Re: [leaf-user] VPN via ssh+pppd or ipsec?
On Thu, 2002-09-26 at 08:46, Matthew Schalit wrote: I'm finally getting out of the dark ages and need to deploy a vpn because one of my users has a laptop on my internal NAT'd network but will be remote at times, dialing into an ISP, and I'd like to have them appear to be still on my network using the vpn howto method (ssh + pppd) or ipsec I guess. The laptop is WinXP home, WinXP rules out cipe. With Win2K that would have been an alternative. the LEAF box is Bering rc3, 2nics, static external ip, plus shorewall. So which road is good stuff? ssh+pppd or ipsec? I don't know, but the author of cipe explains on the cipe homepage why he thinks ssh+pppd isn't a good idea. http://sites.inka.de/bigred/devel/tcp-tcp.html Ewald Wasscher --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] OT: Won't boot if headless
On Tue, 2002-09-24 at 22:04, Warren Post wrote: This is a hardware problem, not a LEAF problem. But perhaps someone has faced this issue before. Now that I have sshd working on our Dachstein box I want to run it headless. Only now do I discover that it won't boot unless I plug a keyboard back in. As a workaround I've got an old keyboard that doesn't work very well plugged into the box, but that is both an inelegant solution and a temptation to idle fingers. And our frequent power outages mean that the box must reboot often and reliably. I suspect that the problem is hardwired and the only solution is to change the motherboard. (I see no BIOS settings that should affect the keyboard.) But somebody prove me wrong, please. In many bioses there is an option like Halt on: where you can choose if your machine should refuse booting if it has no keyboard, no videocard etc, or that it should boot without those. You should be able to find more information in the manual of the mainboard. For most mainboards the manual can be found at the manufacturer's website if you don't have it anymore. Ewald Wasscher --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Re: Question: (user's guide) 12. Monitoring Beringthrough a terminal console
On Wed, 2002-09-11 at 20:47, Stephen Lee wrote: On Wed, 2002-09-11 at 11:16, Jacques Nilo wrote: On Wednesday 11 September 2002 15:09, David Shu wrote: Hi Jacques, Firstly thanks for the great work with the berings firewall. Your documentation is second to none and I've found it very easy to get things working despite my limited knowledge and experience with *nix. I've just enabled my router/firewall to be serially accessed through a terminal console and all seems to be working fine till I edit files. Some how, there seems to be a severe lag and refresh line going through the screen everytime I move down or up a line. Is this a known bug? Or have I possibly done something wrong. I've not changed anything from your recommended values (Serial Port 1, baud 19200). I'm using secureCRT with similar values to access the router (I tried TeraTerm with similar results). Like I said before, there are no problems till I edit files (I've tried e3, e3vi, ae). All other times everything is displaying well and smoothly.. Any ideas? I understand that you only have that pb when using the editor (by the way e3, e3vi and ae are all linked to the same program ...) I am forwarding your mail to the leaf-user list for assistance on this mater since I never user serial connection myself Any idea anyone ? Jacques I have the same refresh problem when communicating with the serial port to Bering 1.0rc2 via Minicom. It's a bear to edit anything with e3vi. There must be some com setting that can fix this problem... There is one. I had the same problem and I changed the speed of the serial line in /etc/inittab: T1:23:respawn:/sbin/getty -L ttyS0 57600 vt100 Notice that 19200 is replaced with 57600. If your nullmodem-cable is short enough you may be able to set the serial-line-speed at 115200. The slowness also becomes a bit more bearable when moving the cursor with PageUp and PageDown when appropriate. Ewald Wasscher --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] bering: cannot get dhcp lease from ISP [more info]
On Wed, 2002-09-04 at 09:26, Erich Titl wrote: Lynn At 06:35 04.09.2002, you wrote: Hey, there is a bug with one or two ATT networks. They seem to be using over 16 hops to the dhcp server and causing problems with dhclient/pump as they are compiled. I believe someone compiled a new (maybe dhclient 3.x) package to account for this. I didn't want to mention this as it seemed unlikely but I had a similar problem with my server before I moved to dhclient 3.x. I was looking for a dhclient 3.x package but could not find it. In the meantime I tried to install UML to compile it myself, but I got a errors applying the patches to a 2.4..19 kernel and was not sure if I could ignore them safely. If anyone wants me to do so I'll see if I can compile dhclient under UML and put it on leaf.sf.net. Anyone? Ewald Wasscher --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Dachstein v1.03 CD?
