[leaf-user] Bering /dev/fd0u1760 ???
I need just a bit more room on my 1680k floppy. Is it possible to build a Bering 1.0 image for a 1760k floppy? Would it work in a typical fd drive? The developer guide seems to produce an output file called linux.upx. It sort of implies it is a disk image (size 1680k?). How do you produce a 1760k image? I don't think you can just format a 1780 floppy and copy files or dd from a 1680k floppy. Any pointers or advice would be most appreciated. gene --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering /dev/fd0u1760 ???
Jacques Nilo wrote: Le Mardi 31 Décembre 2002 07:09, Gene Smith a écrit : I need just a bit more room on my 1680k floppy. Is it possible to build a Bering 1.0 image for a 1760k floppy? Would it work in a typical fd drive? The developer guide seems to produce an output file called linux.upx. It sort of implies it is a disk image (size 1680k?). How do you produce a 1760k image? I don't think you can just format a 1780 floppy and copy files or dd from a 1680k floppy. Any pointers or advice would be most appreciated. The following link should answer your pb. http://sourceforge.net/docman/display_doc.php?docid=1416&group_id=13751 Do not forget fo modify the syslinux.cfg file Jacques Thanks! I hope this means I can just copy my files to a 1760k formatted disk and don't need to somehow make a new 1760k image file. Just need to specify the fd device (size) in syslinux.cfg and it will boot. Will try it when I get a chance. gene --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering /dev/fd0u1760 ???
Jeff Newmiller wrote: On Wed, 1 Jan 2003, Gene Smith wrote: Jacques Nilo wrote: Le Mardi 31 Décembre 2002 07:09, Gene Smith a écrit : I need just a bit more room on my 1680k floppy. Is it possible to build a Bering 1.0 image for a 1760k floppy? Would it work in a typical fd drive? The developer guide seems to produce an output file called linux.upx. It sort of implies it is a disk image (size 1680k?). How do you produce a 1760k image? I don't think you can just format a 1780 floppy and copy files or dd from a 1680k floppy. Any pointers or advice would be most appreciated. The following link should answer your pb. http://sourceforge.net/docman/display_doc.php?docid=1416&group_id=13751 Do not forget fo modify the syslinux.cfg file Jacques Thanks! I hope this means I can just copy my files to a 1760k formatted disk and don't need to somehow make a new 1760k image file. Almost. You also have to run the syslinux utility to make the diskette bootable. This all works best on a linux workstation... Windows doesn't really get along with odd size disks very well. Just need to specify the fd device (size) in syslinux.cfg and it will boot. Will try it when I get a chance. gene --- Jeff NewmillerThe . . Go Live... Thanks for pointer, Jeff. Thought there must be more to it. Anyhow, could not get fd0u1760 floppy to boot after getting and running syslinux (however, it would mount and could ls and edit files, e.g., syslinux.cfg). Using this same method on a fd0u1680 floppy boots fine -- but had to cut out sshd :(. Possibly fd0u1743 or 1722 would work but still too small. At least I understand what is going on a bit better. (Have been doing it all on linux, not windows.) gene --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Win2K DNS Problem
Brad Fritz wrote: On Sat, 04 Jan 2003 11:58:26 EST Kory Krofft wrote: Brad: Output from tcpdump as well as an Ethereal dump are at: http:home.woh.rr.com/kkrofft/etherealout http:home.woh.rr.com/kkrofft/tcpdump.txt FYI: I see the tcpdump.txt but not etherealout when I click. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bad Bering natsemi.o driver?
Craig Caughlin wrote: Hi folks, I'm preparing a new box with the latest, stable Bering and I'm wondering if the driver might be bad? I downloaded the natsemi.o driver for the Netgear FA311 NICs I have from http://leaf.sourceforge.net/devel/jnilo/bering/latest/modules/2.4.20/net /, and when I use it, only eth0 is detected and not eth1 as well. Fortunately, I have another natsemi.o driver that apparently I downloaded at some point in the past and it seems to work fine with both NICs. I wanted to bring this to the groups' attention if the driver that's posted is in fact (somehow) defective??? Comments??? Best Regards, Craig Craig, I think maybe the one you got depends on pci_scan.o so you may need that too when you use the drivers from the "becker" area. There is another natsemi driver from the kernel proper that doesn't require pci_scan in this area: http://leaf.sourceforge.net/devel/jnilo/bering/latest/modules/2.4.20/kernel/drivers/net/ I don't completely understand the difference between the two driver sets. Anyhow, I struggled with natsemi drivers for FA311 for a few weeks off and on. Thought the board was bad. Eventually found out that my cable isp (charter) required the same mac address as my old board to work. They said I had to leave the new natsemi board connected for 24 hours to be detected and registered by their system. (Seems like I should have just been able to tell them the mac, but no.) Anyhow, ended up compiling a newer version of natsemi.c that had hook for hardcoding a new mac addr. Used the User Mode Linux woody environment on Redhat to do the compile for Bering and it worked! So, I suspect that the natsemi driver, at least the one in the kernel area is ok since it is very similar to what I used. -gene --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] upgrade sshd w/o reboot ?
I want to upgrade to the latest sshd without rebooting my system. I have copied the latest sshd.lrp to my boot floppy and mounted it on the bering-leaf system. After I stop sshd, is it possible to "unpack" the sshd.lrp on the floppy into /usr/sbin/ and overwrite sshd on the ram disk? I can then start sshd and the new version should run. I have been unable to find how to do this on the FAQ. Will sshd connection be maintained during the sshd stop/start like when Shorewall is restarted? I would suspect that restarting sshd would cause any existing ssh connections to be dropped, right? Thanks, -gene --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] upgrade sshd w/o reboot ?
