[leaf-user] Hardware for LEAF-running WiFi router?
It's time to get a dedicated hackable WiFi router to replace the consumer-grade stuff I keep having to replace (while the Soekris and PCEngines boards running our LEAF firewalls just keep going.) Does this list maintain a -- list -- of hardware known to work with LEAF? I assume I'll get a PCEngines Alix board. But I'm not confident in picking a Mini-PCI WiFi card since I've seen so many discussions about working around problems. Can anybody recommend a card currently available that's working well for him/her with stock LEAF (Bering uClibc)? Until recently (latest generation of Atom processors), I trusted Intel to take Linux compatibility seriously. Can their Mini-PCI cards be trusted? Thanks! --Eric -- ** * From the desktop of: Eric House, eeho...@eehouse.org * * Crosswords for Android now in beta: via the Market or xwords.sf.net * ** -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Building dnsmasq.lrp from source: best way?
I'm trying to set up a pxe boot server on my LEAF box and rather than struggle with multiple packages thought I'd see how dnsmasq's built-in support works. But: the provided dnsmasq .lrp has the functionality disabled via compile-time flags. The developer docs suggest if I pull the leaf git repo I'll be able to build it myself after tweaking the config. Unfortunately the repo is so big 'git clone' keeps failing after a couple of hours (partly due to my slow DSL connection, I'm sure.) My question: is there a recommended way to build a single .lrp that doesn't require pulling the repo? Thanks, --Eric -- ** * From the desktop of: Eric House, eeho...@eehouse.org * * Crosswords for Android now in beta: via the Market or xwords.sf.net * ** -- Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Bering 4.1 on WRAP: /dev/hda vs /dev/sda etc
[4.824106] RAMDISK: gzip image found at block 0 [5.568304] List of all partitions: [5.569281] No filesystem could mount root, tried: [5.571015] Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(1,0) [5.572147] Pid: 1, comm: swapper Not tainted 2.6.35.14-i486 #1 [5.573175] Call Trace: [5.574139] [b1197278] ? panic+0x4a/0xae [5.574808] [b127fa87] ? mount_block_root+0x1e9/0x1fd [5.575719] [b127f195] ? kernel_init+0x0/0x101 [5.577050] [b127fad4] ? mount_root+0x39/0x4d [5.577967] [b127f195] ? kernel_init+0x0/0x101 [5.578974] [b127fc25] ? prepare_namespace+0x13d/0x163 [5.579891] [b127f28d] ? kernel_init+0xf8/0x101 [5.581295] [b10029b6] ? kernel_thread_helper+0x6/0x10 On Sat, 2011-10-22 at 11:26 -0700, Eric House wrote: Or: lsmod on my LEAF 3.x system shows ext2 as having no dependencies. Has this changed for 2.6? Are there other modules I need to add to initrd.lrp for ext2 to work? Just tested this myself. Looks like the 2.6 ext2.ko depends on kernel/fs/mbcache.ko Yes, that was one of my problems. I was able to get 4.1 running with very little effort once I reformatted one of my partitions vfat. Everything just ran. When I then tried to mount one of the ext2 partitions I had to add ext2 and mbcache modules (and a post-boot script to echo ext2 to /etc/filesystems). Getting running on an ext2 partition took longer, but that was mostly because I didn't read the LEAF docs on rebuilding an initrd.lrp file right away. I read the man page for cpio, but it doesn't talk about possible format values so didn't think to try the -H option. I'm running now. Thanks, --Eric -- ** * From the desktop of: Eric House, eeho...@eehouse.org * * Crosswords for Android now in beta: via the Market or xwords.sf.net * ** -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] request: enable watch in busybox?
Any chance the maintainer of busybox could be persuaded to turn on the 'watch' applet? I find it awfully useful -- and it's also very small. Or: is 'watch' available in some other way? Thanks, --Eric -- ** * From the desktop of: Eric House, eeho...@eehouse.org * * Crosswords for Android now in beta: via the Market or xwords.sf.net * ** -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Bering 4.1 on WRAP: /dev/hda vs /dev/sda etc
Andrew wrote: On LEAF 4.x we switched from old, legacy ATA/ATAPI/MFM/RLL drivers to SCSI-like PATA/SATA drivers, which results in changing drive names from hdX to sdX. Thanks. That's not the source of my problem then: I'll go with sda3 everywhere. What is said in dmesg after mount failure? Nothing! The failure doesn't result in anything showing up in dmesg output. But you've reminded me that I need support for ext2, as that's how this partition is formatted. I added ext2.ko (from modules.tgz) to initrd.lrp (both the file in /lib/modules and as a line in /boot/etc/modules), but now I don't get as far as before, and get a kernel panic instead of being dropped into the recovery console. The kernel can't mount the root fs, and the list of fs types it tried is empty. [4.824106] RAMDISK: gzip image found at block 0 [5.568304] List of all partitions: [5.569281] No filesystem could mount root, tried: [5.571015] Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(1,0) [5.572147] Pid: 1, comm: swapper Not tainted 2.6.35.14-i486 #1 [5.573175] Call Trace: [5.574139] [b1197278] ? panic+0x4a/0xae [5.574808] [b127fa87] ? mount_block_root+0x1e9/0x1fd [5.575719] [b127f195] ? kernel_init+0x0/0x101 [5.577050] [b127fad4] ? mount_root+0x39/0x4d [5.577967] [b127f195] ? kernel_init+0x0/0x101 [5.578974] [b127fc25] ? prepare_namespace+0x13d/0x163 [5.579891] [b127f28d] ? kernel_init+0xf8/0x101 [5.581295] [b10029b6] ? kernel_thread_helper+0x6/0x10 I wonder if I screwed up rebuilding the initrd.lrp file. Or missed someplace I needed to list the ext2 module. I'll go looking for docs later this weekend. I *did* do all the cpio work and file copying as root, so shouldn't have screwed the permissions up. Or: lsmod on my LEAF 3.x system shows ext2 as having no dependencies. Has this changed for 2.6? Are there other modules I need to add to initrd.lrp for ext2 to work? Thanks, --Eric -- ** * From the desktop of: Eric House, eeho...@eehouse.org * * Crosswords for Android now in beta: via the Market or xwords.sf.net * ** -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Bering 4.1 on WRAP: /dev/hda vs /dev/sda etc
After three or four years of pretty much ignoring LEAF because 3x was *just working* on a couple of Soekris and WRAP boards I'm trying to upgrade the latter to 4.1. And failing. The failure comes because the packages described in leaf.cfg can't be loaded: [ 13.574839] sda: sda1 sda2 sda3 sda4 [ 13.627354] sd 0:0:0:0: [sda] Attached SCSI removable disk LINUXRC: Installing - root: root(nf!) etc: etc(nf!) local: local(nf!) config: config(nf!) configdb: configdb(nf!) moddb: moddb(nf!) - Finished. LINUXRC: Loaded Packages can't run '/etc/init.d/rcS': No such file or directory Please press Enter to activate this console. / # My confusion (and lack of experience with 2.6 kernels on IDE hardware) starts with those sda device nodes. I expect the kernel to create hda devices on a WRAP board, but it created sda devices instead. There are no ide modules to be found -- but docs suggest the 2.6 equivalent is pata_legacy, which lsmod shows is loaded. BTW, I'm booting with grub, so both grub's conf file and leaf.cfg must agree on the device path. I've tried changing both from /dev/hda3 to /dev/sda3 without success. I've also tried manually mounting /dev/sda devices from the recovery console I'm dumped into. No luck -- though when I boot the 3.1 LEAF in /dev/hda2 all partitions are mountable, so I know they're fine. Can anybody point me at docs or otherwise get me started debugging this? Thanks, --Eric -- ** * From the desktop of: Eric House, eeho...@eehouse.org * * Crosswords for Android now in beta: via the Market or xwords.sf.net * ** -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] RE: ANN: showtraf.lrp
