Re: [leaf-user] [ANN] LEAF Bering-uClibc 3.0-beta1

[Ed Tetz]

Hi M.

I am using VMWare just fine, but I do have the same problem booting from CD. 
I googled a link to the old version of Bering, and that idea works just fine 
with this version.

1. Burn the CD or mount the CD using another VMWare machine, and copy the 
file bootdisk.ima off of it, and to your host disk.
2. You can use it as is or change the extension to img so it shows up when 
you browse for floppy disks in VMWare - I skipped this step and change the 
filter to show all files. This is a disk image file that you tell VMWare is 
a floppy for your Bering VM.

I am using that image a my floppy, and I have a VM with 3 nics, like my 
production firewall. I configured the modules to support my production 
machine and then added pcnet32.o as well.

I am able to prep my entire firewall in the VM, and then when I am done,

1. I copy CONFIGDB.LRP, moddb.lrp, and leaf.cfg to /tmp.
2. Change the from the disk image to a real floppy, mount it, and copy them 
back the disk (or you can use another vm to mount the disk image and copy 
the files).

This is working like a charm, and leaves me in the position I want to be in 
the end - booting from CD in production, with only my config files on 
floppy.

BTW, I reallly like the backup. Backup configs, and backup modules - Done!

I do have one question, I have from time to time modified files in the 
actual package - like custom weblet pages. Do I now have to mod them 
offline, tar them up and put them on my floppy, or is there a way I can 
still backup an entire package the old way - perhaps from the command line? 
I don't do that often, so I there is no easy way, that's cool. Only been 
playing with it one night, the Bering team Rocks!

Cheers,
-edt

Edward Tetz
[EMAIL PROTECTED]



From: Eric Spakman [EMAIL PROTECTED]
To: M Lu [EMAIL PROTECTED]
CC: KP Kirchdoerfer 
[EMAIL PROTECTED],leaf-user@lists.sourceforge.net
Subject: Re: [leaf-user] [ANN] LEAF Bering-uClibc 3.0-beta1
Date: Thu, 24 Aug 2006 08:48:26 +0200 (CEST)

Hi M,

  Hi KP and Eric,
 
 
  Thank you and other for all hard work on this.
 
  I could not boot from the ISO image using Virtual PC, not VMWare. I also
  downloaded the latest 2.4.2 and could not boot either. It just 
complained
  Boot Error. I found some old Bering ISO and it boots fine.
 
 
  The sizes for the images are
 
 
  34,004,992 Bering-uClibc_2.4.2_iso_bering-uclibc...
  38,971,392 Bering-uClibc_3.0-beta1_iso_bering-uclibc...
 
 
  and I can open them and saw all files inside. I will find some blank CD
  and cut it physically but I doubt it will work. Is there anything 
special
  about booting from the CD?
 
Both version 2.4.2 and 3.0 are using the latest version of
syslinux/isolinux. It looks like this version doesn't play very nice with
Emulator software like VMware. You can solve it by using an older version
of syslinux. You probably have to try some different versions, syslinux
tend to fix some BIOS versions with every new release but also breaks
some Please report this error to the syslinux maintainer
(http://syslinux.zytor.com/)

Eric
 
 
 
  - Original Message -
  From: KP Kirchdoerfer [EMAIL PROTECTED]
  To: leaf-user@lists.sourceforge.net
  Sent: Wednesday, August 23, 2006 2:14 AM
  Subject: [leaf-user] [ANN] LEAF Bering-uClibc 3.0-beta1
 
 
 
 
  The floppy images, ISO image, ipv6 addon and a modules tarball are
  available  in the File Releases Area:
  http://sourceforge.net/project/showfiles.php?group_id=13751package_id=
  67534
 
 
 
 



-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job 
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/



-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] [ANN] LEAF Bering-uClibc 3.0-beta1

[Ed Tetz]

Hi Guys*,

Since this has just been released, is that why there is a problem 
downloading the iso image from the mirrors, and is someone on the Leaf team 
aware of the issue? Or is it just me?

I love this product in general, been working with it since LRP, great work 
to everyone.

Now for the dumb question, how stable is the Beta (a term that is sometimes 
used liberally). With you guys* running it, I am going to guess that it is 
more than stable enough for a best effort home system (with a wife that get 
upset when things don't work ;-), a maybe even good enough for production 
testing (testing the key word there).

Cheers,
-edt
___
Edward Tetz
[EMAIL PROTECTED]

* This is the gender neutral verion of term guys.


From: KP Kirchdoerfer [EMAIL PROTECTED]
To: leaf-user@lists.sourceforge.net
Subject: [leaf-user] [ANN] LEAF Bering-uClibc 3.0-beta1
Date: Wed, 23 Aug 2006 08:14:26 +0200

Bering-uClibc 3.0 beta1 is a milestone release for Bering-uClibc. The 
changes
since the last stable version are the biggest and most intrusive since we
started working on Bering-uClibc four years ago.

Amongst the changes are updates of the linux kernel to 2.4.33, shorewall to
version 3.2.2 and busybox to 1.2.1 - including the replacement of dash with
busybox ash as standard shell. You'll now get commandline completion 
without
the need to run a huge bash.

Also the uClibc libraries has been updated to latest stable version 0.9.28.
All available packages have been recompiled against uClibc 0.9.28.

Do NOT try to run old packages from the 2.x series with this new release!

But the most notable and probably most visible change is the overhaul of
Bering-uClibc's package management and backup system.
Since the early LRP days, the predecessor of LEAF, package management and
backup was done with lrpkg. Based on David Douthitt's, Nathan Angelacos and
Natanael Copa's work, we replaced lrpkg with apkg.

Because the configurations are now saved independently from the packages in
separate files (configdb and moddb), upgrading packages will be a lot 
easier
in the future.
Additionally Cedric Schieli enhanced apkg with an upgrade option, which 
will
help to handle changes in configuration files.

The floppy images, ISO image, ipv6 addon and a modules tarball are
available  in the File Releases Area:
http://sourceforge.net/project/showfiles.php?group_id=13751package_id=67534

Please send feedback, bug reports and questions to the LEAF-User mailing 
list.

in behalf of the Bering-uClibc team
kp

-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job 
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/



-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

RE: [leaf-user] [ANN] Bering-uClibc 2.4 beta1

[Ed Tetz]

Hi all,

When upgrading, I have just been re-using my old config disk with the new 
CD. Would there be benefits of not doing this, and using the new default 
configs periodically. My configs are likely from 2.1 or 2.2, and although 
working fine, I just wonder if I might be missing valuable info.