On Tue, 2002-09-03 at 22:24, Charles Steinkuehler wrote: Please migrate future replies to leaf-devel...this reply posted to leaf-user in a blatent attempt to get more volunteer help :-) snip First column key: blank Not done -dash Will not be implemented xplus Done -- TODO -- Support multiple mount points in space-check multicron script Fix ping check e-mail functionality Fix package not found bug in /linuxrc Fix updatetime() in /etc/multicron-p Fix mount.back dev = POSIXness bug x Add example lrpkg.cfg to CD Contents x Add example pkgpath.cfg to CD Contents Alter weblet disk-checking script to ignore CD-ROM (always 100% full) ?Use busybox to build links instead of root.bb.links Does this bring any advantage? This will make busybox bigger, and we'll still need the root.bb.links file, so this will add to the size of root.lrp. If there isn't a good reason I'd forget about this. mac addy command in /etc/modules fix extra IP problem when using new net segment. Add 192.0.2.0/24 to stopMartians Support unblocking of private IP ranges Package updates: libz x snmp ssh* (add sftp) Can't you just use Jacques' packages? New packages: x keyboard.lrp x ez-ipupd.lrp ntpclient - name too long! - xntp psentry - ?ipmail Update binaries (or gnu instead of busybox version): ?last ?ps ?tinylogin ?new busybox I'll have a try at these. - ?Switch to glibc 2.1.3 - No...way too big: 967,124 vs 624,660 bytes I will post to the list when I have anything done. Ewald Wasscher --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] dachstein memory use
On Tue, 2002-09-03 at 22:08, Charles Steinkuehler wrote: - my computer has 40 mb internal. Does Dachstein only allocate 32 mb?? I see this in the monitor: Free Memory 16 % of your system memory is currently used. 33044 K bytes available 25356 K bytes free How do allocate all my memory, and would I need it for some reason? If you've got 40 Meg in your system, but 'free' only reports 32 Meg, it's a problem between your BIOS, syslinux (the boot-loader), and the linux kernel. There are several points at which things can break, which sounds like what is happening in your case. If for some reason you really want to access that extra 8 Meg (not really necessary, unless you're running a lot of extras), check standard linux documentation and howto sites for debugging info. If all else fails, and you can't get automatic detection of memory size working properly, you can pass the kernel a parameter to force the memory size to 40 Megs (I don't recall off-hand what kernel parameter to set, In this case it would be: mem=40M Add this to the line in syslinux.cfg that begins with default linux Ewald Wasscher --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering SSH set-up...SSH file???