Alex Rhomberg wrote: Will sshd connection be maintained during the sshd stop/start like when Shorewall is restarted? I would suspect that restarting sshd would cause any existing ssh connections to be dropped, right? I'm not sure about that, but I suspect the connection will be dropped with a sshd stop/start. I recently upgraded to the new version and did not drop out of the session when I ran /etc/init.d/sshd restart It really was a seamless upgrade :-) - Alex You are right, it does not drop existing connection. However, the existing connections keep running each on an instance of the old sshd version. Restart or "kill -HUP `cat /var/run/sshd.pid`" kills the old listening server and starts the new listening server, but does not affect the instances serving the current connections. Old connection instances go away only after the connections are closed by the connected users. New version sshd instances are forked on each new connection. (At least that appears to be how it works, and it conforms to the univeral unix fork/exec server model.) Eric, thanks for pointing me to lrpkg -i. I figured there had to be a fairly simple way to do that but I couldn't find it in the manual or faq. -gene --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] upgrade sshd w/o reboot ?
Eric Spakman wrote: Gene, I want to upgrade to the latest sshd without rebooting my system. I have copied the latest sshd.lrp to my boot floppy and mounted it on the bering-leaf system. After I stop sshd, is it possible to "unpack" the sshd.lrp on the floppy into /usr/sbin/ and overwrite sshd on the ram disk? I can then start sshd and the new version should run. I have been unable to find how to do this on the FAQ. You could try "lrpkg -i sshd" from within the mounted directory, that will install the new sshd package and overwrite the previous one. Will sshd connection be maintained during the sshd stop/start like when Shorewall is restarted? I would suspect that restarting sshd would cause any existing ssh connections to be dropped, right? I'm not sure about that, but I suspect the connection will be dropped with a sshd stop/start. Regards, Eric Spakman Strange, able to install latest sshd in running system ok using "lrpkg -i sshd.lrp" w/o reboot and it used new sshd version for new connections. Also copied latest sshd.lrp to boot floppy. When reboot occurred (due to power outage) could not do ssh connection (connection RST in response to the first SYN). Connect was attempted remotely from behind a corporate firewall, possibly via a transparent proxy. (I am not really sure how I connect but use the command line "ssh -l myuid my-lrp-server-actual-ipaddr" which works with old sshd version.) --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] upgrade sshd w/o reboot ?
Dave Hunt wrote: Strange, able to install latest sshd in running system ok using "lrpkg -i sshd.lrp" w/o reboot and it used new sshd version for new connections. Also copied latest sshd.lrp to boot floppy. When reboot occurred (due to power outage) could not do ssh connection (connection RST in response to the first SYN). Connect was attempted remotely from behind a corporate firewall, possibly via a transparent proxy. (I am not really sure how I connect but use the command line "ssh -l myuid my-lrp-server-actual-ipaddr" which works with old sshd version.) The sshd.lrp does not contain any keys by default. if you copied this to floppy without including any keys, then sshd would not be able to start on next reboot, because no keys present. You need to get an sshd.lrp onto the box that does contain keys. Cheers, Dave. Guess I assumed that since the keys are in /etc/ssh they are part of etc pkg and backed-up there. However, when I rtfm on sshd installation it says to backup sshd to boot disk after you generate the keys. Working now. Thanks. -gene --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Boot Bering from floppy, most Pkgs on CD
I am attempting to run Bering from a non-bootable CD which requires booting from floppy. I am presently running fine for over a year from two floppies but would like to have more packages than will fit on my two floppies. Is there explicit documentation on how to do this? (I found how to boot Bering from just CD and for Dach. how to boot from floppy and rest on CD.) I think all I have to do is still go ahead and make a bootable CD (but can't boot it) and tweak my 1st floppy to just get packages from CD instead of 2nd floppy, plus add the cd drivers to initrd on my 1st floppy. I think this will work. Pointers or suggestions most welcomed! -gene --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Boot Bering from floppy, most Pkgs on CD
Charles Steinkuehler wrote: Gene Smith wrote: I am attempting to run Bering from a non-bootable CD which requires booting from floppy. I am presently running fine for over a year from two floppies but would like to have more packages than will fit on my two floppies. Is there explicit documentation on how to do this? (I found how to boot Bering from just CD and for Dach. how to boot from floppy and rest on CD.) I think all I have to do is still go ahead and make a bootable CD (but can't boot it) The CD doesn't have to be bootable...it just has to have the packages you want on it. True, but I went ahead and made it bootable since the documentation just explained making a bootable CD and I wasn't sure exactly what not to include to make it non-bootable, especially on the mkisofs command line. and tweak my 1st floppy to just get packages from CD instead of 2nd floppy, ...using the PKGPATH setting in the kernel command line. You should setup the PKGPATH= and BOOT= settings as they would be for a bootable CD, and everything should work. plus add the cd drivers to initrd on my 1st floppy. I think this will work. Yes, it should work. And it did! Pointers or suggestions most welcomed! The Dachstein boot disk used for DachsteinCD is probably the closest example to follow, as I believe most Bering users make bootable CDs with a different bootloader (rather than a bootable CD). The main difference between the Dachstein CD boot disk and one you'll make for Bering will be the disk size (1440K vs 1680K), and packages (I'd start with a full floppy version of Bering, while the Dachstein boot disk only has a minimal set of files for the bootloader, the kernel, and the initial ramdisk). You can always convert to a 1440K disk and fewer files once you get the system reading packages off the CD. I do have a couple of questions still: 1. Should BOOT= point to my floppy since that is what I am actually booting from? (It also seems to work when pointing to the cdrom.) I saw somewhere in the documentation that BOOT= should point to a writable device for package backup and does not really specify the boot device. 2. The Dachstein boot from cd README (and one of Charles' previous posts) talk about search order, i.e., package[:searchorder]. When it says "load multiple packages" does this imply multiple instance of the package name will reside in memory, or does it mean that later packages of a particular name in the search path will overwrite earlier loaded packages with the same name? Anyhow, my two floppy disk system now uses one floppy and a cd, and it now restarts with no operator intervention if power cycled (no 2nd floppy and hitting enter). Next step, add some more packages to the cd. Tks, -gene --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Send-only qmail
