Re: [leaf-user] [ANN] LEAF Bering-uClibc 3.0-beta1
Hi M. I am using VMWare just fine, but I do have the same problem booting from CD. I googled a link to the old version of Bering, and that idea works just fine with this version. 1. Burn the CD or mount the CD using another VMWare machine, and copy the file bootdisk.ima off of it, and to your host disk. 2. You can use it as is or change the extension to img so it shows up when you browse for floppy disks in VMWare - I skipped this step and change the filter to show all files. This is a disk image file that you tell VMWare is a floppy for your Bering VM. I am using that image a my floppy, and I have a VM with 3 nics, like my production firewall. I configured the modules to support my production machine and then added pcnet32.o as well. I am able to prep my entire firewall in the VM, and then when I am done, 1. I copy CONFIGDB.LRP, moddb.lrp, and leaf.cfg to /tmp. 2. Change the from the disk image to a real floppy, mount it, and copy them back the disk (or you can use another vm to mount the disk image and copy the files). This is working like a charm, and leaves me in the position I want to be in the end - booting from CD in production, with only my config files on floppy. BTW, I reallly like the backup. Backup configs, and backup modules - Done! I do have one question, I have from time to time modified files in the actual package - like custom weblet pages. Do I now have to mod them offline, tar them up and put them on my floppy, or is there a way I can still backup an entire package the old way - perhaps from the command line? I don't do that often, so I there is no easy way, that's cool. Only been playing with it one night, the Bering team Rocks! Cheers, -edt Edward Tetz [EMAIL PROTECTED] From: Eric Spakman [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] CC: KP Kirchdoerfer [EMAIL PROTECTED],leaf-user@lists.sourceforge.net Subject: Re: [leaf-user] [ANN] LEAF Bering-uClibc 3.0-beta1 Date: Thu, 24 Aug 2006 08:48:26 +0200 (CEST) Hi M, Hi KP and Eric, Thank you and other for all hard work on this. I could not boot from the ISO image using Virtual PC, not VMWare. I also downloaded the latest 2.4.2 and could not boot either. It just complained Boot Error. I found some old Bering ISO and it boots fine. The sizes for the images are 34,004,992 Bering-uClibc_2.4.2_iso_bering-uclibc... 38,971,392 Bering-uClibc_3.0-beta1_iso_bering-uclibc... and I can open them and saw all files inside. I will find some blank CD and cut it physically but I doubt it will work. Is there anything special about booting from the CD? Both version 2.4.2 and 3.0 are using the latest version of syslinux/isolinux. It looks like this version doesn't play very nice with Emulator software like VMware. You can solve it by using an older version of syslinux. You probably have to try some different versions, syslinux tend to fix some BIOS versions with every new release but also breaks some Please report this error to the syslinux maintainer (http://syslinux.zytor.com/) Eric - Original Message - From: KP Kirchdoerfer [EMAIL PROTECTED] To: leaf-user@lists.sourceforge.net Sent: Wednesday, August 23, 2006 2:14 AM Subject: [leaf-user] [ANN] LEAF Bering-uClibc 3.0-beta1 The floppy images, ISO image, ipv6 addon and a modules tarball are available in the File Releases Area: http://sourceforge.net/project/showfiles.php?group_id=13751package_id= 67534 - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] [ANN] LEAF Bering-uClibc 3.0-beta1
Hi Guys*, Since this has just been released, is that why there is a problem downloading the iso image from the mirrors, and is someone on the Leaf team aware of the issue? Or is it just me? I love this product in general, been working with it since LRP, great work to everyone. Now for the dumb question, how stable is the Beta (a term that is sometimes used liberally). With you guys* running it, I am going to guess that it is more than stable enough for a best effort home system (with a wife that get upset when things don't work ;-), a maybe even good enough for production testing (testing the key word there). Cheers, -edt ___ Edward Tetz [EMAIL PROTECTED] * This is the gender neutral verion of term guys. From: KP Kirchdoerfer [EMAIL PROTECTED] To: leaf-user@lists.sourceforge.net Subject: [leaf-user] [ANN] LEAF Bering-uClibc 3.0-beta1 Date: Wed, 23 Aug 2006 08:14:26 +0200 Bering-uClibc 3.0 beta1 is a milestone release for Bering-uClibc. The changes since the last stable version are the biggest and most intrusive since we started working on Bering-uClibc four years ago. Amongst the changes are updates of the linux kernel to 2.4.33, shorewall to version 3.2.2 and busybox to 1.2.1 - including the replacement of dash with busybox ash as standard shell. You'll now get commandline completion without the need to run a huge bash. Also the uClibc libraries has been updated to latest stable version 0.9.28. All available packages have been recompiled against uClibc 0.9.28. Do NOT try to run old packages from the 2.x series with this new release! But the most notable and probably most visible change is the overhaul of Bering-uClibc's package management and backup system. Since the early LRP days, the predecessor of LEAF, package management and backup was done with lrpkg. Based on David Douthitt's, Nathan Angelacos and Natanael Copa's work, we replaced lrpkg with apkg. Because the configurations are now saved independently from the packages in separate files (configdb and moddb), upgrading packages will be a lot easier in the future. Additionally Cedric Schieli enhanced apkg with an upgrade option, which will help to handle changes in configuration files. The floppy images, ISO image, ipv6 addon and a modules tarball are available in the File Releases Area: http://sourceforge.net/project/showfiles.php?group_id=13751package_id=67534 Please send feedback, bug reports and questions to the LEAF-User mailing list. in behalf of the Bering-uClibc team kp - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
RE: [leaf-user] [ANN] Bering-uClibc 2.4 beta1