Cheers,
-edt

Edward Tetz
[EMAIL PROTECTED]





From: KP Kirchdoerfer [EMAIL PROTECTED]
To: leaf-user@lists.sourceforge.net
Subject: [leaf-user] [ANN] Bering-uClibc 2.4 beta1
Date: Tue, 3 Jan 2006 15:47:18 +0100

Happy new year!

To celebrate 2006 the Bering-uClibc team released today Bering-uClibc 2.4
beta1.

This release provides a kernel update to 2.4.32.
Other changes are upgrades of various packages, including shorewall to 
2.4.7,

dnsmasq and ipsec/openswan. Plus a few minor changes here and there.

For a complete changelog please read:
http://leaf.sourceforge.net/bering-uclibc/index.php?module=pagemasterPAGE_user_op=view_pagePAGE_id=2MMN_position=2:2


The floppy images, ISO image, ipv6 addon and a modules tarball
are available in the FRS:

http://sourceforge.net/project/showfiles.php?group_id=13751package_id=67534release_id=339385

Please send your notes, bug reports, feature requests or whatelse
youll like to add to the LEAF mailing-lists.

You may also visit the LEAF IRC channel
http://slashnet.org/channels/leaf/
irc://irc.slashnet.org/%26leaf


Thx for reading
kp


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log 
files

for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37alloc_id865op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/





---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] hardware required

[Ed Tetz]

I have run it for home use very successfully on a 486DX2 - 80 with 64MB of 
RAM. The extra ram allowed me boost the size of the RAM drive to allow for 
more packages, and gave me a good amount for Bering to work with. I have a 
couple of new pieces of hardware, so my Leaf box got an upgrade to Pentium 
166 with 64MB of RAM. This, as expected, has provided faster tranfer time, 
especially noticed when there is a lot streaming or downloads going on. I 
would upgrade again, but this is currently the lowest grade hardware running 
at home.


I have run a training center classrooms (50 pc's not devoted to internet) on 
a Pentium 90 with 64 MB or RAM and didn't have any complaints there either.


Hope that helps.

-edt

Edward Tetz
[EMAIL PROTECTED]




From: Jaap Eldering [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
CC: leaf-user@lists.sourceforge.net
Subject: Re: [leaf-user] hardware required
Date: Sun, 24 Jul 2005 01:18:00 +0200

On Sat, Jul 23, 2005 at 03:09:24PM -0700, Héctor Hoshi wrote:
 Esteemed list
 I like to know the level of hardware required to run
 bering uclibc, the lowest and recommended.

The minimum requirements would be a 486 compatible pc with 8-12 MB
memory and a floppy drive. This should suffice to run a standard
router (although 16+ MB memory might be more convenient).

If you want more special applications and/or have a high network
traffic load (order of  1 MB/s), you might want to consider a bit
faster computer like pentium 200+ MHz.

Others please correct me if I'm wrong.

Jaap


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/





---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] Squid2.lrp and jsp pages

[Ed Tetz]

I am using Bering-uClibc with the Squid-2 package. Almost everything seems 
to be working, but if I goto a site that uses JSP pages (like 
www.gymboree.com), I get a long delay, followed by this error:

ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://www.gymboree.com/
The following error was encountered:
Connection Failed
The system returned:
   (110) Connection timed out
The remote host or network may be down. Please try the request again.
Your cache administrator is webmaster.


Generated Thu, 18 Nov 2004 18:59:51 GMT by firewall (squid/2.5.STABLE5)
If I bypass the proxy, then the page works fine. I only seem to have 
problems with jsp pages, everythings else works fine. In an attempt to solve 
this problem, I have added the following to my squid conf file:

hierarchy_stoplist jsp asp
and
acl JSP_Pages urlpath_regex -i \.jsp$
http_access allow CONNECT JSP_Pages
and
acl Gym dstdomain .gymboree.com
no_cache deny Gym
But none of these lines suggested by results of Google searches have yeilded 
any success.

Has anybody else run into this problem with Squid? If so, what have you done 
to resolve it?

Cheers,
-edt

Edward Tetz
MCSE, MCDBA, MCT, A+, CTT+, CIW MA, CIW CI
[EMAIL PROTECTED]

---
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Squid-2.lrp and jsp pages

[Ed Tetz]

I am using Bering-uClibc with the Squid-2 package. Almost everything seems 
to be working, but if I goto a site that uses JSP pages (like 
www.gymboree.com), I get a long delay, followed by this error:

ERROR
The requested URL could not be retrieved

While trying to retrieve the URL: http://www.gymboree.com/
The following error was encountered:
Connection Failed
The system returned:
   (110) Connection timed out
The remote host or network may be down. Please try the request again.
Your cache administrator is webmaster.


Generated Thu, 18 Nov 2004 18:59:51 GMT by firewall (squid/2.5.STABLE5)
If I bypass the proxy, then the page works fine. I only seem to have 
problems with jsp pages, everythings else works fine. In an attempt to solve 
this problem, I have added the following to my squid conf file:

hierarchy_stoplist jsp asp
and
acl JSP_Pages urlpath_regex -i \.jsp$
http_access allow CONNECT JSP_Pages
and
acl Gym dstdomain .gymboree.com
no_cache deny Gym
But none of these lines suggested by results of Google searches have yeilded 
any success.

Has anybody else run into this problem with Squid? If so, what have you done 
to resolve it?

Cheers,
-edt

Edward Tetz
MCSE, MCDBA, MCT, A+, CTT+, CIW MA, CIW CI
[EMAIL PROTECTED]

---
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Bering Problems - file not found and create CD

[Ed Tetz]

Hi,
I have been using LEAF since the LRP days. I personally love the product. I 
had been use Dashstein, but recently went to Bering as I felt that it was a 
little more customizable. I am booting from a custom CD image booting Bering 
uClibc v2.2.0, and it has been working quite well for me, with the following 
exceptions.

I am having two problems with my bering installation. I think I know what 
one of the problems is, but I would like to verify it.

I have tried to use two packages, DanGuardian and NTOP. I got DansGuardian 
from:
http://cvs.sourceforge.net/viewcvs.py/leaf/bin/lince/dansgrdn.lrp?rev=1.6view=log
And I got NTOP from the Oxygen package archive. Both of these packages seem 
to have the same problem.

When I look at the directories for NTOP, I can see the executable, and it 
has the appropriate permissions to execute; but when I try to execute it, I 
get the following.

ender# ls -l ntop
-rws--x--x1 root root   199356 Oct 23  2000 ntop
ender# ./ntop
-sh: ./ntop: not found
DansGuardian gives me the same problem. I think that it has to do with the 
fact that I am using uClibc rather than the normal version of Bering, and 
these packages were compiled looking for the older Clibc libraries.

If this sounds correct, I will just have to suck it up and live with it, or 
figure out how to re-compile it.