Presently my users behind my bering-leaf f/w send mail using mozilla via my ISP's smtp server. However, this server is sometime down for short periods and connection cannot be made. In that case, the user either retries the send later or saves the message as a draft and tries to send it later. (Mozilla does not seem to have a "guaranteed" delivery feature.) Is a feasible solution to this to install qmail.lrp on my bering-leaf and let it take the place of the ISP's smtp server from the user's point of view? As I see it, qmail would just relay the messages on to the ISP's smtp server, but if connection to it can not be made, it would queue the messages for later retry. Most of the discussion on the leaf mail list seems to be about receiving email with qmail and making user accounts. At this time I am only concerned with the sending process and my user's email address would remain [EMAIL PROTECTED] via the ISP's pop server. Is qmail.lrp a good solution to the problem or is there a better way to fix it? If so, is there a easy way to configure qmail to do just this. In any case, I need to peruse the qmail docs in great detail tomorrow. Thanks, -gene --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Send-only qmail
Ray Olszewski wrote: At 02:18 AM 12/31/2003 -0500, Gene Smith wrote: Presently my users behind my bering-leaf f/w send mail using mozilla via my ISP's smtp server. However, this server is sometime down for short periods and connection cannot be made. In that case, the user either retries the send later or saves the message as a draft and tries to send it later. (Mozilla does not seem to have a "guaranteed" delivery feature.) Is a feasible solution to this to install qmail.lrp on my bering-leaf and let it take the place of the ISP's smtp server from the user's point of view? As I see it, qmail would just relay the messages on to the ISP's smtp server, but if connection to it can not be made, it would queue the messages for later retry. Most of the discussion on the leaf mail list seems to be about receiving email with qmail and making user accounts. At this time I am only concerned with the sending process and my user's email address would remain [EMAIL PROTECTED] via the ISP's pop server. Is qmail.lrp a good solution to the problem or is there a better way to fix it? If so, is there a easy way to configure qmail to do just this. In any case, I need to peruse the qmail docs in great detail tomorrow. In principle, any full-strength MTA can be configured to do what you want. I don't use qmail myself, but with the MTA I do use, exim on Debian, the setup is trivially easy ... you just select the "smarthost relay" option and identify the ISP's relay as your smarthost. Since you are (I assume) already NAT'ing your LAN behind the LEAF firewall, mail going to this relay should look like it belongs to the mail that the relay will accept. The details of choosing this option in qmail aren't really firewall/routing issues, so if it is not obvious, you might get better help from a qmail mailing list on that part. The actual firewall/router aspects of this setup are pretty straightforward -- it needs to ACCEPT connections from the LAN to its own tcp port 25, and it needs to ACCEPT connections from itself to the ISP's relay at tcp port 25. Aside from the smarthost relay part, qmail itself should require no special configuration. Since the mail has a From: header that should (perhaps in conjunction with MX entries in your DNS) direct replies to the ISP's mail server, you don't really care what qmail thinks it is doing in the way of receiving mail, and you can safeguard the firewall/router but DENYing connections to its tcp port 25 from the external interface. Your other option -- this is what I do here -- is to run an MTA on a separate internal host. This increases your choices of MTA, if you use a full-size Linux distro, and it might help if the router doesn't have a lot of filesystem space (RAMdisk, hard drive ... you don't say what it has) on which to queue unsent messages. It is probably not worth setting up a separate LAN server just for this, but if you have any Linux servers on the LAN already (perhaps a Samba-based file and print server), adding outgoing SMTP to one of them might be easier than adding it to the router ... and it should require no special reconfiguration of the router, since normal firewall/NAT settings will permit outgoing connections to tcp port 25. Thanks for the info. Yes, I am NAT'ing behind the f/w. I was sort of able to get qmail working but it uses a lot more of my ramdisk (only have 32Meg Ram) than I hoped. Also, it seems to fill up my log file partition which evenutally gets full and renders the LEAF box unusable (must reboot with constant diskfull message on console). Not sure what to get rid of in qmail pkg since I only need minimal qmail functionality (just want to send to smarthost which works). The documentation implied that daemontools was optional but it does not seem to be since qmail does not startup w/o it in package list. I was able to do the sendmail smarthost by adding a file /var/qmail/control/smtproutes with my isp's email server as follows: :smtp.chartertn.net which does not seem to be supported on the lrcfg qmail menu. However, every few minutes I see in /var/log/qmail/qmail that a internal message from [EMAIL PROTECTED] is send to [EMAIL PROTECTED] . It is a local message that is being sent to the isp smarthost and is accepted. (Never changed the default domain names since I don't really have one.) However, it appears that mydomain.com resolves to a real ip address and it appears that qmail is attempted to connect to its port 25 but for some reason shorewall is rejecting the connection attempt even though I allow connections from the f/w to remote port 25. (There is a lot I don't understand about this!) Modified /etc/init.d/qmail to not start the pop3d which I definitely don't need. That gets rid of a lot of processes. However, still seem to need qmail and smtp