Hi all, When upgrading, I have just been re-using my old config disk with the new CD. Would there be benefits of not doing this, and using the new default configs periodically. My configs are likely from 2.1 or 2.2, and although working fine, I just wonder if I might be missing valuable info. Cheers, -edt Edward Tetz [EMAIL PROTECTED] From: KP Kirchdoerfer [EMAIL PROTECTED] To: leaf-user@lists.sourceforge.net Subject: [leaf-user] [ANN] Bering-uClibc 2.4 beta1 Date: Tue, 3 Jan 2006 15:47:18 +0100 Happy new year! To celebrate 2006 the Bering-uClibc team released today Bering-uClibc 2.4 beta1. This release provides a kernel update to 2.4.32. Other changes are upgrades of various packages, including shorewall to 2.4.7, dnsmasq and ipsec/openswan. Plus a few minor changes here and there. For a complete changelog please read: http://leaf.sourceforge.net/bering-uclibc/index.php?module=pagemasterPAGE_user_op=view_pagePAGE_id=2MMN_position=2:2 The floppy images, ISO image, ipv6 addon and a modules tarball are available in the FRS: http://sourceforge.net/project/showfiles.php?group_id=13751package_id=67534release_id=339385 Please send your notes, bug reports, feature requests or whatelse youll like to add to the LEAF mailing-lists. You may also visit the LEAF IRC channel http://slashnet.org/channels/leaf/ irc://irc.slashnet.org/%26leaf Thx for reading kp --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37alloc_id865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] hardware required
I have run it for home use very successfully on a 486DX2 - 80 with 64MB of RAM. The extra ram allowed me boost the size of the RAM drive to allow for more packages, and gave me a good amount for Bering to work with. I have a couple of new pieces of hardware, so my Leaf box got an upgrade to Pentium 166 with 64MB of RAM. This, as expected, has provided faster tranfer time, especially noticed when there is a lot streaming or downloads going on. I would upgrade again, but this is currently the lowest grade hardware running at home. I have run a training center classrooms (50 pc's not devoted to internet) on a Pentium 90 with 64 MB or RAM and didn't have any complaints there either. Hope that helps. -edt Edward Tetz [EMAIL PROTECTED] From: Jaap Eldering [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: leaf-user@lists.sourceforge.net Subject: Re: [leaf-user] hardware required Date: Sun, 24 Jul 2005 01:18:00 +0200 On Sat, Jul 23, 2005 at 03:09:24PM -0700, Héctor Hoshi wrote: Esteemed list I like to know the level of hardware required to run bering uclibc, the lowest and recommended. The minimum requirements would be a 486 compatible pc with 8-12 MB memory and a floppy drive. This should suffice to run a standard router (although 16+ MB memory might be more convenient). If you want more special applications and/or have a high network traffic load (order of 1 MB/s), you might want to consider a bit faster computer like pentium 200+ MHz. Others please correct me if I'm wrong. Jaap --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Squid2.lrp and jsp pages
I am using Bering-uClibc with the Squid-2 package. Almost everything seems to be working, but if I goto a site that uses JSP pages (like www.gymboree.com), I get a long delay, followed by this error: ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://www.gymboree.com/ The following error was encountered: Connection Failed The system returned: (110) Connection timed out The remote host or network may be down. Please try the request again. Your cache administrator is webmaster. Generated Thu, 18 Nov 2004 18:59:51 GMT by firewall (squid/2.5.STABLE5) If I bypass the proxy, then the page works fine. I only seem to have problems with jsp pages, everythings else works fine. In an attempt to solve this problem, I have added the following to my squid conf file: hierarchy_stoplist jsp asp and acl JSP_Pages urlpath_regex -i \.jsp$ http_access allow CONNECT JSP_Pages and acl Gym dstdomain .gymboree.com no_cache deny Gym But none of these lines suggested by results of Google searches have yeilded any success. Has anybody else run into this problem with Squid? If so, what have you done to resolve it? Cheers, -edt Edward Tetz MCSE, MCDBA, MCT, A+, CTT+, CIW MA, CIW CI [EMAIL PROTECTED] --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Squid-2.lrp and jsp pages
I am using Bering-uClibc with the Squid-2 package. Almost everything seems to be working, but if I goto a site that uses JSP pages (like www.gymboree.com), I get a long delay, followed by this error: ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://www.gymboree.com/ The following error was encountered: Connection Failed The system returned: (110) Connection timed out The remote host or network may be down. Please try the request again. Your cache administrator is webmaster. Generated Thu, 18 Nov 2004 18:59:51 GMT by firewall (squid/2.5.STABLE5) If I bypass the proxy, then the page works fine. I only seem to have problems with jsp pages, everythings else works fine. In an attempt to solve this problem, I have added the following to my squid conf file: hierarchy_stoplist jsp asp and acl JSP_Pages urlpath_regex -i \.jsp$ http_access allow CONNECT JSP_Pages and acl Gym dstdomain .gymboree.com no_cache deny Gym But none of these lines suggested by results of Google searches have yeilded any success. Has anybody else run into this problem with Squid? If so, what have you done to resolve it? Cheers, -edt Edward Tetz MCSE, MCDBA, MCT, A+, CTT+, CIW MA, CIW CI [EMAIL PROTECTED] --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering Problems - file not found and create CD
Hi, I have been using LEAF since the LRP days. I personally love the product. I had been use Dashstein, but recently went to Bering as I felt that it was a little more customizable. I am booting from a custom CD image booting Bering uClibc v2.2.0, and it has been working quite well for me, with the following exceptions. I am having two problems with my bering installation. I think I know what one of the problems is, but I would like to verify it. I have tried to use two packages, DanGuardian and NTOP. I got DansGuardian from: http://cvs.sourceforge.net/viewcvs.py/leaf/bin/lince/dansgrdn.lrp?rev=1.6view=log And I got NTOP from the Oxygen package archive. Both of these packages seem to have the same problem. When I look at the directories for NTOP, I can see the executable, and it has the appropriate permissions to execute; but when I try to execute it, I get the following. ender# ls -l ntop -rws--x--x1 root root 199356 Oct 23 2000 ntop ender# ./ntop -sh: ./ntop: not found DansGuardian gives me the same problem. I think that it has to do with the fact that I am using uClibc rather than the normal version of Bering, and these packages were compiled looking for the older Clibc libraries. If this sounds correct, I will just