Re: [leaf-user] Shorewall problem
On Fri, 2005-04-15 at 08:12 -0700, Tom Eastep wrote: > To correct this problem. > > 1) xtgyo spiteys 988674 flsiey8 http://xxx.xxx.xxx.xxx/yy.htm > 2) psyyt witii sopom dspslosy > 3) soppllmo soppoym splo There goes another keyboard! -- Homer Parker <[EMAIL PROTECTED]> Homer's Hut --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] shorewall spoof-protect, norfc1918,nobogons and all that
On Tue, 2005-03-15 at 19:06 -0800, Tom Eastep wrote: > You apparently suffer from a vision problem that is common among > Shorewall users -- it's called "Shorewall-selective > opthalinklaprosis". Thanks for a morning chuckle Tom ;) --- Homer signature.asc Description: This is a digitally signed message part
[leaf-user] Squid
What, and where, is the latest squid package for Bering 1.2? -- Homer Parker "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft's Homepage, on the day an SQL Server bug crippled large sections of the Internet. --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Shorewall vs Ipsec in Bering uClibc 2.1
Ok, now that I'm past my minor problem with ipsec.o, I'm having some startup problems... It seems that shorewall is starting before ipsec, so shorewall doesn't start.. I edited /etc/ipsec, and changed all the S42s on the RCDLINKS line to S40 and it works fine now... -- Homer Parker/"\ ASCII Ribbon Campaign BOFH for homershut.net \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net / \ Respect for open standards "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft's Homepage, on the day an SQL Server bug crippled large sections of the Internet. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] uClibc ipsec
Just installed the ipsec package from: http://leaf.sourceforge.net/packages/uclibc-0.9/20/ipsec.lrp Rebooted, and there's no ipsec.o :( Looked in the archive, and can't find it there either :( -- Homer Parker/"\ ASCII Ribbon Campaign BOFH for homershut.net \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net / \ Respect for open standards "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft's Homepage, on the day an SQL Server bug crippled large sections of the Internet. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] OT -IPSec routing question
I have an IPSec tunnel setup across a wireless link that I'm trying to get right. Here's the layout: Local lan - wireless bridge - wireless bridge - remote lan What I have currently requires some babysitting if the Bering 1.2 box on the remote lan gets reset. The routing is a mess when it comes up. I think part of the problem is the IP addressing, which is as follows: Local: 2: eth0: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 02:00:07:e3:92:1e brd ff:ff:ff:ff:ff:ff inet 208.191.32.34/29 brd 208.191.32.39 scope global eth0 3: eth1: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:e0:18:26:a4:51 brd ff:ff:ff:ff:ff:ff inet 10.0.0.1/24 brd 10.0.0.255 scope global eth1 4: ipsec0: mtu 16260 qdisc pfifo_fast qlen 10 link/ether 00:e0:18:26:a4:51 brd ff:ff:ff:ff:ff:ff inet 10.0.0.1/24 brd 10.0.0.255 scope global ipsec0 Remote: 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:02:e3:15:ce:69 brd ff:ff:ff:ff:ff:ff inet 10.0.0.40/24 brd 10.0.0.255 scope global eth0 4: eth1: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:40:63:c0:93:2a brd ff:ff:ff:ff:ff:ff inet 10.0.1.254/24 brd 10.0.1.255 scope global eth1 5: ipsec0: mtu 16260 qdisc pfifo_fast qlen 10 link/ether 00:02:e3:15:ce:69 brd ff:ff:ff:ff:ff:ff inet 10.0.0.40/24 brd 10.0.0.255 scope global ipsec0 This is the working configuration. The local end is a RH box that connects to the local LAN (10.0.0.0/24) and the wireless bridge, and does IP Masq for both networks. The remote is a Bering 1.2 that connects to the LAN (10.0.1.0/24) and the wireless bridge on that end. When the Bering box reboots, the default route is out eth0, not ipsec0. I'm not sure if this is a configuration error, or if it's because of the IP layout with both ends of the IPSec tunnel being in the same netblock. I'm replacing the RH box with another Bering 1.2 box, and would like to clean up this mess at the same time. Any thoughts or links appreciated. -- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft's Homepage, on the day an SQL Server bug crippled large sections of the Internet. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] opening UDP ports Bering with shorewall
On Thu, 2003-12-18 at 21:15, Tom Eastep wrote: > On Thu, 18 Dec 2003, Mike Noyes wrote: > > > On Thu, 2003-12-18 at 11:12, Dalziel, Josh wrote: > > > Its not that I take it offlist, if I send an attachment the email is blocked > > > by the list admin cause it has a suspicious header. > > > > Josh, > > That is correct. We block almost all attachments. Please post your > > content in-line. > > > > The reason we do is related to the older version of Mailman installed on > > SF.net. Excessive SPAM and attachments containing viruses are a couple > > of other reasons. > > > > I apologize if this policy has inconvenienced you in any way. > > > > Note: the Shorewall mailing lists are using a newer version of > > Mailman, and have more control over MIME content (attachments, > > etc.). > > > > Mike -- It is I who am inconvenienced by this policy. I simply refuse to > try to decipher an inline 500kb "shorewall status" output that some > newbie's mailer has folded into a pretzel. > My last reply ended up going to Mike directly, but... My suggestion was to post the large text file to a web/ftp server, and including a link in the post.. Would solve all the problems.. -- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft's Homepage, on the day an SQL Server bug crippled large sections of the Internet. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Kernel panic
On Tue, 9 Sep 2003 15:12:13 +0530 "S Mohan" <[EMAIL PROTECTED]> wrote > You say syslinux.cfg but bootup msg says LILO! Maybe that is the > problem. > > Mohan That was it... Found my old Dos boot disk, fdisk /mbr, then syslinux again, and it works just fine... Thanks!!! I knew it was something strange, I've got somewhere around 20 Bering boxen out booting off CF, and had never run into that problem... --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft's Homepage, on the day an SQL Server bug crippled large sections of the Internet. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Kernel panic
Ok... I've done my normal, and it isn't wanting to work :( Created a Bering 1.2 floppy, booted from it, copied the files to a CF, edited syslinux.cfg and changed boot and package_path to /dev/hda1, syslinux the CF, and I get: LILO 22.3.4 Loading Linux. BIOS data check successful Uncompressing Linux... Ok, booting the kernel. Kernel Panic: VFS: Unable to mount root fs on 03:01 This is an old P133, Intel chipset, 16MB RAM... It boots fine from the floppy.. Any ideas? --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft's Homepage, on the day an SQL Server bug crippled large sections of the Internet. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] PCMCIA... Again...