Re: [leaf-user] Send-only qmail
Ray Olszewski wrote: At 01:52 AM 1/3/2004 -0500, Gene Smith wrote: [old stuff deleted] Thanks for the info. Yes, I am NAT'ing behind the f/w. I was sort of able to get qmail working but it uses a lot more of my ramdisk (only have 32Meg Ram) than I hoped. Numbers would make this easier to comment on. Since mail gets queued at least briefly before sending, qmail will certainly use some RAMdisk ... possibly a lot if you handle a lot of outgoing mail or if connectivity to the ISP's smarthost is at all erratic. Also, it seems to fill up my log file partition which evenutally gets full and renders the LEAF box unusable (must reboot with constant diskfull message on console). qmail fIlls the logs with what sorts of messages? Qmail logs are under /var/log. Here is an example of the content of the type of message I see going into /var/log/qmail/qmail/current log file: @40003ff629330ed0dab4 new msg 16632 @40003ff629330ed14044 info msg 16632: bytes 450 from <[EMAIL PROTECTED]> qp 14447 uid 0 @40003ff629330ed1c8fc starting delivery 10: msg 16632 to remote [EMAIL PROTECTED]@40003ff629330ed23a44 status: local 0/10 remote 1/20 @40003ff6293426e7d0e4 delivery 10: success: 209.225.8.77_accepted_message./Remote_host_said:_250_2.0.0_i037VFAe032279_Message_accepted_for_delivery/ @40003ff6293426f12b6c status: local 0/10 remote 0/20 @40003ff6293426fc9d1c end msg 16632 These occur every few minutes but since I don't see a timestamp I am not sure of the exact rate. If I send a real message w/mozilla (eg, to you) I see it is logged to this file, also accepted by 209.255.8.77 (my isp). [...] However, every few minutes I see in /var/log/qmail/qmail that a internal message from [EMAIL PROTECTED] is send to [EMAIL PROTECTED] . It is a local message that is being sent to the isp smarthost and is accepted. (Never changed the default domain names since I don't really have one.) However, it appears that mydomain.com resolves to a real ip address and it appears that qmail is attempted to connect to its port 25 but for some reason shorewall is rejecting the connection attempt even though I allow connections from the f/w to remote port 25. (There is a lot I don't understand about this!) Way too many uses of "it appears that" in this report. Provide examples of whatever you are seeing that causes you to make these judgments. Here is the current df: Filesystem 1k-blocks Used Available Use% Mounted on /dev/root 6144 5196 948 85% / tmpfs1525616 15240 0% /tmp tmpfs 2048 1056 992 52% /var/log Eventually (maybe after 12-14 hours) /var/log went to 100% and at least one user unable to access web or their email via pop3 until I rebooted LEAF box. Here is the reject messages I see often in /var/log/syslog: Jan 2 23:23:07 firewall kernel: Shorewall:all2all:REJECT:IN= OUT=eth1 SRC=66.168.89.166 DST=209.225.8.77 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=12320 PROTO=TCP SPT=2953 DPT=25 WINDOW=5840 RES=0x00 CWR ECE SYN URGP=0 Jan 2 21:30:01 firewall kernel: Shorewall:all2all:REJECT:IN= OUT=eth1 SRC=66.168.89.166 DST=216.34.94.184 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=30768 PROTO=TCP SPT=1590 DPT=25 WINDOW=5840 RES=0x00 CWR ECE SYN URGP=0 SRC=66.168.89.l66 is my LEAF box internet interface. The DST=209.255.8.77 is my ISP's smtp server (smarthost) and DST=216.34.94.184 is mydomain.com in the 2nd example. Destination port is 25 in both cases. Here is my shorewall rule that I think allows a connection to any port 25 on the internet from the f/w: ACCEPT fwnet tcp smtp With this rule, why would connection attempt to my ISP be rejected by f/w? Yet I am sure a connection does occur since I can use qmail as my smtp server in mozilla to send mail (at least until the /var/log goes to 100%). Yes, "mydomain.com" is a registered domain; here it resolves to 216.34.94.184 . It's also used a lot as a dummy, "example" name, something I hoped the registrant realized before choosing it. But neither mydomain.com nor mail.mydomain.com responds on port 25. If these messages -- you might look at one and tell us what is in them -- are not going through, they could be what is filling up your RAMdisk. It sounds like some process -- a cron job, say -- using mail as STDOUT or STDERR and, if so, the thing to fix is the cron job, not qmail itself. I tried disconnecting the internet interface cable so any email would be queued, but was unable to determine where the messages are queued in the filesystem. I have not explictly added any crons to the default LEAF but I will check again tomorrow. Modified /etc/init.d/qmail to not start the pop3d which I definitely don't need. That gets rid of a lot of processes. However, still seem to need qmail and smtpd started it appears. Yeah, you need this becaus
Re: [leaf-user] Send-only qmail
Ray Olszewski wrote:
At 03:24 AM 1/3/2004 -0500, Gene Smith wrote:
[...]
Here is the reject messages I see often in /var/log/syslog:
Jan 2 23:23:07 firewall kernel: Shorewall:all2all:REJECT:IN= OUT=eth1
SRC=66.168.89.166 DST=209.225.8.77 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=12320 PROTO=TCP SPT=2953 DPT=25 WINDOW=5840 RES=0x00 CWR ECE SYN
URGP=0
Jan 2 21:30:01 firewall kernel: Shorewall:all2all:REJECT:IN= OUT=eth1
SRC=66.168.89.166 DST=216.34.94.184 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=30768 PROTO=TCP SPT=1590 DPT=25 WINDOW=5840 RES=0x00 CWR ECE SYN
URGP=0
SRC=66.168.89.l66 is my LEAF box internet interface. The
DST=209.255.8.77 is my ISP's smtp server (smarthost) and
DST=216.34.94.184 is mydomain.com in the 2nd example. Destination port
is 25 in both cases.
Here is my shorewall rule that I think allows a connection to any port
25 on the internet from the f/w:
ACCEPT fwnet tcp smtp
With this rule, why would connection attempt to my ISP be rejected by
f/w? Yet I am sure a connection does occur since I can use qmail as my
smtp server in mozilla to send mail (at least until the /var/log goes
to 100%).
Well, the place to start is: why does the firewall want to route them
out eth1? Are you using a non-standard external interface (LEAF systems
usually use eth0 for "net") or is there some problem with the LEAF
router's routing table?
If the first ... did you make the needed changes in Shorewall so it
knows that "net" refers to eth1?
I set up LEAF/Bering over a year ago and kept the interface names the
same as a previous old LRP system that someone else did for me many
years ago. It does have the default eth0/1 swapped but "net" is set to
eth1 and "loc" to eth0 in /etc/shorewall/interfaces.