On Wed, 2002-09-04 at 17:04, Craig wrote: Hi folks, If there's one thing that seems to be agreed on, it sounds like having SSH installed and set-up on your router makes it easier to supply the newsgroup with sometimes needed file(s) info by literally copying and pasting. Having said that, I'm trying to set-up SSH on Bering and have a couple of questions: Do I also need to use the ssh.lrp package or do I truly only need the libz.lrp, sshd.lrp, and sshkey.lrp packages? That's right. Just follow Jacques' documentation. I know the documentation at http://leaf.sourceforge.net/devel/jnilo/openssh.html says that I don't need the ssh.lrp but the reason I ask is because I don't have a /etc/init.d/ssh file as is referenced in the how-to at http://sourceforge.net/docman/display_doc.php?docid=1441group_id=13751 entitled How Do I add SSH to the LEAF boot disk Description: v0.8.0 by Steven Peck and I'm wondering why I don't??? I haven't read Steven Peck's documentation, but I suppose it refers to another/older ssh package. There is no /etc/init.d/ssh, but there is a /etc/init.d/sshd which will start sshd at boot. Also, is the command to generate your key makekey (without the quotes of course) or ./mkhostkey as referenced in the How-to? Thank you. I used Jacques' instructions with success. (So use makekey) Make sure you backup sshd.lrp after generating the hostkey and that libz.lrp and sshd.lrp are loaded at boot. If you don't know how to do so, please ask the list. Ewald --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Considerations for a large number of users
On Wed, 2002-09-04 at 16:34, Todd MacDougall wrote: I plan on using the Bering distro to service up to 75-80 users. Are there any configurations that I should be addressing before doing this? For example, should I be changing cache sizes? Are you using squid? One problem I ran into is that the connection tracking table isn't big enough: Sep 4 15:35:12 vhe-400072 kernel: ip_conntrack: table full, dropping packet. This can be solved with: echo any_bigger_number /proc/sys/net/ipv4/ip_conntrack_max You may want to prevent individual users from using too much of the available bandwidth. I suggest reading the Advanced-Routing-HOWTO: http://www.lldp.org/HOWTO/Adv-Routing-HOWTO/index.html and the section on traffic shaping of the shorewall documentation at http://www.shorewall.net/ Ewald --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [Leaf-user] OT: ssh keys
Charles Baker wrote: Perhaps comp.securtity.ssh is a better place to ask. But give us some more information and perhaps we could help. I generated a ssh key on a machine behind my lrp box and placed that key on a remote machine so that I could do key-based authentication instead of password authentication. How exactly did you do that? If you describe what you did we could perhaps see what went wrong. However, when I try to ssh to the remote box, it doesn't recognize me, the host names don't match because the connection is masqueraded as coming from the lrp box. Why is that a problem? I don't see it. I can do ssh through my firewall fine, both using passwords and public key authentication. Suggestions? More information! Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] PPP(oE) standards
Hello Tom and others, I'm sorry to hear things don't work for you yet. As I'm totally unfamiliar with PPPoE I'm afraid I can't help you any further (without spending a considerable amount of time). I asked Kenneth Hadley (It's probably his diskimage you are using) to take a look at this. As a workaround you could reload your firewall rules every 5 minutes by adding this line to /etc/crontab 1,6,11,16,21,26,31,36,41,46,51,56* * * * svi network ipfilter reload Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] PPP(oE) standards
David B. Cook wrote: Killing the pppd appears to restart a new version and re-run the filters. Also, a reboot appears to be no worse for the wear with this change. I will keep you informed the first time the ISP drops the connection such that it renegotiates the address without my intervention. Yes please do so! Thank you for the patience testing this all. Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] ICQ 2001 / Sock5
Reginald R. Richardson wrote: Hello all, Can someone guide to where i can find a HOW-TO, on how to configure SoCKS5 Package on Dachstein r1.02. Seems like if i use ICQ with the icq_masq, i can't do file transfer and those fancy things, That's right. ICQ = 2000 uses a different protocol than ICQ 98, 99 etc. The ip_masq_icq module understands the older protocol, bu not the newer one. i would like to try the socks package, i read somewhere in the forum that it works great, but i can's seems to find a doc. on the configuration of SOCKS I think, (but It's been some time since I used it) that if you use the socks5.lrp package that comes with Dachstein-cd it's just a matter of adding the package and things should work. The ip addres/port of your socks server will be 192.168.1.254 by default. Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] About Proftpd
sylvain pelletier wrote: hi, I want to set up proftpd but i can't found good documentation. All examples i saw are anonymous access and i don't want it. Somebody know a good link?? Personally I think the documentation on http://www.proftpd.net/ and the examples that come with proftpd are fine. Have you read those? Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] /devttyS0 error...