On Sun, 20 Jul 2003 20:23:24 +0200 Jacques Nilo <[EMAIL PROTECTED]> wrote > Andre, Homer, list: > The chapter about orinoco drivers has been updated together with the > pcmcia_orinoco.lrp package. > I hope that will work for you and make things clearer. > http://leaf.sf.net/doc/guide/buwireless.html > http://leaf.sf.net/devel/jnilo/bering/1.2/packages/pcmcia_orinoco.lrp Sorry so late with the reply, it's been a Monday... Ok, here's what I have now: /etc/network/interfaces: auto eth0 iface eth0 inet dhcp auto eth1 iface eth1 inet static address 192.168.2.151 masklen 24 iface eth2 inet static address 192.168.4.121 masklen 24 broadcast 192.168.4.255 wireless_channel 1 wireless_freq 2.412 wireless_mode ad-hoc wireless_essid HomersHut wireless_key 6f77-6973-70 Which produces these results: firewall: -root- # ip addr 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: dummy0: mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:00:24:c0:9c:1c brd ff:ff:ff:ff:ff:ff inet 192.168.1.120/24 brd 192.168.1.255 scope global eth0 4: eth1: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:00:24:c0:9c:1d brd ff:ff:ff:ff:ff:ff inet 192.168.2.151/24 scope global eth1 5: eth2: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:02:2d:5e:76:2f brd ff:ff:ff:ff:ff:ff inet 192.168.4.121/24 brd 192.168.4.255 scope global eth2 firewall: -root- # ip route 192.168.4.0/24 dev eth2 proto kernel scope link src 192.168.4.121 192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.151 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.120 default via 192.168.1.254 dev eth0 firewall: -root- # iwconfig lono wireless extensions. dummy0no wireless extensions. eth0 no wireless extensions. eth1 no wireless extensions. eth2 IEEE 802.11-DS ESSID:"HomersHut" Nickname:"HERMES I" Mode:Ad-Hoc Frequency:2.437GHz Cell: 8E:00:BC:03:36:03 Bit Rate:11Mb/s Tx-Power=15 dBm Sensitivity:1/3 Retry limit:4 RTS thr:off Fragment thr:off Encryption key:6F77-6973-70 Power Management:off Link Quality:0 Signal level:0 Noise level:0 Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:16 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 firewall: -root- # ping 192.168.4.122 PING 192.168.4.122 (192.168.4.122): 56 data bytes ping: sendto: Operation not permitted firewall: -root- # I've tried changing the channel and the frequency, and it still doesn't listen (If I really wanted abuse like that, I've got 6 kids that will do tha tfor me) :( And, judging by the ping results, something isn't right :( Here's the modules loaded: firewall: -root- # lsmod # Module PagesUsed by orinoco_cs 4580 1 orinoco31596 0 [orinoco_cs] hermes 4960 0 [orinoco_cs orinoco] ds 6796 1 [orinoco_cs] i82365 27044 1 pcmcia_core41088 0 [orinoco_cs ds i82365] ip_nat_irc 2176 0 (unused) ip_nat_ftp 2784 0 (unused) ip_conntrack_irc2880 1 ip_conntrack_ftp3648 1 natsemi10220 2 pci-scan3532 1 [natsemi] ide-probe-mod 8476 0 ide-disk9304 0 ide-mod63076 0 [ide-probe-mod ide-disk] I can also post log file excerpts if that will help, but there's no errors in them.. How can I tell what isn't talking to what? I can ping out the eth0 interface just fine.. --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft's Homepage, on the day an SQL Server bug crippled large sections of the Internet. --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] PCMCIA... Again...