I've updated showtraf so that it's now integrated with webconf. Check it out and let me know what needs fixing. It's still a .lpr, so you'll need to add showtraf to leaf.cfg. (For those new, it allows you to view graphically how much traffic has been sent and received on each monitored interface. My original goal was to be able to tell how late the kids are up and how much folks are using my unsecured WiFi hotspot, but I'm hoping it'll be useful for others as well.) download as http://www.peak.org/~fixin/showtraf.lrp Enjoy, --Eric -- ** * From the desktop of: Eric House, [EMAIL PROTECTED] * *Crosswords 4.1.3 for PalmOS now ARM-native: xwords.sourceforge.net * ** --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] ANN: showtraf.lrp (was Wanted: easy way to see load over time)
I wrote: | I'd like to be able to see at a glance what sort of traffic my LEAF | router's been moving over the past hours/days/weeks/whatever. Is | there any way to do that now given packages available (for the uClibc | version, ideally.) Ok, I've done some more work on the script I served earlier, packaged it as showtraf.lrp, and made it available via this URL: www.peak.org/~fixin/showtraf.lrp Install it in the usual way, reboot, and point your browser at http://192.168.1.254/showtraf.cgi (Substituting address or name as appropriate. And assuming you have one of the standard http servers installed.) There won't be much to see for 10 minutes. But over time, as traffic statistics accumulate, you can see a graphical representation of traffic on eth0 and eth1 down to five minute slices. The five minute part, as well as the set of interfaces tracked, is configurable via lrcfg. Traffic statistics are accumulated in /tmp, and there's no provision for backing them up, so they're lost when you reboot. What's next? Well, this effectively scratches my itch, so I'm happy using it as is. I'm also happy -- happier, even -- if it can be useful to others. I don't know if it belongs integrated into webconf -- though that's where I'd like to see it -- but I would like to at least make it available via a URL in webconf's left column. Maybe it should insert a link to itself into webconf via its /etc/init.d script? Suggestions, comments, etc. welcome! Thanks, as always, for LEAF. --Eric PS Caveats: 1) I've replaced my old floppy-based LEAF x86 boxes with Soekris and WRAP boards which are considerably more powerful than LEAF's target platform. My script should run fine on a low-memory system, but hasn't been tested. 2) I write C/C++ for a living. This is the most complex shell script I can remember writing. My unfamiliarity with the language probably shows. My ego can handle suggestions if anybody has time to make 'em. -- ** * From the desktop of: Eric House, [EMAIL PROTECTED] * *Crosswords 4.1.3 for PalmOS now ARM-native: xwords.sourceforge.net * ** --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Re: what's up with /etc/crontab in uClibC?
I wrote: For several versions now nothing I've put in /etc/crontab has worked. Is there some trick to getting that file honored? Backing up etc.lrp preserves my changes, but even a restart doesn't help. Even trivial lines like * * * * *root date /tmp/dates.txt are not honored. I solved the problem. My file ownership was messed up, probably because I've edited some of the files in etc.lrp on a desktop Linux system in the process of setting up to run on Soekris and WRAP boxes. The fix was to run the commands chown -R root /etc/cron* chgrp -R root /etc/cron* then backup etc.lrp and reboot. With that done, commands in /etc/crontab are being run when scheduled. Hoping this helps somebody --Eric -- ** * From the desktop of: Eric House, [EMAIL PROTECTED] * *Crosswords 4.1.3 for PalmOS now ARM-native: xwords.sourceforge.net * ** --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Re: Wanted: easy way to see load over time
Date: Wed, 27 Jul 2005 17:25:45 -0700 From: Eric House [EMAIL PROTECTED] To: leaf leaf-user@lists.sourceforge.net Subject: [leaf-user] Wanted: easy way to see load over time I'd like to be able to see at a glance what sort of traffic my LEAF router's been moving over the past hours/days/weeks/whatever. Is there any way to do that now given packages available (for the uClibc version, ideally.) Ok, so there seemed to be *some* interest in having a way for a LEAF box to display information about recent network activity over time. I've hacked together a prototype, and it's online. If anyone's interested, please take a look. What I've done runs on my LEAF box, though that's not where this is hosted: http://eehouse.org/cgi-bin/table.cgi Please let me know if this seems promising enough to be worthy of further work. Understand that it's buggy and incomplete! I think it does demonstrate where I'm headed though. BTW, I don't normally have port 80 open on this server. The above URL will probably break in a few days. Thanks, --Eric -- ** * From the desktop of: Eric House, [EMAIL PROTECTED] * *Crosswords 4.1.3 for PalmOS now ARM-native: xwords.sourceforge.net * ** --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] what's up with /etc/crontab in uClibC?
For several versions now nothing I've put in /etc/crontab has worked. Is there some trick to getting that file honored? Backing up etc.lrp preserves my changes, but even a restart doesn't help. Even trivial lines like * * * * *root date /tmp/dates.txt are not honored. Thanks, --Eric -- ** * From the desktop of: Eric House, [EMAIL PROTECTED] * *Crosswords 4.1.3 for PalmOS now ARM-native: xwords.sourceforge.net * ** --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Wanted: easy way to see load over time
I'd like to be able to see at a glance what sort of traffic my LEAF router's been moving over the past hours/days/weeks/whatever. Is there any way to do that now given packages available (for the uClibc version, ideally.) If not, I'm imagining writing something to plug into webmin. It might look like this: * cron jobs to log cumulative traffic on eth0 (say), probably by calling 'ip addr', every 1 or 5 or 10 minutes or so. * cgi scripts to parse the above, producing a crude bar graph using a borderless table * the page produced could probably allow display by hour, day, week, etc., with links to drill down into bars or look at a larger view. Typical parameterized cgi stuff. I'm not sure when I'd have time for this, but does it strike folks as useful and not duplicating something we already have? Thanks, --Eric -- ** * From the desktop of: Eric House, [EMAIL PROTECTED] * *Crosswords 4.1.3 for PalmOS now ARM-native: xwords.sourceforge.net * ** --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Can webconf be made read-only (kidsafe)?
I'm using Bering uClibc on a small home network several of whose users are teenagers. We've just moved from an old floppy-based system to a WRAP board so that there'll be room for software to enforce time-based internet access restrictions -- meant to get them sleeping when they'd rather be surfing and chatting with friends. While webconf is really cool, I'm concerned that it makes it too easy for the kids to change things. While you need the root password to use lrcfg, you need only an easily-sniffable http-access password to use webconf. I'd like a way to make webconf read-only so that it can be used for status information the way weblet was. Is there any way to do this? Alternatively, could I just go back to using weblet? Webconf is so much more powerful I'm expecting weblet to be deprecated, but perhaps weblet remains the right tool for folks like me? Thanks, as always, for LEAF. --Eric -- ** * From the desktop of: Eric House, [EMAIL PROTECTED] * *Crosswords 4.1.1 for PalmOS now ARM-native: xwords.sourceforge.net * ** --- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Can webconf be made read-only (kidsafe)?
