidate with us. http://ad.doubleclick.net/clk;4749864;7604308;v? http://www.viaverio.com/consolidator/osdn.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] help - need ipchain command to block a single ip
Hello all, I'm believe I'm currently being scanned on one of my LEAF routers (this one is still an EigerStien I think), all from a single ip. It of course is filling up my logs, and eventually stops my dhcpd server. The log analyser at http://www.echogent.com/cgi-bin/fwlog.pl from this packet Oct 10 20:48:57 isdnfirewall kernel: Packet log: remote DENY eth0 PROTO=6 216.224.239.106:58047 209.251.232.19:135 L=44 S=0x00 I=9912 F=0x4000 T=107 SYN (#9) gives this response You're very likely under attack here. I used to have the syntax to completely block a single ip, but I seem to have lost it, and my searches have come up empty. Can someone give me the syntax to block this offender ? I don't mind only plugging it in at the command line - this router gets rebooted only every 6 months or so - by that time, the person may have lost interest. Doug --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] help - need ipchain command to block a singleip
Thanks for the quick response Jeff. Yes, it is very much a sequential thing - I don't know what a scan would look like from the logs, but if I had to guess what it would look like, this would be it. Here is a very brief snippit - Oct 11 06:56:02 isdnfirewall kernel: Packet log: remote DENY eth0 PROTO=6 216.224.239.106:61694 209.251.232.18:135 L=44 S=0x00 I=12220 F=0x4000 T=107 SYN (#9) Oct 11 06:56:26 isdnfirewall kernel: Packet log: remote DENY eth0 PROTO=6 216.224.239.106:61697 209.251.232.19:135 L=44 S=0x00 I=12476 F=0x4000 T=107 SYN (#9) Oct 11 06:56:29 isdnfirewall kernel: Packet log: remote DENY eth0 PROTO=6 216.224.239.106:61697 209.251.232.19:135 L=44 S=0x00 I=12732 F=0x4000 T=107 SYN (#9) Oct 11 06:56:35 isdnfirewall kernel: Packet log: remote DENY eth0 PROTO=6 216.224.239.106:61697 209.251.232.19:135 L=44 S=0x00 I=12988 F=0x4000 T=107 SYN (#9) Oct 11 06:56:47 isdnfirewall kernel: Packet log: remote DENY eth0 PROTO=6 216.224.239.106:61697 209.251.232.19:135 L=44 S=0x00 I=13244 F=0x4000 T=107 SYN (#9) Oct 11 07:09:11 isdnfirewall kernel: Packet log: remote DENY eth0 PROTO=6 216.224.239.106:61982 209.251.232.18:135 L=44 S=0x00 I=17084 F=0x4000 T=107 SYN (#9) Oct 11 07:09:14 isdnfirewall kernel: Packet log: remote DENY eth0 PROTO=6 216.224.239.106:61982 209.251.232.18:135 L=44 S=0x00 I=17340 F=0x4000 T=107 SYN (#9) Oct 11 07:09:20 isdnfirewall kernel: Packet log: remote DENY eth0 PROTO=6 216.224.239.106:61982 209.251.232.18:135 L=44 S=0x00 I=17596 F=0x4000 T=107 SYN (#9) Oct 11 07:09:32 isdnfirewall kernel: Packet log: remote DENY eth0 PROTO=6 216.224.239.106:61982 209.251.232.18:135 L=44 S=0x00 I=17852 F=0x4000 T=107 SYN (#9) Oct 11 07:09:56 isdnfirewall kernel: Packet log: remote DENY eth0 PROTO=6 216.224.239.106:61983 209.251.232.19:135 L=44 S=0x00 I=18108 F=0x4000 T=107 SYN (#9) Oct 11 07:09:59 isdnfirewall kernel: Packet log: remote DENY eth0 PROTO=6 216.224.239.106:61983 209.251.232.19:135 L=44 S=0x00 I=18364 F=0x4000 T=107 SYN (#9) Oct 11 07:10:05 isdnfirewall kernel: Packet log: remote DENY eth0 PROTO=6 216.224.239.106:61983 209.251.232.19:135 L=44 S=0x00 I=18620 F=0x4000 T=107 SYN (#9) Oct 11 07:10:17 isdnfirewall kernel: Packet log: remote DENY eth0 PROTO=6 216.224.239.106:61983 209.251.232.19:135 L=44 S=0x00 I=18876 F=0x4000 T=107 SYN (#9) Oct 11 07:22:41 isdnfirewall kernel: Packet log: remote DENY eth0 PROTO=6 216.224.239.106:62082 209.251.232.18:135 L=44 S=0x00 I=22460 F=0x4000 T=107 SYN (#9) The rule appears to have stopped this dead. My logs can breath easier for awhile. Thanks again. Does anyone have any other procedures that they do when in this situation ? I certainly will save this rule in my personal LEAF documents folder if it happens again. Doug Jeff Newmiller [EMAIL PROTECTED] 10/11/02 10:51AM On Fri, 11 Oct 2002, Doug Hite wrote: Hello all, I'm believe I'm currently being scanned on one of my LEAF routers (this one is still an EigerStien I think), all from a single ip. It of course is filling up my logs, and eventually stops my dhcpd server. The log analyser at http://www.echogent.com/cgi-bin/fwlog.pl from this packet Oct 10 20:48:57 isdnfirewall kernel: Packet log: remote DENY eth0 PROTO=6 216.224.239.106:58047 209.251.232.19:135 L=44 S=0x00 I=9912 F=0x4000 T=107 SYN (#9) gives this response You're very likely under attack here. This particular destination port is the Microsft RPC (DCOM) service port. On its own, even repeated, I wouldn't automatically conclude you are under attack. Someone might have mistakenly put your ip address in someplace(typo), or you might be running software from inside your firewall that is prompting the server to try to get some more information from you (check netstat -Mlen for connections). (I don't think your ISP has your ip address correctly reverse dns mapped, so some servers might try alternate methods of reverse mapping.) If it is part of a sequence of destination ports, then you are more likely under attack. I used to have the syntax to completely block a single ip, but I seem to have lost it, and my searches have come up empty. Can someone give me the syntax to block this offender ? I don't mind only plugging it in at the command line - this router gets rebooted only every 6 months or so - by that time, the person may have lost interest. You need to insert a rule into the input chain for interface eth0 that denies (drops) all packets arriving from ip 216.224.239.106, without logging: ipchains -I input -j DENY -i eth0 -s 216.224.239.106 --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO
[leaf-user] Re: compact flash backup ?
