Re: [Leaf-user] How to adjust the fw rules to access my ADSL modem
On Sat, 21 Apr 2001, Eyal Lebedinsky wrote: > The alcatel "speed touch" has a web server on 10.0.0.138. I can do: > ifconfig eth0 10.0.0.1 netmask 255.255.255.0 > and then ping it (from the leaf machine). However I cannot do it > from any other machine on my internal netwrok. > > I assume the firewall rules stop the access (the 10.* range is not > forwarded). > > I want to allow explicit access to 10.0.0.138 (and nothing else) and > still deny any incoming connections. > > Anyone done that? I haven't done that myself, no. However, it should be just a matter of adding an ACCEPT rule from 10.0.0.138/32 at the beginning of the IPChains filter list. That should take care of the issue, yet still leave the default Martian rules in place. As for syntax, that I'm not too sure on since I'm weak on IPChains. -- George Metz Commercial Routing Engineer [EMAIL PROTECTED] "We know what deterrence was with 'mutually assured destruction' during the Cold War. But what is deterrence in information warfare?" -- Brigadier General Douglas Richardson, USAF, Commander - Space Warfare Center ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] wanted: lrp with 2.43 and patched iptables
On Fri, 4 May 2001, Mike Noyes wrote: > George compiled a 2.4.3 kernel with the patch. You can get it at the url > below. Note: this is still in testing, and is NOT to be considered > production ready. Correct. I'm working on getting a 2.4.4 kernel up and running, but I'm getting issues with autoconf.h for some reason. It's starting to annoy me, since I've had the issues before, and I was never quite sure what solved it. > http://leaf.sourceforge.net/devel/wolfstar/ Please note that the kernel tarball is up to date, but the disk images are not. That is, the disk images do not have the patched kernel on them, and you should download the kernel tarball and replace the file "linux" on the floppy with "kernel.upx" from the kernel tarball. > >I just configured a pix firewall worth 5000$ and it seems to me that > >such a disk could do the same. > > We're working on it. :) Aye, we are. Would be nice if we had a free floppy-bootable device that worked on hardware totalling about $50 that could do the same job as a Cisco Pix firewall costing a hundred times as much. =) -- George Metz Commercial Routing Engineer [EMAIL PROTECTED] "We know what deterrence was with 'mutually assured destruction' during the Cold War. But what is deterrence in information warfare?" -- Brigadier General Douglas Richardson, USAF, Commander - Space Warfare Center ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Martians: please, help track this one down ???
On Tue, 30 Oct 2001, Michael D. Schleif wrote: > > now for the header > > > > > ll header: ff ff ff ff ff ff 00 30 c1 d8 b6 80 08 06 > > Found it! > > Eradicated it! > > Thank you, all for quick response . . . Out of curiosity, what's the manufacturer on that NIC card? I did a search for the first three at standards.ieee.org and it came up blank, so I'd be interested in knowing if you've got the info available and easily to hand. -- George Metz Commercial Routing Engineer [EMAIL PROTECTED] "We know what deterrence was with 'mutually assured destruction' during the Cold War. But what is deterrence in information warfare?" -- Brigadier General Douglas Richardson, USAF, Commander - Space Warfare Center ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Martians: please, help track this one down ???
On Tue, 30 Oct 2001, Michael D. Schleif wrote: > Yes -- it turns out that mac's beginning with: > > 00 30 c1 d8 > > at least in this case (3 specimens), are HP switches. Cool, thanks. -- George Metz Commercial Routing Engineer [EMAIL PROTECTED] "We know what deterrence was with 'mutually assured destruction' during the Cold War. But what is deterrence in information warfare?" -- Brigadier General Douglas Richardson, USAF, Commander - Space Warfare Center ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Martians: please, help track this one down ???
On Tue, 30 Oct 2001, Simon Bolduc wrote: > Doing a search on http://standards.ieee.org/regauth/oui/index.shtml for just > the first 3 hex parts of the MAC indicated that it belongs to HP - Ah! There's the issue. Yeah, put it in with spaces. Never mind, I'm stupid today. =) -- George Metz Commercial Routing Engineer [EMAIL PROTECTED] "We know what deterrence was with 'mutually assured destruction' during the Cold War. But what is deterrence in information warfare?" -- Brigadier General Douglas Richardson, USAF, Commander - Space Warfare Center ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Problem with 3c59x.o on Dachstein disk
On Wed, 6 Mar 2002, Boyd Kelly wrote: > A quick look at the modules for dachstein, oxygen and lrp 2.9.8 don't > have any 3c90x module available. I remember finding one somewhere, but > found that the 3c59x works. Why does 3com have such a confusing > numbering system for their products anyways? 905; 509; 59x?. > > Cheers and have a good one. > > BK Having just installed Potato 2.2R5 on my workstation, I can say that the 2.2.19 kernels SHOULD support the 905C NICs with the 3c59x.o module. ALL versions of 2.4.x after around -test7 have been changed so that the 3c59x will work with it. Personally, I think that the driver will work fine and the error is somewhere else. Prior to the fixes to the 3c59x.o driver, it would load with a 905C, was able to receive packets just fine, and was totally and completely unable to respond. Sounds to me like the module isn't the right one for the kernel you've got running, actually. -- George Metz Commercial Routing Engineer [EMAIL PROTECTED] "We know what deterrence was with 'mutually assured destruction' during the Cold War. But what is deterrence in information warfare?" -- Brigadier General Douglas Richardson, USAF, Commander - Space Warfare Center ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] openssh security hole
On Thu, 7 Mar 2002, Joey Officer wrote: > I don't know how much this affects LRP/Leaf distributions, but I thought > that I would at least make mention of it here. There is a root hole in > OpenSSH, you can read about it here > > http://www.pine.nl/advisories/pine-cert-20020301.txt > > I am not sure if the SSH implementations being used by the current LRP > distros are affected, but I figured it would atleast be worth a read. Also > check out slashdot.org for more discussion on this. > > http://slashdot.org/article.pl?sid=02/03/07/1617211&mode=thread&tid=128 Note that at present, this is a local root hole, with a possibility for it to be a remote root exploit - think they're still digging on that. -- George Metz Commercial Routing Engineer [EMAIL PROTECTED] "We know what deterrence was with 'mutually assured destruction' during the Cold War. But what is deterrence in information warfare?" -- Brigadier General Douglas Richardson, USAF, Commander - Space Warfare Center ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] OSPF on LEAF?
On Sat, 9 Mar 2002, Andy McLeod wrote: > Does anyone have any experience of using OSPF on leaf (e.g. with gated or > zebra) that they would care to share? I am trying to establish a multihomed > service at my colo facility and the provider is offering OSPF to manage my > connections to his two routers. He then manages outbound with BGP4. > > I am currently planning to use Bering/Shorewall but (a) don't know how this > would "fit" with OSPF and (b) would love to hear of similar experiences with > any LEAF release. Well, since it's been sitting for 3 days without a reply, I'll take a quick stab at it. Frankly, OSPF scares me on Ciscos, and they're at least sorta designed for it. =) I don't know too much about OSPF in general, but if you do, then from what I've been told the Zebra implementation is pretty easy for OSPF. I personally would rather use default route/weighted route methods rather than OSPF unless there's a pressing need to do so - such as the two routers mentioned happen to be in totally different locations topography-wise. Even then, it could be sticky. Not much help at all, I know, but at least a "we don't know" is better than no comment. -- George Metz Commercial Routing Engineer [EMAIL PROTECTED] "We know what deterrence was with 'mutually assured destruction' during the Cold War. But what is deterrence in information warfare?" -- Brigadier General Douglas Richardson, USAF, Commander - Space Warfare Center ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] routing more than 1 hop
Wow. I got a headache trying to follow all of those routes. Truly complicated stuff. Let's dig in! > Site 1: 10.10.1.0 > eth0 10.10.1.40/24 > eth1 192.168.1.254/24 > > Destination MaskGatewayDev > 0.0.0.0 0.0.0.0 10.10.1.254eth0 (to internet) > 10.10.1.0255.255.255.0 10.10.1.40 eth0 (wired interface) > 10.10.12.0 255.255.255.0 192.168.1.253 eth1 (wireless to site 2) > 10.10.13.0 255.255.255.0 192.168.1.253 eth1 (wireless to site 2) > 192.168.1.0 255.255.255.0 192.168.1.254 eth1 (wireless interface) > 192.168.2.0 255.255.255.0 192.168.1.253 eth1 (wireless to site 2) As a side note here, you can do some trimming down of routes pretty thoroughly. For example, the 10.10.12.x and 10.10.13.x can be condensed into 10.10.12.0 255.255.254.0 with a gateway of 192.168.1.253. Remember, the router only needs to know how to send to the next hop on the path; the next hop's job is to determine what to do with it. This is the same reasoning behind what Matt said regarding using a 0.0.0.0 gateway. With the subnet your worried about, there should be some hop in there between the site's individual router and that destination net that will examine the destination traffic and send it correctly. Sending stuff straight out the default gateway should work just fine as long as there's something between you and the Internet that can catch the traffic and redirect it (locally). In the one I pointed out, Site 2 is going to be doing all the work to determine where the IPs in those two /24s are going to be going. All Site 1 needs to know is how to get it to site two. If whatever has the 10.10.1.254 IP has routes for public IPs that are NOT destined for the general internet (and any devices it sends to also have those routes) shoving it out default gateway works. Now, you stated that the problem seems to be coming from trying to reach Site 3 from Site 1, yes? Site 1 sends traffic from - for example - 10.10.1.8 to a host on Site 3 at 10.10.13.20. Assuming 10.10.1.40 is Default Gateway for all hosts on 10.10.1.0/24 except for the 254 host. 10.10.1.8 -> 10.10.1.40 -> 192.168.1.253 -> 10.10.12.253 -> 192.168.2.253 -> 10.10.13.20. Response would be: 10.10.13.20 -> 10.10.13.254 -> 192.168.2.254 -> 10.10.12.254 -> 192.168.1.254 -> 10.10.1.8 Site 3 appears to be the problem, though without knowing for sure what the firewalling is doing there I can't say that the firewalling or the routing is actually the issue here. Check to make sure IP Forwarding is turned on as was suggested, and if it is, try adding a specific route for 10.10.1.0/24 pointing to 192.168.1.254 on Site 3. There's no real reason why it SHOULD work, but stranger things have happened before. The default routes your using in the later sites should do the job, and indeed do up until Site 3. It's possible that somewhere, somehow something got altered by accident routing wise, but it SHOULD show up in the routing tables (something like a 10.10.13.0 255.255.0.0 would REALLY confuse the routing...) in at least some form. This is an interesting problem (for me, at any rate, probably very frustrating to you) so I'll bang my head on it for a bit and see if I come up with anything interesting. -- George Metz Commercial Routing Engineer [EMAIL PROTECTED] "We know what deterrence was with 'mutually assured destruction' during the Cold War. But what is deterrence in information warfare?" -- Brigadier General Douglas Richardson, USAF, Commander - Space Warfare Center ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Looking for alternate 3c59x module for 3c905c
On Fri, 15 Mar 2002, Simon Bolduc wrote: > I've found that using older NICs is generally your best bet if using a > consumer DSL or Cable connection. You'll probably never saturate the 10 > Mb/s offered by them and you can avoid all the potential Driver related > pitfalls (different chipset revisions etc). At home I'm using 2 old 10 Mb > NICs that have ports for AUX, BNC, and Cat 5 - and they work wonderfully. > Unfortunately I've never seen a version of the 3c905 driver from 3com that > was compiled for LEAF/LRP... Bering most likely includes it, as I'm posting this from my Windows box to my server through a 905C. Whether the CX is enough functionally different that the 2.4 Series 3c59x won't work either is another matter. What I DO know is that prior to 2.4.1, none of the 3c905C cards were supported by the 3c59x, and I almost had a conniption fit when I realized that the new card I had with my brand new system didn't want to run under Linux. I thought that the 3c59x module was backported from 2.4.x to 2.2.19 and later, but I can't say for sure. -- George Metz Commercial Routing Engineer [EMAIL PROTECTED] "We know what deterrence was with 'mutually assured destruction' during the Cold War. But what is deterrence in information warfare?" -- Brigadier General Douglas Richardson, USAF, Commander - Space Warfare Center ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] LRP behind Cisco Router, FTP?, DMZ?