My second problem has to do with creating my CD. I am using the create 
Bering CD instuctions from the Bering and Bering uClibc user manuals. The 
command that I am using to make the iso image is:

mkisofs -o Bering-CD.iso -b isolinux.bin -c isolinux.cat -no-emul-boot 
-boot-load-size 4 -boot-info-table -hide isolinux.cat -hide isolinux.bin -l 
content

Where content is the directory containing my desired CD contents. It works 
fine with the exception of replacing all the - in the filenames with _. This 
means that my Squid-2.lrp package is now Squid_2.lrp. I have fixed this by 
loading that package off of a floppy, or I could have changed the files in 
/var/lib/lrpkg to reflect the new package name. since this affects about 5 
packages, I would like to find out why the names are being replaced.

I am using Debian Linux (Testing Tree) to create the iso images. My version 
of mkisofs is 2.0+a34-2. Does anybody else have this problem creating CD's 
under linux? If not, what versions are you using?

Cheers,
-edt

Edward Tetz
MCSE, MCDBA, MCT, A+, CTT+, CIW MA, CIW CI
[EMAIL PROTECTED]

---
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering Problems - file not found and create CD

[Ed Tetz]

Thanks for confirming the first, and pointing me to the correct command line 
for the second.

The problem with my CD was in the options. The command in the uClibc guide 
uses  -v (verbose), -r (RockRidge directory records), -J (Joliet directory 
records), -f (follow sym links). The extra length in my command (from the 
Bering user guide) simply does some extra cleanup and is more specific on 
the boot information.

Verbose and Follow links make no difference in the execution (although there 
is a warning about sym link support when it generates the CD, which is fine 
as my dir does not have sym links).

Apparently you can only get the hyphen if you generate either RockRidge or 
Joliet directory files, it is not supported on a RAW CD filestructure. Go 
Figure!

My command is now working with the addition of the missing switches.
It is odd, as I reviewed both the Bering and Bering uClibc user guides. I 
has started to follow the Bering guide to make the CD (I think, since I was 
going to make the CD under Windows). When the didn't work, I just moved over 
to my linux system, and followed most of the steps from the uClibc guide, 
with the exception of the mkisofs command, which I took from the guide I was 
originally following. Part of the reason, was the uClibc command did not 
initially work for me, as it is missing a pathspec at the end of the 
command. I needed a ' .'

Thanks again.
-edt

Edward Tetz
MCSE, MCDBA, MCT, A+, CTT+, CIW MA, CIW CI
[EMAIL PROTECTED]

From: K.-P. Kirchdörfer [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Bering Problems - file not found and create CD
Date: Sat, 13 Nov 2004 20:57:01 +0100
Hi Ed;
you are right - ntop and DansGuardian are compiled against glibc and
won't run with Bering-uClibc. The errors you see (file not found)
are typical for a mismatch of libraries.
So you have to live with it or build yourself, including libraries the
applications depends on,.
If you want to build yourself, have a look at buildtool, it provides a
usable toolchain to build against uClibc for LEAF:
http://leaf.sourceforge.net/doc/guide/buc-buildtool.html
Once you installed it from cvs ./buildtool.pl describe shows the
available packages (e.g. ntop needs libpcap, which has already ported
to buildtool).
If you have success, pls let us know - so we can add it to the
packages section. If you run into problems, feel free to ask.
About your CD issue - I loop-mounted the Bering-uClibc ISO and I see
squid-2.lrp as expected. I follow the Bering-uClibc User Guide to
build a CD - (ok, I've edited it based on Charles Dachstein CD README
and Jacques work on Bering)
http://leaf.sourceforge.net/doc/guide/bucu-ide.html
If you look at the command line for mkisofs it's a lot shorter than
yours - I'm not shure what you add, I only the one from the Guide
seems to work.
Currently used mkisofs version is 2.01a31
HTH
kp
Am Samstag, 13. November 2004 14:00 schrieb Ed Tetz:
 Hi,

 I have been using LEAF since the LRP days. I personally love the
 product. I had been use Dashstein, but recently went to Bering as I
 felt that it was a little more customizable. I am booting from a
 custom CD image booting Bering uClibc v2.2.0, and it has been
 working quite well for me, with the following exceptions.

 I am having two problems with my bering installation. I think I
 know what one of the problems is, but I would like to verify it.

 I have tried to use two packages, DanGuardian and NTOP. I got
 DansGuardian from:
 http://cvs.sourceforge.net/viewcvs.py/leaf/bin/lince/dansgrdn.lrp?r
ev=1.6view=log And I got NTOP from the Oxygen package archive. Both
 of these packages seem to have the same problem.

 When I look at the directories for NTOP, I can see the executable,
 and it has the appropriate permissions to execute; but when I try
 to execute it, I get the following.

 ender# ls -l ntop
 -rws--x--x1 root root   199356 Oct 23  2000 ntop
 ender# ./ntop
 -sh: ./ntop: not found

 DansGuardian gives me the same problem. I think that it has to do
 with the fact that I am using uClibc rather than the normal version
 of Bering, and these packages were compiled looking for the older
 Clibc libraries.

 If this sounds correct, I will just have to suck it up and live
 with it, or figure out how to re-compile it.

 My second problem has to do with creating my CD. I am using the
 create Bering CD instuctions from the Bering and Bering uClibc user
 manuals. The command that I am using to make the iso image is:

 mkisofs -o Bering-CD.iso -b isolinux.bin -c isolinux.cat
 -no-emul-boot -boot-load-size 4 -boot-info-table -hide isolinux.cat
 -hide isolinux.bin -l content

 Where content is the directory containing my desired CD contents.
 It works fine with the exception of replacing all the - in the
 filenames with _. This means that my Squid-2.lrp package is now
 Squid_2.lrp. I have fixed this by loading that package off of a
 floppy, or I could have changed

[leaf-user] HD Booting Dachstein with a twist

[Ed Tetz]

Hi Guys,

I am looking at getting a Norhtec server (http://www.norhtec.com/index.html) 
to act as my firewall. It comes with an internal HD, but no CD-ROM. I will 
be using a USB floppy drive. I am still waiting for the hardware, so I can't 
test things yet.

I already figure that I will have to recompile my kernel to support the USB 
floppy. Not a problem.

I also wanted to keep alot of the security of having the packages on CD, so 
I was thinking of using an ISO image on the HD. Normally you need to add the 
loopback device, which I don't think will be a problem.

I figure that I will boot from the floppy, and then treat the ISO image on 
/dev/hda1/dachimg.iso as the CD-Rom. That will hopefully give me the BOBW 
(Best of Both Worlds), using the hard drive (since I don't have a CD-Rom) 
and having the security of the CD-Rom (or most of it). This will also make 
the upgrade easier when Dachstein is updated, as I only have to replace the 
isoimage on the harddrive.