Erich, do you have a website link for where this can be purchased ? Doug [EMAIL PROTECTED] 09/17/02 01:08PM I have contacted SST for their DOM's. Their distributor here in Europe asks $25 for a 16 MB secure DOM _NEW_. You might consider that as an option. Erich --- This SF.NET email is sponsored by: AMD - Your access to the experts on Hammer Technology! Open Source Linux Developers, register now for the AMD Developer Symposium. Code: EX8664 http://www.developwithamd.com/developerlab leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] samba for bering based leaf box
I use e-smith for this - it is a stripped down linux server distribution. http://www.e-smith.org Of course it would require a second computer. But it is very easy to install and manage. Doug I have already asked about the availability of a halfway recent samba package about a month ago. Unfortunately no one has answered my request... does this mean there is nothing out there? is anyone working on something like that? I am well aware that windows filesharing is not one of the standard things one is doing with a firewall/router, but a friend of mine has only a small home network and the other pcs are laptops with limited space, that his 40 gb ide-harddisk doesn't fit into. If someone can think of another solution to let him play his mp3s, please tell me ;) --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[Leaf-user] Re: looking for Linux distribution just for LAN DHCP server (1NIC)
Not exactly what you are specifying, but it is what I use in this situation. It has dhcpd, and also Samba for file serving, an email server, webmail, and the Apache web server. Very, very easy to setup and administer. But it requires a hard drive. For my money (and time) - this has been the best server to put behind my LEAF firewall. Mine at home is running on a Pentium 100 with 32-48 meg memory on 2 gig hard drive. http://www.e-smith.org Doug Unfortunately, LEAF requires two NIC's because it is a full LAN/WAN router. I was wondering if there is a good distribution just as easy and small as LEAF that can just do DHCP serving over Ethernet? Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user How do I request help? http://sourceforge.net/docman/display_doc.php?docid91group_id751
[Leaf-user] Changes for new Dachstein release
I'm not wanting this to get out of hand ... but ... my wish list of programs to be included on the next DCD version include ez-ipupd.lrp The newest version I think is at http://leaf.sourceforge.net/devel/jnilo/packages/ez-ipupd.lrp Docs at http://leaf.sourceforge.net/devel/jnilo/ezipupd.html ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Re : martians on internal network ???
We see martians from users on our private network that are using dial up internet accounts on W2k computers, external of the normal way of getting to the internet (through our LEAF router). Does anyone have a fix either on the W2k side or on the router to stop the console logging of these ? (without turning off martian logging completely) Doug == We are seeing martians on internal networks on a regular basis. Usually, it is traceable to users logging into AOL over our high speed internet connections: 172.128.0.0 - 172.191.255.255 Today, we saw one from United Airlines: 205.174.16.0 - 205.174.23.255 [1] How does this happen? [2] Why does this happen? [3] Is this exploitable? ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] RE: ez-ipupdate
[EMAIL PROTECTED] 12/19/01 01:22PM I'm working on building an LRP for ez-ipupdate. I've also updated the program to allow use of dyndns custom domains. I've made the executable available for those who don't want to wait for me to finish getting the LRP built :) http://sort.net/ez-ipupdate.tgz Use system type dyndns-custom for custom dyndns domains jd Thank you very much !!! This is very much needed. Having the custom dyndns domains working will be great. Does anybody know if setting the backup MX address is working yet ? Doug ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] webcam for lrp information
The packages for the LRP webcam can be downloaded at http://www.penguincentral.com/webcam/ If I remember correctly, these packages were created for 2.9.3 so the RCDLINKS was not set, but it is easy enough to fix. They must use the old parallel port Connectix / Logitech webcams (BW and 1st generation Color). These are kinda hard to find, but you can still get them on Ebay. Once you get your exposure setting correct, it will snap a picture at the configured interval, a jpg, and then ftp it to a where you want. Doug ps. Rick, can you put this link under your packages section ? Thanks. ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user