On Thu, 14 Mar 2002, Luis.F.Correia wrote: > I guess you can't do a double NAT. > > I've also tried that to no avail... > > You must try to get them to configure the Cisco 1720 > as Bridge with at least one public IP on your side. > > Then you can use LEAF to do the rest of the job. Won't happen, not in a million years. There's dozens of reasons why it won't, but for the most part it boils down to the fact that they own the Cisco, and if they change that over to a bridge-mode (not even sure if you CAN do that with a 1720; probably can, but it'd be messy) then they have absolutely no way to access the router remotely. This means that they'd have to rely on the end user (someone who freely admits he doesn't know everything) or a consultant (who REFUSES to admit that he really knows nothing) for spotty diagnostics. And for that matter, the end user or consultant would have to console into the 1720 to get the info needed, which is not precisely easy to do either. It IS possible to get them to cut a /30 out for use between the Cisco and the E2B box; whether they'll do it is another story. For the most part, they probably will but the IPs will incur another charge. Onward to the problem! > I have tried to configure the LRP box directly to WWW using the fixed > address provided to me. I was told it wouldn't work by my ISP (and it > doesn't) - not sure why?? Assumed FTP won't work because of NAT done by > the Cisco router. Any suggestions? I'm going to take a guess here, as I really can't say for sure. Login to the LEAF box, and exit to a command prompt. then run 'lsmod' and it should tell you which modules are loaded. Look and see if there's an entry in the list that says "ip_masq_ftp" or something to that effect. If there is, then I'm at a loss. FTP was always a particularly difficult service to implement on 2.2 series kernels behind NAT, and I never delved into it specifically. Also, you don't state whether or not you're trying to set up FTP so that other people can access FTP from your site, or whether or not you're having issues reaching FTP sites on the internet. The distinction is pretty important there. =) > I would like to add a DMZ and (possibly later VPN) off the LRP > box. Winstar said they will reconfigure the Cisco router if I ask them > (not sure what to ask them though). Not sure where to start. Any > suggestions on setup options? Most likely what you would be asking them to do is forward a port for FTP from the Cisco's external IP to the LRP's external IP. (You may in fact need to do this to solve the first problem as well.) You can then add a third Network card to the LEAF machine for the DMZ, and set that part up as you normally would. (Check the FAQs on the LEAF site.) > Sorry if my terminology/explanation is poor - my occupation has nothing to > do with computers and I learn by reading only. Believe me, after having worked support for high-speed internet for two years, the very fact that you know there's stuff you don't know puts you ahead of the curve. =) -- George Metz Commercial Routing Engineer [EMAIL PROTECTED] "We know what deterrence was with 'mutually assured destruction' during the Cold War. But what is deterrence in information warfare?" -- Brigadier General Douglas Richardson, USAF, Commander - Space Warfare Center ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [leaf-user] 3C905CX Network Card
Your problem is that the 3c905C series cards use the 3c59x.o module, not the 3c90x.o one. I've no idea why the architecture was changed that drastically with only a single letter to mark the difference, but it does, and I used a 905C as a main ethernet card for 3 years on the 3c59x module so you shouldn't have any problems with a 3c905CX on that one either. George James F wrote: Yes, ICMP is allowed. When we put 3c905b-tx cards in, we are able to pass traffic. It's only on that model that we are having trouble. --- Robert K Coffman Jr - Info From Data Corporation <[EMAIL PROTECTED]> wrote: Did you allow ICMP traffic to originate from your firewall? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James F Sent: Thursday, June 30, 2005 12:00 PM To: leaf-user@lists.sourceforge.net Subject: [leaf-user] 3C905CX Network Card Using these cards with the 3c90 module, the cards are being detected and come up with no errors. The problem is that no traffic is coming back across these cards. When I ping from the LEAF machine and sniff the traffic, I see arp request being sent by the leaf box and answered by the other machine. But no icmp packets are being sent. Any ideas Thanks Yahoo! Sports Rekindle the Rivalries. Sign up for Fantasy Football http://football.fantasysports.yahoo.com --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ Yahoo! Sports Rekindle the Rivalries. Sign up for Fantasy Football http://football.fantasysports.yahoo.com --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] multiple static ip address router/firewall
None of the over-the-counter router-in-a-boxes are going to be able to handle multiple static IPs, with the possible exception of a Linksys that's had it's firmware replaced with a Linux-based one from the hardware hacking groups. An entry level Cisco is hideously expensive; I found two on Pricewatch for $389 USD from a retailer with truly bad reviews. Last time I looked for one (which, admittedly, was a couple of years ago) the same model was going for $1500 USD refurbished. I adore Cisco equipment and the IOS, but it is way too pricey if you're not running a major site - and even then, it's questionable. You're going to be far better off with Bering uClibc and any kind of hardware than you are spending the money a Cisco will cost, especially since most of them you'll need to buy a second ethernet card for your external interface and actually get a license for IOS. George Andrew Nance wrote: Hi group, I have been using Bering uClibc for a couple of years now. It has been rock solid and great. My thanks go out to everyone. I currently use my leaf box with 5 static ip's without any major problems. But my question to you guys and gals is do you know of an over the counter firewall/router (like Linksys, D-Link, or Netgear) that can route multiple public static IP's for a single cable or dsl connection? If there are no "cheaper" solutions, what would an entry level cisco model be? How would these solutions compare price wise to a WRAP running uClibc? Thanks in advance, Andrew --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] multiple static ip address router/firewall
Honestly, I'm not up on the specs for the WRAP or Soekris boards, but I'd be fairly surprised if they wouldn't serve admirably. I'm currently using, of all things, a Microsoft wireless router that normally just serves as my AP point (we just moved, and I have to rebuild my LEAF box now that I have a connection the old ISA 3Com cards would throttle) and I've had a radio stream, 2 connections to World of Warcraft, and about 5 threads downloading large files without a real problem. Given that the thing is probably the most underpowered router-in-a-box I've seen, just about anything should work fine for you. Andrew Nance wrote: Thanks George, That's what I was afraid of. It looks like my options now are to build (or buy cheep dell ($300 w/ no OS)) computer to handle firewall/routing or go with the wrap or soekris. I plan on having multiple video streams going through this router/firewall nearly 24/7. (i.e. Lots of bandwidth, very few connections) Do you think I need the extra cpu of a regular computer or will the wrap be able to handle it? Thanks, Andrew -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of George Metz Sent: Wednesday, July 13, 2005 5:27 AM To: leaf-user@lists.sourceforge.net Subject: Re: [leaf-user] multiple static ip address router/firewall None of the over-the-counter router-in-a-boxes are going to be able to handle multiple static IPs, with the possible exception of a Linksys that's had it's firmware replaced with a Linux-based one from the hardware hacking groups. An entry level Cisco is hideously expensive; I found two on Pricewatch for $389 USD from a retailer with truly bad reviews. Last time I looked for one (which, admittedly, was a couple of years ago) the same model was going for $1500 USD refurbished. I adore Cisco equipment and the IOS, but it is way too pricey if you're not running a major site - and even then, it's questionable. You're going to be far better off with Bering uClibc and any kind of hardware than you are spending the money a Cisco will cost, especially since most of them you'll need to buy a second ethernet card for your external interface and actually get a license for IOS. George Andrew Nance wrote: Hi group, I have been using Bering uClibc for a couple of years now. It has been rock solid and great. My thanks go out to everyone. I currently use my leaf box with 5 static ip's without any major problems. But my question to you guys and gals is do you know of an over the counter firewall/router (like Linksys, D-Link, or Netgear) that can route multiple public static IP's for a single cable or dsl connection? If there are no "cheaper" solutions, what would an entry level cisco model be? How would these solutions compare price wise to a WRAP running uClibc? Thanks in advance, Andrew --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graph
[leaf-user] SF Site down?
Getting the following as a text line when I try and load either www.leaf-project.org or leaf.sourceforge.net: Unable to load database indicated by configuration file. No errors, just that one line. Incidentally, whatever's going on, it's been going on long enough that the 4th unique result from Google, which is www.leaf-project.org, is actually using that as it's cache file. So, does anyone have an idea of what's happening with it? George --- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] SF Site down?