You stated that you're worried about your kids sniffing the wire for your webconf password when you admin your leaf box? If your kids are already that advanced, trying to one-up them technically is going to be a losing game, they will clean your clock. They have more time than you do and more incentive. I suggest reaching detante some other way. :-) Time and incentive? The same imbalance applies to college admins and students, no? My kids are not that advanced yet, but they could become so. But perhaps I should have phrased the question without reference to them since I'm pretty sure the challenge exists in academic and corporate environments where no family strife need be assumed. What if I were an admin wanting to keep unauthorized employees from messing with the router without forcing myself to always do admin from a restricted set of machines. Doesn't that require the same solution? Can I set up webconf to be read-only (which would let the kids observe how LEAF works), or is weblet the preferred tool for that case? Thanks, --Eric -- ** * From the desktop of: Eric House, [EMAIL PROTECTED] * *Crosswords 4.1.1 for PalmOS now ARM-native: xwords.sourceforge.net * ** --- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: (Still) unable load initrd booting uClib 2.2 on Soekris 4501
Here's what I did, starting from scratch: * reformated my CF card on my Debian laptop using 'mkfs -tmsdos /dev/hde1' * mounted the CF card on /mnt/hde1 * mounted the Bering uClib 2.2 .bin file on /mnt/loop * 'cp -p /mnt/loop/* /mnt/hde1' * replaced /mnt/hde1/initrd.lrp with initrd_ide_cd.lrp (renamed initrd.lrp) * edited syslinux.cfg, adding 'console=ttyS0,19200n8' after 'linux' and changing 'fd0u1680' to 'hda1' * edited leaf.cfg, changing 'fd0u1680' to 'hda1' * edited syslinux.dpy to remove non-printing characters * unmounted /mnt/hde1 and ran 'syslinux -s /dev/hde1' At that point I tried booting off the CF card and got [garbage at the point after the 4501 printed loading linux. where it should have been printing loading initrd.] After a bunch of mail with Martin Hejl [EMAIL PROTECTED] we figured out what the problem was: the version of syslinux on my laptop, which I was using to prepare the CF card, is too new! The version I was trying to use is 2.10.1 (Debian testing); it's apparently incompatible with the Net4501 in some way (BIOS, I assume; no I didn't try upgrading since 1.15 works for me otherwise.) The version in hdsupp.lrp works fine. Thanks, as always, for LEAF and all the help using it. --Eric -- ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0.6 for PocketPC is out!: http://xwords.sourceforge.net * ** --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: using ez-ipupdate behind NAT
From: Bruce McNamara [EMAIL PROTECTED] Date: Thu, 02 Sep 2004 22:58:27 +1200 Reply-to: [EMAIL PROTECTED] Subject: [leaf-user] using ez-ipupdate behind NAT Hi I am using Bering uClib V2.2 and the ez-ipupdate module V3.0.11b8-5 Config as follows: ADSL ROUTER Ext Dynamic IP Address eg: 202.27.43.2 Internal IP Address 192.168.42.1 | | | Bering uClib V2.2 Firewall External IP Address 192.168.42.7 Internal IP Address 192.168.1.1 My problem is I want ez-ipupdate to check my IP address every 10 minutes and if it changes, it then updates dyndns with the new IP address. I have a script that does a wget to http://checkip.dyndns.org:8245/ it then checks to see what my last IP was and if there was a change it calls /usr/bin/ez-ipupdate to set it with eithe the one we got using wget or it uses -a 0.0.0.0 which tells dyndns to workout what my IP address is. This script works great if I run it from the command line. If I run it as a cron job configured as follows: */5 * * * * root/usr/sbin/check_ip it runs my script but fails with NO messages whatsoever when it goes to run /usr/bin/ez-ipupdate I have tried running /usr/bin/ez-ipupdate as a daemon but get a message saying you must give it an interface when running in daemon mode. My /etc/ez-ipupd.conf file has these settings: (I have tried most combinations...) service-type=dyndns user=myaccount:mypassword #interface=eth0 address=0.0.0.0 server=members.dyndns.org:8245 host=mydomain cache-file=/tmp/ez-ipup execute=cp -f /tmp/new_ip /tmp/old_ip foreground run-as-user=root If I supply the interface parameter it takes its IP address and updates DYNDNS with it. Problem is its the internal IP between the ADSL router NOT the ADSL routers external IP.. Has anyone found a way to do this? I worked around the problem by running a cron job on a host behind the firewall that gathers the modem's ip address using wget and that itself runs ez-ipupdate. But it sounds as if the 0.0.0.0 trick would save me the wget part. That said, your problem seems to be with cron rather than with ez-ipupdate. I've never had much luck with installing cron jobs on LEAF. Not sure whether it's my fault or not, as I've never looked very hard for a solution. --Eric -- ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0.6 for PocketPC is out!: http://xwords.sourceforge.net * ** --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: (Still) unable load initrd booting uClib 2.2 on Soekris 4501
[can't run uClib 2.2 on Soekris] It seems like you're recycling an old syslinux.cfg file - since mine also includes an entry LEAFCFG=/dev/hda1:msdos (and in turn, nothing for tmp_size and syst_size, since those can be set in the leaf.cfg file). So, rather than just replace the lrps, you might want to use all of the original files from the image (after adjusting them so they'll boot from /dev/hda1) I tried this. Still no luck, and still the same symptoms: I get the normal Soekris bootup stuff printed to my minicom window, then syslinux.dpy is displayed, then linux ., and then garbage once it reaches the point where it should be loading initrd. Here's what I did, starting from scratch: * reformated my CF card on my Debian laptop using 'mkfs -tmsdos /dev/hde1' * mounted the CF card on /mnt/hde1 * mounted the Bering uClib 2.2 .bin file on /mnt/loop * 'cp -p /mnt/loop/* /mnt/hde1' * replaced /mnt/hde1/initrd.lrp with initrd_ide_cd.lrp (renamed initrd.lrp) * edited syslinux.cfg, adding 'console=ttyS0,19200n8' after 'linux' and changing 'fd0u1680' to 'hda1' * edited leaf.cfg, changing 'fd0u1680' to 'hda1' * edited syslinux.dpy to remove non-printing characters * unmounted /mnt/hde1 and ran 'syslinux -s /dev/hde1' At that point I tried booting off the CF card and got the same old thing. Any suggestions what to try next? Is it possible the formatting, via 'mkfs -tmsdos', is bad? In the past I think I've let my digital camera format the cards. If the formatting were bad, would it take until after syslinux.dpy had been displayed and the kernel loaded to show up? Is it possible that the kernal, rather than initrd, is the problem here? Once the kernel's loaded it takes over from syslinux, does it not? What if the kernel didn't understand serial consoles, for example? Would that look like what I'm seeing? Thanks, --Eric -- ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0.6 for PocketPC is out!: http://xwords.sourceforge.net * ** --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] (Still) unable load initrd booting uClib 2.2 on Soekris 4501
Eric House wrote: display syslinux.dpy timeout 0 default linux console=ttyS0,19200n8 initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0 boot=/dev/hda1:msdos PKGPATH=/dev/hda1 tmp_size=16M syst_size=10M Any ideas what's wrong here? Has anybody managed to get 2.2 running on a net4501? Yup, I have. Ok, then it must be my fault. :-) It seems like you're recycling an old syslinux.cfg file - since mine also includes an entry LEAFCFG=/dev/hda1:msdos (and in turn, nothing for tmp_size and syst_size, since those can be set in the leaf.cfg file). So, rather than just replace the lrps, you might want to use all of the original files from the image (after adjusting them so they'll boot from /dev/hda1) I'll try that. I created mine following directions that are meant for an earlier version of Bering. Another thing you might want to do (even though it shouldn't be the problem you're seeing, but it might help with debugging) is to remove the display syslinux.dpy line - since none of my terminal emulators handle that image correctly, so that may well be the garbage you're seeing. Nope. Those old directions include removing the non-printing foo from syslinux.dpy. Thanks for the suggestions. I'll try again tonight. --Eric -- ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0.6 for PocketPC is out!: http://xwords.sourceforge.net * ** --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (Still) unable load initrd booting uClib 2.2 on Soekris 4501
(This is a continuation of an earlier post which I've lost.) I'm unable to get initrd.lrp to load with Bering-uClibc_2.2 on a Soekris net4501. I've tried rolling my own following the instructions on http://www.telltronics.org/software/Bering/BeringCross.html and I also tried the latest initrd_ide_cd.lrp (renamed initrd.lrp) as was suggested here. Both fail in exactly the same way. The Soekris is currently running Bering uClibc 2.1 on an identical 8M CF card (both SanDisc-made, Cannon-branded). To confirm that my card is not the problem I copied the 2.1 LRP image from the other card using dd and it worked fine. As I described before, when I try to boot Bering uClibc 2.2 the Soekris box starts up, loads linux off the card and then starts spitting garbage to the serial console at the point where it should load initrd. The problem does not *appear* to be just a corrupt initrd.lrp. I took the initrd.lrp off of the 2.1 CF card and copied it onto the 2.2 one. It still failed in the same way: garbage after 'linux.'. When I gunzip initrd.lrp 'file' says it's a minix filesystem, and when I mount it -tminix -oloop it looks fine. My cards are formatted with fat12 filesystems. My syslinux.cfg looks like this: display syslinux.dpy timeout 0 default linux console=ttyS0,19200n8 initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0 boot=/dev/hda1:msdos PKGPATH=/dev/hda1 tmp_size=16M syst_size=10M Any ideas what's wrong here? Has anybody managed to get 2.2 running on a net4501? Thanks, --Eric -- ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0.6 for PocketPC is out!: http://xwords.sourceforge.net * ** --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Writing scripts to configure Bering?