Anyhow, I am now sure that the f/w REJECT is a red herring and due to
operator error (me). It occurred because I did not have the smtp
outgoing rule shown above entered into shorewall and the repetitive
attempt by something to send emails to mydomain.com was triggering it.
The REJECTs all occurred before shorewall was restarted with this
additional rule added to the file.
Depending on what eth1 is, we need to see either your in-place rulesets
("shorewall status") or your routing table ("netstat -nr") to figure out
what is up.
Because the rest of your questions (deleted here) were specific to
qmailm not routing/firewalling questions as such, I'll leave them for
someone who uses qmail to answer.
With the outgoing smtp rule removed from shorewall, I should be able to
find where qmail queues the messages and see what is being sent to
mydomain.com.
Thanks you again for the help Ray. And thank you Shed. for info on fs
memory allocation.
-gene
---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Send-only qmail
Gene Smith wrote: With the outgoing smtp rule removed from shorewall, I should be able to find where qmail queues the messages and see what is being sent to mydomain.com. The email being automatically sent to [EMAIL PROTECTED] contain just one line in the body: multicron-p Multicron-p runs every 15 minutes to check space and ping hosts and calls "mail" if problem detected and if $lrp_MAIL_ADMIN" defined, which it isn't. So still not sure where the "multicron-p" I see in the queued emails comes from. Then again, I don't see that /etc/multicron-p ever sends a email containing the word "multicron-p" as I seem to observe in the qmail queue. Does "mail" somehow use qmail to send mail triggered by cron? -gene --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Send-only qmail
Gene Smith wrote: Gene Smith wrote: With the outgoing smtp rule removed from shorewall, I should be able to find where qmail queues the messages and see what is being sent to mydomain.com. The email being automatically sent to [EMAIL PROTECTED] contain just one line in the body: multicron-p Multicron-p runs every 15 minutes to check space and ping hosts and calls "mail" if problem detected and if $lrp_MAIL_ADMIN" defined, which it isn't. So still not sure where the "multicron-p" I see in the queued emails comes from. Then again, I don't see that /etc/multicron-p ever sends a email containing the word "multicron-p" as I seem to observe in the qmail queue. Does "mail" somehow use qmail to send mail triggered by cron? -gene It appears this is a bug, per the following leaf-user message from over a year ago. Just need to remove a line from /etc/multicron-p. Am using Bering 1.0 Stable. However, I never set lrp_MAIL_ADMIN (in /etc/lrp.conf) so still not sure of the mechanism that is trying to send this mail. -gene Subject:[leaf-user] Mail Bug in multicron-p From:"Eric Wolzak" <[EMAIL PROTECTED]> Date:Mon, 6 Jan 2003 20:59:46 +0100 To:[EMAIL PROTECTED] Hello List. I just discovered a bug in the /etc/multicron-p script in Bering Stable 1 (probably also in Bering-uClibc ? ) This bug is not critical, just annoying. In the /var/log/syslog file you could find : Jan 5 22:00:01 firewall /USR/SBIN/CRON[26546]: (root) MAIL (mailed 12 bytes of output but got status 0x0001 ) every 15 minutes. The mail is sent to root@ and has as content multicron-p The reason is the rest of a debugging session that was forgotten to remove (shame on me ;) ) Remove the line: # echo $prog in routine main() around linenr 33. Allthough from the logic nothing should have happened the output was piped through mailadmin function. If you have set your mail-admin you could have received mails with "multicron-p" as content. No Subject. Sorry for the discomfort Regards Eric Wolzak member of the bering crew --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Send-only qmail
Shed. wrote: Gene Smith wrote: Here is the current df: Filesystem 1k-blocks Used Available Use% Mounted on /dev/root 6144 5196 948 85% / tmpfs1525616 15240 0% /tmp tmpfs 2048 1056 992 52% /var/log Eventually (maybe after 12-14 hours) /var/log went to 100% and at least one user unable to access web or their email via pop3 until I rebooted LEAF box. You can increase the memory allocated / with syst_size and /var/log with log_size by editing syslinux.cfg. default linux initrd=initrd.lrp syst_size=8M log_size=16M init=/linuxrc rw root=/dev/ram0 Hope this helps! Shed. Sorry to beat a dead horse, but according to the documentation: "log_size= Defines the size of the /var/log directory. Default= 2M syst_size= Defines the size of the TMPFS filesystem. Default= 6M. tmp_size= Defines the size of the /tmp directory. Default= remaining available memory" Which basically agrees with what I see with df. However, what do they mean by "remaining avalable memory" for the size of /tmp? I have a total of 32M ram in my LEAF box. The sum of the 3 ramdisk filesystems is approximately 24M. Does this mean the system allocates 8M for true RAM and allows me to partition the remaining 24M between the three fs's? That would make sense but I see no documentation specifying that 8M is the default for true RAM or if it can be adjusted too, but I have been known to miss things. :-) Anyhow, it appear that if I increase the size of /var/log and/or / I will automatically reduce the size of /tmp. /tmp usually seems to be empty except when I backup a package. Therefore it could be made quite a bit smaller as long as my largest possible package (I think it is ssh) fits into it during backup. Is that right? Thanks, -gene --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Send-only qmail