Thanks Mike, that would explain it. George Mike Noyes wrote: On Sat, 2005-09-10 at 13:49, George Metz wrote: Getting the following as a text line when I try and load either www.leaf-project.org or leaf.sourceforge.net: Unable to load database indicated by configuration file. No errors, just that one line. Incidentally, whatever's going on, it's been going on long enough that the 4th unique result from Google, which is www.leaf-project.org, is actually using that as it's cache file. So, does anyone have an idea of what's happening with it? Everyone, The SF project database server is overloaded. Hardware is on order. SF Site Status: https://sourceforge.net/docman/display_doc.php?group_id=1&docid=2352 ( 2005-08-08 10:53:31 - Project Database Service ) MySQL database performance has been stabilized as of 2005-08-04. Additional hardware is expected to be deployed in 2-3 weeks time. We are continuing to monitor and tune performance in the mean time. Additional service improvements expected once additional hardware deployment is completed. ( 2005-06-17 06:24:57 - Project Database Service ) SourceForge.net staff are aware of ongoing increases in volume to the project MySQL service. Plans are under way to double hardware capacity of the project MySQL service; upgrades will be scheduled and announced here (including any downtime notices). Projects are encouraged to transition to use of the mysql-LETTER hostname (replacing LETTER with the first letter of the project UNIX name), as covered in the Project Web, Shell and Database Services documentation. --- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] CRC32.o and Tulip in Bering uClibC
Might I make a suggestion here? There should be some form of documentation, either in the installation doc or on the /etc/modules file, stating that tulip.o for Bering uClibC has dependencies within crc32.o. I spent a profitable couple of hours banging my head on that issue with 2.3 rc1, eventually rolling to 2.2.3 to see if that would fix it. It finally dawned on me that the 'unresolved symbol: crc32_le' message I was getting might actually be fixed by adding in crc32. Just a thought, and I'm not even sure if you guys were aware that this was a problem. I'd see if I could submit a corrected /etc/modules file that points this out, but I don't have a linux box up and running yet after my latest move, and cvs is a bit beyond my ability to comprehend at 3:45am. =) George --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] CRC32.o and Tulip in Bering uClibC
That's odd. I actually used that page, but it didn't supply the crc32.o without being manually told to use it. I doublechecked lsmod and tulip is the only thing relying on it. Looks like, checking the modules.dep, that the change occurred between 2.4.20 from release 2.0 and 2.4.26 from 2.2.0. Just a head's up! George [EMAIL PROTECTED] wrote: Hello George, Might I make a suggestion here? There should be some form of documentation, either in the installation doc or on the /etc/modules file, stating that tulip.o for Bering uClibC has dependencies within crc32.o. I spent a profitable couple of hours banging my head on that issue with 2.3 rc1, eventually rolling to 2.2.3 to see if that would fix it. It finally dawned on me that the 'unresolved symbol: crc32_le' message I was getting might actually be fixed by adding in crc32. Just a thought, and I'm not even sure if you guys were aware that this was a problem. I'd see if I could submit a corrected /etc/modules file that points this out, but I don't have a linux box up and running yet after my latest move, and cvs is a bit beyond my ability to comprehend at 3:45am. =) It's no problem to add that info to the /etc/modules file and we weren't aware of the (new?) dependency. But there are numerous other modules, not part of the standard modules.lrp package, that depend on other modules and we can't list them all. The best advice is to always look at the modules.dep file in the modules tarball. I'm not sure if the dependency file is mentioned in the documentation, but if it isn't I will add a note. You can also use the "Build modules online" link, mentioned on the LEAF homepage (links to: http://www.ucbering.de/cgi-bin/modules.cgi). By using that tool all dependencies are automatically fullfilled. Eric --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] CRC32.o and Tulip in Bering uClibC
Ah-HAH! That would explain it. I did that mostly because it looked like, when I was actually doing it the other way, that I'd have to add in all the conntrack modules and such, and I'm too lazy to do that. :) Thanks for a truly excellent CGI script that I dearly enjoy. :) George Arne Bernin wrote: On Wed, 2005-09-14 at 23:59 -0400, George Metz wrote: Hi George! That's odd. I actually used that page, but it didn't supply the crc32.o without being manually told to use it. I doublechecked lsmod and tulip is the only thing relying on it. I suppose you used your old modules file as base for the modules generator cgi. In this case , the dependencies are not checked. I will fix ASAP. --arne --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] 3Com driver
I can confirm 100% that the 3c59x.o module works with the 3c905C 3Com NIC. Said module and NIC are in use as I type this on eth0 on my Bering box. George [EMAIL PROTECTED] wrote: Eric, The modules tarball for the kernel 2.4.31 does not include 3c905c. It includes 3c501, 503, 505, 507, 509, 515 and 59x. I have however seen some sites that mentions that the 3c59x supports 3c905c. Can you kindly confirm that the 3c59x.o is the driver to support 3c905c adapter. Thanks. Sherif mail2web - Check your email from the web at http://mail2web.com/ . --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Fwd: Cable Modem speeds with Bering-uClibc
Andrew Haninger wrote: > I don't think I explained the "different IP" well enough. I get > assigned an from a completely different range IP and also a different > gateway: > > Slow LEAF box: > 71.72.x.x/22 dev eth0 proto kernel scope link src 71.72.x.x > default via 71.72.96.1 dev eth0 > > > Fast WinXP box: > > (From Network Connection Details) > IP Address: 75.185.x.x > Subnet Mask: 255.255.252.0 > Default Gateway: 75.185.24.1 > DHCP Server: 65.24.6.194 (How do I get this on LEAF?) > > So the actual network that I'm connecting to is, to me, vastly > different. It could be that my router is connecting to a very busy or > poorly-configured network link and my laptop is connecting to a > less-busy or correctly-configured network. This is, in fact, irrelevant, just to put your mind at ease. Most cable providers take a massive pool of IPs and toss them out there for a common pool of DHCP servers. I work for a cable provider in their tech support department, and I also live in their territory. If I were to take my PC from Connecticut, where I live, and move to central Jersey, odds are good that I'd get the exact same IP address, but my speeds would be drastically different (because NJ tends to be overcrowded, where CT is not). Regardless of which IP address you have, you're still going thru the same physical network structure, and the physical structure is where the delays are. This is almost certainly an issue of half vs. full duplex. The only reason a hub would cause a problem is if you were using a hub to connect the router and the cablemodem. If the cablemodem is directly connected to the LEAF box, you should have no collisions at all showing up, because the SB4200 is usually capable of 100BaseTX Full Duplex. Speaking of which, check your provider's top available speeds. More and more cable providers are realizing that going to rates higher than 10 Mbit/sec max gives them a significant advantage over DSL without causing much in the way of additional traffic. If you're with one of the providers doing 10-15 Mbit/sec, you'll probably want to get rid of the venerable old 3c509B and upgrade to something with a 100BaseTX ethernet port and PCI slots to run them from. When I moved to my employer's territory, I had to do the same thing because my 509Bs wouldn't give me the full 10Mbit, and they've since upgraded to 15Mbit. An upgrade to a more modern, autosensing card would also solve the issue of collisions and duplex mismatches. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Cable Modem speeds with Bering-uClibc
Andrew Haninger wrote: > I half understand duplex (don't bother explaining it - I'll look it up > for myself) but I don't understand how duplex could be negotiated > improperly? Any number of things could cause that. My concern is, sometimes Motorolas don't handle forced duplex settings well, and sometimes half-duplex will make things problematic to begin with. Example: I have an SB5120. I was testing my father's rather old Wireless B Linksys router because he was getting constant network drops on his DSL. I hooked it up, and it ran okay, but I saw some of the same drops. Upgraded the firmware to the latest and greatest, and suddenly there's a dropdown to configure it for 10 or 100, full or half, but no autodetect. So, since my downstream is 30Mbit/sec, I set it to 100 Full... and it started running like a slug. 100 Half didn't help any either. So I hooked up my PC to the modem direct, and discovered that the SB5120 doesn't like forced duplex modes. 100 Full and Half ran like a slug, but autodetect would configure for 100 full and it ran like a champ. So, it's possible that you've got a similar problem. The difficulty in determining that is that it could just be the firmware on my modem that caused that, and every cable provider does their own firmware releases. You can always try connecting the laptop and forcing 10 full and 10 half to see if the performance is similar to what you're getting out of the LEAF box. If you are, then the problem is that the modem doesn't like the forced settings. If not, then it's probably something on either the cards or the motherboard. Out of curiosity, have you tried switching which card is connected where? In other words, Eth0 internal and Eth1 external? > For what it's worth, I've acquired a replacement box that has PCI > slots in it and I'll set up my LEAF box with 3c905's (10/100) which > should (hopefully) solve the problem. Probably will. I myself had switched over to 3c905Cs when I finally got rid of the 486 system. George - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Ok, the Cable Modem discussion has me concerned...
Ken Gentle wrote: > 4: eth1: mtu 1500 qdisc pfifo_fast qlen 1000 > link/ether 00:0c:41:e9:34:dd brd ff:ff:ff:ff:ff:ff > RX: bytes packets errors dropped overrun mcast > 1152457833 11965659 79 0 0 0 > TX: bytes packets errors dropped carrier collsns > 0 011399780 0 11399778 0 > Concerning me is the number of errors on eth1 - I'm wondering if I > have similar duplex problems as Bob had. Nope, that's not a duplex issue. If it were, you'd be getting overruns and collisions. What we've got here is, probably, a bad NIC, bad wire, or bad port on the hub, or a bad hub in general. Notice that you've got zero transmit packets, but nearly as many transmit errors as you do receive packets. I'd try changing the cat 5 and the card, if you've got a spare; probably not the hub, or if it is then it's probably just the port itself, so try a different port too. George Metz - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Cable Modem speeds with Bering-uClibc
Andrew Haninger wrote: > On 2/26/07, George Metz <[EMAIL PROTECTED]> wrote: >> Any number of things could cause that. My concern is, sometimes >> Motorolas don't handle forced duplex settings well, and sometimes >> half-duplex will make things problematic to begin with. > Okay, more of my confusion: Why would setting the duplex on the card > with the 3Com software be any different from setting it with ethtool? > Is setting it on the card "cleaner"? Nope, just me not making myself very clear. :) Motorola modems seem to, occasionally, have an issue with a connection that can't autodetect on the other end. In the example I gave, if I let my PC autodetect, it comes up at 100BaseTX full duplex, and everything works great. If I force settings to 100BaseTX full duplex, and don't let the modem autonegotiate with the PC, it runs like a slug in molasses, traveling uphill. > It has solved the problem, pretty much. Speeds are much, much better and: > > No errors! > Thanks, everyone! (Sorry for being a pain in the ass.) Excellent, and no worries, glad you've got good speeds going on. :) George - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Any experience with eMTA Cable Modems and Bering uClibc?
FYI, this may be something that Comcast doesn't do, but we (Cablevision) actually segregate the bandwidth used for the VoIP services completely from that of the internet connection, and it was my understanding that that is standard practice within the industry. Forex, our service flows have individual listings for carrier signal and for the actual phone conversation, in addition to the rate shaping being done for the net connection. As far as the NAT/Firewall aspects of the Motorola goes, to my knowledge, Comcast never uses them. At least, they didn't when I lived in their territory. It's an available option in the modems, but 99% of the time cable companies don't want to use them, preferring 1 PC to 1 Modem connection. We're actually implementing a static IP service in the next couple of months, something that the Motorola can also handle, and our solution involves a Cisco router instead. Also, if your co-worker is getting drop-outs on calls, he probably has other issues. I've held an hour-long conversation with no hiccups before while downloading at 28 Mbit/sec the entire time. George Metz Ken Gentle wrote: > Thanks, Charles. Comcast Tech support said I could keep my current > Surfboard for data and use theirs for the voice. I thought that was > redundant, but I see your point. One of my co-workers has voice and > data on the same modem and he'll occasionally drop out on our phone > conversations - it is really annoying. > > Just what I need - another electronic device to plug in... ;-) > > As usual, you've been a big help, Charles. Sounds like separate > modems for voice/data is the way to go. > > Ken > > At 16:45 2007-04-16, Charles Steinkuehler wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Ken Gentle wrote: >>> I'm trying to figure out if adding Comcast's Digital Voice service, >>> which requires me to lease an eMTA modem from them, is going to cause >>> me any problems with my current network setup. >>> >>> Comcast will supply either an Arris Touchstone or Motorola >>> Surfboard/Voice modem, with battery backup. My research on the >>> Motorola finds that there is a firewall and NAT on the modem (which I >>> don't want). I can't find anything similar about the Arris Touchstone. >>> >>> Does anyone have any experience with either of these modems and >> Bering uClibc? >> >> I have two Arris Touchstone modems for digital voice on Cox cable-modem >> service (one for business phone, one for residential), but neither is >> hooked to my firewall (which is hooked to a third modem). >> >> When I setup my business-class network service with digital voice, the >> Cox folks brought me a new Arris modem for voice, but told me to keep >> the existing cable modem for data. I was told there can be issues with >> traffic prioritization within a single modem if it's running both data >> and voice (ie: if your local computer starts spewing garbage full-speed >> out to the 'net, your phone might stop working). I'm not sure how >> seriously to take this, but that's what the installer said. >> >> You might ask and see if you can just keep your existing modem for data >> when they install your new voice service. If you're nice to the >> installer, (s)he'll probably even provide the required splitter and coax >> patch cables. If you're *REALLY* nice, you might be able to get them to >> put their demark on your backboard in the wiring closet, instead of >> hanging off the side of your house somewhere. :) >> >> - -- >> Charles Steinkuehler >> [EMAIL PROTECTED] >> -BEGIN PGP SIGNATURE- >> Version: GnuPG v1.4.0 (MingW32) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org >> >> iD8DBQFGI+B5LywbqEHdNFwRAgo0AJwPbRzE6QjZah8aCXrw7y4+KMf9AACg9u41 >> VKR3Lb+2REOQ9KFncxPbd+4= >> =RpM7 >> -END PGP SIGNATURE- >> >> - >> This SF.net email is sponsored by DB2 Express >> Download DB2 Express C - the FREE version of DB2 express and take >> control of your XML. No limits. Just data. Click to get it now. >> http://sourceforge.net/powerbar/db2/ >> >> leaf-user mailing list: leaf-user@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/leaf-user >> Support Request -- http://leaf-project.org/ > > > > --
[leaf-user] Compression Format for initrd.lrp?