I've been running LRP and Bering in various forms for about four years (currently Bering-uClibc), and have probably set up new systems about 20 times (at home and for friends, not professionally.) It's gotten to be a chore, and that feeling keeps me from jumping on beta and rc releases as quickly as I otherwise would. It ought to be possible to write a script to configure Bering, and over the past few days I've written one that basically works. It even manages to set the password and generate dropbear keys, steps that required me to learn a few new tricks (which is what makes Linux fun.) But in several years of skimming most of the messages on this list I don't recall seeing any discussion of auto-configuration of LEAF. Has anybody else done this? Are there pitfalls I haven't found yet? Any recommended techniques -- applying diffs vs. writing rules to make changes, etc.? Is there any work I can adapt, or any interest in what I'm doing once it's done? Thanks, as always, for LEAF! --Eric -- ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0.6 for PocketPC is out!: http://xwords.sourceforge.net * ** --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] uml networking problem solved; probably the ActionTek dsl modem
Here's a summary I just posted to the uml developers list about the solution to the uml networking problem I posted here this afternoon. Since some of us are stuck with those modems I figure it's doubly relevant -- and hope it helps. This mail details the solution to a problem I had with UML networking. My UML instance was able to ping any host on the LAN or internet, but could only make TCP connections within the LAN. On looking closer I found that the initial packets were making it from the host to the router and then to my cable modem but not reaching the internet server. I was unable to determine whether the cable modem was dropping them (or why), or whether they were making it further. Eventually I looked closely at the packets leaving the router, both for (successful) telnet connections from non-UML hosts and for the (doomed) attempt from the UML instance. The only difference, according to tcpdump running on the router, was that the non-UML-sourced packets had only the S flag set while the UML-sourced packets had three set: SWE. The first hit when googling for tcpdump SWE is http://lists.debian.org/debian-user/2001/06/msg01577.html a page that explains that some commercial firewalls block packets for which TCP ECN is enabled. And sure enough, the kernel that's part of Debian's UML package has it enabled. Once I turned it off using the following command all was well. I'm currently running apt-get to bring the rootfs up to date. sysctl -w net.ipv4.tcp_ecn=0 Of course I still don't know where the packets were getting blocked, but my ActionTek DSL modem is the most likely suspect. UML rocks! Thanks! --Eric House -- ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0.6 for PocketPC is out!: http://xwords.sourceforge.net * ** --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: uClibc hdsupp: syslinux error; plus doco errors
Scott Merrill wrote: Using the latest Bering-uClibc 2.2rc4, Im following the Bering instructions for setting up LEAF/Bering(-uClibc) to boot from an M-Systems DiskOnChip: http://leaf.sourceforge.net/doc/guide/budiskonchip.html [T]he doc2000.o module now requires the following three modules to be loaded _first_: nand_ids.o nand_ecc.o nand.o Robert Sprockeels: [turns out it was a bad DiskOnChip device] I too am having problems with 2.2b4 and an M-Systems DiskOnChip. The machine it's on has been unused for over a year, but booted fine with the older pre-uClib Bering software yesterday, so I think the DiskOnChip is not bad. However, the tools in hdsupp.lrp aren't working well for me. I first tried running syslinux on /dev/nftla1, and it never exited. It didn't print errors, and could be killed with ctrl-d, but once run never returned to the command line. I then tried to repartition the disk using 'fdisk /dev/nftla'. All was well until I tried to commit my changes, at which point the app printed 'Calling ioctl() to re-read partition table' and then did nothing: no exit, no response to keys (including ctrl-d and ctrl-c). On rebooting, I found that my changes appeared to have been saved, and so ran fdisk again, changed the partition type to 83, and committed successfully. But when I changed it back to fat12 and attempted to commit the same thing happened: fdisk won't exit. As an aside, once fdisk is refusing to exit shutdown doesn't do anything. The only way to reboot is to power-cycle. I'd guess that there's something wrong with fat12 support in the hdsupp package. Any ideas or suggestions? Thanks, --Eric -- ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0.6 for PocketPC is out!: http://xwords.sourceforge.net * ** --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: Actiontec DSL gateway with Qwest DSL and rfc 1918
The modem uses pppoa to connect to Qwest, as per Qwest's configuration instructions. Do you mean that I'd use pppoa on the LEAF box to connect through the modem (in dumb bridge mode)? Yep, in bridge mode the LEAF box will be responsible for the pppxx protocol. Does anyone know if Bering uClib supports pppoa? I wasn't able to get a clear answer from the sourceforge site, but no was suggested. Thanks, --Eric -- ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords * ** --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: Actiontec DSL gateway with Qwest DSL and rfc 1918
At 22:56 23.02.2004 -0800, Eric House wrote: . In one sense, the problem's solved. But: is this a reasonably safe thing to do? Has anybody out there found a better solution using LEAF with an Actiontec? Ideally I'd be able to turn the thing into a dumb bridge, but when it's set up that way I can't get my IP address via dhcp. I'm not ready to double the cost of the connection to get a static IP address. Erich Titl [EMAIL PROTECTED] then asked Can't you use pppoe/a ? The modem uses pppoa to connect to Qwest, as per Qwest's configuration instructions. Do you mean that I'd use pppoa on the LEAF box to connect through the modem (in dumb bridge mode)? I've tried turning on bridging (an alternative to pppoa in the configuration screen) and then asking LEAF to connect via dhcp. This doesn't work. But I have not tried setting LEAF up to connect using pppoa. It's worth a try, to be sure. I'll post a note if it works -- though it'll be 10 days before I have a chance to try. Thanks, --Eric -- ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords * ** --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Actiontec DSL gateway with Qwest DSL and rfc 1918
I'm trying to configure LEAF to work with a Qwest DSL connection via an Actiontec DSL Gateway. I'm hoping that somebody out there has already had some success with this (unfortunately) fairly common combination. At the top level, I'm trying to get port forwarding to work (so I can ssh behind the firewall, etc.) I've turned on the DMZ feature so that the Actiontec will forward ports. But the damned thing is rewriting them so that they run afoul of shorewall's rfc1918 rules: My rule: DNATnet loc:192.168.1.3:80 tcp 8080 The failure: Feb 24 06:09:37 chloris Shorewall:rfc1918:DROP: IN=eth0 OUT=eth1 MAC=00:60:8c:c8:f4:aa:00:20:e0:31:99:6f:08:00 SRC=69.59.192.81 DST=192.168.1.3 LEN=60 TOS=00 PREC=0x00 TTL=42 ID=30020 DF PROTO=TCP SPT=41342 DPT=80 SEQ=1227007334 ACK=0 WINDOW=5840 SYN URGP=0 RFC1918 was new to me 15 minutes ago, but I'm guessing that the rule doesn't like the DST=192.168.1.3, since 192.168.1.3 is an address that doesn't belong outside private networks. And sure enough, removing norfc1918 from /etc/shorewall/interfaces allows my DNAT rules to work. In one sense, the problem's solved. But: is this a reasonably safe thing to do? Has anybody out there found a better solution using LEAF with an Actiontec? Ideally I'd be able to turn the thing into a dumb bridge, but when it's set up that way I can't get my IP address via dhcp. I'm not ready to double the cost of the connection to get a static IP address. I'm using Bering-uClibc V2.1.0rc2. Thanks, --Eric House -- ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords * ** --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Publishing an assigned IP address when the modem owns it
Using LEAF Bering-uClibc Firewall - V2.1.0rc2, I'm setting up on a Qwest DSL line in Oregon (which at $22/month you gotta love.) It's working ok for basic connectivity, but I'm having problems with the Actiontec DSL Gateway which, unlike the cable modems I'm used to, thinks it's a firewall/router as well as a modem. Of course, it's not enough of a firewall/router that I don't need LEAF. The problem is that the Actiontec box gets assigned an IP address via dhcp, and it requires my LEAF box to have a separate IP address. But I want to use ezipupd.lrp to publish my IP for external access. The LEAF box isn't even told the IP address by which the rest of the world knows the connection. The Actiontec box has an http configuration interface through which the assigned IP address is visible. After tweaking shorewall to allow fw-net connections I can use snarf and grep to figure out the IP address. But 1) that's a pain; and 2) I won't get notified when it changes so I'll have to poll from crontab or something. Is there a better solution out there? Thanks, --Eric -- ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords * ** --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] dmz possible within same physical network?