have to suck it up and live with it, or figure out how to re-compile it. My second problem has to do with creating my CD. I am using the create Bering CD instuctions from the Bering and Bering uClibc user manuals. The command that I am using to make the iso image is: mkisofs -o Bering-CD.iso -b isolinux.bin -c isolinux.cat -no-emul-boot -boot-load-size 4 -boot-info-table -hide isolinux.cat -hide isolinux.bin -l content Where content is the directory containing my desired CD contents. It works fine with the exception of replacing all the - in the filenames with _. This means that my Squid-2.lrp package is now Squid_2.lrp. I have fixed this by loading that package off of a floppy, or I could have changed the files in /var/lib/lrpkg to reflect the new package name. since this affects about 5 packages, I would like to find out why the names are being replaced. I am using Debian Linux (Testing Tree) to create the iso images. My version of mkisofs is 2.0+a34-2. Does anybody else have this problem creating CD's under linux? If not, what versions are you using? Cheers, -edt Edward Tetz MCSE, MCDBA, MCT, A+, CTT+, CIW MA, CIW CI [EMAIL PROTECTED] --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering Problems - file not found and create CD
Thanks for confirming the first, and pointing me to the correct command line for the second. The problem with my CD was in the options. The command in the uClibc guide uses -v (verbose), -r (RockRidge directory records), -J (Joliet directory records), -f (follow sym links). The extra length in my command (from the Bering user guide) simply does some extra cleanup and is more specific on the boot information. Verbose and Follow links make no difference in the execution (although there is a warning about sym link support when it generates the CD, which is fine as my dir does not have sym links). Apparently you can only get the hyphen if you generate either RockRidge or Joliet directory files, it is not supported on a RAW CD filestructure. Go Figure! My command is now working with the addition of the missing switches. It is odd, as I reviewed both the Bering and Bering uClibc user guides. I has started to follow the Bering guide to make the CD (I think, since I was going to make the CD under Windows). When the didn't work, I just moved over to my linux system, and followed most of the steps from the uClibc guide, with the exception of the mkisofs command, which I took from the guide I was originally following. Part of the reason, was the uClibc command did not initially work for me, as it is missing a pathspec at the end of the command. I needed a ' .' Thanks again. -edt Edward Tetz MCSE, MCDBA, MCT, A+, CTT+, CIW MA, CIW CI [EMAIL PROTECTED] From: K.-P. Kirchdörfer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [leaf-user] Bering Problems - file not found and create CD Date: Sat, 13 Nov 2004 20:57:01 +0100 Hi Ed; you are right - ntop and DansGuardian are compiled against glibc and won't run with Bering-uClibc. The errors you see (file not found) are typical for a mismatch of libraries. So you have to live with it or build yourself, including libraries the applications depends on,. If you want to build yourself, have a look at buildtool, it provides a usable toolchain to build against uClibc for LEAF: http://leaf.sourceforge.net/doc/guide/buc-buildtool.html Once you installed it from cvs ./buildtool.pl describe shows the available packages (e.g. ntop needs libpcap, which has already ported to buildtool). If you have success, pls let us know - so we can add it to the packages section. If you run into problems, feel free to ask. About your CD issue - I loop-mounted the Bering-uClibc ISO and I see squid-2.lrp as expected. I follow the Bering-uClibc User Guide to build a CD - (ok, I've edited it based on Charles Dachstein CD README and Jacques work on Bering) http://leaf.sourceforge.net/doc/guide/bucu-ide.html If you look at the command line for mkisofs it's a lot shorter than yours - I'm not shure what you add, I only the one from the Guide seems to work. Currently used mkisofs version is 2.01a31 HTH kp Am Samstag, 13. November 2004 14:00 schrieb Ed Tetz: Hi, I have been using LEAF since the LRP days. I personally love the product. I had been use Dashstein, but recently went to Bering as I felt that it was a little more customizable. I am booting from a custom CD image booting Bering uClibc v2.2.0, and it has been working quite well for me, with the following exceptions. I am having two problems with my bering installation. I think I know what one of the problems is, but I would like to verify it. I have tried to use two packages, DanGuardian and NTOP. I got DansGuardian from: http://cvs.sourceforge.net/viewcvs.py/leaf/bin/lince/dansgrdn.lrp?r ev=1.6view=log And I got NTOP from the Oxygen package archive. Both of these packages seem to have the same problem. When I look at the directories for NTOP, I can see the executable, and it has the appropriate permissions to execute; but when I try to execute it, I get the following. ender# ls -l ntop -rws--x--x1 root root 199356 Oct 23 2000 ntop ender# ./ntop -sh: ./ntop: not found DansGuardian gives me the same problem. I think that it has to do with the fact that I am using uClibc rather than the normal version of Bering, and these packages were compiled looking for the older Clibc libraries. If this sounds correct, I will just have to suck it up and live with it, or figure out how to re-compile it. My second problem has to do with creating my CD. I am using the create Bering CD instuctions from the Bering and Bering uClibc user manuals. The command that I am using to make the iso image is: mkisofs -o Bering-CD.iso -b isolinux.bin -c isolinux.cat -no-emul-boot -boot-load-size 4 -boot-info-table -hide isolinux.cat -hide isolinux.bin -l content Where content is the directory containing my desired CD contents. It works fine with the exception of replacing all the - in the filenames with _. This means that my Squid-2.lrp package is now Squid_2.lrp. I have fixed this by loading that package off of a floppy, or I could have changed
[leaf-user] HD Booting Dachstein with a twist