Hey gang, Well, after recently moving, my old firewall system decided that the floppy controller on the motherboard didn't want to actually read disks anymore. Or certainly not WRITE them. So, I went ahead and used an older (but still newer than the old router) system, a P3-500 with a 64-meg DIMM, to throw together a new system. Right now, I'm trying to get things set up with an upgrade - since I had to move from DSL with Static IP to Cablemodem with DHCP - to Bering, and I'd like to do it on CD-ROM. And the easiest way for me to make the infamously-missing initrd.cdrom file myself would be to extract initrd on my workstation, make the changes, and close it back up. Unfortunately, things seem to choke when I try that. Winzip, itself, certainly doesn't think it's a tarball that's been gzipped, and neither does Winrar. Since the hard drive that had my Linux install on it just died (literally; happened about two hours ago) that's not really an option for me either. So could anyone give me a pointer on whether or not what I'm trying to do is even possible? Or am I going to have to go at this the hard way - setting up a boot image on floppy and borrowing a computer? Thanks! George Metz --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Compression Format for initrd.lrp?
Jeff Newmiller wrote: On Sun, 20 Jul 2003, George Metz wrote: I'd like to do it on CD-ROM. And the easiest way for me to make the infamously-missing initrd.cdrom file myself would be to extract initrd on my workstation, make the changes, and close it back up. Unfortunately, things seem to choke when I try that. Winzip, itself, certainly doesn't think it's a tarball that's been gzipped, and neither does Winrar. Thank goodness. ;) That's because it isn't a tarball. It is a gzipped minix filesystem image. Well that would explain that. :) Or am I going to have to go at this the hard way - setting up a boot image on floppy and borrowing a computer? Not sure I understand why you need to borrow a computer... you obviously have one capable of burning a CDR. As long as it also has a floppy drive, you should be able to use that. The floppy would be the key issue. I was having some fairly serious issues - repeatedly - with getting any of the floppies I made to boot. Or if they would boot, they wouldn't backup packages without I/O errors. I tried every floppy drive I had, too. I did manage to get it set up, though. I'm guessing that the floppies don't take kindly to Win2K doing file operations on the superformatted images, so I basically ran the win32 binary and didn't bother clearing space first. That allowed me to reboot, edit packages, and save them, then just used Winimage to read the drive into an Image file. Little convoluted, but it works. Thanks for the info! George --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Now On-Line but big trouble...
Michelle Konzack wrote: No I have not... because I curently no running SLINK-System (HD crash) and can not build new LRP 2.9.4 Packages... You could try the windows port of it, WinDump. It runs on Win9x/ME/NT/2K/XP, and only requires a (freely available) single file in addition to itself. http://windump.polito.it/ --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Now On-Line but big trouble...
As a start, I'd like to say, please take the politics off this list. Matt did. You can too. Furthermore: I was working for the french gov and I have very good access to some non-public informations... The European had scanned by satelit the Near-East (from Syria to Iran) for Radioactivity... There is noting !!! Then their scans didn't work. Iran has nuke power plants and uranium mines in there own territory. There was a rather large Nuclear Energy facility in Tuwaitha. One that looters hit, and that people are getting radiation poisoning from. Please, if you're going to fling attacks, do so with credible information at a minimum. And most importantly, please stay on topic. So Boy-George W.B. like to play Ware-Games for noting but economy... He is a terrorist, a killer and a thief. And I, too, am done with this thread. For any number of reasons. If you'd like them, forward this statement to me privately and I'll be happy to explain off-list. --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] interfaces / shorewall assist please
Steve Wright wrote: Bit of a red herring here; just want to make sure that he doesn't need to spend time chasing down a ghost... lsmod output: Module PagesUsed by 3c589_cs8580 0 (unused) I can see no module here that looks like an ethernet driver. Either you have the driver (for your ethernet chipset) built in to the kernel, or it is not loaded. What is the ethernet chipset for eth0 ? Try to insmod the module for it and see what happens. 3c589_cs is the Ethernet module there. It's a 3Com nic; all of their cards which use their own chipsets have modules that start with "3c" as a designator. George Metz --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] followup to interfaces / shorewall assist
Steve Wright wrote: I know Linux and WISP-DIST, but I am not familiar with Bering, per se. Try these things ; boot Bering, and see if pump is running on eth0. It should not be. Start from scratch, with a perfectly clean image and have another go. Write a little script that that restarts the network - basically what you are doing now, but automatically. For that matter, removing pump entirely from the list of packages to be loaded would be indicated. PPP has it's own method to assign an IP address to the connecting device, and with eth0 being the only Ethernet interface, and the internal at that, then Pump doesn't need to be on the disk. --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] VPN security issue? Slightly O/T...
Craig Caughlin wrote: Hi Eric, Thanks for the response. I think I'm like Alex, I don't quite understand what you mean when you say "Then the entire Internet gets access to the other side of your VPN without having to compromise your system." Could you explain that a little bit? Thank you. It's fairly straightforward. Let's say you've got a machine on the internet with nothing between you and the 'net. You're running with a public IP(I'm gonna use a private, so just pretend) of 172.16.8.1 on your machine, and you're connected to a VPN. Routing is also turned on on this particular machine. I'm a bit rusty on my Linux routing statements, but on a Cisco, the way you'd do it is: ip route 0.0.0.0 0.0.0.0 172.16.8.1 ip route 172.16.8.1 255.255.255.255 192.168.1.1 Where the 192.168 address is the far side of your WAN connection. This provides a route to your machine, and tells the cisco to send ALL traffic to your machine for routing. After that it's a fairly straightforward issue to run an ICMP scan with a relatively low timeout setting on the 10/8, 172.16/12, and 192.168/16 IP blocks until you find a valid IP, then work on that area of the block and play with someone's corporate LAN. So yeah, this can be a really, REALLY big security hole. Just one thing; if you can browse while connected to a VPN, make CERTAIN that you're not browsing THROUGH the VPN before you go getting all panicky. It's certainly a strong likelihood, and AFAIK there's relatively little chance of the hole you're referring to from happening. (IOW, browsing on your public connection while connected via VPN.) George Metz --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: RE: [leaf-user] VPN security issue? Slightly O/T...