I'm setting up LEAF (Bering uClib 2.0) for a new condo with in-the-wall ethernet and lots of tech-savvy visitors some of whom run virus hosts from Redmond. I want vistors to be able to plug their laptops into any jack in the wall, including jacks that may be used by members of the household. But I don't want to allow them the same priveleges as known hosts, esp. access to other hosts on the LAN. Basically, I want to offer DHCP leases on eth1, and if the MAC address is unknown to put it in an effective dmz that's only allowed access to the WAN via eth0. This would be trivial to do if I had an eth2, but there's only one jack at each location so I can't just add a new NIC. I'd also like to refuse connections to static IP addresses that happen to be in the right range so that folks have to go through dhcp. Is this possible using Bering? Any suggestions where to start reading on how to set it up? The hardware in this case is a Soekris box (boot medium is a CF card), so I'm not limited to a floppy-based distro; but I use Bering everywhere else and want to keep things compatible. Thanks, --Eric House -- ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords * ** --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] scp for Bering-uClib
Dropbear, which I otherwise love, doesn't include scp. The dropbear docs suggest that scp from the ssh package can be used, but while the scp on my Debian system is plenty small it of course links in a half dozen libraries, including libc, that aren't present on Bering-uClib. Before I try to figure out how to build scp for Bering-uClib, does anybody have a .lrp to share? Or know of plans to include one anytime soon? Thanks, --Eric House -- ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords * ** --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] ez-ipupd not firing in response to DHCP lease change
I'm running Bering 1.2 on an SBC DSL connection. I use ez-ipupd to export the dynamic IP address I'm assigned. Or at least I'd like to. While ez-ipupd used to work for me (and still works at other [comcast-based] locations I maintain), now when SBC changes my IP address the DNS settings are not changed. I suspect that the problem is that ez-ipupd isn't getting run in response to the DNS change. When I notice that there's been a change and run ez-ipupd manually from /etc/init.d/, it works: aphraea: -root- # ./ez-ipupd restart ez-ipupd error: already stopped Starting /usr/bin/ez-ipupdate... ez-ipupdate Version 3.0.11b7 Copyright (C) 1998-2001 Angus Mackay. connected to www.zoneedit.com (64.21.143.23) on port 80. request successful Yet for some reason it must be run manually. I wouldn't be surprised if SBC were doing something wrong with the DHCP protocol so that Bering isn't notified in the proper way, but have no idea how to tell if that's the problem. Anybody seen this? I'm in Emeryville, California, if that matters. Any suggestions on how to narrow the problem down? Does the already stopped error above have anything to do with it? Thanks, --Eric House -- ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords * ** --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: Trouble moving server from Bering-on-cable to BeringuCLib-on-pppoe
From: Lynn Avants [EMAIL PROTECTED] On Thursday 03 April 2003 12:32 am, Eric House wrote: I'm moving myself and a computer running sshd from one household to another. The computer is unchanged. With it in the first location I was able to connect to sshd from my ISP. In the second I cannot. The first had a Bering 1.0 router attached to an ATT cable modem. The second has a Bering uClib 1.1 router attached to a DSL modem running pppoe. This system basically works, including forwarding port 8080 to apache running on the same machine as the sshd server. The firewall seems to be doing its job carrying out this rule: DNAT net loc:192.168.1.2tcp ssh in that the connection attempt is forwarded to the server inside the firewall. The server, however, rejects the attempt with this entry in the auth.log: [sshd] Could not reverse map address address of my ISP. I'd suspect a sshd configuration problem if it weren't for the fact that this machine worked perfectly in the other location and is unchanged. Instead I wonder if there's something wrong with my dns setup, or with dns on Bering uClib. Does anyone have any suggestions for fixing this? BTW, dig -x address of my ISP (same address as couldn't be reverse mapped) works just fine from the commandline on the machine in question. So basic DNS is working. Just not for sshd. Have you entered the ISP ip address in /etc/hosts and/or /etc/hosts.allow? In /etc/hosts.allow, yes. But not in /etc/hosts. I'll give that a try. Thanks, --Eric -- ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords * ** --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: Bering vs. Bering-Uclib
Hey! Yahoo and an increasing number of other sites are using a fsck'ed form of load-balancing that depends on your machine (firewall anyway) answering tons of requests from placed DNS servers around the world. The LEAF variants don't readily conform to making all these replies, so there are issues with this type of load-balancing working if the webpage does NOT specify a default or fall-back procedure does not work as expected. If this is your problem, you should see a ton of DNS requests in your logs denied at the firewall OR a ton of connect connections via DNS ports on the firewall (that sometimes chokes out a connection). In any case, this behaviour is non-rfc compliant and not readily fixable until it can be changed to behave in a rfc-compliant way. I can say that it may or may not work depending on the particular code of the html page that is processed. If you can link a 'failed page', I can tell you whether or not this is the problem. Two sites that work great when I connect directly to the dsl modem (using pppoe on a Debian Testing system) but are unusable when I go through LEAF are epicurious.com and winespectator.com. Yahoo.com too, as discussed. They're not blocked, just incredibly -- 10 minutes per page -- slow. Also, it helps to click on the links multiple times, as if most outgoing packets resulting from those clicks were being dropped. I'm not seeing any denied packets in the shorewall logs when running Bering. I don't have shorewall on the laptop. There are no ports open other than to 192.168.1.* (as per /etc/hosts.allow). Two other pieces of information. 1) Bering and Bering-uClib behave the same. I was wrong before about only the uClib version having the problem. I've had some perceived performance problems with Bering-uClib at one location but it was nothing like what I'm seeing now with stock Bering 1.0. 2) Bering does NOT have this problem when used on at ATT cable connection. Yahoo and the rest are fine. So it's somehow related to pppoe or maybe to PacBell/SBC. I've seen this with Mozilla and lynx and links. Have not yet checked whether it happens if the host is not running Linux, but can't see how that'd make a difference. Thanks, --Eric -- ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords * ** --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Re: Bering vs. Bering-Uclib
On Tue, Feb 18, 2003 at 09:16:16AM -0800, Tom Eastep wrote: Eric House wrote: Two sites that work great when I connect directly to the dsl modem (using pppoe on a Debian Testing system) but are unusable when I go through LEAF are epicurious.com and winespectator.com. Yahoo.com too, as discussed. They're not blocked, just incredibly -- 10 minutes per page -- slow. Also, it helps to click on the links multiple times, as if most outgoing packets resulting from those clicks were being dropped. Have you set CLAMPMSS=Yes in /etc/shorewall/shorewall.conf? No. I'll give it a try. Thanks! --Eric -- ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords * ** --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Re: Bering vs. Bering-Uclib
Have you set CLAMPMSS=Yes in /etc/shorewall/shorewall.conf? Ha, that did it! I caught someone at home and walked her through the change and how all's well. Thanks! --Eric -- ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords * ** --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering vs. Bering-Uclib