Shed. wrote: From a post early year: -Original Message- From: Alex Rhomberg [mailto:[EMAIL PROTECTED] Sent: Thursday, February 13, 2003 10:20 AM To: Todd Pearsall; [EMAIL PROTECTED] Subject: AW: [leaf-user] Bering Ramdisk sizes > How do I allocate more space to the /dev/root ram disk? The syst_size Parameter to the kernel, as described in the docs add it to the kernel start line in syslinux.cfg linux ... PKGPATH=/dev/hdc1 syst_size=20M ... etc. Yes, but that is not really my question. Let me rephrase: Here is my typical df output again. Filesystem 1k-blocks Used Available Use% Mounted on /dev/root 6144 5196 948 85% / tmpfs1525616 15240 0% /tmp tmpfs 2048 1056 992 52% /var/log The 1K-blocks add to approximately 24M. I have 32M of physical ram on my system. Where is the remaining 8M? Also, the documentation states: "syst_size= Defines the size of the TMPFS filesystem. Default= 6M" I am using the default. The 1k-blocks labeled "tmpfs" add to approximately 17M, while the /dev/root file system is about 6M. Should the documentation read: "syst_size= Defines the size of the /dev/root filesystem. Default= 6M" -gene - Alex Shed. Gene Smith wrote: Shed. wrote: Gene Smith wrote: Here is the current df: Filesystem 1k-blocks Used Available Use% Mounted on /dev/root 6144 5196 948 85% / tmpfs1525616 15240 0% /tmp tmpfs 2048 1056 992 52% /var/log Eventually (maybe after 12-14 hours) /var/log went to 100% and at least one user unable to access web or their email via pop3 until I rebooted LEAF box. You can increase the memory allocated / with syst_size and /var/log with log_size by editing syslinux.cfg. default linux initrd=initrd.lrp syst_size=8M log_size=16M init=/linuxrc rw root=/dev/ram0 Hope this helps! Shed. Sorry to beat a dead horse, but according to the documentation: "log_size= Defines the size of the /var/log directory. Default= 2M syst_size= Defines the size of the TMPFS filesystem. Default= 6M. tmp_size= Defines the size of the /tmp directory. Default= remaining available memory" Which basically agrees with what I see with df. However, what do they mean by "remaining avalable memory" for the size of /tmp? I have a total of 32M ram in my LEAF box. The sum of the 3 ramdisk filesystems is approximately 24M. Does this mean the system allocates 8M for true RAM and allows me to partition the remaining 24M between the three fs's? That would make sense but I see no documentation specifying that 8M is the default for true RAM or if it can be adjusted too, but I have been known to miss things. :-) Anyhow, it appear that if I increase the size of /var/log and/or / I will automatically reduce the size of /tmp. /tmp usually seems to be empty except when I backup a package. Therefore it could be made quite a bit smaller as long as my largest possible package (I think it is ssh) fits into it during backup. Is that right? Thanks, -gene --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Send-only qmail
Shed. wrote: Gene Smith wrote: Yes, but that is not really my question. Let me rephrase: Here is my typical df output again. Filesystem 1k-blocks Used Available Use% Mounted on /dev/root 6144 5196 948 85% / tmpfs1525616 15240 0% /tmp tmpfs 2048 1056 992 52% /var/log The 1K-blocks add to approximately 24M. I have 32M of physical ram on my system. Where is the remaining 8M? Also, the documentation states: "syst_size= Defines the size of the TMPFS filesystem. Default= 6M" I am using the default. The 1k-blocks labeled "tmpfs" add to approximately 17M, while the /dev/root file system is about 6M. Should the documentation read: "syst_size= Defines the size of the /dev/root filesystem. Default= 6M" -gene Gene, I am not 100% sure that the docs is clear on this setting (syst_size). I have a similar setup to your, 32M of physical ram. Too utilize my ram made these changes 2 1/2 years ago. sys initrd=initrd.lrp syst_size=8M log_size=16M init=/linuxrc # df -k Filesystem 1k-blocks Used Available Use% Mounted on /dev/root 8192 5240 2952 64% / tmpfs1530012 15288 0% /tmp tmpfs16384 1496 14888 9% /var/log # uptime 10:29pm up 22 days, 15:19, load average: 0.00, 0.00, 0.00 A little overkill on /var/log but it helps when debugging. Hope this answers your question. Shed. Shed. thanks for sharing your configuration. Interesting that your blocks add to about 40M on a 32M system. I guess the tmpfs is also somehow related to virtual memory (VM) as described here: http://www-106.ibm.com/developerworks/library/l-fs3.html Anyhow, I also increased my / and /var/log similar to yours. Qmail working fine now too. -gene --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] ipv6 with bering-leaf and dnscache
As indicated by the ipv6 thread visible here, http://thread.gmane.org/gmane.linux.redhat.fedora.testers/4537 default fedora core 2 is using ipv6 records to do dns queries. The main person in this thread, Randy Schrickel, was using a d-link router and had to upgrade it for it work right with the records (or else he had to disable ipv6 in in his kernel). See this message: http://article.gmane.org/gmane.linux.redhat.fedora.testers/6048 Is ipv6 supported in Bering/Leaf and the dnscache package which I am currently using? (I also get much faster results when I disable ipv6 in fc2 when using dnscache as my dns server.) Tks, -gene --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] wrt54g (wireless router) between leaf box and lan
I have placed a wireless linksys wrt54g router between my bering leaf box and my local network. The ethernet network between leaf and wrt54g I have assigned to network 192.168.10.x and the local network is 192.169.1.x, From the local network (some hosts directly wired to wrt54g eth switch and others wireless) I can ping the wrt54g and the leaf box. I can also see the embedded web server on the leaf boxfrom the lan/wlan. However, I cannot ping or connect to any address on the internet from my local network. I can also ping the leaf box from the wrt54g but cannot ping a real internet host. NAT is turned on on the leaf box and is on by default on the wrt54g (there may be a undocumented way to turn it off). Or this may not be an issue. My question is should this theoretically work and, if so, what might I be doing wrong? Tks, -gene P/S: My leaf box has been working fine for years and would like to keep using it. I would just as soon the linksys box could just act as a dumb "wireless hub" and continue using the leaf box as is. However, the wrt54g does work ok as the main router (without the leaf box) but requires custom firmware to add things like sshd, shorewall etc. --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] wrt54g (wireless router) between leaf box and lan (solved)