Two addendum points: 1. A LOT of ISPs use RFC1918 address space as connector IPs on their own network. It conserves IP addresses that they can sell/lease to customers, and overall it works well. This means that if your ISP is doing this, and your VPN is on a different block, AND the ISP routers somehow became aware of the block you're routing to (bit of a stretch, I know, on that last), then you end up serving as a gateway. More likely, traffic just dead-ends in your ISP, possibly at one of their routers. 2. Lots of folks use cablemodems as their internet access. Those that do rarely think about security from their friendly neighborhood fellow cablemodem users. That would be, at minimum, 252 users who could access your system and invade the VPN Network. Including Little Jimmy, who's now 13 and thinks cracking corporate networks is way l33t. More likely, it includes everyone in your town, and all of little Jimmy's l33t friends. All because a cablemodem network is like one big LAN. I get at least 50 hits a day on Netbios ports just from people who have no clue that their computer is a sitting target, and is actively looking to compromise itself for you. That's the real threat. Granted, maybe not the entire net, but a far larger portion than you'd like to think is healthy. George Metz - Original Message - From: Eric B Kiser <[EMAIL PROTECTED]> Date: Tuesday, July 29, 2003 7:42 pm Subject: RE: [leaf-user] VPN security issue? Slightly O/T... > Alex, > > Most modern IPsec clients have better security than they used. > There was > a time that if your company was using public addresses internally > ...anda remote client had a VPN connection across the Internet > ...and said > remote client also was inadvertently configured to route traffic from > the internet across the VPN ...and someone knew enough to target you. > > It was (and still is) possible to get into the company network > that way. > I realize that the chances of this happening are extremely remote. I > have, however, witnessed this very thing while working for Ascend > communications. Thankfully FreeS/WAN is a much better product and > publicaddresses are not as commonly used internally as they once were. > > Assuming that you are using private addressing internally and assuming > that your ISP is filtering the RFC 1918 addresses, then yes the > next-hop > "should" be the extent of the threat. This threat, however, can be > mitigated by good fire-walling practices. > > Best Regards, > > Eric "In the grip of paranoia." Kiser > > > -Original Message- > > From: [EMAIL PROTECTED] [leaf-user- > > [EMAIL PROTECTED] On Behalf Of Lynn Avants > > Sent: Tuesday, July 29, 2003 6:38 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [leaf-user] VPN security issue? Slightly O/T... > > > > On Tuesday 29 July 2003 04:53 pm, Alex Rhomberg wrote: > > > > It's fairly straightforward. Let's say you've got a machine > on the > > > > internet with nothing between you and the 'net. You're running > with a > > > > public IP(I'm gonna use a private, so just pretend) of > 172.16.8.1on > > > > your machine, and you're connected to a VPN. Routing is also > turned on > > > > on this particular machine. > > > > > > I still don't get it: Let's say I have the setup you > described, with > > > 192.168.1.0/24 being my VPN. You're sitting on the other side > of the > > > Internet, say 10 hops away. How can you send a packet to > 192.168.1.1? Is > > > there a standard tunneling method that is always activated? > The 10 > hops > > on > > > the way would all drop a packet sent to 192.168.1.1. > > > > > > Wouldn't the cryptic commands you described only work on my next > hop, > > i.e. > > > the ISPs router? This would reduce the number of people who > can get > at > > my > > > VPN quite significantly (ISP admins instead of "whole Internet") > > > > The private addressing sent via the tunnel is encapsulated and > encrypted > > under > > the public ip address of the VPN gateway. Nothing outside of the VPN > > gateways > > (ie... internet) would have any idea that any private addressing is > > attached > > to these packets. > > > > To further the earlier question of using both VPN and internet > accessat > > the > > same time. you can't run a VPN w/o internet access can you? :) > > In all cases, the proper routing is needed for *any* VPN to work > properly. > > Improper routing is the secu
Re: [leaf-user] DHCP client
To clarify, however... Bering is indeed setup to use pump.lrp by default, and it works extremely well. HOWEVER, since Bering is set up so that you can use DHCP, PPP, or PPPoE with the default image, pump.lrp is NOT loaded by default in syslinux.cfg. So, if you open up syslinux.cfg and add pump to the LRP= statement, you should have no issues getting your Bering box to grab an IP from your provider for eth0. George M Lu wrote: Bering uses pump.lrp by default. From: Alexander Borghgraef <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [leaf-user] DHCP client Date: Sat, 2 Aug 2003 11:08:48 +0200 (CEST) Ok, I finally got the via-rhine driver installed, but now I can't get the dhcp client running (I've got a cable modem internet connection). After some browsing through the docs I noticed dhclient.lrp is not standard included in Bering, which seems strange since the default network setup is eth0 dhcp, eth1 fixed IP. Dhcpd.lrp is included though. Do I need the dhclient package, or am I missing something? Also, are there any remote login tools included in the standard boot disk? -- Alex Borghgraef --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html _ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] DHCP client
Um. Okay, color me stupid. For some reason, I mixed up pump and DHCPd for some reason. DHCPd is not loaded in there by default, but is on the disk. Sorry for confusing you... George Metz Luis.F.Correia wrote: If you are using Bering, then type 'ip addr'. -Original Message- From: Alexander Borghgraef [mailto:[EMAIL PROTECTED] Sent: Monday, August 04, 2003 9:23 AM To: George Metz Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] DHCP client On Sat, 2 Aug 2003, George Metz wrote: To clarify, however... Bering is indeed setup to use pump.lrp by default, and it works extremely well. HOWEVER, since Bering is set up so that you can use DHCP, PPP, or PPPoE with the default image, pump.lrp is NOT loaded by default in syslinux.cfg. Hmm... Strange, it was in my syslinux.cfg, and I didn't do it myself. Anyway, when I run ps I see pump -i eth0 running, but when I try to ping either google or my proxy, I get nothing. I don't know yet if I don't get an IP, or if the problem lies with contacting the DNS. How can I check if I've been granted an IP address? Ifconfig doesn't seem to be part of the LEAF distro, and I don't know what else checks it. -- Alex --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet _072303_01/01 -- -- leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Routing 192.168.231.255
- Original Message - From: Ray Olszewski <[EMAIL PROTECTED]> Date: Wednesday, August 6, 2003 10:13 am Subject: Re: [leaf-user] Routing 192.168.231.255 > As an aside, from time to time people post questions here about > whether > blocked packets from/to ports 137/139 are attacks. I usually reply > suggesting that they are more likely to be a "leaky router" on the > ISP's > "LAN" than a deliberate attack. This problem is (I think) an > example of > just such a misconfigured router. These days, though, it's more likely to be annoying maliciousness, rather than an outright attack. If you're on a cable network, you're likely to see a LOT of incoming stuff from all over the 'net with destination ports for 138/139 and 135. These - especially the 135s - tend to be the now-pervasive Windows Messenger Service popups that a lot of folks are getting. Any of those ports will work though, and if you're doing any sharing of Windows drives on your LAN, you really want to have those blocked. I'd recommend you check your external IP though before blocking RFC1918 addresses wholesale; your provider may be using them as a WAN IP between you and them and doing further NAT or PAT on their side. --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] OT - How many users will a T1 line service?
From experience on the far end of the line, a T-1 can hold anywhere from 2 to 1000 users simultaneously. If this setup is mostly web browsing for research purposes - for example, a school library - where they either won't want to or won't be able to run their own programs on it, then a frac T-1 should do okay. If you've got more than 50 users though, I wouldn't go much below 512k. Also, consider Frame Relay. It's often cheaper, and can be set up so that you have, say, 768k most of the time, with a "burst" capability up to full T-1 levels. It also allows you to go with a good many more ISPs. Note that this is conditional on the number of simultaneous users - or more to the point, the number of available workstations. And below a certain speed rate, people are going to grumble about slow speeds no matter how many folks are using it. Also, I've seen full T-1s range in price from as little as $300 per month to as much as (or more than) $1000 per month, exclusive of any equipment charges - T-1 routers are expensive! Make SURE that, if it looks like you're getting a good deal, the price of the service INCLUDES the price of the local loop; That $250 T-1 deal might be pretty crappy if your site is 5 miles out from the CO and you've got to pay for the charges yourself. Steven had a point as well; if you're doing e-mail, limit attachments - I prefer 10 megs, to allow larger PDFs and MS Bloatware application files through - right off the bat. Set up a transparent caching webserver, probably (to tie it in) in a LEAF DMZ, with the bulk of users on an inside network to get a solid firewall going. If you're doing your own e-mail, set it up so that the e-mail server is also on the DMZ, and make sure that you've got it set up to scan for virii. This will also allow you to set up something like SpamAssassin. After that, I strongly recommend IMAP rather than POP; even on a local network, you'll get a much easier time of the bandwidth usage. If someone else is hosting for you, request IMAP specifically, then block POP. Someone downloading a fistful of SoBig e-mails is one surefire way to clog up even a T-1 line. Craig Caughlin wrote: Hi folks, I'm working on a little project with a school district, and I'm wondering if anyone has an idea (or firsthand experience) how many users that you might "reasonably" expect either a full T1 line or fractional T1 line to provide internet service for??? I need to do some "financial planning" and I'm trying to factor in how much our internet access is going to cost :-) Thank you, Craig --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] WAP
I would strongly recommend that if you do this, you either: 1. Get a router-in-a-box with a WAP on it, instead of just a WAP. 2. Put the WAP on a DMZ from a third NIC. 3. Both of the above - can't be too careful. Wireless, even running WEP encryption, can be a serious security flaw in any network. Anyone in your neighborhood is going to be able to access it one way or another, either by directional antenna or by taking a laptop and sitting outside your house. Apartments are even worse. If you're going to be using wireless basically as a method to sit outside on a nice day and use a laptop to browse the net, then putting the WAP on a DMZ with rules in shorewall to prevent it from accessing the wired LAN is probably a good idea. For extra security, sticking it behind a Router/WAP combo that's actually doing NAT masquerading from the DMZ isn't a bad idea either, as long as the shorewall rules are in place as well. For a good deal, check Best Buy if you have one in your area. I managed to get the Microsoft MN-500 Wireless router/4 port switch combo for $30 because someone had opened it and returned it - it was fully functional. (Oddly enough though, in routing mode, you can't play Asheron's Call - one of Microsoft's games - from more than one client at a time. I'm assuming this would be an issue as a router for any online games that use multiple UDP connections. Bering 1.2 and Shorewall handle it out of the box, as it were.) George Metz C. Dummy wrote: Hi . I just came back to mailing list after a while. I'm running Bering 1.2 with dsl modem and than switch with 4 computers on static internal ip's. I'd like to add wireless access point. What is the best way to do that? Plug in wap to switch which is behind Bering? Can they exist together Bering switch and WAP? Or Bering switch and wireless router? Most of the WAP's comes with router, should I buy one with router built in or without? Is this the way to go running WAP from the switch? I want my wire connections to be as a main structure I'll use WAP only from time to time. Sorry if all this sounds stupid but I have never had any experience with wireless connections? Andrey --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] D-Link 520+ Bering 1.2 problem with acx100_pci.o
If you didn't compile the module with the kernel that Bering uses running, or with links pointing to the Bering kernel's config and source directories, you will not be able to successfully get the module to work. Sebastian A. Aresca wrote: Hi i buy a D-Link 520+ and I am trying to make it work under Bering 1.2 kernel 2.4.20 I compile it but can't make the acx100_pci.o but can't make it work. I think the problem is with the bin files. The acx how to say to get thoose files from windows but i don't have it. Thanks in advance. Sebastian A. Aresca --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] WAP
Just as a note, my primary reasoning for thinking to put NAT behind NAT - and it wouldn't be an issue, BTW, since many ISP/MSP/MSSP companies, including the one I work for, provide RFC1918 address space for the WAN side and run NAT behind it on the LAN side, because it's all going out a managed Firewall - is because you could then have a hub in between the WAP and your Bering box to connect into to run Ethereal through to find out what kind of traffic is passing over your WAP link. Furthermore, it would also mean that you can actually access the WAP - something not easily done, if at all, in Bridging mode - if you needed to change the Wireless keys out for some reason, or do some sort of other configuration work on the device. I like having lots of powerful options, even if I'm unlikely to use them much. George C. Dummy wrote: My WAP might stand right on the bering box so thats no problem. Looks like third nic is the easiest resolution. I don't know much about squid proxy, and viz sshd (probably requires multiple flopppies or cd), not yet at least I just need WAP for simple browsing internet on laptop. Thanks for all the help. I'll have to read user's guide about third nic, DMZ and diffrent ip subnets on the same LAN I hope there are some examples. Thank you. Andrey Steve Wright wrote: On Sun, 2003-09-07 at 15:24, M Lu wrote: I am not familiar to the 'scope' thing, but I am sure you do not need the router, you need only the access point if you connect your WAP to a separate NIC in the Bering router. I disable the router function in my D-Link 713P. Yes, you can use a separate NIC, but then the AP must be next to the Bering Router, or run a new long cable. This is inconvenient, and is not required, unless the AP *is* right next to the Bering Box. These are scopes ; 10/8 172.16.1/24 192.168.0.0/24 You may run multiple scopes on one subnet(network cable/switch/NIC) and add rules about who may talk to who. It can be complicated at first, but it is very powerful, and much easier than heaps of iptables entries. /steve --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] SpeedStream R1483 + bridging
RFC1483 is simply a means - that is as far as you're concerned, completely and totally transparent - for encapsulating IP traffic for transport over an ATM circuit. The DSL Modem handles all of this, and it has absolutely zilch to do with your IP address or even with anything that actually touches your location. Quickie Lesson on DSL setups: DSL, or Digital Subscriber Line, is a last-mile technology. Oddly enough T-1 lines in the US use a very similar, but more robust, technology in many cases. The actual DSL part, and the only thing the DSL modem does, is function the same as a network card but for DSL instead of Ethernet. The actual DSL part is only between points A and B, usually Customer Premises and Telco Central Office. RFC1483 only comes in because most DSL providers use ATM circuits to connect from the hundreds of Central Offices where their equipment resides back to either their own internet connections, or to an ATM circuit for the ISP that you ordered service to. Note, both the ATM and the DSL portions of this setup are entirely done transparently; you'll never see or have to deal with anything other than "Is my line up". The Speedstream 5660 is a DSL bridge, meaning it passes anything that it receives on one port and passes it to the other port. It's completely transparent. In fact, it's really just a glorified DSL-to-Ethernet converter. It has absolutely no routing functions, and if it has an IP address at all - which I highly doubt - then you wouldn't be able to access it as it's set up for Technician access only, and therefore probably on the WAN side. It is NOT your WAN IP address, that gets passed to the WAN side of your Bering box. To make an already long story short, you got told a bunch of information that you didn't need to know and got confused. RFC1483 has nothing to do with what you're looking at, and is totally transparent, and the Speedstream is only a bridge, which is also totally transparent. PPPoE is simply a means to assign an IP address to a host dynamically, as well as enabling certain bandwidth controls on the ISP side. DHCP serves the same function IP-wise, as does a static IP address. I recommend calling your ISP and asking them how you will be assigned an IP Address; that should tell you all you'll need to know to get it set up and running. George - who spent far too much time fixing DSL at one point. :) Lars Karlslund wrote: Hi, I want to do a setup with my Bering box on a site in Spain, which has the following characteristics: - The line is running RFC1483 LCC encapsulation with a fixed IP-address - The router is a SpeedStream 5660 I thought the line ran PPPoE with authentication, but it seems it runs RFC1483 (is that a variant of PPPoE or is that just a synonym?) The setup can be configured so far that the SpeedStream acts as a bridge and does the RFC1483 encapsulation to the ADSL line. The SpeedStream's WAN port then has the external IP address. But I need my Bering box to have that address - but two units can't share the same address? Pointers would be appreciated. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Dachstein, 2 internal nets routing
Negative, 192.168.0/23 will route 192.168.0.0/24 and 192.168.1.0/24 but ignore 192.168.2.0/24. You'd need to do a /22 to do aggregate routing with the specified /24s, and at that you'd have two /24s floating in limbo. Victor McAllister wrote: Dachstein will not route between interfaces unless you tell it to do so. To masquerade both networks INERN_NET=192.168.0/23 should cover both networks. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] DSL troubleshooting.....