Ok, don't know if it was bad karma or what, but... Those strange errors from yesterday have disappeared... Some days, it just doesn't pay to try and work on things, it ain't meant to happen! ;) Now, here's what I'm picking up in the logs... Again, this is Bering 1.2 on a Soekris Net4511 box with an Orinoco silver card flashed with the latest firmware... Begin cut-n-paste of selected logs: daemon.log Mar 28 01:19:56 firewall cardmgr[5617]: watching 1 sockets Mar 28 01:19:56 firewall cardmgr[11888]: starting, version is 3.2.4 Mar 28 01:19:56 firewall cardmgr[11888]: socket 0: Intersil PRISM2 11 Mbps Wireless Adapter Mar 28 01:19:56 firewall cardmgr[11888]: executing: 'insmod /lib/modules/2.4.20/pcmcia/hermes.o' Mar 28 01:19:56 firewall cardmgr[11888]: + Using /lib/modules/2.4.20/pcmcia/hermes.o Mar 28 01:19:56 firewall cardmgr[11888]: executing: 'insmod /lib/modules/2.4.20/pcmcia/orinoco.o' Mar 28 01:19:56 firewall cardmgr[11888]: + Using /lib/modules/2.4.20/pcmcia/orinoco.o Mar 28 01:19:56 firewall cardmgr[11888]: executing: 'insmod /lib/modules/2.4.20/pcmcia/orinoco_cs.o' Mar 28 01:19:56 firewall cardmgr[11888]: + Using /lib/modules/2.4.20/pcmcia/orinoco_cs.o Mar 28 01:19:57 firewall cardmgr[11888]: executing: './network start eth2' Mar 28 01:19:57 firewall cardmgr[11888]: + .: Can't open /etc/pcmcia/wireless Mar 28 01:19:57 firewall cardmgr[11888]: start cmd exited with status 2 debug Mar 28 01:19:56 firewall kernel: hermes.c: 4 Dec 2002 David Gibson <[EMAIL PROTECTED]> Mar 28 01:19:56 firewall kernel: orinoco.c 0.13b (David Gibson <[EMAIL PROTECTED]> and others) Mar 28 01:19:56 firewall kernel: orinoco_cs.c 0.13b (David Gibson <[EMAIL PROTECTED]> and others) Mar 28 01:19:56 firewall kernel: eth2: Station identity 001f:0001:0008:0048 Mar 28 01:19:56 firewall kernel: eth2: Looks like a Lucent/Agere firmware version 8.72 Mar 28 01:19:56 firewall kernel: eth2: Ad-hoc demo mode supported Mar 28 01:19:56 firewall kernel: eth2: IEEE standard IBSS ad-hoc mode supported Mar 28 01:19:56 firewall kernel: eth2: WEP supported, 104-bit key Mar 28 01:19:56 firewall kernel: eth2: MAC address 00:02:2D:5E:76:2F Mar 28 01:19:56 firewall kernel: eth2: Station name "HERMES I" Mar 28 01:19:56 firewall kernel: eth2: ready Mar 28 01:19:57 firewall kernel: eth2: index 0x01: Vcc 5.0, irq 10, io 0x0100-0x013f messages Mar 28 01:19:55 firewall kernel: Linux PCMCIA Card Services 3.2.4 Mar 28 01:19:55 firewall kernel: kernel build: 2.4.20 #1 Sun May 11 18:53:34 CEST 2003 Mar 28 01:19:55 firewall kernel: options: [pci] [cardbus] [apm] Mar 28 01:19:55 firewall kernel: Intel ISA/PCI/CardBus PCIC probe: Mar 28 01:19:55 firewall kernel: TI 1410 rev 02 PCI-to-CardBus at slot 00:09, mem 0xa000 Mar 28 01:19:55 firewall kernel: host opts [0]: [pci only] [pci irq 10] [lat 63/63] [bus 1/1] Mar 28 01:19:55 firewall kernel: PCI card interrupts, PCI status changes Mar 28 01:19:56 firewall kernel: cs: memory probe 0xa000-0xa0ff: excluding 0xa000-0xa00f Mar 28 01:19:56 firewall kernel: cs: IO port probe 0x0100-0x04ff: clean. Mar 28 01:19:56 firewall kernel: cs: IO port probe 0x0800-0x08ff: clean. Mar 28 01:19:56 firewall kernel: cs: IO port probe 0x0a00-0x0aff: clean. Mar 28 01:19:56 firewall kernel: cs: IO port probe 0x0c00-0x0cff: clean. So, in one log I'm running a Prism2, and in another a Lucent/Agere :( Then there's the error about "Can't open /etc/pcmcia/wireless"... This is getting stranger the more I work with it :( --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft's Homepage, on the day an SQL Server bug crippled large sections of the Internet. --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] PCMCIA - Part 2
Ok, now I've got an even weirder problem... I've got two 4511s here, and I get this with both, as well as across multiple Orinoco PCMCIA cards.. Here's the error: eth2: Tx timeout! ALLOCFID=0201, TXCOMPLFID=, EVSTAT=8000 eth2: orinoco_reset: Error -19 re-initializing firmware Pages and pages of that error :( Any ideas? --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft's Homepage, on the day an SQL Server bug crippled large sections of the Internet. --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] essid and ip problem
On Wed, 16 Jul 2003 11:48:30 +0800 "Victor Berdin" <[EMAIL PROTECTED]> wrote > This means that there's no problem with the needed wireless packages > and modules you already have in Bering. What is left to check now are > the syntax you have on Bering confs. Perhaps even the Bering scripts. > Specifically on how wireless support is being handled, or if it is > being > handled properly at all. This is where the challenge begins! > I'm not familiar with Bering. I have modified my old DS1.02 to support > both hostap and orinoco projects. > Perhaps the Bering gurus would like to step in. Well, I can't script my way out of a paper bag, but I'm hoping to look at it more this afternoon.. I did see an error upon shutdown saying it couldn't fine /etc/pcmcia/wireless, so I copied that an a wireless.opts from an older install, but... That didn't help anything either :( --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft's Homepage, on the day an SQL Server bug crippled large sections of the Internet. pgp0.pgp Description: PGP signature
Re: [leaf-user] essid and ip problem