Hi Guys, I am looking at getting a Norhtec server (http://www.norhtec.com/index.html) to act as my firewall. It comes with an internal HD, but no CD-ROM. I will be using a USB floppy drive. I am still waiting for the hardware, so I can't test things yet. I already figure that I will have to recompile my kernel to support the USB floppy. Not a problem. I also wanted to keep alot of the security of having the packages on CD, so I was thinking of using an ISO image on the HD. Normally you need to add the loopback device, which I don't think will be a problem. I figure that I will boot from the floppy, and then treat the ISO image on /dev/hda1/dachimg.iso as the CD-Rom. That will hopefully give me the BOBW (Best of Both Worlds), using the hard drive (since I don't have a CD-Rom) and having the security of the CD-Rom (or most of it). This will also make the upgrade easier when Dachstein is updated, as I only have to replace the isoimage on the harddrive. Does anyone know off hand if a pkgpath option of /dev/hda1/dachimg.iso:loop or /dev/hda1/dachimg.iso:iso9660 should work in syslinux.cfg? I currently have /dev/hda:iso9660. After the system starts booting, I figure I can easily mount (via fstab) the image as /cdrom, so I am just concerned what happens during the boot process, prior to reading fstab. Cheers -edt Edward Tetz [EMAIL PROTECTED] _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Win2K and LEAF
Charles is correct, Windows 2000 should handle it's own DNS if you are using AD. For Windows 2000, outside of AD, it doesn't matter, but AD wants to create a bunch of DNS records for AD to work properly as a name and service resolution tool. You can run it with a properly configured *nix DNS server, but it is just easier to use Win2K for DNS. You can then have Win2K forward onto DNS cache. -Cheers edt - Original Message - From: Charles Steinkuehler [EMAIL PROTECTED] To: John Mullan [EMAIL PROTECTED] Cc: Leaf-User [EMAIL PROTECTED] Sent: Monday, February 10, 2003 10:14 AM Subject: Re: [leaf-user] Win2K and LEAF John Mullan wrote: OK Charles. I understand. As you know by now, I only really do this stuff at home. I have helped a buddy by putting a LEAF router at his office. So, not being the guru and not having a great amount of time, I will eventually read bits and pieces. I only ended up with Win2K server because my drive crapped out on Tuesday and I figured that, what the heck. It would give me the ability to keep user profiles in one location. On this scale, it really comes down to what I'm willing to live with and for how long. Right now I timed it and I spend about 1 minute 'Preparing Network Connections'. That's really not too bad. Also, since this is only my home network, I run all servers on one box. It's name is WWW but has FTP and POP3/SMTP. I thought it great to define ftp.mullan.ca, mail.mullan.ca and www.mullan.ca and have them all point to the same box but thanks to M$ that doesn't work anymore as it seems to override my TinyDNS in this respect. (a little of my ranting too :) So really, would it be better to let my M$ box handle internal DNS and let LEAF handle dnscache for internet queries? Is there a package other than TinyDNS that is dynamic and will let the M$ box register hosts? I intentionally know as little as possible about the M$ networking world, but from what I know, and the information provided above, if you don't want to remove AD (and your other MS systems are recent enough to avoid any MS-MS operating problems), you're probably best off using your AD server as the primary DNS for your network. You can probably configure the AD server to query DNSCache on the firewall for internet domains, use your ISP's DNS servers, or make all queries itself. Which option is best depends a lot on your connection to the 'net (bandwidth and latency) and the reliability of your ISP's name servers. I added DNSCache to Dachstein to allow implementing a pre-configured DHCP server, and because my ISP's DNS servers would typically go down about once every other week. You don't *HAVE* to use it, it's simply provided as a convinence. -- Charles Steinkuehler [EMAIL PROTECTED] --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Using a wireless router with LEAF (Dachstein, Bering)
I did the same thing. For 3 months I was at my sister-in-law's, and was leaf-less; so I bought a Linksys Wireless Access Point/Router/4 Port switch combo. After getting into my new house, I am using the switch for my internal network, and I don't use the WAN port, since Leaf is doing that job for me. If you wanted in a separate location in the house, then you could connect any switched port to you main switch's uplink port, or use a cross-over cable. Keeping everyone on one subnet makes it easier, but does leave you open to war-drivers, or neighbours sneaking in. Most AP's allow you to restrict access to MAC addresses, and there is WEP (although it is lightweight). If you want more security, you could add a second nic in your leaf box and then only allow that subnet to get out, and not to your wired network. It just depends on your level of paranoia. ;-) Cheers, -edt Edward Tetz MCSE, MCDBA, MCT, A+, CTT+, CIW MA, CIW CI [EMAIL PROTECTED] [EMAIL PROTECTED] From: Todd Pearsall [EMAIL PROTECTED] To: Peter Nosko [EMAIL PROTECTED],leaf [EMAIL PROTECTED] Subject: Re: [leaf-user] Using a wireless router with LEAF (Dachstein, Bering) Date: Wed, 5 Feb 2003 22:58:30 -0500 Not sure if this is what you want to do but... I recently wanted to add some wireless nodes to my existing wired network. What I really needed was just an Access Point that I would hang off a drop in the middle of the house to get wireless service through the house. When I looked around the wireless routers were cheaper and more readily available the wireless access points so I bought one (D-Link). Since I didn't need the router functions thanks to LEAF I turned off DHCP serving, assigned it an IP on my network for management and plugged a cable from the my switch into one of the LAN ports and left the WAN port empty. It works fine as a access point and has three free ports I can use for the computer and PS2 near the access point. - Todd - Original Message - From: Peter Nosko [EMAIL PROTECTED] To: leaf [EMAIL PROTECTED] Sent: Tuesday, February 04, 2003 7:34 PM Subject: [leaf-user] Using a wireless router with LEAF (Dachstein, Bering) Hi all. What's the simplest way to go about this? I'd like to cut the tether to my notebook. Is it as simple as hooking up the router off the hub on my internal network and letting it create a separate subnet? Thanks. = - Peter Nosko ([EMAIL PROTECTED]) This is a good place for a tagline. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html _ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Webbased configuration, some thoughts.