I don''t have this experience myself, but you can check drops and errors with ip -s link The problem continues, but it's only with certain websites. Unfortunately, Yahoo and Epicurious are among them and absolutely essential to the lives of some in our household. 'ip -s link' shows absolutely no problems. According to it, hundreds of megabytes worth of packets have moved over ppp0 without a single error or drop. I assume the router's interfering with something else that certain websites require to perform at their best. And I have no idea what to look for. Thanks, --Eric House PS The uClib version of Bering is broken in odd and little ways. The shell, for example, behaves differently from the one on normal Bering. One of the results is that some of the scripts in weblet don't work as expected. So it's quite possible that there *are* packets being dropped, or refused by shorewall, but that they aren't being reported. I've recently tried switching from Bering 1.0 (stable) to Bering-Uclib in order to have room on my single floppy for sshd. However, it seems that my router running the Uclib version works much less well. I can't be very specific about what much less well means: the network connection feels slower, so I assume packets are getting dropped or something along those lines. Since I have the two versions on two floppies it's trivial to reboot into one or the other. And if I choose the Uclib version everybody on the LAN notices the degredation. As far as I know they're configured identically: ATT cable modem with dhcp on eth0, NATed internal net on eth1. The only difference is that the Uclib floppy has lsh.lrp on it. Has anybody else had this experience? Is it to be expected? Or is it possible I can fix it by tweaking the Uclib configuration? -- ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords * ** --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Channel number error starting pppoe on Bering RC1
I'm having trouble setting up Bering RC1 to connect to pacbell DSL using pppoe. The machine I'm using works fine connecting to a cable modem (with Bering configured differently, of course), so I don't think there are any hardware problems. Also, I'm able to connect a Debian Woody system using pppoe, so there's no reason to suspect problems with the connection either. The errors happen when ppp attempts to use pppoe, which I've configured to use the first pty line: pty pppoe -I eth0 -T 80 -m 1452 If I simply type '/etc/init.d/ppp start', these lines show up in /var/log/syslog: # Plugin /usr/lib/pppd/pppoe.so loaded. # PPPoE Plugin Initialized # pppd 2.4.1 started by root, uid 0 # Serial connection established # Couldn't get channel number: Input/output error # ioctl (PPPIOCGFLAGS): Bad file descriptor # Exit. The line in my Debian system analogous to the pty line above looks the same except that instead of pppoe it lists a path to an executable: /usr/sbin/pppoe. But there's no such executable on my Bering system. Does anyone know what I'm doing wrong here? I've searched the archives for discussions of the error messages I'm seeing but have found nothing. Are there other places I should be looking? Thanks, --Eric House -- ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords * ** --- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering RC2 dropping packets
I think it's my fault, but can't figure out what I did. Yesterday I was tweaking a working RC2 system, and today when I ping hosts on the 'net from behind the firewall close to 20% of packets get dropped. traceroute says the problem is on my firewall, and when I remove the firewall and put one of my hosts directly on the cable modem the packet loss stops. Unless ATT is doing something really wierd they're off the hook. I think all I did was to add some modules to initrd.lrp - which I've since removed. Certainly I didn't touch shorwall or anything else that would impact throughput. If I'd screwed an ethernet module I'd expect all packets to drop, not just 20%. Can anyone think of things that can get mis-configured that would cause this behavior? Thanks, --Eric House ** * From the desktop of: Eric House, [EMAIL PROTECTED]* ** --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] adding soundblaster card with CD-ROM controller
I'm trying to convert a working two-floppy Bering RC2 system to one where the second floppy is replaced by a CD -- since the machine I'm using has one floppy drive and one CD-ROM. The problem I'm having isn't with making the CD, but with getting the CD-ROM working. The CD-ROM's controller lives not on the motherboard but instead on an old soundblaster card which until now wasn't in the machine. When I put it in the machine Bering no longer works. The reason is that ne.o no longer finds my Linksys Ether16 combo card at io=0x320. I assume the soundblaster card has taken over that io address, but the truth is I'm over my head at this point. (I was working on Macs when this hardware was current.) I'm not even sure the soundblaster card is being recognized by my Bering setup, since I haven't added any modules for it. But it is preventing the Linksys card from being recognized. With the system working (soundblaster removed), /proc/ioports lists a 3c509 (eth0) at 0x300-0x30f and eth1 (my Linksys) at 0x320-0x33F. # cat /proc/ioports -001f : dma1 0020-003f : pic1 0040-005f : timer 0060-006f : keyboard 0080-008f : dma page reg 00a0-00bf : pic2 00c0-00df : dma2 00f0-00ff : fpu 02f8-02ff : serial(auto) 0300-030f : 3c509 0320-033f : eth1 03c0-03df : vga+ 03e0-03e1 : i82365 03f8-03ff : serial(auto) With the soundblaster in, the 3c509 card shows up in /proc/ioports, but neither the soundblaster (AFAIK) nor Linksys does. Any suggestions on how to proceed? It doesn't appear from the Linksys site as if that card can be manually given a new io address. Does this mean I have to reprogram the soundblaster card? Or should I find a slightly more modern machine? :-) Thanks, --Eric House ** * From the desktop of: Eric House, [EMAIL PROTECTED]* ** --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] NetGear MA401 (wireless pcmcia) and Bering rc3?
Has anybody successfully used these two together? When the card is detected and its modules loaded, this error shows up in /var/log/syslog: eth2: Error -110 setting PROMISCUOUSMODE to 1. The interface still comes up, and dhcpd starts listening on it, but it doesn't hear when hosts running the same card (without having showed that error) attempt to connect. Since I can still return these cards, I'm wondering if anybody's managed to get the combination to work. The LinkSys PWC11 is the same price and looks to be better supported, if not quite as good a card. Thanks, --Eric House ** * From the desktop of: Eric House, [EMAIL PROTECTED]* ** --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering rc3: should modules.exclude.list include pcmcia?
I'm setting up Bering dr3 for a system with a wireless LAN. When I added a pcmcia directory to /lib/modules, it got included in both modules.lrp and pcmcia.lrp when I backed them up. I fixed this by adding lib/modules/pcmcia to modules.exclude.list, but is there a better way? Should this change be part of Bering 1.0 as shipped? Thanks, --Eric ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords * ** --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] My Bering rc3 has a root password
I downloaded the image, put it on a floppy, modified syslinux.cfg and /etc/inittab to get serial console working, and booted. And found that while the thing came up just fine root has a password! I'm assuming the image wasn't posted with a password -- so what could I have done wrong? Thanks, --Eric House ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords * ** --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] I drop a packet every 3 minutes; help to ID?
My shorewall logs show that I'm dropping an identical packet every three minutes (exactly). After a reboot of the router the packet resumes, but might be at a different time -- which makes me wonder if it's an artifact of the router rather than coming from outside. Anyway, here's one entry. Does this mean anything to any of you? Jun 12 19:26:22 pauling kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:20:40:64:a1:fd:08:00 SRC=192.168.100.1 DST=224.0.0.1 LEN=28 TOS=0x00 PREC=0xC0 TTL=1 ID=0 PROTO=2 (My internal networks are 192.168.1.0 and 192.168.2.0. I'm running Bering rc2 with ATT cable.) Thanks, --Eric House ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords * ** ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] re: Bering: dhclient.lrp fixed
JNilo wrote: [dhclient.lrp working now] Do you recommend dhclient over pump for Bering rc2? Pump seems to be working for me ok now. (ATT cable connections with ez-ipupdate talking to dyndns.) Thanks, --Eric House ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords * ** ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] ssh to host behind firewall: connect direct or through router?