On Tue, 15 Jul 2003 13:52:40 +0800 "Victor Berdin" <[EMAIL PROTECTED]> wrote > This shows that your wireless settings were not implemented properly. > You can try manually setting the ESSID and MODE of your wireless > card using 'iwconfig'. Once working, and I'm positive it will, you can > double check what went wrong with your Bering conf settings/scripts. It does take the commands from the command line, and show they are implemented when I run iwconfig against the interface, but... Upon reboot, they are all gone.. I've got 6 Orinoco cards here, with different firmware in them, and none of them will work properly :( I'm not sure where to go from here :( --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft's Homepage, on the day an SQL Server bug crippled large sections of the Internet. pgp0.pgp Description: PGP signature
[leaf-user] essid and ip problem
Bering 1.2, Orinoco silver cards in a Soekris Net 4501 box.. Having a problem getting the essid to work, and get an ip assigned to the radio :( Here's what I have: /etc/network/interfaces: auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp auto eth1 iface eth1 inet static address 192.168.2.151 masklen 24 iface eth2 inet static address 192.168.3.1 masklen 25 wireless_mode ad_hoc wireless_essid private wireless_key s:priva wireless_channel 11 # iwconfig lono wireless extensions. dummy0no wireless extensions. eth0 no wireless extensions. eth1 no wireless extensions. eth2IEEE 802.11-DS ESSID:"" Nickname:"HERMES I" Mode:Managed Frequency:2.422GHz Access Point: 00:00:00:00:00:00 Bit Rate:11Mb/s Tx-Power=15 dBm Sensitivity:1/3 Retry limit:4 RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality:0/92 Signal level:134/153 Noise level:134/153 Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 # ip addr 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: dummy0: mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:00:24:c0:9c:1c brd ff:ff:ff:ff:ff:ff inet 192.168.1.120/24 brd 192.168.1.255 scope global eth0 4: eth1: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:00:24:c0:9c:1d brd ff:ff:ff:ff:ff:ff inet 192.168.2.151/24 scope global eth1 5: eth2: mtu 1500 qdisc noop qlen 100 link/ether 00:60:1d:23:7e:bb brd ff:ff:ff:ff:ff:ff When I restart the pcmcia service, it looks as if it loads ok, no errors, and I get the single solid light on the radio that I would expect.. I have the other end of the link to configure yet, so I'm not sure if it is associating or not.. --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft's Homepage, on the day an SQL Server bug crippled large sections of the Internet. pgp0.pgp Description: PGP signature
Re: [leaf-user] natsemi driver..
On Tue, 24 Jun 2003 16:29:31 -0500 Lynn Avants <[EMAIL PROTECTED]> wrote > On Tuesday 24 June 2003 04:25 pm, Bibinsa wrote: > [...] > > Incredible ! I use Netgear FA311 (natsemi.o module) > > and I don't have to use pci-scan.o > > Very strange... > > Kernel modules don't use pci-scan, but the Donald Becker > modules do. Different section of the 'modules tree'. Ah-ha!!! I just went rooting around the modules for Bering 1.2, and there are 2 natsemi ;) One is under kernel/drivers/net and the other is just under net.. I guess the later are the Becker drivers? --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft's Homepage, on the day an SQL Server bug crippled large sections of the Internet. pgp0.pgp Description: PGP signature
Re: [leaf-user] Intel chipset
On Tue, 01 Jul 2003 11:14:45 +0100 Julian Church <[EMAIL PROTECTED]> wrote > Hi Homer > > On Mon, 30 Jun 2003 10:55:04 -0500, Homer Parker <[EMAIL PROTECTED]> > > wrote: > > > Bering 1.2, Tekram P6B40-A4X motherboard gives me this during boot > > up: > > > > PIIX4: detected shipset, but driver not compiled in! > > > > That's nothing to worry about. PIIX4 is the IDE chipset on your > motherboard. With Linux, support for things like this can either be > incorporated when the kernel is compiled, or added later by loading > additional kernel modules. > > Support for IDE isn't compiled into Bering's stock kernel, because it's > not always needed. Ok... That I understand, but I'm running from compact flash.. Put that compact flash in another system with an ALI chipset, and did not get the warning.. It loaded just fine... Why the difference? --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft's Homepage, on the day an SQL Server bug crippled large sections of the Internet. pgp0.pgp Description: PGP signature
[leaf-user] Intel chipset
Bering 1.2, Tekram P6B40-A4X motherboard gives me this during boot up: PIIX4: detected shipset, but driver not compiled in! This motherboard is running an Intel 440BX chipset.. Anything I should be worried about? It seems to work ok so far, but it's not in production yet.. --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft's Homepage, on the day an SQL Server bug crippled large sections of the Internet. pgp0.pgp Description: PGP signature
Re: [leaf-user] natsemi driver..
On Tue, 24 Jun 2003 21:02:34 +0200 "eric wolzak" <[EMAIL PROTECTED]>
wrote....
> Hello Homer,
>
> are you sure you got the correct modules.
> in my modules on a 2.4.20 pci_drv_register and pci_drv_unregister are
> not mentioned.
> in the modules on a 2.2.20 they are. those are dependant of pci-scan.
Here's what I'm using:
-rw-rw-rw-1 hparker hparker 1720320 May 15 12:11
Bering_1.2_img_bering-1680.bin
-rw-rw-rw-1 hparker hparker 8590827 May 15 12:17
Bering_1.2_modules_2.4.20.tar.gz
> So please check if you have the correct module. If so try installing
> pci-scan before.
firewall: -root-
# insmod pci-scan
Using /lib/modules/pci-scan.o
firewall: -root-
# insmod natsemi
Using /lib/modules/natsemi.o
That looks much better ;) Thanks!