Does anyone know off hand if a pkgpath option of /dev/hda1/dachimg.iso:loop 
or /dev/hda1/dachimg.iso:iso9660 should work in syslinux.cfg? I currently 
have /dev/hda:iso9660.

After the system starts booting, I figure I can easily mount (via fstab) the 
image as /cdrom, so I am just concerned what happens during the boot 
process, prior to reading fstab.

Cheers
-edt

Edward Tetz
[EMAIL PROTECTED]
_
Help STOP SPAM with the new MSN 8 and get 2 months FREE*   
http://join.msn.com/?page=features/junkmail



---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Win2K and LEAF

[Ed Tetz]

Charles is correct, Windows 2000 should handle it's own DNS if you are using
AD. For Windows 2000, outside of AD, it doesn't matter, but AD wants to
create a bunch of DNS records for AD to work properly as a name and service
resolution tool. You can run it with a properly configured *nix DNS server,
but it is just easier to use Win2K for DNS. You can then have Win2K forward
onto DNS cache.

-Cheers
edt
- Original Message -
From: Charles Steinkuehler [EMAIL PROTECTED]
To: John Mullan [EMAIL PROTECTED]
Cc: Leaf-User [EMAIL PROTECTED]
Sent: Monday, February 10, 2003 10:14 AM
Subject: Re: [leaf-user] Win2K and LEAF


 John Mullan wrote:
  OK Charles.  I understand.  As you know by now, I only really do this
stuff
  at home.  I have helped a buddy by putting a LEAF router at his office.
 
  So, not being the guru and not having a great amount of time, I will
  eventually read bits and pieces.
 
  I only ended up with Win2K server because my drive crapped out on
Tuesday
  and I figured that, what the heck.  It would give me the ability to keep
  user profiles in one location.
 
  On this scale, it really comes down to what I'm willing to live with and
for
  how long.  Right now I timed it and I spend about 1 minute 'Preparing
  Network Connections'.  That's really not too bad.  Also, since this is
only
  my home network, I run all servers on one box.  It's name is WWW but has
FTP
  and POP3/SMTP.  I thought it great to define ftp.mullan.ca,
mail.mullan.ca
  and www.mullan.ca and have them all point to the same box but thanks to
M$
  that doesn't work anymore as it seems to override my TinyDNS in this
  respect. (a little of my ranting too :)
 
  So really, would it be better to let my M$ box handle internal DNS and
let
  LEAF handle dnscache for internet queries?  Is there a package other
than
  TinyDNS that is dynamic and will let the M$ box register hosts?

 I intentionally know as little as possible about the M$ networking
 world, but from what I know, and the information provided above, if you
 don't want to remove AD (and your other MS systems are recent enough to
 avoid any MS-MS operating problems), you're probably best off using your
 AD server as the primary DNS for your network.  You can probably
 configure the AD server to query DNSCache on the firewall for internet
 domains, use your ISP's DNS servers, or make all queries itself.

 Which option is best depends a lot on your connection to the 'net
 (bandwidth and latency) and the reliability of your ISP's name servers.
   I added DNSCache to Dachstein to allow implementing a pre-configured
 DHCP server, and because my ISP's DNS servers would typically go down
 about once every other week.  You don't *HAVE* to use it, it's simply
 provided as a convinence.

 --
 Charles Steinkuehler
 [EMAIL PROTECTED]




 ---
 This SF.NET email is sponsored by:
 SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
 http://www.vasoftware.com
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Using a wireless router with LEAF (Dachstein, Bering)

[Ed Tetz]

I did the same thing.

For 3 months I was at my sister-in-law's, and was leaf-less; so I bought a 
Linksys Wireless Access Point/Router/4 Port switch combo. After getting into 
my new house, I am using the switch for my internal network, and I don't use 
the WAN port, since Leaf is doing that job for me. If you wanted in a 
separate location in the house, then you could connect any switched port to 
you main switch's uplink port, or use a cross-over cable.

Keeping everyone on one subnet makes it easier, but does leave you open to 
war-drivers, or neighbours sneaking in. Most AP's allow you to restrict 
access to MAC addresses, and there is WEP (although it is lightweight). If 
you want more security, you could add a second nic in your leaf box and then 
only allow that subnet to get out, and not to your wired network. It just 
depends on your level of paranoia. ;-)

Cheers,
-edt




Edward Tetz
MCSE, MCDBA, MCT, A+, CTT+, CIW MA, CIW CI
[EMAIL PROTECTED]
[EMAIL PROTECTED]





From: Todd Pearsall [EMAIL PROTECTED]
To: Peter Nosko [EMAIL PROTECTED],leaf 
[EMAIL PROTECTED]
Subject: Re: [leaf-user] Using a wireless router with LEAF (Dachstein, 
Bering)
Date: Wed, 5 Feb 2003 22:58:30 -0500

Not sure if this is what you want to do but...

I recently wanted to add some wireless nodes to my existing wired network.
What I really needed was just an Access Point that I would hang off a drop
in the middle of the house to get wireless service through the house.  When
I looked around the wireless routers were cheaper and more readily 
available
the wireless access points so I bought one (D-Link).

Since I didn't need the router functions thanks to LEAF I turned off DHCP
serving, assigned it an IP on my network for management and plugged a cable
from the my switch into one of the LAN ports and left the WAN port empty.
It works fine as a access point and has three free ports I can use for the
computer and PS2 near the access point.

- Todd

- Original Message -
From: Peter Nosko [EMAIL PROTECTED]
To: leaf [EMAIL PROTECTED]
Sent: Tuesday, February 04, 2003 7:34 PM
Subject: [leaf-user] Using a wireless router with LEAF (Dachstein, Bering)


 Hi all.  What's the simplest way to go about this?  I'd like to cut the
tether to my notebook.  Is
 it as simple as hooking up the router off the hub on my internal network
and letting it create a
 separate subnet?  Thanks.

 =

 -
 Peter Nosko ([EMAIL PROTECTED])
 This is a good place for a tagline.

 __
 Do you Yahoo!?
 Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
 http://mailplus.yahoo.com


 ---
 This SF.NET email is sponsored by:
 SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
 http://www.vasoftware.com
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


_
Add photos to your messages with MSN 8. Get 2 months FREE*.  
http://join.msn.com/?page=features/featuredemail



---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Webbased configuration, some thoughts.