This cannot be a DNS issue. It's like saying, every time a plane flies over my house, the subway train that runs underneath it gets derailed. DSL modem sync is a Layer 2 function, whereas DNS is a Layer 7(?) function. (I'm talking about the OSI Layer Model. Layer 2 is Data Link, Layer 7 is application, though I'm too tired to place DNS accurately, so it might be in the 4-6 range.) More than likely, there's something screwy with your DSL modem and a request on port 80 is causing it to keel over. I would contact your DSL provider and request that they have the line tested - you'll need to be on hand for that - and if that doesn't turn anything up, see if they'll send you a replacement modem. Explain everything in detail to them when you call. If you want to verify that it isn't your Bering box before you call, just run the ethernet cable straight from the modem to your workstation, set whatever needs to be set for getting an IP address, and try accessing a website and see if it does the same thing. George John Mullan wrote: Can anyone give me hints about what to look for? My DSL modem (apparently) loses sync when I try to access an external web site. After it syncs back up, and I try again, I lose sync again. Ping works the same way except if I try to ping an IP rather than URL. Now this would seem to me to be a DNS problem. But can this be with my internal DNS or ISP's DNS ??? Could it be either? HISTORY: This is my home/personal network. I have Bering/Shorewall and it has been working up until yesterday. I have not made any changes in the last couple of days. I have a Win2K server (192.168.1.128) inside and it is the primary DNS of the internal network. Bering box (192.168.1.254) is secondary DNS (DNSCache). IE; Win2K will forward unresolved addresses to it (obvious!?!). Ideas please.. John (www.mullan.ca) == http://www.olgc.ca888-345-7568 ext. 2210 mailto:[EMAIL PROTECTED]416-213-2210 (direct) == If each of us have one object, and we exchange them, then each of us still has one object. If each of us have one idea, and we exchange them, then each of us now has two ideas. == KNOW YOUR LIMIT, PLAY WITHIN IT! ONTARIO PROBLEM GAMBLING HELPLINE 1 888 230-3505 DÉPASSER SES LIMITES, CE N'EST PLUS DU JEU. LA LIGNE ONTARIENNE D'AIDE SUR LE JEU PROBLÉMATIQUE1 888 230-3505 --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] firewall or just router
Couple of things on this. Interspersed where relevant. Brian Kolaci wrote: Hi, I'm looking to setup a box mainly as a routing decision maker. I'll have 2 DSL lines, a primary and backup (to 2 different ISP's). I'd like traffic to go out the primary (faster and static IP's) when its up and have it automatically failover to the second DSL router when the first dies. I have a LAN -> watchguard -> linux box -> 2 DSL connections. Careful with the Watchguards. They have a nasty tendency to stop working right around the time they run out of ports to masq to. So if you've got a lot of clients behind the Watchguard, it can be a real pain in the posterior. Actually, the linux box and the 2 DSL lines are on the same physical network. I'd setup the linux box with static routes to force pings through each of the DSL lines and when it notices one line down to force the default route through the backup. Okay, sounds good so far... The trick I'm finding is getting it to forward packets from the watchguard back out the same interface to one of the DSL lines. I can't seem to get it to work like a router when there's only a single ethernet interface. Have you tried setting up subinterfaces? (eth0:0 and eth0:1) That might work better, as you can assign different IP and gateway data to the same physical controller, and would make things overall less cranky. I'm looking to make a transparent failover (and recovery) between the DSL lines. The watchguard can only take a single IP address for its default internet connection. There is some data out there on this, but it's been a while (I think) since anyone's done it. It IS possible, though. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
The problem with this approach is that WEP, the security protocol that most Wireless points use, is fairly weak and relatively easily broken. If you want to ensure that only authorized users can get in, you kind of want to use both WEP (Wired Equivalent Protocol, even though it's not... :) ) and something like IPSec for authenticated access to the WAN. Otherwise, someone who really wants to can eventually sniff and break the encryption, and use your pipe for anything they want. As a note, if the intended home environment happens to have metal siding of any type, this can REALLY kill your ability to use WiFi out in your yard. On the other hand, it makes it really difficult for someone to pick up your WiFi signal from across the street, as well. Old wiring and proximity to a microwave transmission tower can also have all sorts of interesting effects. Remember, if you want to get it set up quick and dirty, set up the DMZ, don't worry about the IPSec for now and just go with the built-in encryption, and just get her online with a strong caution that anyone can drive down the street with a laptop and pick up anything she sends across it, so don't send credit cards or other financial data over the line. Then, when you've got time, go back and research, then implement the IPSec tunnel. WEP should be enough to fend off the simply curious for the time being, though turning off the WAP when she's not going to be using it might not be a bad idea. (Trips, busy weeks at work, etc.) George [EMAIL PROTECTED] wrote: I have done something similar but not using a DMZ. I simply added a second Private network for the WiFi network using a normal NIC and a Separate Wireless Access Point. Simply don't add any rules that will allow the two networks to interact into your shorewall rules and you have 2 independent, isolated internal networks both of which have internet access through your firewall. The WiFi equipment we used had the capability to encrypt it's own communications which we implemented to ensure that other laptops could not be connected to the wireless network and use our satellite connection without permission. All of our gear was from Alloy. Andrew Gray -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Sean E. Covel Sent: Tuesday, 16 Dec 2003 06:19 To: [EMAIL PROTECTED] Cc: Leaf User List Subject: Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ??? Julian, On Mon, 2003-12-15 at 11:32, Julian Church wrote: Hi Sean On Mon, 15 Dec 2003 10:02:35 -0500, Sean E. Covel <[EMAIL PROTECTED]> wrote: Here is what I am proposing to do: Cable Modem -> Bering --> (Private Network) Current PC (Windows XP) | ---> DMZ --> WAP --> Laptop (Windows XP) The question is, of course, how to secure the WIFI and Laptop. I was hoping that the Laptop could establish an IPSEC connection through the WAP to Bering. Strange! That's exactly what I'm planning at home, except there are two laptops, both running Mac OS X (which has an IPSEC client built in. As far as I've determined by searching the internet, as long as your access point is set up as a transparent bridge, the IPSEC traffic will pass straight through. cheers Julian Since this needs to be up-and-running quickly, and I'm doing it in my spare time, I wanted to go the path of least resistance. How soon till you implement? I was hoping to learn from someone else's mistakes ;-). Don't want to be the trailblazer on this one. It just sounds too easy. Anyone actually done it? Even with 802.11a/b/g? --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html __ NOD32 1.579 (20031215) Information __ This message was checked by NOD32 antivirus system. http://www.nod32.com --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LIN
Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
Yeah, I know. I was more replying to someone else saying that WEP was enough. It's clearly not. The actual Access Point SHOULD work exactly like a standard ethernet bridge/hub, so it should pass through the IPSec without issue. My suggestion was more in the nature of "here's how you get it up quickly if you can't locate the information you're looking for." It's infinitely better to do it right the first time, but when you're in a time crunch with folks who don't understand why you have to jump through hoops, life gets a bit more difficult. :) Sean E. Covel wrote: George, My original message included IPSEC. I guess my biggest concern is: Can IPSEC from a windows machine pass through the WAP and end at the Bering box. This would require a few things: The WAP passing IPSEC. The MS Box using IPSEC. Bering able to understand whatever it is that Microsoft "embraced and extended" when they wrote "their" implementation of IPSEC. I was hoping someone had done this and would point out all the potholes in the road. I read in detail about the WEP flaws. 15 min. to break RC4 encryption because their implementation is so flawed, and no infrastructure to change keys when they have been compromised. That's why IPSEC is so important. Sean On Thu, 2003-12-18 at 12:19, George Metz wrote: The problem with this approach is that WEP, the security protocol that most Wireless points use, is fairly weak and relatively easily broken. If you want to ensure that only authorized users can get in, you kind of want to use both WEP (Wired Equivalent Protocol, even though it's not... :) ) and something like IPSec for authenticated access to the WAN. Otherwise, someone who really wants to can eventually sniff and break the encryption, and use your pipe for anything they want. As a note, if the intended home environment happens to have metal siding of any type, this can REALLY kill your ability to use WiFi out in your yard. On the other hand, it makes it really difficult for someone to pick up your WiFi signal from across the street, as well. Old wiring and proximity to a microwave transmission tower can also have all sorts of interesting effects. Remember, if you want to get it set up quick and dirty, set up the DMZ, don't worry about the IPSec for now and just go with the built-in encryption, and just get her online with a strong caution that anyone can drive down the street with a laptop and pick up anything she sends across it, so don't send credit cards or other financial data over the line. Then, when you've got time, go back and research, then implement the IPSec tunnel. WEP should be enough to fend off the simply curious for the time being, though turning off the WAP when she's not going to be using it might not be a bad idea. (Trips, busy weeks at work, etc.) --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
Mike, Not really. Actually, I'd PROBABLY consider using that as an additional step, except that IIRC IPSec will handle all the auth. All this is really doing is preventing unauthorized users from using your net connection, whereas IPSec is actually establishing a tunnel, allowing you to send all of your data between the LEAF box and the client in an encrypted form. The real difference is that NoCat is designed to allow folks to login and use the hotspot - making it great for a community project where you only want to charge a small upkeep fee or only let community residents access it (like, say, wireless for an apartment complex). You're still going to be sending all of your data in the clear or only using WEP encryption though. Which means that anyone with a little free time on their hands and a few handy tools is going to be able to pick up everything you're sending to the WAP in the first place. George Mike Noyes wrote: On Fri, 2003-12-19 at 10:16, Mike Noyes wrote: On Fri, 2003-12-19 at 09:24, George Metz wrote: Yeah, I know. I was more replying to someone else saying that WEP was enough. It's clearly not. George, Is NoCatAuth/NoCatSplash an acceptable solution to wireless security? NoCat http://nocat.net/ BTW, do we have a package for this yet? Additional link: NoCatSplash http://nocat.net/wiki/index.cgi?NoCatSplash --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ICSA certification