---
Homer Parker /"\ ASCII Ribbon Campaign
\ / No HTML/RTF in email
http://www.homershut.net x No Word docs in email
telnet://bbs.homershut.net/ \ Respect for open standards
"Bill Gates reports on security progress made and the challenges ahead."
-- Microsoft's Homepage, on the day an SQL Server bug crippled large
sections of the Internet.
pgp0.pgp
Description: PGP signature
[leaf-user] Orinoco drivers
The Bering 1.2 pcmcia_orinoco.lrp does not include a wireless.opts file, nor an option to edit that file.. Has that functionality been moved someplace else? --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft's Homepage, on the day an SQL Server bug crippled large sections of the Internet. pgp0.pgp Description: PGP signature
[leaf-user] natsemi driver..
Bering 1.2 in a Net4501 Soekris box.. Loading natsemi.o gives me: # insmod natsemi Using /lib/modules/natsemi.o insmod: unresolved symbol pci_drv_unregister insmod: unresolved symbol pci_drv_register Looking at modules.dep, it doesn't look like it relies on anything else.. --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft's Homepage, on the day an SQL Server bug crippled large sections of the Internet. pgp0.pgp Description: PGP signature
Re: [leaf-user] Edit Bering Config files Offline
On Sun, 8 Jun 2003 21:43:31 +0200 "eric wolzak" <[EMAIL PROTECTED]> wrote > # all steps in one liners ;) > mkdir /temp > mount -t msdos /dev/fd0u1680 /mnt > cp /mnt/etc.lrp /temp > cd /temp > tar -xzf etc.lrp Here's what I get trying it with Bering 1.2: [EMAIL PROTECTED] tmp]$ tar xzf etc.lrp tar: etc/multicron-p: Cannot create symlink to `cron.daily/multicron-d': Operation not permitted tar: var/lib/lrpkg/etc.version: Cannot create symlink to `root.version': Operation not permitted tar: etc/cron.monthly/multicron-m: Cannot create symlink to `../cron.daily/multicron-d': Operation not permitted tar: etc/cron.weekly/multicron-w: Cannot create symlink to `../cron.daily/multicron-d': Operation not permitted tar: Error exit delayed from previous errors [EMAIL PROTECTED] tmp]$ I tried it as root also, and got even more errors... I'm trying to modify it for serial port output.. --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft's Homepage, on the day an SQL Server bug crippled large sections of the Internet. pgp0.pgp Description: PGP signature
Re: [leaf-user] grsecurity
On Tue, 1 Apr 2003 14:42:17 +0200 (CEST) Bibinsa <[EMAIL PROTECTED]> wrote > --- "Luis.F.Correia" <[EMAIL PROTECTED]> a > écrit : > > > > > Sounds like an April's Fool :) > > > I hope so !! > If not... what should we do with bering ? > If you click on the grsecurity logo, it takes you to: http://www.grsecurity.net/realindex.php So, it looks like it's still available, so maybe it is an April Fools joke.. And, if you hit the News link, you get: http://www.grsecurity.net/news.php --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft's Homepage, on the day an SQL Server bug crippled large sections of the Internet. pgp0.pgp Description: PGP signature
[leaf-user] Ssh
Ok, I got the IPSec problem worked out, and I have a working tunnel across the wireless link... Now I have another little problem.. I can't ssh into it... First the layout: workstation - bering1.0 - internet - rh7.2 w/shorewall - ipsec - bering1.0 I have tried from the workstation to the RH box, and ssh to the other end of the IPSec tunnel, and I also tried DNATing a high port on the RH box to 22 on the other end of the tunnel and connecting to that from the workstation, and I get the same thing either way.. It prompts me for the password, I enter it, hit enter, the cursor moves to the next line and just sits there and blinks at me.. CTRL-C and I'm back at the prompt.. When I set the Bering box up, I ssh'd to it on the local LAN and it worked fine... I'm not sure why it's doing this.. Any ideas? --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft's Homepage, on the day an SQL Server bug crippled large sections of the Internet. pgp0.pgp Description: PGP signature
Re: [leaf-user] VPN
ORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 290 packets, 44376 bytes) pkts bytes target prot opt in out source destination 290 44376 outtos ah -- * * 0.0.0.0/0 0.0.0.0/0 Chain POSTROUTING (policy ACCEPT 290 packets, 44376 bytes) pkts bytes target prot opt in out source destination Chain outtos (1 references) pkts bytes target prot opt in out source destination 0 0 TOStcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 TOS set 0x10 289 44306 TOStcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:22 TOS set 0x10 0 0 TOStcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 TOS set 0x10 0 0 TOStcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:21 TOS set 0x10 0 0 TOStcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:20 TOS set 0x08 0 0 TOStcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 TOS set 0x08 Chain pretos (1 references) pkts bytes target prot opt in out source destination 263 21096 TOStcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 TOS set 0x10 0 0 TOStcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:22 TOS set 0x10 0 0 TOStcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 TOS set 0x10 0 0 TOStcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:21 TOS set 0x10 0 0 TOStcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:20 TOS set 0x08 0 0 TOStcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 TOS set 0x08 tcp 6 431999 ESTABLISHED src=10.0.0.1 dst=10.0.0.117 sport=53441 dport=22 src=10.0.0.117 dst=10.0.0.1 sport=22 dport=53441 [ASSURED] use=1 --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft's Homepage, on the day an SQL Server bug crippled large sections of the Internet. pgp0.pgp Description: PGP signature