Brad Fritz wrote: On Mon, 21 Jan 2002 12:19:35 CST David Goodrich wrote: i'm attempting to run a null-modem cable from my router to my main pc to manage my router w/o a monitor keyboard permanently attached... so as instructed in the serial-howto, i typed echo hello world /dev/ttyS0 to test the serial link...it returned cannot create /dev/ttyS0: error 19 i haven't found anything about this error on the web, and was wondering if anyone here has had similar experience... thanks In my experience, that error occurs when trying to use the serial port when a) the kernel doesn't have serial support compiled in, or b) the kernel has serial support via kernel modules and serial.o hasn't been loaded. The Dachstein-small kernel in the floppy version of Dachstein requires the serial.o kernel module to be loaded for serial support. It's at http://lrp1.steinkuehler.net/files/kernels/Dachstein-small/modules/misc/ If you want a console on a serial line, which is what you are trying to accomplish, you will need serial support compiled into the kernel. Serial support as a module won't work. So you will need to replace the kernel with a Dachstein-normal one. Ewald Wasscher. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Firewall Setup / Cable Setup
Ray Olszewski wrote: snip Having found it, we still have to fix it. I don't use the Dach default firewall, but someone else can tell you the edit for it ... or you can try scanning the list archives (the external-privvate-address problem comes up regularly on the list). [Mike, is this problem common enough to deserve a FAQ answer?] Or you can use a different drop-in firewall; I know echowall.lrp, for example, handles private-range external addresses OK. The default Dachstein firewall scripts deny traffic on the external interface that comes from/goes to private-range ip-adresses. I think you can solve this in your case by commenting out line 208 in /etc/ipfilter.conf. Here is how to do it: - Go to the lrcfg menu (if you are not already there), choose 1, then 2. Now you are editing /etc/ipfilter.conf. - Go to line 208 (the line number is at the bottom right of your screen) - Place a # at the beginning of line 208. (just like line 207) - Save the changes, and exit from the editor - Exit from the menu so that you are at the commandline. - On the commandline type this: svi network ipfilter reload - Test the changed firewall. If everything works ok you can backup etc.lrp through the menu. Good luck! Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Fwd: Re: [Leaf-user] glibc pppoe... (oops, forgot something)]
Nicolas Riendeau wrote: [Actually, double Oops since I forgot to post in on the mailing list...] Oops, I forgot something... I'm not sure if this is still a requirement with Dachstein but with ES2B the libraries apperently had to be stored in root.lrp (it would crash otherwise, I guess it needs it before loading the rest...). If this is still a requirement It is, and it was. you'll have to go into /var/lib/lrpkg and remove the libc.* files and probably edit packages backdisk (or their equivalent in Eigerstein) so that they no longer refer to the libc.lrp package... You're right about removing the /var/lib/lrpkg/libc.* files. This doesn't seem to be needed with Oxygen so it might no longer be required with Dachstein but it did seem necessary with ES2B... (Don't know if it was with plain Eigerstein...). Almost all programs on unix systems need some kind of c-library (libc). The programs in oxygen's root.lrp are statically linked with a tiny c-library (uClibc), so that they have a builtin libc and don't need a seperate one. The advantage of this is that Oxygen's root.lrp is independent of the version of glibc used. So if you feel like it you should be able to replace the libc.lrp that comes with Oxygen (it contains glibc-2.1.3) with your shiny new home-made 2.2.4 version. The disadvantage is that it costs a bit of diskspace (approx. 65kb on the ramdisk, 25kb on the floppy), because of the builtin libc. I hope this explains things a bit for you. Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Updating port forwarding with dynamic IP