Hello all, I am in the process of making a 4 month move, that involves staying with my sister-in-law. As such, I had to pack my Dachstein firewall, and I am now using a Linksys router/Wireless AP. What I have always envisioned as a Web Admin tool, would be something of the nature that they use. Simple pages to setup the interfaces, rules, forwarding, etc. All the stuff that I really need to edit regularly. I feel that the options that are available with the linksys are really lacking when compared to Leaf. One of the reasons I have been playing with this idea, is that I want to do a case mod for my new firewall box: CD, NICs, floppy, scaled back PS, etc. I would then like to place it in a wiring closet and manage it from a web page. I realize that my current process of using putty and ssh work well for me, but is scares off all of my friends that I am trying to convert to leaf. I personally don't mind the size factor of the package, as I have already added custom packages to my Dachstein ISO image that I burn to CD. For this and other reasons, I am also looking at compiling and creating a larger Apache package with PHP. One thing the currently concerns me with this process (the way I see it anyways), is that you will either have to scrap the current scripts (or modify them), like the network config script, or write a routine to parse the configuration information and then write it back to file without breaking it. I personally think that curent files provided by Charles and others for Dachstein are excellent when using CLI, as they provide options for doing your configuration this way, or that way; but the thought of parsing them leaves me sleepless at night. It would almost be better is each of the configuation option sections stored the actual config in separate files. ie, basic port forwarding rules in a file, advanced port forwarding rules in another file, allow chains in another files, deny chains in another, etc. These files would contain contain just the rules or options, and the network config file could then parse these files to apply the options. ie. basic port forwarding file would look like, #INTERN_FTP_SERVER=192.168.1.1 # Internal FTP server to make available #INTERN_WWW_SERVER=192.168.1.1 # Internal WWW server to make available #INTERN_SMTP_SERVER=192.168.1.1 # Internal SMTP server to make available #INTERN_POP3_SERVER=192.168.1.1 # Internal POP3 server to make available #INTERN_IMAP_SERVER=192.168.1.1 # Internal IMAP server to make available #INTERN_SSH_SERVER=192.168.1.1 # Internal SSH server to make available And the advanced port forwarding would then look like: #INTERN_SERVER0=-a -P PROTO -L LADDR LPORT -R RADDR RPORT [-p PREF] #INTERN_SERVER1= If the actual config options are broken out, then I could easily have a page that parses the file, displays them on a page, and then write the whole file back out. Just my $0.02. I think the idea is valid, and I would use it, if for no other reason, to show others that is can be easy, and you don't have to know alot of linux. Cheers edt __ Edward Tetz [EMAIL PROTECTED] _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] DHCP REQUESTS FORWARDED BETWEEN SUBNETS
Hi Mike, One last question, How would I have known (or should I have known) what kernel versions the packages are by looking at the CVS page? http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/bin/packages/glibc-2.0/d hcrelay.lrp I didn't really see anything on that page or it's links that told me anything. Do I need software other than my web browser to tell the differences between the versions? Is there a separate index page that would tell me the differences or would that normally be in the description (not to slight you, as you have been doing great work on compiling everything into one place - I am impressed)? Sorry, I guess that was three questions :-) Cheers ed - Original Message - From: Mike Noyes [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, May 23, 2002 5:17 PM Subject: Re: [leaf-user] DHCP REQUESTS FORWARDED BETWEEN SUBNETS On Thu, 2002-05-23 at 13:01, Ed Tetz wrote: Mike, That is the file I referred to in my email to Troy (version 2.0-1). I am a little confused by the version information that is listed on that page though. It lists the following: Revision Package Version 1.4? This file is incorrectly named, and was committed by mistake. Sorry. 1.32.0-1 kernel 2.2x version of dhcrelay 1.23.0b1p10-1 1.12.0-1 These are kernel 2.0x versions of dhcrelay Stuff deleted ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] DHCP REQUESTS FORWARDED BETWEEN SUBNETS
Hi Troy, Version 2.0-1 can be found in a mirror of Ken Wongs old LRP archive. Here is a link for it. http://c0wz.steinkuehler.net/files/kwarchive/dhcrelay.lrp I have used this version in the past with LRP 2.9.8, and it should work find with whatever you are using. It was dead easy to setup, I think there is just one config file in lrcfg packages menu. This package is 23K, so it is nice and small. Cheers edt - Original Message - From: Troy Aden [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, May 22, 2002 9:34 PM Subject: [leaf-user] DHCP REQUESTS FORWARDED BETWEEN SUBNETS Hi I am working with Dachstein in a basic router setup. I would like to know how to set up DHCP request forwarding between subnets so that we can administer all of our subnets with one DHCP server. I will do my best to draw this out. -ROUTER- Subnet 1 - 192.168.141.1 Subnet 2 - 192.168.142.1 Subnet 3 - 192.168.143.1 DHCP SERVER IS ON SUBNET 1. (192.168.141.252) I want computers that are on the .142 and 143 subnets to (Obtain Ips from the DHCP server on subnet 1) have their DHCP REQUESTS forwarded to the DHCP SERVER ON SUBNET 1 (.141) How is this done? Can someone please help me out. Thanks in advance. Troy ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] DHCP REQUESTS FORWARDED BETWEEN SUBNETS