[leaf-user] VPN
Trying to implemetn a VPN, and having a minor blockage in my thought process. Running Bering 1.0 as the router in the following layout: Internet - eth0 firewall eth1 - wireless - eth0 router eth1 - LAN2 |10.0.1.0/24 LAN1 10.0.0.0/24 Wanting to run a VPN to secure the wireless from eth1 on the firewall to eth0 on the router.. I have shorewall configured as I do in other working VPNs (I'm not really needing the firewalling, but I don't think it will hurt anything), the problem I'm having is getting the tunnel itself up, and the routing configured.. If I allow eth0 on the router to DHCP, it's in the subnet I'm tring to tunnel, and Freeswan complains accordingly. If I set it to 10.0.1.x, it complains "RTNETLINK answers: Network is unreachable" and then "`ip route add 10.0.0.0/24 dev ipsec0 via 10.0.0.1' failed". If I set it to 10.0.2.x, it then complains that "we have no ipsecN interface for either end of this connection".. If someone could kick me in the right direction it would be appreciated. I think the problem is in the addressing/routing somewhere, I just can't find the right combination.. I have tried the sections "Wireless" and "The Internet as a big subnet" on the following page: http://www.freeswan.org/freeswan_trees/freeswan-1.99/doc/adv_config.html#adv_config But, it still isn't getting the VPN initiated on the router. --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft's Homepage, on the day an SQL Server bug crippled large sections of the Internet. pgp0.pgp Description: PGP signature
Re: [leaf-user] Using a wireless router with LEAF (Dachstein, Bering)
On Mon, 10 Feb 2003 23:38:29 -0500 "Peter Nosko" <[EMAIL PROTECTED]> wrote > pn] Thanks Ray, Lynn and Todd for your replies! > > pn] Yes, what I want is simply an access point for my notebook PC. Not > just to be more mobile in the house, but one of the few irritants with > my notebook is that the NIC connector on the left side near the front. > What a PITA. > > pn] Todd, you mentioned you did this with a D-Link model. The Linksys > has a WAN port, 4 LAN ports and an uplink port (shares port 4). Is this > similar to yours? Are you saying that I can just connect my current > laptop connector into one of the LAN ports and it will act as a hub with > wireless access? I didn't see any notes about this in the users guide. > > pn] One last concern (paranoia) of mine is (of course) security. I want > to be reasonably certain no one else can connect (I'm in an > apartment-style condo) to this "access point" or monitor the wireless > traffic. A separate subnet that can't get to my internal network would > make the connection effectively useless for me too. > > pn] I'm not as concerned about a slight price difference. Is anyone > here using the D-Link DLINK XTREME G WIRELESS ACCESS POINT 11G > DWL2000AP with the DLINK XTREME G WIRELESS ACCESS POINT 11G DWL2000AP? > Do you trust the security provided by it? > > pn] TIA for feedback. I had some extra Cisco cards laying around, so I stuck on of them in my Bering box.. Gave it a diferent subnet and used the MAC authentication in Shorewall... I haven't played with sniffing yet to see how secure it is... I am using WEP, for what it's worth.. If I need it more secure, I'll just IPSec the connection... It's just the kids surfing the net, so I'm not overly worried about the sniffing, just the neighbors stealing my bandwidth... --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft's Homepage, on the day an SQL Server bug crippled large sections of the Internet. msg13160/pgp0.pgp Description: PGP signature
Re: [leaf-user] Symantec
On Thu, 30 Jan 2003 11:23:48 -0500 "Brad Fritz" <[EMAIL PROTECTED]> wrote > > Homer, > > Jumping in kinda late here...apologies if I am missing the boat... > > On Thu, 30 Jan 2003 09:29:21 CST Homer Parker wrote: > > > On Thu, 30 Jan 2003 11:09:24 +0100 Erich Titl <[EMAIL PROTECTED]> > > wrote > > > > > > Ok... I guess I missed the point that the boxes don't have > > > > net > > > > > > > > access.. > > > >There are 7 systems behind the Bering box, and only 2 have net > > > >access... > > > > > > LiveUpdate without net access. It's kind of contradictive. > > > > > > > They are blocked at the firewall at the managements request... > > But, > > they want to keep the virus defs on those machines current, so I'm > > trying to find a way to handle that... > > One way to do that would be to put those machines in their own > zone, assign a reject policy from that zone to the net zone, and > then add a rule to allow traffic to just the LiveUpdate port(s) > on the LiveUpdate servers. > The proble is, the LiveUpdate servers use akamai.net, and resolve to multiple IP's.. I guess I could just allow one of them, put a hosts file on each machine, and allow just a single server that way... Till they move the server... Was hoping for a more permanent type solution... --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards This e-mail message is 100% Microsoft free! WARNING: THIS ACCOUNT BELONGS TO A RABID ANTI-SPAMMER NET-NAZI DOT-COMMUNIST!! msg12617/pgp0.pgp Description: PGP signature
Re: [leaf-user] Symantec