[Ed Tetz]

Hello all,

I am in the process of making a 4 month move, that involves staying with my 
sister-in-law. As such, I had to pack my Dachstein firewall, and I am now 
using a Linksys router/Wireless AP. What I have always envisioned as a Web 
Admin tool, would be something of the nature that they use. Simple pages to 
setup the interfaces, rules, forwarding, etc. All the stuff that I really 
need to edit regularly. I feel that the options that are available with the 
linksys are really lacking when compared to Leaf.

One of the reasons I have been playing with this idea, is that I want to do 
a case mod for my new firewall box: CD, NICs, floppy, scaled back PS, etc. I 
would then like to place it in a wiring closet and manage it from a web 
page. I realize that my current process of using putty and ssh work well for 
me, but is scares off all of my friends that I am trying to convert to leaf.

I personally don't mind the size factor of the package, as I have already 
added custom packages to my Dachstein ISO image that I burn to CD. For this 
and other reasons, I am also looking at compiling and creating a larger 
Apache package with PHP.

One thing the currently concerns me with this process (the way I see it 
anyways), is that you will either have to scrap the current scripts (or 
modify them), like the network config script, or write a routine to parse 
the configuration information and then write it back to file without 
breaking it. I personally think that curent files provided by Charles and 
others for Dachstein are excellent when using CLI, as they provide options 
for doing your configuration this way, or that way; but the thought of 
parsing them leaves me sleepless at night. It would almost be better is each 
of the configuation option sections stored the actual config in separate 
files. ie, basic port forwarding rules in a file, advanced port forwarding 
rules in another file, allow chains in another files, deny chains in 
another, etc. These files would contain contain just the rules or options, 
and the network config file could then parse these files to apply the 
options. ie. basic port forwarding file would look like,

#INTERN_FTP_SERVER=192.168.1.1  # Internal FTP server to make available
#INTERN_WWW_SERVER=192.168.1.1  # Internal WWW server to make available
#INTERN_SMTP_SERVER=192.168.1.1 # Internal SMTP server to make available
#INTERN_POP3_SERVER=192.168.1.1 # Internal POP3 server to make available
#INTERN_IMAP_SERVER=192.168.1.1 # Internal IMAP server to make available
#INTERN_SSH_SERVER=192.168.1.1  # Internal SSH server to make available

And the advanced port forwarding would then look like:

#INTERN_SERVER0=-a -P PROTO -L LADDR LPORT -R RADDR RPORT [-p PREF]
#INTERN_SERVER1=

If the actual config options are broken out, then I could easily have a page 
that parses the file, displays them on a page, and then write the whole file 
back out.

Just my $0.02. I think the idea is valid, and I would use it, if for no 
other reason, to show others that is can be easy, and you don't have to know 
alot of linux.


Cheers
edt

__
Edward Tetz
[EMAIL PROTECTED]



_
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx



---
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] DHCP REQUESTS FORWARDED BETWEEN SUBNETS

[Ed Tetz]

Hi Mike,

One last question, How would I have known (or should I have known) what
kernel versions the packages are by looking at the CVS page?
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/bin/packages/glibc-2.0/d
hcrelay.lrp

I didn't really see anything on that page or it's links that told me
anything. Do I need software other than my web browser to tell the
differences between the versions? Is there a separate index page that would
tell me the differences or would that normally be in the description (not to
slight you, as you have been doing great work on compiling everything into
one place - I am impressed)?

Sorry, I guess that was three questions :-)

Cheers
ed
- Original Message -
From: Mike Noyes [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, May 23, 2002 5:17 PM
Subject: Re: [leaf-user] DHCP REQUESTS FORWARDED BETWEEN SUBNETS


 On Thu, 2002-05-23 at 13:01, Ed Tetz wrote:
  Mike,
 
  That is the file I referred to in my email to Troy (version 2.0-1). I am
a
  little confused by the version information that is listed on that page
  though. It lists the following:
 
  Revision  Package Version
  1.4?

 This file is incorrectly named, and was committed by mistake. Sorry.

  1.32.0-1

 kernel 2.2x version of dhcrelay

  1.23.0b1p10-1
  1.12.0-1

 These are kernel 2.0x versions of dhcrelay
Stuff deleted

___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] DHCP REQUESTS FORWARDED BETWEEN SUBNETS

[Ed Tetz]

Hi Troy,

Version 2.0-1 can be found in a mirror of Ken Wongs old LRP archive. Here is
a link for it. http://c0wz.steinkuehler.net/files/kwarchive/dhcrelay.lrp

I have used this version in the past with LRP 2.9.8, and it should work find
with whatever you are using. It was dead easy to setup, I think there is
just one config file in lrcfg packages menu. This package is 23K, so it is
nice and small.

Cheers
edt

- Original Message -
From: Troy Aden [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, May 22, 2002 9:34 PM
Subject: [leaf-user] DHCP REQUESTS FORWARDED BETWEEN SUBNETS



 Hi I am working with Dachstein in a basic router setup. I would like
 to know how to set up DHCP request forwarding between subnets so that we
can
 administer all of our subnets with one DHCP server. I will do my best to
 draw this out.


   -ROUTER-
 Subnet 1 - 192.168.141.1
 Subnet 2 - 192.168.142.1
 Subnet 3 - 192.168.143.1

 DHCP SERVER IS ON SUBNET 1. (192.168.141.252)
 I want computers that are on the .142 and 143 subnets to (Obtain Ips from
 the DHCP server on subnet 1) have their DHCP REQUESTS forwarded to the
DHCP
 SERVER ON SUBNET 1 (.141)

 How is this done? Can someone please help me out.

 Thanks in advance.

 Troy

 ___

 Don't miss the 2002 Sprint PCS Application Developer's Conference
 August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] DHCP REQUESTS FORWARDED BETWEEN SUBNETS

[Ed Tetz]

Mike,

That is the file I referred to in my email to Troy (version 2.0-1). I am a
little confused by the version information that is listed on that page
though. It lists the following:

Revision  Package Version
1.4?
1.32.0-1
1.23.0b1p10-1
1.12.0-1

All with the same creation date. Since I am new to CVS, I would be (and am
:-)  ) confused by which version I should want to download. I downloaded
them all and took a look at them. It appears that the package version are
correct, so 1.1 is updated by 1.3 for version 2.0-1, 1.2 is alone as a build
of 3.0, but 1.4 actually appears to be DHCPD, and not the relay agent - now
more confused :-).

Please let me know if I am on the right track for working with the CVS
files.

BTW, I didn't realize that apparently all of the LRP files for LEAF were
available here on the site. Kudos.

Cheers
edt
- Original Message -
From: Mike Noyes [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, May 23, 2002 1:51 PM
Subject: RE: [leaf-user] DHCP REQUESTS FORWARDED BETWEEN SUBNETS


 On Thu, 2002-05-23 at 09:23, Richard Doyle wrote:
  If you like, I can send you a copy of the dhcrelay.lrp I used to use
  with an LRP 2.9.8 firewall, which should work on any glibc 2.0 system,
  including dachstein or bering.