If I recall correctly, this was looked at in the past and the cost was prohibitive, to say the least. A quick poke around on Google isn't turning up an amount, but I remember it being significantly more than was worth the effort. Not to mention that ICSA Certification is designed for commercial firewall products. That will drive the cost up even more. Jaime Nebrera Herrera wrote: Hi all, Anybody knows how much can cost ICSA certification for firewalls? We might be interested in certifying a Leaf based firewall and need a gross estimate of the money needed :) Thanks in advance --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering-uClibc Weblet
It depends on which of the three traffic light graphics is red. If it's the Firewall light, this means there is probably a bunch of traffic that your firewall has rejected. If you want to see the traffic that is being dropped, click on the "shorewall.log" link on the page that tells you there's an error. I'll warn you, unless you have some experience in reading logs, a lot of it is going to look like gibberish. With a little research though, you shouldn't have too many problems deciphering it. Basically, the error is to inform you that you're getting a lot of invalid traffic. Depending on your connection type, that could be fairly common (cablemodem in an area with a lot of customers) or relatively rare (DSL on occasion). If the Red light/error is for Memory or RamDisk, you're having issues with the amount of memory in your LEAF box, and should probably look at getting another stick of memory if possible. joah moat wrote: I was just wondering if anyone can tell me why I get an "error" (red light) when I access weblet. I cannot find any good documentation for weblet. Is there another tool I can use other than weblet to monitor my firewall? _ MSN Premium with Virus Guard and Firewall* from McAfee® Security : 2 months FREE* http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Playing games through Dachstein
If this is a roleplaying game like Everquest, Asheron's Call, Dark Age of Camelot, Horizons, etc. then most likely no configuration will need to be done. Most of the massively-multiplayer RPGs out there work on a single outbound UDP connection, with multiple inbound UDP connections in response. Dachstein and Bering (and even the original, outdated LRP) all operate using "loose UDP", meaning that if an outbound UDP connection passes through the firewall, and a half-dozen inbound UDP connections come back from the same server on nearby ports, it passes them on to the originating client. If the game is Asheron's Call, by any chance, I can confirm that Bering, at least, will work out of the box, and I'm reasonably sure that Dachstein will as well. Everquest might be cranky about it - the official website mentions setting ZoneAlarm's security setting to Low, which is abysmal practice. Dark Age of Camelot is all TCP outbound connections, so there should be no issues. Same for Ultima Online. Horizons should work fine out of the box. Star Wars Galaxies initiates all the traffic outbound, and none inbound, so should be fine. At least Star Wars and Horizons, and probably Everquest, want ICMP turned on, though I would try it first without it if you have it turned off already. If it's NOT a Massively Multiplayer RPG, then yes, we definitely need to know the game involved at a minimum. Most of the information above - except for Asheron's Call - comes from searching on Google for "[Game Name] Ports Firewall" without the quotes. Arnold Wiegert wrote: Hi, two of my sons, one at home with his machine behind a Dachstein firewall, the other on the other side of the firewall, somewhere on the net, want to play a role playing game over the internet. I've run the firewall for some time, but am still a newbie in many respects. I'm looking for a way to let them play, while keeping up the firewall, but am not at all sure how to do it. Any suggestions would be most welcome and if I need to provide more specifics, please let me know. At this point I'm not sure what might or might not be relevant :-( Arnold --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Linux magazine LEAF versus CISCO article?
Looks like Issue 100 (August 2002) of Linux Journal. I'm having a bit of difficulty actually pulling it up on their website, however. That might be just a slow load... ah, there we go. Just give it a little bit and it will come up just fine. And frankly, having worked with both LEAF (specifically, Bering + Shorewall) and Cisco PIXes, a LEAF box is far more powerful, flexible, and rugged. Not to mention being cheaper. Here's a link to the article: http://linuxjournal.com/article.php?sid=5826 Craig Caughlin wrote: Hi folks, Management wants to buy a CISCO PIX firewall because they have no confidence in a "free" firewall product. I've told them to reconsider and thought it would help if I could find that article in Linux magazine that compared the two...but I can't find which month/year it was. Does anyone know which month and year that was??? Thank you. Craig --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Linux magazine LEAF versus CISCO article?
To follow up, note that this article is hideously and severely out of date; it's still using IPChains, references the old LRP, mentions the "Idiot Images", and a few other issues. You may want to stress that in comparison, but also realize that this is comparing the LRP to a Cisco Router, NOT a LEAF Project image to a Cisco PIX firewall. PIXen are a totally different animal than a Cisco router - not least of which is because their IOS is less capable and flexible - and the simple change to the 2.4 Kernel and introduction of Shorewall and IPTables completely changes the way LEAF handles stuff compared to LRP. George Metz wrote: Looks like Issue 100 (August 2002) of Linux Journal. I'm having a bit of difficulty actually pulling it up on their website, however. That might be just a slow load... ah, there we go. Just give it a little bit and it will come up just fine. And frankly, having worked with both LEAF (specifically, Bering + Shorewall) and Cisco PIXes, a LEAF box is far more powerful, flexible, and rugged. Not to mention being cheaper. Here's a link to the article: http://linuxjournal.com/article.php?sid=5826 Craig Caughlin wrote: Hi folks, Management wants to buy a CISCO PIX firewall because they have no confidence in a "free" firewall product. I've told them to reconsider and thought it would help if I could find that article in Linux magazine that compared the two...but I can't find which month/year it was. Does anyone know which month and year that was??? Thank you. Craig --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ISP and DNS issues
Honestly, you should probably NOT be using the root servers. They're in general designed to provide updates to other DNS servers on the net, and in the case of on-network resources that may not have a publically routable IP address, going to the root server is going to give you an IP address that you wouldn't be able to reach anyhow due to the way NAT works. Additionally, the root servers don't necessarily know of variations that allow you to access servers on your ISP's network that are set up in an area you can get to easily. All in all, you're just probably going to run into more problems using those root servers than you ever would by using your ISP's designated DNS server. John Wittenberg wrote: Thank you all for your valuable time. Well, I managed to get things working despite my ISP. I changed dnscache to forward my ISPs DNS instead of using the root servers, per http://leaf.sourceforge.net/devel/jnilo/dnscache3.html#AEN113. Now I'm able to resolve my mail server, mail.bllvwa.cablespeed.com correctly. When I had tried to ping the mail server from XP and failed, this was the error message : Ping request could not find host mail.bllvwa.cablespeed.com. Please check the name and try again. At the moment I'll probably leave well enough alone, but what real problems am I going to have by not using the root name servers and sticking with the ISP name servers? As this exercise shows, one benefit could be that no matter how bad my ISP messes up the name records, I'll always be able to find it. Thanks again, John (Snipped Excess) --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] trouble accessing firewall
Step 1: Doublecheck your cable. Try swapping the cable on eth1 for the cable on eth0, and vice versa, and see if the lights follow the cables. If they do (eth0 dark, eth1 lit) then replace the bad cable. That's the only thing that leaps to mind, probably because I had the same problem with my own 3c509Bs. They're wonderfully solid cards, though. Been using mine for four years now. Dave Rose wrote: I am standing up a bering firewall and have made it through the 3c509 troubleshooting phase, or so I thought. I am unable to ping the internal side of the firewall from my other computers. My hardware - 486DX4 100Mhz PCI video card 20MB RAM Floppy disk 3c509B-TP (I have two of these cards installed in the ISA bus) Hardware configuration --- NO Hard drive (controller disabled in BIOS) NO comm/parallel ports (disabled in BIOS) Set the 3c509-TP cards to IRQ7,5 and IO addresses of 0x300,0x280 and disabled the ISA plug and play feature and successfully ran the 3COM diagnostics function on each card) Software configuration 1.) downloaded the bering 1.2 software (Windows utility to make the boot floppy- Bering_1.2_img_bering-1680.exe from http://download.sourceforge.net/leaf/) 2) downloaded the bering 1.2 modules (Bering_1.2_modules_2.4.20.tar.gz from http://download.sourceforge.net/leaf/) 3) I booted the floppy I made in the first step and added the 3c509.o ethernet card driver to /lib/modules 4.) I modified /etc/modules to add the line 3c509 5) I pretty much left /etc/network/interfaces to the default settings since they are set up initially for the configuration that I am looking for The problem Although the system recognizes both cards (IRQs and IO addresses) at startup, the eth1 interface fails to activate, light up the led on the hub and can not be pinged from my other workstation on the internal lan. Any ideas how to proceed would be much appreciated. Thanks Dave --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] trouble accessing firewall
Really wouldn't matter, just yet, that ping isn't enabled. If he has no link light from the LEAF box on his switch/hub, and no light on the networking card, then there's an issue that's lower than Layer 3 (IP), and probably an issue at Layer 1 (Physical). After he figures out the reason he doesn't have link, then yeah, the firewall issue with ICMP comes into play. :) Henning Jebsen wrote: Did you allow pinging to/from the firewall ? You have to switch it on explicitly in recent versions: http://www.shorewall.net/ping.html Greetings ! --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Is my NIC the bottleneck?