On Thu, 30 Jan 2003 11:09:24 +0100 Erich Titl <[EMAIL PROTECTED]> wrote > > Ok... I guess I missed the point that the boxes don't have net > > > > access.. > >There are 7 systems behind the Bering box, and only 2 have net > >access... > > LiveUpdate without net access. It's kind of contradictive. > They are blocked at the firewall at the managements request... But, they want to keep the virus defs on those machines current, so I'm trying to find a way to handle that... --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards This e-mail message is 100% Microsoft free! WARNING: THIS ACCOUNT BELONGS TO A RABID ANTI-SPAMMER NET-NAZI DOT-COMMUNIST!! msg12614/pgp0.pgp Description: PGP signature
Re: [leaf-user] Symantec
On Wed, 29 Jan 2003 14:56:01 -0800 Tom Eastep <[EMAIL PROTECTED]> wrote > > > --On Wednesday, January 29, 2003 11:40 PM +0100 Erich Titl > <[EMAIL PROTECTED]> wrote: > > > > > AFAIK LiveUpdate is initiated from the station that requests it, so > > normally you don't need to set up anything as this is related traffic. > > > > Correct -- I have LiveUpdate running here on two systems without any > special firewalling measures. > Ok... I guess I missed the point that the boxes don't have net access.. There are 7 systems behind the Bering box, and only 2 have net access... --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards This e-mail message is 100% Microsoft free! WARNING: THIS ACCOUNT BELONGS TO A RABID ANTI-SPAMMER NET-NAZI DOT-COMMUNIST!! msg12606/pgp0.pgp Description: PGP signature
[leaf-user] Symantec
What would be the best way to handle Symantec's LiveUpdate through a Bering 1.0 firewall? Tom says using domain names is not a goot thing, and I understand the reasoning behind that. liveupdate.symantecliveupdate.com resolves to several IPs on akamai.net, so putting in IPs will be a constant game of whack-a-mole :( I have several workstations that have had Internet access blocked, but need to keep the updates... One option of course is to sell him the corperate edition, and let the 2k server handle it... But, I would prefer the 2k server to not have Internet access.. --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards msg12578/pgp0.pgp Description: PGP signature
Re: [leaf-user] -=Off-Topic=- Bill Gates quote
On 24 Jan 2003 13:55:38 -0700 Steve Fink <[EMAIL PROTECTED]> wrote > Everyone, > > I snipped this from a rather lengthy e-mail I received, supposedly > from > Bill Gates himself, on the M$ TechNet channel. > > > > "A year ago, I challenged Microsoft's 50,000 employees to build a > Trustworthy Computing environment for customers so that computing is as > reliable as the electricity that powers our homes and businesses today. > To meet Microsoft's goal of creating products that combine the best of > innovation and predictability, we are focusing on four specific areas: > security, privacy, reliability and business integrity. Over the past > year, we have made significant progress on all these fronts. In > particular, I'd like to report on the advances we've made and the > challenges we still face in the security area. As a subscriber to > Executive Emails from Microsoft, I hope you will find this information > helpful." > > > > So in reading between the lines here, is Bill actually admitting > that > M$ has not ever created a stable "Trustworthy Computing environment"? > > I think so... :) > > > Steve Funny you should post that the same day the MS SQL worm (or whatever they are calling it) hit the net and ran rampart killing routers all over ;) --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards This e-mail message is 100% Microsoft free! WARNING: THIS ACCOUNT BELONGS TO A RABID ANTI-SPAMMER NET-NAZI DOT-COMMUNIST!! msg12467/pgp0.pgp Description: PGP signature
Re: [leaf-user] MAC match support
On Sun, 29 Dec 2002 11:54:35 -0600 Homer Parker <[EMAIL PROTECTED]> wrote > I'm running Bering 1.0 Stable with the 2.4.18 kernel and am trying > to use > the MAC Authentication feature of Shorewall... Does the kernel have > support for this feature? If not, is it in the updated 2.4.20 kernel? Thanks to Tom, I found the module, and life is good... Thanks! --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards This e-mail message is 100% Microsoft free! WARNING: THIS ACCOUNT BELONGS TO A RABID ANTI-SPAMMER NET-NAZI DOT-COMMUNIST!! msg11769/pgp0.pgp Description: PGP signature
[leaf-user] MAC match support
I'm running Bering 1.0 Stable with the 2.4.18 kernel and am trying to use the MAC Authentication feature of Shorewall... Does the kernel have support for this feature? If not, is it in the updated 2.4.20 kernel? --- Homer Parker /"\ ASCII Ribbon Campaign \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net/ \ Respect for open standards This e-mail message is 100% Microsoft free! WARNING: THIS ACCOUNT BELONGS TO A RABID ANTI-SPAMMER NET-NAZI DOT-COMMUNIST!! msg11768/pgp0.pgp Description: PGP signature
[leaf-user] Bering 1.0 libm.lrp
What file do I need to alter to fix this? Copying wireless.lrp Please wait: Back-up of wireless complete cat: /var/lib/lrpkg/libm.list: No such file or directory Creating libm.lrp Please wait: \tar: /tmp/EXCLUDE: No such file or directory rm: cannot remove `/tmp/EXCLUDE': No such file or directory New Package: -rw-r--r--1 root root 20 Dec 2 02:50 /tmp/libm.lrp Old Package: -rwxr-xr-x1 root root39619 Nov 22 00:12 /var/lib/lrpkg/mnt/libm.lrp Filesystem 1k-blocks Used Available Use% Mounted on /dev/hda1 3908 2592 1316 66% /var/lib/lrpkg/mnt I've just been saying no, but it's only a matter of time before I goof... This is a stock lrp, so the archive needs fixed as well... --- Homer Parker http://www.homershut.net telnet://bbs.homershut.net msg11377/pgp0.pgp Description: PGP signature