 Richard,
 Is the package you have different than the ones we have in cvs?


http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/bin/packages/glibc-2.0/d
hcrelay.lrp

 --
 Mike Noyes [EMAIL PROTECTED]
 http://sourceforge.net/users/mhnoyes/
 http://leaf-project.org/


 ___

 Don't miss the 2002 Sprint PCS Application Developer's Conference
 August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [Leaf-user] Your project (other questions)

[Ed Tetz]

Jason,

I am currently trying to make a rescue disk that supports SMB and NTFS. I 
have all the files, but I need more space. I have already pared down the 
modules, and in my case I got rid of the IP_ modules as well. I am still 
about 100K too large and I was looking at delete some of the other 
executables on the system.

One that I don't think I need is edit-editor-e3, other than that one, can 
you suggest any other files that would free up the space? I don't need any 
firewall or routing files, just a NIC, NTFS, and SMB.

Cheers
edt

From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [Leaf-user] Re: [off-list] Your project (other questions)
Date: Wed, 17 Apr 2002 16:51:26 -0400

Lynn,

 You do have an ipsec-enabled kernel don't you?
Yes I do. No errors on IPsec startup.

 What exactly did you strip beside the packages not listed above?
 I would have to assume that you've stripped more than the extra NIC
 modules to keep it that small.
Just the extra NIC Modules.
I kept the two I need (eepro100.o and ne2kpci.o) and their dependencies
(8390.o and pci-scan.o)
And all of the ip_* modules are still there.

If you would like I'll send you a image file.

Jason Massey




guitarlynn [EMAIL PROTECTED]
04/17/2002 04:36 PM


 To: [EMAIL PROTECTED]
 cc:
 Subject:Re: [off-list] Your project (other questions)


On Wednesday 17 April 2002 14:10, [EMAIL PROTECTED] wrote:

  Could you elaborate. I have in fact sqeezed in tinydns.lrp to my
  image(still 1.68mb :-). Is this going to cause some kind of problem
  with the ipsec scripts? What did you mean by the above?

No, it shouldn't... but things depend on what you have stripped.
You do have an ipsec-enabled kernel don't you?

  BTW: I have the following on my 1.68mb floppy:
  DNSCACHE.LRP, ETC.LRP, IFCONFIG.LRP, IPSEC.LRP, LDLINUX.SYS,
  LINUX.SYS, LOCAL.LRP, MAWK.LRP, MODULES.LRP, RAMLOG.LRP, ROOT.LRP,
  SYSLINUX.CFG, SYSLINUX.DPY, TINYDNS.LRP, UDHCP.LRP
 
  Your insight is greatly appreciated.

What exactly did you strip beside the packages not listed above?
I would have to assume that you've stripped more than the extra NIC
modules to keep it that small.

--

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!




___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user





Edward Tetz
MCSE, MCDBA, MCT, A+, CTT+, CIW MA, CIW CI
[EMAIL PROTECTED]
[EMAIL PROTECTED]


_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Samba across Eigerstein LRP

[Ed Tetz]

Hi Lonnie,

If you have opened and forwarded the ports 137, 138, and 139 (Which is 
sounds like you have), then you should be up and working. I have had this 
working on several occasions with Win2K, and if you are using Win95OSR2 or 
better - then you should be able to connect by IP rather than using an 
LMHOSTS file. eg. \\24.10.15.75\MyShare. I would not be worried so much 
about the NetBIOS traffic that you are sending over the WAN, but rather that 
you have exposed that computer to the computers outside of your firewall. 
Most of the hacks that take place against Microsoft server, run through SMB.

I have opted to use an FTP server on the internal network (it was easier for 
me to setup than VPN), and FTP files up and down. This actually performs 
much faster and reliable file transfers. The catch with DCD, is that I could 
only get that working with an FTP server that allows you to set the range 
for passive FTP. I use GUILDFTP on Win2K, but there should be something that 
fits the bill on Linux.

Cheers
edt

From: Lonnie Cumberland [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: Re: [Leaf-user] Samba across Eigerstein LRP
Date: Fri, 22 Feb 2002 07:35:05 -0500 (EST)

Actually your are VERY right and I am now really looking into a VPN
solution.

Thnaks for the advice.
Lonnie

  Yeech, you seems to want to broadcast all that NetBIOS stuff
  into the WAN connection that we're all spending years trying
  to block :(
 
  First, I will warn you  opening those ports on your firewall
  with any OS (particuarly the Win9x/ME group) is pretty much
  like using a piece of cardboard to stop a tank. Opening up
  ssh/sftp or IPSec would be _highly_ recommended to doing NetBIOS.
 
 
  In fact, I am not sure that this would work at all w/o VPN
  because of the name resolution and MAC addressing. I wouldn't
  suggest
  WINS here at all, but you may come up with something possibly
  with a hosts or lmhosts file(s) on both computers. WINS
  addressing and DNS are similar, yet worlds apart in reality which
  makes me
  think that this would be very difficult to accomplish regardless
  of what you do to the firewall.
 
  In my experience, I would either do ftp w/address filtering (and
  permissions), VPN, or ssh/sftp with the emphasis on the latter
  two.
  --
 
  ~Lynn Avants
  aka Guitarlynn
 
  guitarlynn at users.sourceforge.net
  http://leaf.sourceforge.net
 
  If linux isn't the answer, you've probably got the wrong
  question!
 
  ___
  Leaf-user mailing list
  [EMAIL PROTECTED]
  https://lists.sourceforge.net/lists/listinfo/leaf-user


--
  Lonnie Cumberland
  OutStep Technologies Incorporated
  EMAIL: [EMAIL PROTECTED]
   : [EMAIL PROTECTED]

  The Basis Express Virtual Office

  Data Backup and Recovery Services

  URL: http://www.basis-express.com

The Virtual Office without boundries!!!





___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user


_
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] multi ip port forwarding

[Ed Tetz]

Hi Gregor,

I know that I had some issues with this. I had 2 alias address bound to my
external interface. I was able to receive traffic on them and portfw them
correctly. But then I tried FTP and I found that all other outbound traffic
gets masq'd on the primary IP, not the alias. From what I read at the time,
that is just how it is, and you cannot masq out with the alias IP. That also
gave me a problem with my Dynamic DNS, as it would register the primary, and
not the alias address.

This might give you a problem with SMTP, but I wouldn't think that it should
affect the Web, and Pop components.

I hope that helps a bit.