You shouldn't be, because you were right that there's a bottleneck, you just missed what the bottleneck is. A 768k T-1 or Cablemodem line is going to give you around 90-95Kbytes/sec on a download, whereas your DSL is only turning out around 70Kbytes/sec. The reason for this is pretty straightforward: DSL uses ATM connections between the Central Office DSLAM and the ISP's router. Since ATM only works in packets 53 bytes large, a packet of 1500 bytes gets chopped up into a bunch of other packets, each with it's own control and error markers, and doesn't actually get reassembled until it arrives at the DSL modem. It's worse, too, if you've got PPPoE, as that adds in it's own overhead. The net result is, if you've got a DSL line of speed X, and a Cable line of speed X, then as long as the cable line isn't on an overloaded cable node, the cable line will be faster, because it doesn't have to convert to a half-dozen different Layer 2/3 Protocols along the way. Oh, and yes, some DSL modems do have firewall/NAT routers built in these days, but they tend not to work too well for gaming applications. George Peter Nosko wrote: pn] Thanks, all. I'm ashamed that I was unable to do that math myself. --- [EMAIL PROTECTED] wrote: Do you run your DSL modem as a modem only, or does it do DHCP, DNS and firewall as well? pn] Not sure what you mean (do DSL modems do all that?). My LEAF boxes do the DHCP, DNS and firewall (and good 'ole routing). pn] Hey Charles, E2B is still solid. ;) = - Peter Nosko ([EMAIL PROTECTED]) This is a good place for a tagline. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] shorewall policy question (lots of hits from fw to loc)
The first thing I'd be doing here is NOT asking how to allow these packets to pass, but trying to figure out why they're being sent in the first place. If you're using a default Bering install without monkeying with the Bering settings, and you're using DHCP, then your gateway should be 192.168.1.254, and 192.168.1.1 would be a machine on your LAN. Either way, if you're getting a flood of ICMP packets from anywhere to anywhere, it's questionable. I don't know of anything that would generate ICMP from a Bering box to anything without user input, at least in the basic setup, so a little forensics work would be in order to find out what's really going on. Given the number of worms and virii out there that use ICMP sweeps to find vulnerable systems, I'd be hesitant to allow ICMP of any kind. It technically breaks RFC standards, but I don't know of anything that it actually causes a problem with by doing. Matt wrote: hi, i'm new to bering-uclibc and shorewall (but have used lrp and dachstein). I'm getting hundreds of icmp "hits" showing up in the shorewall log between my bering box and one of my local machines. here's an example: Jan 1 00:00:00 unity Shorewall:all2all:REJECT: IN= OUT=eth0 MAC= SRC=192.168.1.1 DST=192.168.1.5 LEN=83 TOS=00 PREC=0x00 TTL=64 ID=29297 PROTO=ICMP TYPE=3 CODE=0 eth0 is my lan interface (192.168.1.1), and ppp0 is the net interface (dialup). I think that a solution would be to add the following line to the shorewall policy, but i have some questions on it... fw loc ACCEPT this seems like a very "normal" thing to do, so why is it not set in the default config? are there any reasons to not accept these connections (other than local attacks on the firewall)? thanks, -matt --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Re: BGP
This is not entirely correct. There is, in fact, an RFC1918 equivalent for AS routing numbers, for one. Of course, a private AS should only really be used if you're multihoming to two different gateways on the same provider network. Additionally, ARIN only requires that you have a unique routing policy that differs from that of your border gateway peers or that you are multi-homed, in the sense that you are connected to two or more upstream providers - one provider with two gateway locations can be handled, if necessary, by a Private AS. Most likely, the connection size limitation is enforced either by an LIR providing the number, or (possibly) the nation's laws, though that would be a stretch. RIPE itself only requires that you have your own, independently owned address space, that your routing policy is consistent and unique in comparison to your peers, that you can't use a private ASN, and that you are multi-homed. If you're having issues with bandwidth limitations preventing you from getting an AS, bypass the LIR and go straight to RIPE (or ARIN, in the States) for it. Oh, and from experience, Michelle, if you're setting that system up on BGP for redundancy purposes, make damned sure that if all the fibre is going to the same site that they do not pass through the same locations on their way to the upstream providers. It really stinks when your redundant connections all die at once because of a power loss at the central office. Michelle Konzack wrote: Am 2004-04-22 23:01:21, schrieb William Burns: I was thinking of building a BGP aware router (W/ only ethernet interfaces) and having it communicate w/ the 2 ISPs through the existing cisco routers. I've been told that BGP routers can't do that and that I need a single BGP aware router w/ 2 v.35 interfaces on it. Is that true? If so, where do I get V.35 interfaces for use w/ LEAF? I've got 2 T1s w/ two different ISPs (hence the desire to use BGP) I already have two dinky cisco routers w/ v.35 interfaces. If you have only two T1's you will never get your AS-Number for BGP-Routing. I planing to do this in Morocco with 4 BGP-4 Routers (Do not know wether Debian or CISCO) but with much more the OC3's The minimum is an E3 (34 MBit) en Europe or T3 (45 MBit) in the USA It is new for me to and I have to learn many things about this.. =8O Greetings Michelle --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Re: [leaf-devel] ANN: Bering-uClibc 2.2 beta2
Because not everyone uses Linux on anything but their LEAF box. Heck, I DO use Linux, and when I do an upgrade it's usually with WinImage. K.-P. Kirchdörfer wrote: Am Dienstag, 11. Mai 2004 20:04 schrieb Marko Nurmenniemi: K.-P. Kirchdörfer wrote: Due to new linuxrc "backupdisk" is broken and has been removed. With scp and dd support it shouldn't be a problem though - will anyone miss this feature? I will miss it. Noted. thx for feedback. Keep it simple for the common people. Menu option needs no learning and floppies do break from time to time... If you build your floppy from baseimage with dd, what's the problem todo dd your configured floppy back to onto your /home - where it will be safer as on a second floppy and backup'ed? But if there is demand, we will try to find a solution. kp --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=dnemail3 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Dachstein as border_router? (public ip addresses etc)
Don't know about shorewall (which you would have to configure to allow VPN traffic to pass through to that specific IP address), but what you basically want it to do is substitute for a traditional router. Effectively, you'd simply have to turn off NAT and let DNS and the public IP addresses do the rest. I'd probably use Bering or Bering-uClibC instead of Dachstein, which I don't think is actively developed any longer. (Charles, please hit me with the correction-bat if that's wrong.) Configuring Shorewall, on the other hand, is pretty straightforward; all you need to do is forward the ports you want to hit each device to the respective devices, and deny all (probably both ways - loc to net and net to loc) on everything else. Going from memory, the commands would be: ACCEPT net loc:addrPUBB TCP/UDP* PortNum * Whichever protocol is correct. That would be VPN. If addrPUBC is a Web and FTP server, and addrPUBD is a mailserver, then you'd do: ACCEPT net loc:addrPUBCTCP http ACCEPT net loc:addrPUBCTCP https ACCEPT net loc:addrPUBCTCP ftp ACCEPT net loc:addrPUBCTCP ftp-data ACCEPT net loc:addrPUBD TCP smtp (Again, please correct me if I've flubbed this.) The routing itself, any variant of LEAF is going to be able to accomplish with ease, as it will be straight vanilla routing without even a need for connection tracking, because there's no NAT type stuff going on. Shorewall shouldn't be too tough, either, as long as you know what needs access where. Craig Johnson wrote: Wondering if I can get some help? I have a static public IP from ISP for an ADSL account (call it addrISP). We also have our own public IP range. I want to setup an LEAF box (eg dachstein), which holds the addrISP on one NIC, and one of our public IP addresses on another NIC. Then it will route all traffic through to other servers on the public IP addresses. Also there is an internal network beheind one of the other public IP addresses, with a VPN server attached. So, two questions: * what is the best way/distro to setup a LEAF box as this kind of border router? (I noticed references to border_router options on the dachstain network.conf documentation page, but haven't been able to find any substantial documentation about setting one up.) * how do I also set up the LEAF box so that it can receive VPN server requests on it's IP address (addrISP), but forward those requests to be served by another firewall server connected to the internal lan? Diagramatically, I guess I want something like: [Internet] | eth0 (addrISP) | LEAF Box | eth1 (addrPUBA) | - | | | (addrPUBB) (addrPUBC) (addrPUBD) Server 1 (VPN etc) Server 2 Server 3 (addrPRIVA) | internal network Thanks! Craig --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg297 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LEAF article
Couple of things to let you know about: Jim Hubbard wrote: 1. What sort of throughput, for instance, could LEAF-Bering theoretically provide on a Pentium 100 system with edo ram and with 10/100 nics, cables, and switch, assuming that all other systems connected have unlimited speed? Check the archives; sometime in the last month or so someone ran some throughput tests (or posted old test results from somewhere, not sure which) that might give you an idea on this. 2. How does the throughput of a LEAF-Bering system running on hardware X compare to Cisco switch X? Different animals; LEAF does routing, firewalling, and DMZ. Switches - even Cisco switches, aren't designed to do that. You're generally still going to need a switch behind a LEAF box, unless you're going into the realms of quad-port NICs and other specialized hardware. What a switch will do is allow you to define virtual LANs and prevent unnecessary data spewing all over your networks, as well as provide some rudimentary filtering based on MAC and IP. A Cisco router is where all the firewalling would be done, and on a price/performance ratio - or even on a performance ratio - a $200 LEAF box will be way overpowered and blow the doors off of most Cisco routers. 3. How does LEAF-Bering compare, overall, to a Cisco switch? Same as above. 4. What hardware do you run LEAF-Bering on, and what sort of performance do you get from it? For me, P3-500, 64MB memory, floppy for configs plus CD boot. And I've got WAY more horsepower than I need for the four systems (two wireless-connected computers and two ethernet connected) hooked up to it. I'm on 3Mbit down, 256k up cablemodem, and I routinely max my line out for several hours at a clip without issue - I have actually seen 3.13 Mbit/sec out of it for about 3 minutes before it drops back down to 3.01 or so, which I tend to think was just a good minute on my cablemodem. With 10Mbit 3Com NICs, I believe there's a practical limit of around 5Mbit/sec, but very few people - even in the business world - are going to be using 10Mbit NICs with a pipe bigger than 5 Mbit/sec for their uplink. --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] CISCO 1600 Router Replacment
Chris Lee wrote: As I don't know how to config CISCO, I use Getif to peek the config via SNMP. For Interface, it show: descr. ip address Ethernet0 10.0.108.254/255.255.255.0 203.198.77.78/255.255.240 Ethernet1 172.23.76.154/255.255.255.252 Tunnel5 192.168.79.94/255.255.255.252 I think Ehternet1 is the WAN IP address?? And don't know what is Tunnel5? Woopsie. Tunnel5 is your default gateway interface. It's either an IPSec or PPTP tunnel from your location back you your ISP, and that means a couple of things: 1. Your ISP is likely to get grouchy if they don't own the system connecting to them via the tunnel; 2. You'll need the information your ISP is using to form the tunnel, obtainable probably from the ISP only, especially if you're not familiar with configuring a Cisco. First I want leaf to peform normat NAT router for range of internet ip address Then, I want to setup SNMP to collect networking perform per ip Finally, setup QOS for each ip. It is possible? It is, but is there any reason that it HAS to replace the Cisco? LEAF would work quite well sitting right behind the Cisco, and while it might be a bit redundant, at least you wouldn't have to worry about your ISP wanting access to your firewall - something nearly guaranteed to mess it up. You might get lucky and have a good ISP who would be willing to work with you on the subject, so it can't hurt to ask them - you'd need to get all the tunnel info anyhow - but from personal experience, most commercial internet companies are really leery of letting their customers control whatever the inbound side of the line is connected to, simply because it makes their lives far harder. --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Zoom CableModem Model 5001 Support?
Anyone know if there's an already-compiled module out there for Bering or Bering uClibC for the Zoom Model 5001 PCI cablemodem? There's a reference driver up on their website that's distributed under the GPL; I'm just wondering if anyone's grabbed it. I'm looking to buy a new cablemodem, and not only is this the cheapest option, but it'll save space on the plugs, power consumption for the same, and eliminate one more bit of flashing-LED equipment from the rack. --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html