Tom Atwater wrote: snip There is a newer Dachstein-PPPoE package available here: http://leaf.sourceforge.net/devel/khadley/ The current problem I have is this: When Earthlink updates the dynamic IP, the LRP box does not update the port forwarding from address with the new dynamic IP. That's wierd. That means that the firewall rules aren't reloaded (or there is a bug in the firewall scripts). So the web and ssh servers are no longer accessible from the outside. If I reboot the LRP box, everything is fine, but that is a manual process, and naturally I want it to be automatic. I know what the LRP commands are to update the from IP for port forwarding: # Get new dynamic IP EXT_IP=`/sbin/ip addr show dev ppp0 | grep inet | cut -f2 -d' '` # Clear old port fwd entries /usr/sbin/ipmasqadm portfw -f # Add entries with new dynamic IP /usr/sbin/ipmasqadm portfw -n -a -P tcp -L dynamic_ip 22 192.168.1.200 22 /usr/sbin/ipmasqadm portfw -n -a -P tcp -L dynamic_ip 80 192.168.1.200 80 If you use the Eigerstein builtin firewall you should reload/restart the firewall like this: svi network ipfilter reload The firewall scripts should read the ip-address from the external interface (if properly configured) and adjust the portforwarding accordingly. Tell me if it doesn't work. The LRP box does not have crontab, ssh, or telnet on it, so I seemingly can't run a cron job or update it from the internal Linux box. You can edit /etc/crontab; /etc/cron.daily; /etc/cron.hourly or /etc/cron.monthly directly. So it is possible to add a cronjob. If you want remote access (and have enough disk-space left) you can install either Jacques Nilo's OpenSSH packages or my lsh packages (http://leaf.sourceforge.net/devel/jnilo/ and http://leaf.sourceforge.net/devel/ewaldw/ respectively). I tried to add these commands to the Roaring Penguin adsl-connect script that runs when Earthlink changes the dynamic IP, but it didn't work. Try adding the svi network ipfilter reload instead and see if that works. Anyone have any ideas how I can do this? I do! :-) Hope this helps, Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] remote access to dachstein
Julian Church wrote: Hi All At 13:35 17/01/02 -0800, Victor McAllisteer wrote: There was a post here recently from someone who got libz.lrp and sshd.lrp to fit on a single floppy. He stripped the pretty version of weblet and used one without graphics if I remember correctly. Unfortunately the search feature does not appear to work on the list so I can't find the message. That was me actually, and it really isn't that hard. A standard Dachstein 1680K floppy has about 275KB of free space anyway, while libz.lrp and sshd.lrp total around 330KB - you've only got to find about 55 KB. Here's exactly what I did: 1. In /var/sh-www/, I deleted lrpStat.jar, the weblet's java-based bandwidth monitor, and netmon.html, the html document that's used to display it. To keep things neat and tidy, I then opened up index.html and edited out the resulting broken link to netmon.html. Didn't anyone notice Charles has a weblet-tiny package on his website which doen't include the bandwidth monitor? snip 3. Then, I backed up. Weblet.lrp reduced in size from about 67 K to about 18 K, Which is the size of the weblet-tiny package. 4. I still didn't have room for the ssh key generator program, sshkey.lrp, on the floppy so had to install it manually after boot. Once the key is generated though, you don't need it any more so there isn't actually much point in trying too hard to fit it on the boot floppy in any case. Instructions for this part are at http://leaf.sourceforge.net/devel/jnilo/openssh.html. If you still don't have enough space you may want to try my lshd and/or udhcpd package at: http://leaf.sourceforge.net//devel/ewaldw/packages/ lsh is a smaller replacement for openssh and udhcpd is a smaller replacement for the regular dhcpd. If you're running dhcpd on multiple interfaces it will be hard or impossible to use this udhcpd package. Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Charles and the inevitable PPTP in DCD
Jim Van Eeckhoutte wrote: Charles , what Im tryin to do in DCD is get it to act as a vpn server and create a tunnel between to Lans across the WAN. I will be connecting to a netopia with mschap or possibly (later down the road) ipsec and L2TP. Any info would be appreciated , searching elsewhere as just thoroughly confused me. First, did you read the VPN-howto? Do you want your lrp machine to act as a pptp server or as a client? Did you manage to find a pptp.lrp or a pptpd.lrp package? I can't help you setting it up as I don't have any experience with it, but I could try to compile the needed programs, if you can't Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Realtek 8139C 10/100 NIC - rtl8139.o or 8139too.o ?