Gene Smith wrote, On 12/05/2004 04:40 PM: I have placed a wireless linksys wrt54g router between my bering leaf box and my local network. The ethernet network between leaf and wrt54g I have assigned to network 192.168.10.x and the local network is 192.169.1.x, From the local network (some hosts directly wired to wrt54g eth switch and others wireless) I can ping the wrt54g and the leaf box. I can also see the embedded web server on the leaf boxfrom the lan/wlan. However, I cannot ping or connect to any address on the internet from my local network. I can also ping the leaf box from the wrt54g but cannot ping a real internet host. NAT is turned on on the leaf box and is on by default on the wrt54g (there may be a undocumented way to turn it off). Or this may not be an issue. My question is should this theoretically work and, if so, what might I be doing wrong? Tks, -gene P/S: My leaf box has been working fine for years and would like to keep using it. I would just as soon the linksys box could just act as a dumb "wireless hub" and continue using the leaf box as is. However, the wrt54g does work ok as the main router (without the leaf box) but requires custom firmware to add things like sshd, shorewall etc. Went back and looked at this list's archives closer and discovered a thread where it was talked about connecting a similar linksys box without using the "internet" connector. You can just connect the leaf output (local) ethernet to any of the 4 wired eth switch inputs on the wrt54g. I have always used static local addresses so I set the wrt54g (internet and local to be safe) to the static address 192.168.1.1 and I set my local hosts (wired and wireless) to their static address and set the wrt54g to "router" as opposed to "gateway" mode under advanced routing options. Also under advanced routing I disabled dynamic routing and set no static routes. I don't run a dhcp server in the leaf box but that would probably also work for assigning local address. Possibly the wrt54g address could be dynaically assigned too. All my local host point to leaf as their gateway and dns host. At sometime I hope to get around to upgrading the wrt54g to have functionality similar to leaf (openWRT, sveasoft etc.) but for now this does seem to work (possibly a bit slower since packets have to traverse an additional stack and leaf box is pretty weak). Any consideration of porting leaf to wrt54g or its bigger bro. wrt54gs which are (embedded) linux boxes too? --gene --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] wrt54g (wireless router) between leaf box and lan
Ray Olszewski wrote, On 12/05/2004 09:24 PM: Sorry to be dropping into this late; I missed the original posting. At 02:47 AM 12/6/2004 +0100, Arne Bernin wrote: On Sun, 2004-12-05 at 22:40, Gene Smith wrote: > I have placed a wireless linksys wrt54g router between my bering leaf > box and my local network. The ethernet network between leaf and wrt54g I > have assigned to network 192.168.10.x and the local network is > 192.169.1.x, Is this network info a typo? (169 for 168) If not ... it's not smart to use public addresses on private LANs. Yeah, typo. From the local network (some hosts directly wired to > wrt54g eth switch and others wireless) I can ping the wrt54g and the > leaf box. I can also see the embedded web server on the leaf boxfrom the > lan/wlan. However, I cannot ping or connect to any address on the > internet from my local network. I can also ping the leaf box from the > wrt54g but cannot ping a real internet host. > > NAT is turned on on the leaf box and is on by default on the wrt54g > (there may be a undocumented way to turn it off). Or this may not be an > issue. My question is should this theoretically work and, if so, what > might I be doing wrong? > Can you provide the routes set on one of your client machines ?? Could be just a routing problem... Well, I have changed setup now using info from one of your old posts. It now works! See my reply to myself in this thread. Probably is a routing problem, but more likely on the Linksys, not the client. What does the Linksys think its default gateway is? It should be the LEAF router's internal IP address. Could also be a routing problem on the client end, but that sounds less likely if (a) the client can read the LEAF router itself and (b) the Linksys is NAT'ing external connections ... both things you write above. > Tks, > -gene > > P/S: My leaf box has been working fine for years and would like to keep > using it. I assume from this that the LEAF host itself remains able to reach the Internet. It, for example, can ping Internet sites successfully ... and clients connected directly to it (not theough the Linksys) also can. If not, you may have a routing problem on the LEAF router itself. (I'm surmising that you recently changed its LAN network from 192.168.1.0/24 to 192.168.10.0/24, so I'm really asking if you verified that the LEAF router itself still routes properly after you made that change.) Yes I had changed the address as you describe but never tried running ping from the leaf box. (I had forgotten that it had it!) I had changed them on the ram disk and restarted service (networking, shorewall, reloaded eth drivers, etc) but could not get outside from any host. Currently I can ping yahoo.com from any host except the linksys since its current route table shows default route going out throught the "WAN/Internet" port which is not attached, Not sure how to fix this, but not a big deal. I would just as soon the linksys box could just act as a dumb > "wireless hub" and continue using the leaf box as is. However, the > wrt54g does work ok as the main router (without the leaf box) but > requires custom firmware to add things like sshd, shorewall etc. I haven't used a Linksys this way, but I have used an older D-Link Wireless-B router as only an AP (what I think you mean by "a dumb 'wireless hub'"), not a (NAT'ing) router. Yeah an "AP", not up on all the buzzwords :) To do this, I connected the D-Link to my LAN using one of its internal 802.3 ports, not its external port. And I assigned a static address by hand to my wireless client (I'm not sure how well DHCP works in this bridging setting). Worked fine in tests; didn't maintain it that way after the test due to the lousy security on 802.11b, so I can't tell you about long-term performance. Yes, this is more or less what you and others (Camille) talked about way back in an old post but she never reported that it work quite right. It works fine for me (see detailed reply with subject "solved'). Also, have not tried dynamic since I have always historically used static internal addresses. I think she was using interal DNS. I may try it at some point. --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] dhcp (pump) fails or acquire address after network (cable) outage
I am running a bering-leaf system with 2.4.18 kernel that I setup about two years ago (not sure of exact version). It has been working fine except for one problem. When the cable goes down and eventually comes back up the bering-leaf system never recovers (clients can't access internet). I tried restarting services (shorewall, networking, ifup/down) to no avail. Usually I just reboot. However I discovered that if I kill and re-run pump (/sbin/pump -i eth1) it then recovers and acquires its IP address. Could I have something configured wrong that prevents a automatic recovery? Thanks, -gene --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] dhcp (pump) fails or acquire address after network (cable) outage