Mike, That is the file I referred to in my email to Troy (version 2.0-1). I am a little confused by the version information that is listed on that page though. It lists the following: Revision Package Version 1.4? 1.32.0-1 1.23.0b1p10-1 1.12.0-1 All with the same creation date. Since I am new to CVS, I would be (and am :-) ) confused by which version I should want to download. I downloaded them all and took a look at them. It appears that the package version are correct, so 1.1 is updated by 1.3 for version 2.0-1, 1.2 is alone as a build of 3.0, but 1.4 actually appears to be DHCPD, and not the relay agent - now more confused :-). Please let me know if I am on the right track for working with the CVS files. BTW, I didn't realize that apparently all of the LRP files for LEAF were available here on the site. Kudos. Cheers edt - Original Message - From: Mike Noyes [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, May 23, 2002 1:51 PM Subject: RE: [leaf-user] DHCP REQUESTS FORWARDED BETWEEN SUBNETS On Thu, 2002-05-23 at 09:23, Richard Doyle wrote: If you like, I can send you a copy of the dhcrelay.lrp I used to use with an LRP 2.9.8 firewall, which should work on any glibc 2.0 system, including dachstein or bering. Richard, Is the package you have different than the ones we have in cvs? http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/bin/packages/glibc-2.0/d hcrelay.lrp -- Mike Noyes [EMAIL PROTECTED] http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [Leaf-user] Your project (other questions)
Jason, I am currently trying to make a rescue disk that supports SMB and NTFS. I have all the files, but I need more space. I have already pared down the modules, and in my case I got rid of the IP_ modules as well. I am still about 100K too large and I was looking at delete some of the other executables on the system. One that I don't think I need is edit-editor-e3, other than that one, can you suggest any other files that would free up the space? I don't need any firewall or routing files, just a NIC, NTFS, and SMB. Cheers edt From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Leaf-user] Re: [off-list] Your project (other questions) Date: Wed, 17 Apr 2002 16:51:26 -0400 Lynn, You do have an ipsec-enabled kernel don't you? Yes I do. No errors on IPsec startup. What exactly did you strip beside the packages not listed above? I would have to assume that you've stripped more than the extra NIC modules to keep it that small. Just the extra NIC Modules. I kept the two I need (eepro100.o and ne2kpci.o) and their dependencies (8390.o and pci-scan.o) And all of the ip_* modules are still there. If you would like I'll send you a image file. Jason Massey guitarlynn [EMAIL PROTECTED] 04/17/2002 04:36 PM To: [EMAIL PROTECTED] cc: Subject:Re: [off-list] Your project (other questions) On Wednesday 17 April 2002 14:10, [EMAIL PROTECTED] wrote: Could you elaborate. I have in fact sqeezed in tinydns.lrp to my image(still 1.68mb :-). Is this going to cause some kind of problem with the ipsec scripts? What did you mean by the above? No, it shouldn't... but things depend on what you have stripped. You do have an ipsec-enabled kernel don't you? BTW: I have the following on my 1.68mb floppy: DNSCACHE.LRP, ETC.LRP, IFCONFIG.LRP, IPSEC.LRP, LDLINUX.SYS, LINUX.SYS, LOCAL.LRP, MAWK.LRP, MODULES.LRP, RAMLOG.LRP, ROOT.LRP, SYSLINUX.CFG, SYSLINUX.DPY, TINYDNS.LRP, UDHCP.LRP Your insight is greatly appreciated. What exactly did you strip beside the packages not listed above? I would have to assume that you've stripped more than the extra NIC modules to keep it that small. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user Edward Tetz MCSE, MCDBA, MCT, A+, CTT+, CIW MA, CIW CI [EMAIL PROTECTED] [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Samba across Eigerstein LRP
Hi Lonnie, If you have opened and forwarded the ports 137, 138, and 139 (Which is sounds like you have), then you should be up and working. I have had this working on several occasions with Win2K, and if you are using Win95OSR2 or better - then you should be able to connect by IP rather than using an LMHOSTS file. eg. \\24.10.15.75\MyShare. I would not be worried so much about the NetBIOS traffic that you are sending over the WAN, but rather that you have exposed that computer to the computers outside of your firewall. Most of the hacks that take place against Microsoft server, run through SMB. I have opted to use an FTP server on the internal network (it was easier for me to setup than VPN), and FTP files up and down. This actually performs much faster and reliable file transfers. The catch with DCD, is that I could only get that working with an FTP server that allows you to set the range for passive FTP. I use GUILDFTP on Win2K, but there should be something that fits the bill on Linux. Cheers edt From: Lonnie Cumberland [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: [Leaf-user] Samba across Eigerstein LRP Date: Fri, 22 Feb 2002 07:35:05 -0500 (EST) Actually your are VERY right and I am now really looking into a VPN solution. Thnaks for the advice. Lonnie Yeech, you seems to want to broadcast all that NetBIOS stuff into the WAN connection that we're all spending years trying to block :( First, I will warn you opening those ports on your firewall with any OS (particuarly the Win9x/ME group) is pretty much like using a piece of cardboard to stop a tank. Opening up ssh/sftp or IPSec would be _highly_ recommended to doing NetBIOS. In fact, I am not sure that this would work at all w/o VPN because of the name resolution and MAC addressing. I wouldn't suggest WINS here at all, but you may come up with something possibly with a hosts or lmhosts file(s) on both computers. WINS addressing and DNS are similar, yet worlds apart in reality which makes me think that this would be very difficult to accomplish regardless of what you do to the firewall. In my experience, I would either do ftp w/address filtering (and permissions), VPN, or ssh/sftp with the emphasis on the latter two. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user -- Lonnie Cumberland OutStep Technologies Incorporated EMAIL: [EMAIL PROTECTED] : [EMAIL PROTECTED] The Basis Express Virtual Office Data Backup and Recovery Services URL: http://www.basis-express.com The Virtual Office without boundries!!! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] multi ip port forwarding