[EMAIL PROTECTED] wrote: Subject says it all. I put a Realtek 8139C 10/100 ethernet card into my machine and both of these modules seem to work properly for it. Can anyone advise on which is more correct or better? I've never had any problems with eiher module. But 2.4 kernels only contain the 8139too.o, so I think it's better for some reason whatever that may be. I am using kernel 2.2.18. That one has a few (local) security holes. 2.2.20, and Charles 2.2.19-3 kernel have those fixed. Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] MSN Gaming
Hallo Joris, Joris Kempen wrote: Hi, I'm back on the list :) Just used my Dachstein for a few months without needing to touch it just one time. Great work Charles!!! But now I have some questions: - I use MSN quit a lot because all my friends do (I prefer IRC), and you can send/receive files using MSN. I can receive the files people sent to me, but I'm not able to sent my own files to other peoples. What do I need to change to make this work? I think you mean that you can send files, but can't recieve them. Am I right? Dachstein comes with an ip_masq_mms.o module. Do you have that one loaded in the kernel? - I also want to do some gameplaying over the internet, especially Age of Empires II for Windoze, but I am not able to join or host any games. You'll probably need the ip_masq_dplay.o module. I'm not sure if hosting games will work, but connecting should. It may be that you have to open a few ports on the firewall. When I join a game I get unable to join game and when I host a game, i get as IP my local ip address 192.168.1.1 etc. Is it possible to make this game work from behind my firewall? Just want to play head2head to someone I know. How about other games, am I getting the same problems with my firewall That depends. Anything that uses the Directplay protocol 8 will more or less cause problems. Normally you'll find lots of information about this kind of problems on: http://ipmasq.cjb.net/ and: http://www.tsmservices.com/masq/ Good luck with it, Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] OT:SFTP on Slink
Sean E. Covel wrote: I copied the sftp.lrp from DCD 1.01 onto my Slink box. When I run sftp I get the following error: slink:~# sftp BUG IN DYNAMIC LINKER ld.so: dynamic-link.h: 53: elf_get_dynamic_info: Assertion `! bad dynamic tag' failed! slink:~# Ok, I'm pretty sure I'm missing a library, but how do I figure out what it is? With ldd: woody:~/dachstein-glibc-2.0.7/build/openssh-3.0.2p1$ ldd sftp libutil.so.1 = /lib/libutil.so.1 (0x40019000) libz.so.1 = /usr/lib/libz.so.1 (0x4001c000) libnsl.so.1 = /lib/libnsl.so.1 (0x4002b000) libcrypt.so.1 = /lib/libcrypt.so.1 (0x4004) libc.so.6 = /lib/libc.so.6 (0x4006e000) /lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x4000) You could of course rebuild OpenSSH on the slink system. When you have the required libraries (openssl, zlib) it's no problem. Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dachstein source tree?
Vic Berdin wrote: Hello all, Can anyone point me out to where I can download Charles' Dachstein (floppy) source tree? Thanx very much in advance! AFAIK there isn't such a thing except for Charles' development machine. We really should start using CVS for this I think. There has been some discussion about it, but things are really slow in that area. If there is anything more specific you need, don't hesitate to ask. Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] How to manage log files?
Bernard wrote: Hi, How does the log rotationg work? I am using the Eigerstein distribution (180 days uptime w/o problems) on a 1.6MB floppy. I log in through ssh and would like to see the effects of some traffic in the log file in real time. But there is no activity in the log at all at the moment. The last message is: /var/log/messages: No space left on device Depending on the amount of memory in the router in question you can enlarge the ramdisk. This is done with the ramdisk_size parameter in syslinux.cfg on the bootdisk. The value is the size of the / ramdisk in kilobytes. and then a truncated line. The last message is a few hours old although I know there is a log entry every 10 seconds or so. It appears there are large gaps between what appears to be log file generations. I think you mean logfile rotation? Logfile rotation can be configured in /etc/lrp.conf #df prints: Filesystem 1024-blocks Used Available Capacity Mounted on /dev/ram0 607660760100% / Should I delete any files or is there a way do download them? You can probably download them using scp. A free version is WinSCP: http://winscp.vse.cz/eng/ You can delete the rotated logfiles in /var/log ather that ( the ones that end with .0 .1.gz .2.gz and so on) to free some diskspace. Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Is this newbie even in the right ballpark with LEAF? (Summary)