There seem to be two ways to allow ssh access from outside the firewall to a host inside: 1. forward some port on the fw to the host; 2. connect directly to sshd on the fw and use the -Lport:host:port flag to forward an additional connection to the host. Is there agreement on which method is better (where better means more secure, I guess)? The fw and host are at home. Most of the time I'm connecting from outside I'm either at work and want to xhost some app, or I want to transfer a bunch of files. Occasionally I need to tweak the router, so picking #1 above wouldn't remove the need to have sshd on the router's floppy. Connections are always from machines that have keys in the router's (and inside host's) .ssh/authorized_keys files. Password login is disabled. I'm running Bering RC2. Thanks, --Eric ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords * ** ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: why this error + /sbin/ifup: interface eth2 already configured?
I asked: I'm using Bering rc2 in a box with two wired NICs and one wireless. When the box boots, the wireless network (eth2) fails to come up. (And dhcpd and shorewall fail too as a result.) But when I run '/etc/init.d/pcmcia restart' from the console there's no problem. And then dhcpd and shorewall can be started fine too. [...] Any idea what might have grabbed eth2 before cardmgr gets fired up? I've searched the log files, and there's no prior mention of eth2. It's not looking wrong in any file in /etc, either, as far as I can see. Reading through the pppoe.lrp docs I hit on the answer to this question: because eth2 is brought up by the pcmcia package later in the boot process it is not supposed to be listed as auto in /etc/network/interfaces. Once I commented out the line 'auto eth2' all was well. --Eric House ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords * ** ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] why this error + /sbin/ifup: interface eth2 already configured?
I'm using Bering rc2 in a box with two wired NICs and one wireless. When the box boots, the wireless network (eth2) fails to come up. (And dhcpd and shorewall fail too as a result.) But when I run '/etc/init.d/pcmcia restart' from the console there's no problem. And then dhcpd and shorewall can be started fine too. From /var/log/syslog: May 19 16:20:10 chloris kernel: Linux PCMCIA Card Services 3.1.33 May 19 16:20:10 chloris kernel: kernel build: 2.4.18 #3 Sat Apr 20 07:09:10 CEST 2002 May 19 16:20:10 chloris kernel: options: [pci] [cardbus] May 19 16:20:11 chloris kernel: Intel ISA/PCI/CardBus PCIC probe: May 19 16:20:11 chloris kernel: Ricoh RF5C296/396 rev 00 ISA-to-PCMCIA at port 0x3e0 ofs 0x00 May 19 16:20:11 chloris kernel: host opts [0]: none May 19 16:20:11 chloris kernel: ISA irqs (scanned) = 3,4,5,7,9,12,14,15 status change on irq 15 May 19 16:20:11 chloris cardmgr[860]: watching 1 sockets May 19 16:20:11 chloris cardmgr[861]: starting, version is 3.1.33 May 19 16:20:12 chloris sshd[870]: connect from 192.168.1.2 May 19 16:20:13 chloris cardmgr[861]: socket 0: RayLink PC Card WLAN Adapter May 19 16:20:13 chloris kernel: cs: memory probe 0x0d-0x0d: clean. May 19 16:20:13 chloris cardmgr[861]: executing: 'insmod /lib/modules/2.4.18/pcmcia/ray_cs.o essid=MY_ESSID hop_dwell=128 beacon_period=256 translate=0' May 19 16:20:14 chloris kernel: ray_cs.c,v 1.31 2002/02/17 23:30:12 root Exp - Corey Thomas [EMAIL PROTECTED] May 19 16:20:14 chloris cardmgr[861]: + Using /lib/modules/2.4.18/pcmcia/ray_cs.o May 19 16:20:14 chloris kernel: ray_cs Detected: WebGear PC Card WLAN Adapter Version 4.88 Jan 1999 May 19 16:20:14 chloris cardmgr[861]: executing: './network start eth2' May 19 16:20:14 chloris kernel: eth2: RayLink, irq 3, hw_addr 00:00:F1:11:26:FF May 19 16:20:14 chloris cardmgr[861]: + /sbin/ifup: interface eth2 already configured I suspect that if I modified whatever calls '/etc/init.d/pcmcia start' to instead call '/etc/init.d/pcmcia restart, all would be well. That is, I think the reason my manual 'restart' succeeds is that the restart script does a './network stop eth2' before beginning the process that failed above. Any idea what might have grabbed eth2 before cardmgr gets fired up? I've searched the log files, and there's no prior mention of eth2. It's not looking wrong in any file in /etc, either, as far as I can see. Thanks, --Eric House PS I posted recently about a similar system where the problem was that the wireless net hadn't finished coming up when dhcpd started looking for eth2. That I fixed simply by adding a 'sleep 10' to /etc/init.d/dhcpc -- crude though that is. This is not the same problem; that is, the wireless card doesn't just need more time to init. ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords * ** ___ Hundreds of nodes, one monster rendering program. Now that's a super model! Visit http://clustering.foundries.sf.net/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] how to set up parallel wireless and wired LANs/interfaces
Using Bering rc2, I'm trying to set up a router with eth0 external (ATT cable modem), eth1 a wired Ethernet LAN, and eth2 a wireless Ethernet LAN. Though I may eventually want to put an externally-reachable webserver on one of the LANs, I don't think I want a dmz. That is, I want all hosts on eth1 and eth2 to have full access to each other as if they were all on the same subnet. All interfaces come up fine. 'ip addr' shows all three with the IP addresses I'd expect: eth0's assigned via pump, eth1's 192.168.1.254 and eth2's 192.168.2.254. Further, the wired LAN on eth1 seems to be working correctly. A host there gets assigned an IP via dhcpd, and dig shows that names are being resolved by the router at 192.168.1.254. The host on eth1 can ping 192.168.2.254 (the router's eth2 interface), but cannot ping any hosts on eth2. A host on the wireless LAN also gets an IP via dhcp, but DNS isn't working for it (though its resolv.conf file shows that it correctly got the DNS server: 192.168.1.254.) Like the eth1 host, it can ping the router's other internal interface, but can't ping hosts on the other LAN. I'm guessing that I need to coerce shorewall into letting those icmp packets across the eth1/eth2 boundary. Is the firewall also responsible for the failure of DNS on eth2? More generally, has anyone posted suggestions for making this configuration work? Thanks, --Eric House ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords * ** ___ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] how to set up parallel wireless and wired LANs/interfaces
On Wed, 15 May 2002, Brad Fritz wrote: On Tue, 14 May 2002 23:25:43 PDT Eric House wrote: Using Bering rc2, I'm trying to set up a router with eth0 external (ATT cable modem), eth1 a wired Ethernet LAN, and eth2 a wireless Ethernet LAN. Though I may eventually want to put an externally-reachable webserver on one of the LANs, I don't think I want a dmz. That is, I want all hosts on eth1 and eth2 to have full access to each other as if they were all on the same subnet. This is probably obvious, but... Be careful; unless you take further precautions, the policies above will allow anyone with a wireless card nearby (or not-so-nearby with a wireless card and an antenna) full access to the network hanging off eth1. So dmz-style rules make sense for the wireless net, don't they? Though I may eventually put a web server on the net (the wlan isn't the logical place for it but for its being dmz-like), the wlan will mostly be used for internet access. But I expect I'll occasionally want to connect from the wlan to machines on loc, e.g. to kill an XF86 server when it crashes. Perhaps the best approach is to start with the default dmz rules, then punch specific holes through the firewall allowing ssh and ping between dmz and loc? Thanks! --Eric ** * From the desktop of: Eric House, [EMAIL PROTECTED]* *Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords * ** ___ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] What should dhcpd.conf look like for eth2?