Cheers
- Original Message -
From: GREGOR [EMAIL PROTECTED]
To: linux-router [EMAIL PROTECTED]
Sent: Tuesday, January 15, 2002 1:18 AM
Subject: [Leaf-user] multi ip port forwarding


 I've been trying to install dachstein-cd-v1.0.2 but it doesn't seems to
 work. I wonder if any of you could help me to configure *network.conf*
file
 to fit my needs.
 Here's my situation :
 |internet (eth0)
 | ip_legal1 + ip_legal2 + ip_legal3
 -
 |   |
 | dachstein cd  |
 |   | DMZ (eth2)
 |   |
 -
 |
 |
 internal network (eth1)

 ip_legal1,ip_legal2,ip_legal3 are running services on port 25,80,110 and
 will be forwarded to the DMZ. like this:

 ip_legal1 (port 25,80,110) port forwarded to 192.168.15.200
 ip_legal2 (port 25,80,110) port forwarded to 192.168.15.201
 ip_legal3 (port 25,80,110) port forwarded to 192.168.15.202

 All clients will use *internal network (eth1)* as their gateway to browse
 the internet.

 please help and thanks in advance.


 regards,
 Gregor


 +Gregor Gede W.
 +CENTER FOR INFORMATION SYSTEM
 +ATMA JAYA YOGYAKARTA UNIVERSITY
 [EMAIL PROTECTED]
 +62 81 2271 0583
 +62 81 7467 518

 WATCHOUT! 3RD INTERNATIONAL SEMINAR ON SUSTAINABLE ENVIRONTMENTAL
 ARCHITECTURE + DIGITAL ARCHITECTURE, 9-10 MARCH 2002, YOGYAKARTA
 http://senvar.virtue.nu or http://senvar.uajy.web.id

 ___
 Leaf-user mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Connecting to my company's Win2k server via VPN with L2TP/IPsec

[Ed Tetz]

Hi Eric,

Here are two main points about IP/Sec, which is the problem you are having.

* IP/Sec can be configured in two methods, Endpoint and Tunnel.
* The IP address of the encrypting computer is used in the encryption
algorithm. (So it cannot be modified).

I believe that most people who are using ipsec.lrp are using it as a tunnel
between two LRP boxes. This allows all traffic flowing between two segments,
separated by the Internet to be encrypted. In this case, both computers have
non-translated(non-masq'ed), public addresses, but the computers on the
segment can have translated addresses, since they are doing the encryption.

The other method of using IP/Sec is endpoints. If you Lan is not using a
tunnel to create a secure connection, then an individual host can; but, that
host must have a public, non-translated address as that would invalidate the
encrpytion. In your case, that is why your system works when plugged
directly into, but not when translated.

Your department was correct about the ports, but that would only apply if
you were using a non-translating firewall. Most home users are not using
these, but some corporate LANs are.

I hope that helps, and if anybody has *first hand* knowledge that disagrees
with this, please let me know.  I teach security courses, and this has been
true to the extent of my testing, but I haven't tried this with LRP or DCD.

Cheers
edt

- Original Message -
From: Eric Friedman [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, January 11, 2002 11:23 PM
Subject: [Leaf-user] Connecting to my company's Win2k server via VPN with
L2TP/IPsec


 First, let me apologize if I get any (or all!) of the technical jargon
 here confused, backwards, or just plain wrong.

 Second, let me describe my situation.  I am using a Pentium 133mhz with
 16MB RAM to run Dachstein 1.0.2 to share my internet connection among
 the numerous computers in my house.  The router runs a DHCP server for
 the computers on my internal network and runs a DHCP client to connect
 with my ISP, but this is just for convienence as my ISP provides me with
 a static IP.  The computers (Win98, Win2k, and WinXP) on my internal
 network all work flawlessly through the router for normal internet
 access.

 My company provides access to its network over the Internet in the form
 of a VPN (operated by a Windows 2000 Server, I believe).  I connect to
 this VPN using Windows 2000 Professional.  All worked fine connecting to
 the VPN through my home router until my company began using L2TP/IPsec
 for the VPN connections.  Now, I get no response from the company VPN
 server when trying to connect.  (Note, however, that I *can* connect
 just fine when my computer is connected directly to my ISP, i.e. without
 the interference of my LRP box.  So my sense is that there are no
 configuration problems on the client computer, but rather something
 wrong with my LRP configuration.)

 Third, I know very little about Linux -- largely because I lack
 experience -- but I was wondering if someone might point me in the right
 direction on this problem.  As an additional bit of information, a guy
 in the IS department informed me that UDP ports 500 and 1701 would be
 involved in the solution, but I am not certain how to act on this
 information in configuring my router.

 I have begun to look at the ipsec.lrp package available for Dachstein,
 but I have not been able to use it to solve my problems.  I do not know,
 however, if this is a fault in my configuration of the package or if the
 package does not support Level 2 Tunneling (L2TP).

 If anyone has some experience in a similar situation or would be willing
 to help a poor old guy trying to get his LRP box to work again, I would
 much appreciate it.

 Thanks,
 Eric Friedman


 P.S. Please note as well that while I am currently running Dachstein off
 of a single floppy, I also have access to a CD or additional floppy
 drive that I could install in the router box.  So do not worry about
 offering solutions that may require more space than is available on a
 single floppy: I just want something that will work.


 ___
 Leaf-user mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] WTD: NIC recommendations

[Ed Tetz]

I am using an Startech ST100S 10/100 on my private interface. It uses the
realtek driver (pci-scanrtl8139) and I haven't had any problems with it. It
has a $13US  MSRP - well below your $100 limit.

My public nic is an Aopen ALN-201 or AON-201. It is a 10Mbit PCI that uses
the NE2000 driver (8390ne). The service from the cable co. is only 10Mbit
tops, so I figured it would suffice, but I wanted to get rid of the ISA
cards, to max the bus performance.

I have a Dlink 530TX in another linux box, and I get the driver message as
well, but I don't get lockups. The message appears, and everything else is
fine. That one is running Redhat.

Cheers
edt

- Original Message -
From: Scott Ritchie [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, January 10, 2002 8:15 PM
Subject: [Leaf-user] WTD: NIC recommendations


 Hey all,
   I'm currently using two Dlink 530TX (via-rhine.o).  I've been
encountering
 a few problems; lockups, oversized frame warnings, and that Something
 Wicked Happend driver error message.  After reading a bit in other linux
 circles, I've found that these are not ideal for a firewall/router
 application.

 I've been looking at the 3Com 980X-TXM NIC's. Are these overkill for 13
user
 / 22 computer lan linked to a cable modem?

 What would the collective recommend? (for about a $100max per card)

 Thanks in advance

  Scott


 ___
 Leaf-user mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] tcp ports 445 524 ???

[Ed Tetz]

Here is a bit of info.