Dan Schwartz wrote: although this is not a particularly main-stream thing. If you really want to burst to 155 MBits/sec, you'll probably need some form of hardware acceleration (at least for a year or two, until the 5-6 GHz CPU's come out). If I need more CPU horsepower, I'll use 21264 (Alpha) CPU's instead. Now that's a waste of money. I even doubt a 1Ghz 21264 will be faster than a 2Ghz x86 cpu, when doing integer calculations. You might also want to note that the new AES crypto algorithm is much more CPU friendly than 3DES (as are several other cryto standards). You may be able to find FreeS/WAN patches for rijendall (sp?) or some of the other alternate crypto schemes that will give you higher throughput than 3DES. I looked for them and didn't find any good ones. This an areas where IMHO OpenBSD (and perhaps the other *BSD's) is much more advanced than linux. OpenBSD does support hardware crypto accelerators, and X509 certificates, and other ciphers than 3des. Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] PPPoP DachStein Firewall going to two disk
Kevin wrote: I have the single floppy up and running as designed, however I can not get the multi294.lrp to load so I can backup root and use two floppies. I did edit syslinux.cfg to add and installed on the first boot floppy. The scripts load all packages and stop at the multi294 and all others after that one. You don't need the multi294.lrp, there is multi-disk support in dachstein already. Just change PKGPATH= /dev/fd0u1680 in syslinux.cfg to something like PKGPATH=/dev/fd0u1680,/dev/fd1u1680 where /dev/fd1u1680 means that you have a second 1680KB formatted floppy in the second floppy drive. Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Oxygen
Cokey de Percin wrote: I guess I've missed something somewhere. I've seen references to newer Oxygen releases, such as 12/11? Where might these be hiding? These are here: http://leaf.sourceforge.net/pub/oxygen/development/ As you might guess from the URL these are development releases, and as such not intended for normal use. However, an official release may be coming soon according to David. Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Squid package??
Sergio Morilla wrote: Dave Thanks for the package and the dependecies info!! Just one more question, I would like to move the cache to an HD I have on the computer, is this a paremeter on squid.conf? IIRC it's CacheDirectory. The manual at http://www.squid-cache.org/ will tell you if I was right. Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Default editor for lrcfg in Dachstein-CD 1.0.1
Stephen Lee wrote: Hi, How do I change the default editor to vi in DS-CD 1.0.1? Add the line below to /etc/profile (choose 2 then 5 in the lrcfg menu) and then login again. export EDITOR=e3vi Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] running out of space on floppy...
james terris wrote: After adding the necessary modules for hard drive access the amount of space that I'm using went up to about 97%. So I was wondering what I could do to either add another drive or trim some stuff out so there was more space. I have a second floppy in this machine but I'm not sure how to set up Dachstein to use the second floppy to store stuff on and retrieve aat boot time. This is fairly easy, and I have it working. This is what I did: 1. Format a new floppy for the second disk (the B: drive) 2. move all .lrp packages except for root.lrp from the first disk to the second.disk 3.in syslinux.cfg: change PKGPATH=/dev/fd0u1680 to: PKGPATH=/dev/fd1 for a 1.44 MB formatted floppy in the second floppy disk drive. From now on packages are loaded from and backed up to the second diskette. I don't know if it's possible to have other .lrp packages than root.lrp on the first diskette, maybe it works, maybe it doesn't. Could I format the original floppy to 2M and then save all the files to it? AFAIK syslinux doesn't work with 2M floppies. I didn't work for me at least. Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Re: [Leaf-devel] LEAF 2.4.14 / Shorewall 1.1.18 based distro (alpha version)
Jacques Nilo wrote: Following my previous post on how to get rid of LRP kernel patches I have created a 2.4.14 base LEAF version with SHOREWALL as default firewall. Please consider this work as preliminary. All the stuff is here: http://leaf.sourceforge.net/devel/jnilo/kernel-2.4.14/ The diskimage is: http://leaf.sourceforge.net/devel/jnilo/kernel-2.4.14/leaf-2.4.14-1680.b in use the command: dd if=leaf-2.4.14-1680.bin of=/dev/fd0u1680 to move it over to a floppy If you need extra kernel modules there are in: http://leaf.sourceforge.net/devel/jnilo/kernel-2.4.14/modules/ 1/ Kernel It's plain vanilla 2.4.14. They are 3 config files and 3 corresponding UPX compressed kernel in the directory. Small Normal correspond to Charle's Dachstein. Mini does not have any IDE/PCMCIA support. 