I want dhcpd to serve both eth1 and eth2. My dhcpd.conf looks like
this, with the second subnet changing '1' to '2' for everything but
the name server:
dynamic-bootp-lease-length 604800;
max-lease-time 1209600;
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.254;
option domain-name private.network;
option domain-name-servers 192.168.1.254;
range 192.168.1.1 192.168.1.199;
}
subnet 192.168.2.0 netmask 255.255.255.0 {
option routers 192.168.2.254;
option domain-name dmz.network;
option domain-name-servers 192.168.1.254;
range 192.168.2.1 192.168.2.199;
}
When the router boots, I get error messages from dhcpd (on the console
and in syslog) telling me I need a subnet declaration for eth2 in my
dhcpd.conf file. Oddly, if after I get a prompt I run
'/etc/init.d/dhcpd restart' (without changing anything) I don't get
those errors.
(dhcpd works only intermitently on eth2, but that may be shorewall
problems.)
I have this in /etc/init.d/dhcpd, BTW:
# Add interfaces, separated by a space (ie eth0 eth1)
# Typically your internal interface: eth1 for cable modems/DSL, or
# eth0 for ppp/dialup
ifs=eth1 eth2
Thanks,
--Eric House
**
* From the desktop of: Eric House, [EMAIL PROTECTED]*
*Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords *
**
___
Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: [EMAIL PROTECTED]
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] What should dhcpd.conf look like for eth2?
Your dhcpd.conf entry for the 192.168.2.0 subnet looks fine. Given that, the
problem is probably that dhcpd is starting before whatever interface network
192.168.2.0 is on (I infer eth2 from what you say) gets configured. At the
point at which dhcpd starts, eth2 is probably (implicitly) network
0.0.0.0/something, and you have no subnet declaration for that bogus
network. That it works fine from a console restart reinforces this
interpretation of the symptom you describe.
Since you tell us so little about your setup (not even which LEAF version
you are using), it's not really possible to be more specific than that.
Sorry. Bering, rc2. eth0 and eth2 are 3c509; eth2 is a wireless card
using ray_cs plus whatever it takes to run the ISA-PCMCIA adapter.
eth0 is outbound, and connected to a cable modem (ATT) with IP
assigned over dhcp.
The card on eth2 *does* take a few seconds to come up. Is this just a
timing issue? Should I be delaying dhcpd somehow? (I suppose a
'sleep 5' in init.d/dhcpd would do it, but there's sure to be a better
way.)
Thanks,
--Ericn
At 09:35 AM 5/15/02 -0700, Eric House wrote:
I want dhcpd to serve both eth1 and eth2. My dhcpd.conf looks like
this, with the second subnet changing '1' to '2' for everything but
the name server:
dynamic-bootp-lease-length 604800;
max-lease-time 1209600;
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.254;
option domain-name private.network;
option domain-name-servers 192.168.1.254;
range 192.168.1.1 192.168.1.199;
}
subnet 192.168.2.0 netmask 255.255.255.0 {
option routers 192.168.2.254;
option domain-name dmz.network;
option domain-name-servers 192.168.1.254;
range 192.168.2.1 192.168.2.199;
}
When the router boots, I get error messages from dhcpd (on the console
and in syslog) telling me I need a subnet declaration for eth2 in my
dhcpd.conf file. Oddly, if after I get a prompt I run
'/etc/init.d/dhcpd restart' (without changing anything) I don't get
those errors.
(dhcpd works only intermitently on eth2, but that may be shorewall
problems.)
I have this in /etc/init.d/dhcpd, BTW:
# Add interfaces, separated by a space (ie eth0 eth1)
# Typically your internal interface: eth1 for cable modems/DSL, or
# eth0 for ppp/dialup
ifs=eth1 eth2
**
* From the desktop of: Eric House, [EMAIL PROTECTED]*
*Crosswords 4.0 for PalmOS is out!: http://www.peak.org/~fixin/xwords *
**
___
Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: [EMAIL PROTECTED]
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[Leaf-user] best release for single floppy with wireless?
I want to upgrade a home network from LRP 2.9.4 to one of the LEAF firewalls. The internal nic in my router is a wireless card -- uses ray_cs.o -- so I'll need the pcmcia stuff. And I have only one floppy drive available, need dhclient, want sshd, and am otherwise a demanding SOB. Anyway, I can't figure out from the sourceforge site if there is a pcmcia package, let alone what release to use it with. Can anyone suggest the best starting point for building the router I want? (I have a machine running Debian slink available.) Thanks, --Eric House ** * From the desktop of: Eric House, [EMAIL PROTECTED]* * Check out Safe Harbor for PalmOS: http://www.peak.org/~fixin/harbor * ** ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] dhcp2dns
Does this solve the problem of the ISP who changes your lease every couple of hours ? It doesn't address that problem. It's meant for routers that are serving dhcp leases to internal clients, and to allow those clients to address each other by name irrespective of the IP addresses they've been assigned. (I deal with my ISP changing my IP address, and with the fact that they don't put it into DNS themselves, by running ez-ipupd.lrp and using it to connect with one of the dyndns services out there. It works great, and I *think* it'd work for frequently changed leases, but I haven't tested it. ATT always seems to give me the same address.) If so, since this a fairly simple script which will run in milliseconds, and most of it only if the lease has changed, any harm in running it once per minute? Probably not. It's all in RAM anyway. --Eric House ** * From the desktop of: Eric House, [EMAIL PROTECTED]* * Check out Safe Harbor for PalmOS: http://www.peak.org/~fixin/harbor * ** ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] How do packages install symlinks in /etc/rc?.d/ ?
I'm trying to build a package (.lrp file) that has a script in /etc/init.d. The packages I'm copying also have scripts in init.d, but they don't seem to include the symlinks in the /etc/rc?.d directories that cause those scripts to get called. Yet once installed the symlinks are there -- for these packages, not mine :-(. My question: how do I get symlinks to my init.d script to be added to the /etc/rc?.d directories? Thanks, --Eric House PS My package updates local DNS to include the names of local hosts granted dhcp leases. The init.d script exists only to add a line to /etc/crontab. If there's a better way to do that please let me know. ** * From the desktop of: Eric House, [EMAIL PROTECTED]* * Check out Safe Harbor for PalmOS: http://www.peak.org/~fixin/harbor * ** ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] dhcp2dns
With a bit of help from Michael D. Schleif I've created a package for my Dachsetein routers that puts local hostnames into dns as they're assigned leases. It's working for me, so I'm posting it in case it'll help someone else -- or in case I've done something stupid. :-) http://home.attbi.com/~erichouse1/leaf/dhcp2dns.lrp Here's the readme: This package works with tinydns.lrp, dnscache.lrp and dhcpd.lrp to add the names of local hosts given leases to the local dns namespace. It should just drop in -- i.e. not require configuration. It contains two files. The first goes in /etc/init.d and gets run at startup. All it does is add a line to /etc/crontab that calls the second script every N minutes (default 5). The second script, called from /etc/crontab, checks whether the leases file has changed. If it has, it parses it for hostname:IPADDR pairs, and adds them in the correct format to the private dns data file. It then restarts tinydns and dnscache. Disclaimer: While I've been using and tweaking some variant of LRP for a couple of years, I'm a C/C++ programmer with little professional experience with either shell scripting or system administration. This is probably not the best way to do what I've done. But I've done it, and put it out hoping that it'll be useful to someone. If you do find it useful (or fix something), let me know. Or if the same thing's already been done better please point me at it! Thanks for the help (and for a great product)! --Eric House ** * From the desktop of: Eric House, [EMAIL PROTECTED]* * Check out Safe Harbor for PalmOS: http://www.peak.org/~fixin/harbor * ** ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