Port 524: Used by NetWare
http://razor.bindview.com/publish/advisories/adv_novellleak.html 
http://lists.insecure.org/incidents/2000/Nov/0015.html
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10013531.htm

Port 445: Used as a new replacement for 137,139 Smb ports.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q204279
http://www.newsbytes.com/news/01/169408.html

Cheers
edt
- Original Message - 
From: Michael D. Schleif [EMAIL PROTECTED]
To: LEAF [EMAIL PROTECTED]
Sent: Wednesday, January 09, 2002 12:58 PM
Subject: [Leaf-user] tcp ports 445  524 ???


 
 We are managing several remotely located DCD firewalls.
 
 Yesterday, on one of these firewalls, we began seeing several of these:
 
 Jan  8 17:12:31 trout kernel: Packet log: input DENY eth0 PROTO=6
 a.b.c.157:63882 x.y.z.86:524 L=48 S=0x00 I=15350 F=0x4000 T=112 SYN
 (#45)
 
 Jan  8 17:12:55 trout kernel: Packet log: input DENY eth0 PROTO=6
 a.b.c.157:63884 x.y.z.86:445 L=48 S=0x00 I=15570 F=0x4000 T=112 SYN
 (#45)
 
 Coincidentally, around these same times -- *no* direct correlation, yet
 -- we were doing testing, trying to get windoze networking working
 across the ipsec gateways, also established between these same two
 firewalls.
 
 However, a.b.c and x.y.z are the un-encrypted, external addresses of
 these firewalls.
 
 http://www.echogent.com/cgi-bin/fwlog.pl doesn't really answer the
 questions about what is happening here.
 
 What do you think?
 
 --
 
 Best Regards,
 
 mds
 mds resource
 888.250.3987
 
 Dare to fix things before they break . . .
 
 Our capacity for understanding is inversely proportional to how much we
 think we know.  The more I know, the more I know I don't know . . .
 
 ___
 Leaf-user mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] MSN Gaming

[Ed Tetz]

If you don't want to be hooking up your monitor, use sshd.lrp and configure
it. Then you can use putty from your Win Client to do the config.

Cheers

- Original Message -
From: Joris Kempen [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, January 09, 2002 1:35 PM
Subject: RE: [Leaf-user] MSN  Gaming




  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED]]On Behalf Of
  [EMAIL PROTECTED]
  Sent: Wednesday, January 09, 2002 5:37 PM
  To: [EMAIL PROTECTED]
  Subject: Re: [Leaf-user] MSN  Gaming
 
  You will need to look at the readme file for MSN, you want to
  find out what ports it wants open on the firewall.
  Alternatively, you 'MAY' be able to send using a SOCKs proxy
  (tho, I have never used one) that you would have to setup on
  you Dachenstein system.
 
 ok i found the port for this one..

  Again, this is a ports issue, you will need to find out which
  ports the game needs open and then open them on the firewall.
 
 also found the port for this one

 how do i easily open ports in the dachstein router?

 I looked at Charles page and found that I need to edit network.conf

 can this been done from the menu interface.. i guess it can. I think i
have
 to hookup my monitor  keyboard again :)

 Can't this been done from one of the client machines??? I read a piece of
 text of using a serial cable to access the router box, can't it been done
 using my utphub?

 last thing: to host my own games, i always get the ip-address of my
 localmachine 192.168.1.1 but other people on the internet can't use this
IP
 i guess? This is for local networks only, that's what I learned at school
:)

 is opening the ports enough for this? what ip-address do people see when
 they ping me, for example from IRC? or can't they ping me?

 other thing: i want to read more about (linux)-firewalls, where to start,
 any documents? I read a book internet for school that included a chapter
 about firewalls, but really basic.

 i want to get more into linux  firewalls.

 thanks for any advice

 gr Joris


 ___
 Leaf-user mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] multi homed router routing

[Ed Tetz]

Hi All,

This does work, and if I still had access to my scripts, I would post the
solution here, but I was laid off on Friday.

Basically, I have three interfaces, Public Ethernet (eth0), Private Ethernet
(eth1), and Private Tokenring (tr). eth0 was also aliased 5 times for access
from multiple logical IP subnets that occupy the same physical network. This
was done to facilitate teaching Microsoft courses.

This machine masquraded both private segments out, and routed between the
private networks. This was done with LRP 2.9.8, but should work with Dach as
well. I followed the default settings to enable the the second private
interface, made sure that ipchains did not have a deny rule for the route,
and added a route between the locations. This could have all been done the
network_direct.conf file under LRP 2.9.8. It was actually quite painless,
and should work equally well with Dachstein.

If I can get ahold the config file, I will make it available here.

Cheers
edt
- Original Message -
From: Jack Coates [EMAIL PROTECTED]
To: David B. Cook [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, January 08, 2002 12:02 AM
Subject: Re: [Leaf-user] multi homed router  routing


 On Mon, 7 Jan 2002, David B. Cook wrote:

  Folks, I'm still confused about the internal routing on a Dachstein FW
  with 2 internal interfaces. I simply want to route between eth1  eth2
  freely while MASQ'ing both to the outside world. I do not want one to be
a
  DMZ - they are both peer legs to the network.
 
  My internal addresses are from the reserved block.
  eth1_IPADDR=172.16.40.250
  eth1_MASKLEN=24
  eth1_BROADCAST=+
  eth1_IP_SPOOF=YES
  eth1_IP_KRNL_LOGMARTIANS=YES
  eth1_IP_SHARED_MEDIA=NO
  eth1_BRIDGE=NO
  eth1_FAIRQ=NO
 
  eth2_IPADDR=172.16.50.250
  eth2_MASQLEN=24
  ... etc...
  eth2_ROUTES=172.16.40.255/24_via_172.16.40.250
  ... etc...
 
  I have set the masqlen on both interfaces to 24 as I have heard is
  necessary to MASQ both interfaces to the outside. I'm not sure if this
is
  part of my problem. I have added what I think is a route between eth1 
  eth2 but obviously as I am writting this ... it does not work. Can
  somebody give me some pointers??
 
  Thanks, dbc.
   --
 
  David B. Cook, [EMAIL PROTECTED]
  The only Windows this software came close to had an X in front of
it.
 

 I've been trying to get this same scenario to work off and on for about
 six months; I am reasonably sure at this point that it is not possible
 to do with LEAF or with a full distribution.

 Your best path to success is going to be two routers with floating
 static routes and a routing daemon (e.g. zebra or routed) or a
 ping-check script.

 --
 Jack Coates
 Monkeynoodle: A Scientific Venture...


 ___
 Leaf-user mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user