2/ Distro This 2.4.14 version is basically derived from the new dachstein-rc2 distro. Ipchains and related stuff has been removed and replaced by iptables 1.2.4. See: http://netfilter.samba.org/ Firewall is the nice tool designed by Tom Eastep, Shorewall in it's latest 1.1.18 version See: http://www.shorewall.net/ This is more or less the setup I'd like to have. 3/ TO-DO's (among other things) 1/ clean-up /etc/init.d/network, /etc/network.conf and /etc/ipfilter.conf to get rid of all the unecessary stuff. 2/ In the above mentioned files check the QoS and bridge stuff 3/ modify /linuxrc to copy the initial initrd.gz to tmpfs and then pivot_root from there. Will allow to adjust the size of the filesystem dynamically. Pivot_root is provided in the busybox library. As I wrote in another post I will see If I can put together a minimalist initrd.gz this weekend. 4/ allow backup of initrd.gz ??? (not really useful, to my opinion) I disagree. See the How to get rid of LEAF kernel patches thread.. Adjust weblet script to take care of firewall messages Any feedback/ideas/help on the 5 points mentionned and any other would be welcomed! Cheers Jacques ___ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] RTL8139C chip NIC
Sergio Morilla wrote: Hi, Does someone know wich module/s should I use with an RTL8139C chip based NIC? It's a PCI card. So I guess I should do pci-scan somemodulehere is this OK?? It is. You'll need either 8139too or rtl8139 for the realtek chipset. So you need these 2 lines in /etc/modules: pci-scan 8139too Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] start remote fetchmail from dialup eiger
Fabian Linzberger wrote: Hi! First of all I want to thank all you guys for your efforts in LRP and it's spinoffs. It's really great. I made my first steps in Linux in when I wanted to share my cable connection with my flatmate via a dedicated Linux Masquerade box in the december. My first setup with Suse took 3 weeks to get to work, I later switched to RedHat (took me 2 days) then I switched to debian (one long evening). Then my friends started to ask me about setting up firewalls for them, so I configured a EigerSteinBeta2. (4h first time at home). When I set it up for my friend it took us 2.5 hours, but 2h were spent waiting for his provider to get the connection up again (they unfortunately oversell heavily and give a lot of trouble). Next step will be a VPN using IPSEC configuration which I will then duplicate for a couple of different friends that want to share their Windows-LANs ;-) Now my problem: I also managed to configure my EigerStein to use a modem dialup setting with demand dialling via pppd (it seems that this is not really a usual setting for a router ;-). However dnscache gives trouble since it doesn't like to start at bootup without the EXTERN_IP set (of course a different IP is assigned each time connection is established). I tried to start it later on manually setting the IPSEND to the current value. It just waited for a long time however (maybe wrong user). Is it really necessary for dnscache to know it's extern ip for querying or can I also set it to something like 0.0.0.0? According to Jacques Nilo, who is very faminiar with dnscache you _should_ do so. Actually he suggested doing so in the next Eigerstein release, and it will be done if Charles' doesn't have any objections. Second question: There is a server running IMAP in my local net. I would like to configure it to flush out exim's mailqueue and start fetchmail each time the modem's link goes up (ie. ip-up is run from pppd). Is there a ssh client in the sshd.lrp package (I don't think so it didn't find the command). So I thought of this hack. I have xinetd listening on a high port on the server and each time the firewall goes up it sends a SYN package to that port, making xinetd start a script to do the job. It even works when I telnet from the server. It's just that I don't know how to practically generate the SYN packet on the router (I don't really want to install telnet, for obvious reasons), but I guess you will. If you have another (less freaked out idea) on how to achieve the same thing, ideas would be welcome of course. On Eigerstein2BETA there is a tiny netcat-like utility: mnc I hardly have experience with it, but I'm pretty sure it will do the job. In the soon-to-be-released next version this will change to nc. PS: If anyone is interested in my demand dialling config, feel free to contact me. If you have questions concerning Austria's biggest ISP chello, Argh chello :-P Here in the Netherlands people just keep complaining about the chello cable modem service. From insiders I keep hearing that UPC (chello's mother-company) is one big mess. Regards, Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