Tom Eastep wrote, On 02/12/2005 06:04 PM: Gene Smith wrote: I am running a bering-leaf system with 2.4.18 kernel that I setup about two years ago (not sure of exact version). It has been working fine except for one problem. When the cable goes down and eventually comes back up the bering-leaf system never recovers (clients can't access internet). I tried restarting services (shorewall, networking, ifup/down) to no avail. Usually I just reboot. However I discovered that if I kill and re-run pump (/sbin/pump -i eth1) it then recovers and acquires its IP address. Could I have something configured wrong that prevents a automatic recovery? Have you set the 'dhcp' option on your external interface in /etc/shorewall/interfaces? -Tom I think so: #ZONEINTERFACE BROADCAST OPTIONS net eth1detect dhcp,routefilter,norfc1918 loc eth0detect routestopped #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] dhcp (pump) fails or acquire address after network (cable) outage
Jon Clausen wrote, On 02/13/2005 03:27 AM: On Sat, 12 Feb, 2005 at 18:00:05 -0500, Gene Smith wrote: I am running a bering-leaf system with 2.4.18 kernel that I setup about two years ago (not sure of exact version). It has been working fine except for one problem. When the cable goes down and eventually comes back up the bering-leaf system never recovers (clients can't access internet). I tried restarting services (shorewall, networking, ifup/down) to no avail. Usually I just reboot. However I discovered that if I kill and re-run pump (/sbin/pump -i eth1) it then recovers and acquires its IP address. Could I have something configured wrong that prevents a automatic recovery? I have been having similar (if not identical) problems lately: Link goes down, lease expires, link comes up again, pump fails to renew. AFAICT there's a bug which makes pump exit, when no dhcp-server can be reached after N retries. I'm not absolutely sure this is what actually happens, but some googling turned up links to that effect. (Sorry I can't reproduce the search ATM) Working on the *assumption* that pump indeed dies, I threw this together: # cat /sbin/repump #!/bin/sh if [ -z "`/sbin/pidof pump`" ] ;then /usr/bin/logger "Repump: pump looks dead, attempting resurrection;" /sbin/pump #else #/usr/bin/logger "Repump: pump lives, pid `pidof pump`" fi and added: # keeping pump alive: */10 * * * * root/sbin/repump to /etc/crontab. Basically a crude workaround. (Un)fortunately the ISP seems to have gotten their act together, at about the same time as I did the above. Hence I don't know whether or not it works as desired... :P HTH /Jon When I couldn't acquire a ip address the other day pump was still running. However, it was a bit of a unnatural situation. I had moved the ethernet cable to the cable modem from the leaf box over to a PC to test out another problem I was having so I could be connected directly to the internet w/o a physical firewall. When I was done and put the ethernet from the modem back to the still running leaf box the leaf box had lost its ip address (none was listed on the network setting on the web page). When, after restarting other inet related services, I killed pump and restarted it and then I could see a ip address on the web page and only then clients could connect to the internet through leaf. Typically when the isp goes down I am not on site and receive a call. Since I am unable to check what exactly is happening on the leaf box I suggest a reboot. So I am kind of assuming that my cable swapping described above simulates the isp being down, but not sure. -gene --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] DNS problems?
Craig Caughlin wrote, On 02/13/2005 05:22 PM: Hi folks, I'm not sure if this is related to my other hiccups, but I don't think so. My problem is that I don't seem to be able to resolve DNS names. I can connect to web sites if I know their IP address, but I can't ping anyone via FQDN either from my LAN or from the firewall. Suggestions? Thank you, Craig Are you running a dns server (e.g., dnscache) on the firewall or are you requesting dns directly from outside? -gene --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] dhcp (pump) fails or acquire address after network (cable) outage
Jon Clausen wrote, On 02/13/2005 03:27 AM: On Sat, 12 Feb, 2005 at 18:00:05 -0500, Gene Smith wrote: I am running a bering-leaf system with 2.4.18 kernel that I setup about two years ago (not sure of exact version). It has been working fine except for one problem. When the cable goes down and eventually comes back up the bering-leaf system never recovers (clients can't access internet). I tried restarting services (shorewall, networking, ifup/down) to no avail. Usually I just reboot. However I discovered that if I kill and re-run pump (/sbin/pump -i eth1) it then recovers and acquires its IP address. Could I have something configured wrong that prevents a automatic recovery? I have been having similar (if not identical) problems lately: Link goes down, lease expires, link comes up again, pump fails to renew. AFAICT there's a bug which makes pump exit, when no dhcp-server can be reached after N retries. I'm not absolutely sure this is what actually happens, but some googling turned up links to that effect. (Sorry I can't reproduce the search ATM) Working on the *assumption* that pump indeed dies, I threw this together: # cat /sbin/repump #!/bin/sh if [ -z "`/sbin/pidof pump`" ] ;then /usr/bin/logger "Repump: pump looks dead, attempting resurrection;" /sbin/pump #else #/usr/bin/logger "Repump: pump lives, pid `pidof pump`" fi and added: # keeping pump alive: */10 * * * * root/sbin/repump to /etc/crontab. Basically a crude workaround. (Un)fortunately the ISP seems to have gotten their act together, at about the same time as I did the above. Hence I don't know whether or not it works as desired... :P HTH /Jon On my system I have verified that pump *does not* die. It just seem to quit doing its thing. I have to kill it and restart it to get my ip addr back. Also, I see no indication in /var/log/syslog that there was a problem other than the lack of the typical slew of messages pump generates when it does a periodic renew. Not even sure ISP was down since syslog indicated that shorewall was rejecting stuff during the time my lease was expired and pump did not run (if that is possible?). Question: How is pump normally started on boot? I am unable to figure out how it starts up after looking through the various files. I see indications that it is somehow tied in with ifup or possibly shorewall startup. -gene --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