Hi Gregor, I know that I had some issues with this. I had 2 alias address bound to my external interface. I was able to receive traffic on them and portfw them correctly. But then I tried FTP and I found that all other outbound traffic gets masq'd on the primary IP, not the alias. From what I read at the time, that is just how it is, and you cannot masq out with the alias IP. That also gave me a problem with my Dynamic DNS, as it would register the primary, and not the alias address. This might give you a problem with SMTP, but I wouldn't think that it should affect the Web, and Pop components. I hope that helps a bit. Cheers - Original Message - From: GREGOR [EMAIL PROTECTED] To: linux-router [EMAIL PROTECTED] Sent: Tuesday, January 15, 2002 1:18 AM Subject: [Leaf-user] multi ip port forwarding I've been trying to install dachstein-cd-v1.0.2 but it doesn't seems to work. I wonder if any of you could help me to configure *network.conf* file to fit my needs. Here's my situation : |internet (eth0) | ip_legal1 + ip_legal2 + ip_legal3 - | | | dachstein cd | | | DMZ (eth2) | | - | | internal network (eth1) ip_legal1,ip_legal2,ip_legal3 are running services on port 25,80,110 and will be forwarded to the DMZ. like this: ip_legal1 (port 25,80,110) port forwarded to 192.168.15.200 ip_legal2 (port 25,80,110) port forwarded to 192.168.15.201 ip_legal3 (port 25,80,110) port forwarded to 192.168.15.202 All clients will use *internal network (eth1)* as their gateway to browse the internet. please help and thanks in advance. regards, Gregor +Gregor Gede W. +CENTER FOR INFORMATION SYSTEM +ATMA JAYA YOGYAKARTA UNIVERSITY [EMAIL PROTECTED] +62 81 2271 0583 +62 81 7467 518 WATCHOUT! 3RD INTERNATIONAL SEMINAR ON SUSTAINABLE ENVIRONTMENTAL ARCHITECTURE + DIGITAL ARCHITECTURE, 9-10 MARCH 2002, YOGYAKARTA http://senvar.virtue.nu or http://senvar.uajy.web.id ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Connecting to my company's Win2k server via VPN with L2TP/IPsec
Hi Eric, Here are two main points about IP/Sec, which is the problem you are having. * IP/Sec can be configured in two methods, Endpoint and Tunnel. * The IP address of the encrypting computer is used in the encryption algorithm. (So it cannot be modified). I believe that most people who are using ipsec.lrp are using it as a tunnel between two LRP boxes. This allows all traffic flowing between two segments, separated by the Internet to be encrypted. In this case, both computers have non-translated(non-masq'ed), public addresses, but the computers on the segment can have translated addresses, since they are doing the encryption. The other method of using IP/Sec is endpoints. If you Lan is not using a tunnel to create a secure connection, then an individual host can; but, that host must have a public, non-translated address as that would invalidate the encrpytion. In your case, that is why your system works when plugged directly into, but not when translated. Your department was correct about the ports, but that would only apply if you were using a non-translating firewall. Most home users are not using these, but some corporate LANs are. I hope that helps, and if anybody has *first hand* knowledge that disagrees with this, please let me know. I teach security courses, and this has been true to the extent of my testing, but I haven't tried this with LRP or DCD. Cheers edt - Original Message - From: Eric Friedman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 11, 2002 11:23 PM Subject: [Leaf-user] Connecting to my company's Win2k server via VPN with L2TP/IPsec First, let me apologize if I get any (or all!) of the technical jargon here confused, backwards, or just plain wrong. Second, let me describe my situation. I am using a Pentium 133mhz with 16MB RAM to run Dachstein 1.0.2 to share my internet connection among the numerous computers in my house. The router runs a DHCP server for the computers on my internal network and runs a DHCP client to connect with my ISP, but this is just for convienence as my ISP provides me with a static IP. The computers (Win98, Win2k, and WinXP) on my internal network all work flawlessly through the router for normal internet access. My company provides access to its network over the Internet in the form of a VPN (operated by a Windows 2000 Server, I believe). I connect to this VPN using Windows 2000 Professional. All worked fine connecting to the VPN through my home router until my company began using L2TP/IPsec for the VPN connections. Now, I get no response from the company VPN server when trying to connect. (Note, however, that I *can* connect just fine when my computer is connected directly to my ISP, i.e. without the interference of my LRP box. So my sense is that there are no configuration problems on the client computer, but rather something wrong with my LRP configuration.) Third, I know very little about Linux -- largely because I lack experience -- but I was wondering if someone might point me in the right direction on this problem. As an additional bit of information, a guy in the IS department informed me that UDP ports 500 and 1701 would be involved in the solution, but I am not certain how to act on this information in configuring my router. I have begun to look at the ipsec.lrp package available for Dachstein, but I have not been able to use it to solve my problems. I do not know, however, if this is a fault in my configuration of the package or if the package does not support Level 2 Tunneling (L2TP). If anyone has some experience in a similar situation or would be willing to help a poor old guy trying to get his LRP box to work again, I would much appreciate it. Thanks, Eric Friedman P.S. Please note as well that while I am currently running Dachstein off of a single floppy, I also have access to a CD or additional floppy drive that I could install in the router box. So do not worry about offering solutions that may require more space than is available on a single floppy: I just want something that will work. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] WTD: NIC recommendations
I am using an Startech ST100S 10/100 on my private interface. It uses the realtek driver (pci-scanrtl8139) and I haven't had any problems with it. It has a $13US MSRP - well below your $100 limit. My public nic is an Aopen ALN-201 or AON-201. It is a 10Mbit PCI that uses the NE2000 driver (8390ne). The service from the cable co. is only 10Mbit tops, so I figured it would suffice, but I wanted to get rid of the ISA cards, to max the bus performance. I have a Dlink 530TX in another linux box, and I get the driver message as well, but I don't get lockups. The message appears, and everything else is fine. That one is running Redhat. Cheers edt - Original Message - From: Scott Ritchie [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, January 10, 2002 8:15 PM Subject: [Leaf-user] WTD: NIC recommendations Hey all, I'm currently using two Dlink 530TX (via-rhine.o). I've been encountering a few problems; lockups, oversized frame warnings, and that Something Wicked Happend driver error message. After reading a bit in other linux circles, I've found that these are not ideal for a firewall/router application. I've been looking at the 3Com 980X-TXM NIC's. Are these overkill for 13 user / 22 computer lan linked to a cable modem? What would the collective recommend? (for about a $100max per card) Thanks in advance Scott ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] tcp ports 445 524 ???
Here is a bit of info. Port 524: Used by NetWare http://razor.bindview.com/publish/advisories/adv_novellleak.html http://lists.insecure.org/incidents/2000/Nov/0015.html http://support.novell.com/cgi-bin/search/searchtid.cgi?/10013531.htm Port 445: Used as a new replacement for 137,139 Smb ports. http://support.microsoft.com/default.aspx?scid=kb;EN-US;q204279 http://www.newsbytes.com/news/01/169408.html Cheers edt - Original Message - From: Michael D. Schleif [EMAIL PROTECTED] To: LEAF [EMAIL PROTECTED] Sent: Wednesday, January 09, 2002 12:58 PM Subject: [Leaf-user] tcp ports 445 524 ??? We are managing several remotely located DCD firewalls. Yesterday, on one of these firewalls, we began seeing several of these: Jan 8 17:12:31 trout kernel: Packet log: input DENY eth0 PROTO=6 a.b.c.157:63882 x.y.z.86:524 L=48 S=0x00 I=15350 F=0x4000 T=112 SYN (#45) Jan 8 17:12:55 trout kernel: Packet log: input DENY eth0 PROTO=6 a.b.c.157:63884 x.y.z.86:445 L=48 S=0x00 I=15570 F=0x4000 T=112 SYN (#45) Coincidentally, around these same times -- *no* direct correlation, yet -- we were doing testing, trying to get windoze networking working across the ipsec gateways, also established between these same two firewalls. However, a.b.c and x.y.z are the un-encrypted, external addresses of these firewalls. http://www.echogent.com/cgi-bin/fwlog.pl doesn't really answer the questions about what is happening here. What do you think? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] MSN Gaming
If you don't want to be hooking up your monitor, use sshd.lrp and configure it. Then you can use putty from your Win Client to do the config. Cheers - Original Message - From: Joris Kempen [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, January 09, 2002 1:35 PM Subject: RE: [Leaf-user] MSN Gaming -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, January 09, 2002 5:37 PM To: [EMAIL PROTECTED] Subject: Re: [Leaf-user] MSN Gaming You will need to look at the readme file for MSN, you want to find out what ports it wants open on the firewall. Alternatively, you 'MAY' be able to send using a SOCKs proxy (tho, I have never used one) that you would have to setup on you Dachenstein system. ok i found the port for this one.. Again, this is a ports issue, you will need to find out which ports the game needs open and then open them on the firewall. also found the port for this one how do i easily open ports in the dachstein router? I looked at Charles page and found that I need to edit network.conf can this been done from the menu interface.. i guess it can. I think i have to hookup my monitor keyboard again :) Can't this been done from one of the client machines??? I read a piece of text of using a serial cable to access the router box, can't it been done using my utphub? last thing: to host my own games, i always get the ip-address of my localmachine 192.168.1.1 but other people on the internet can't use this IP i guess? This is for local networks only, that's what I learned at school :) is opening the ports enough for this? what ip-address do people see when they ping me, for example from IRC? or can't they ping me? other thing: i want to read more about (linux)-firewalls, where to start, any documents? I read a book internet for school that included a chapter about firewalls, but really basic. i want to get more into linux firewalls. thanks for any advice gr Joris ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] multi homed router routing
Hi All, This does work, and if I still had access to my scripts, I would post the solution here, but I was laid off on Friday. Basically, I have three interfaces, Public Ethernet (eth0), Private Ethernet (eth1), and Private Tokenring (tr). eth0 was also aliased 5 times for access from multiple logical IP subnets that occupy the same physical network. This was done to facilitate teaching Microsoft courses. This machine masquraded both private segments out, and routed between the private networks. This was done with LRP 2.9.8, but should work with Dach as well. I followed the default settings to enable the the second private interface, made sure that ipchains did not have a deny rule for the route, and added a route between the locations. This could have all been done the network_direct.conf file under LRP 2.9.8. It was actually quite painless, and should work equally well with Dachstein. If I can get ahold the config file, I will make it available here. Cheers edt - Original Message - From: Jack Coates [EMAIL PROTECTED] To: David B. Cook [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, January 08, 2002 12:02 AM Subject: Re: [Leaf-user] multi homed router routing On Mon, 7 Jan 2002, David B. Cook wrote: Folks, I'm still confused about the internal routing on a Dachstein FW with 2 internal interfaces. I simply want to route between eth1 eth2 freely while MASQ'ing both to the outside world. I do not want one to be a DMZ - they are both peer legs to the network. My internal addresses are from the reserved block. eth1_IPADDR=172.16.40.250 eth1_MASKLEN=24 eth1_BROADCAST=+ eth1_IP_SPOOF=YES eth1_IP_KRNL_LOGMARTIANS=YES eth1_IP_SHARED_MEDIA=NO eth1_BRIDGE=NO eth1_FAIRQ=NO eth2_IPADDR=172.16.50.250 eth2_MASQLEN=24 ... etc... eth2_ROUTES=172.16.40.255/24_via_172.16.40.250 ... etc... I have set the masqlen on both interfaces to 24 as I have heard is necessary to MASQ both interfaces to the outside. I'm not sure if this is part of my problem. I have added what I think is a route between eth1 eth2 but obviously as I am writting this ... it does not work. Can somebody give me some pointers?? Thanks, dbc. -- David B. Cook, [EMAIL PROTECTED] The only Windows this software came close to had an X in front of it. I've been trying to get this same scenario to work off and on for about six months; I am reasonably sure at this point that it is not possible to do with LEAF or with a full distribution. Your best path to success is going to be two routers with floating static routes and a routing daemon (e.g. zebra or routed) or a ping-check script. -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user