[leaf-user] IPSec
Ok, my fears were correct :( I have a problem with a race condition the involves IPSec and Shorewall with Bering 1rc3... Here's the bad ASCII art again: 10.0.0.0/24firewall 192.168.0.0/24 | | firewall - Internet | | 10.0.1.0/24firewall 192.168.1.0/24 10.0.1.0/24 can see 10.0.0.0/24, but 10.0.0.0/24 isn't allowed in 10.0.1.0/24.. That works great.. 192.168.0.0/24 needs to get into 10.0.0.0/24, and 192.168.01./24 needs into 10.0.1.0/24.. Now, when I set this up in Shorewall, I define as follows: Interfaces: #ZONEINTERFACE BROADCAST OPTIONS # net eth0detect dhcp,norfc1918 loc eth1detect routestopped dmz eth2detect routestopped,dhcp gw0 ipsec0 gw1 ipsec1 Rules: #SOURCE DESTPOLICY LOG LEVEL #LIMIT:BURST loc net ACCEPT dmz net ACCEPT dmz loc ACCEPT loc:10.0.0.201 dmz ACCEPT # FreeSwan dmz gw1 ACCEPT gw1 dmz ACCEPT loc gw0 ACCEPT gw0 loc ACCEPT So, the problem is, whoever gets in first gets ipsec0, which is gw0, which may or may not be the right one. Any ideas on how to prevent this from happening? On another note, both of these are mapping drives in Windows across these links. One is from 2000 Pro to 98, works fine. The other is from XP Home to 2000 Server with Active Directory.. The maps here work fine, except for two. They are limmitted access, where the others are open. These maps work fine from local with the user/login I setup for the remote, but will not map accross the VPN. I have other XP Home systems logging in just fine locally, it's just this one from remote. I even turned on the allow from VPN, thinking that might help, with it being a different IP block.. Any tips, pointers to RTFM's appreciated.. I searched the knowledgebase at Microsoft, but didn't find anything there... --- Homer Parker http://www.homershut.net telnet://bbs.homershut.net msg11360/pgp0.pgp Description: PGP signature
Re: [leaf-user] IPSec tunnels
On Fri, 15 Nov 2002 11:00:55 -0600 Charles Steinkuehler <[EMAIL PROTECTED]> wrote > Um...there should be no race condition in the assignment of ipsecN > interface numbering. This is done by the ipsec software. Normally, Ok, maybe I don't understand the tunneling as well as I thought I did... I'll wait till the 2nd tunnel returns from his trip, and see how it works out... Thanks! Now, back to trying to figure out Opportunistic Encryption.. ;) --- Homer Parker http://www.homershut.net telnet://bbs.homershut.net msg11039/pgp0.pgp Description: PGP signature
Re: [leaf-user] 486DX with 8MB ram
On Thu, 14 Nov 2002 21:29:07 -0800 Ashley <[EMAIL PROTECTED]> wrote > Is the kernel image built to support 486? Where can I get the > .config and any patches? http://leaf.sourceforge.net/devel/jnilo/bdev.html --- Homer Parker http://www.homershut.net telnet://bbs.homershut.net msg11004/pgp0.pgp Description: PGP signature
Re: [leaf-user] 486DX with 8MB ram
On Thu, 14 Nov 2002 21:29:07 -0800 Ashley <[EMAIL PROTECTED]> wrote > > Hi all, > > I'm new to this list, but the list archives were not found on > sourceforge, so I have an excuse for asking stupid questions. > (lame) > > I'm installing leaf-bering by floppy on a 486DX laptop with only 8MB > ram. Kernel boots, ramdisk mounts, packages load, but it fails when > running init: I think you need more RAM, as it allocates 6MB for the ram drive... --- Homer Parker http://www.homershut.net telnet://bbs.homershut.net msg11001/pgp0.pgp Description: PGP signature
Re: [leaf-user] Bering v1.0-stable released !
On Fri, 15 Nov 2002 00:52:44 +0200 Jacques Nilo <[EMAIL PROTECTED]> wrote > Finally, it's out. All the details are here: > http://leaf.sourceforge.net/article.php?sid=63 > > We will probably take a rest for a while :-) > > Enjoy! > > Jacques & Eric Thanks for all the effort put into this great software!!! --- Homer Parker http://www.homershut.net telnet://bbs.homershut.net msg11000/pgp0.pgp Description: PGP signature
[leaf-user] IPSec tunnels
I'm having a bit of fun with a kinda unique setup... Let's see if I can explain this where someone besides me understands what I'm talking about: Firewall A 64.216.xxx.xxx eth0 Public 10.0.0.0/24 eth1Private 10.0.1.0/24 eth2Secret Firewall B 192.168.1.0/24 Talks to Secret Firewall C 192.168.2.0/24 Talks to Private Firewall A 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:30:1b:09:d3:ee brd ff:ff:ff:ff:ff:ff inet 64.216.xxx.xxx/xx brd 64.216.105.127 scope global eth0 4: eth1: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:40:f4:5e:e1:57 brd ff:ff:ff:ff:ff:ff inet 10.0.0.2/24 brd 10.0.0.255 scope global eth1 5: eth2: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:02:e3:15:c9:11 brd ff:ff:ff:ff:ff:ff inet 10.0.1.254/24 brd 10.0.1.255 scope global eth2 14: ipsec0: mtu 16260 qdisc pfifo_fast qlen 10 link/ether 00:30:1b:09:d3:ee brd ff:ff:ff:ff:ff:ff inet 64.216.xxx.xxx/xx brd 64.216.105.127 scope global ipsec0 15: ipsec1: mtu 0 qdisc noop qlen 10 link/ipip (The person using the other tunnel is currently out of town, and has the firewall shut off) # ip route 64.216.xxx.0/25 dev eth0 proto kernel scope link src 64.216.xxx.xxx 64.216.xxx.0/25 dev ipsec0 proto kernel scope link src 64.216.xxx.xxx 10.0.0.0/24 dev eth1 proto kernel scope link src 10.0.0.2 10.0.1.0/24 dev eth2 proto kernel scope link src 10.0.1.254 192.168.2.0/24 via 64.216.xxx.zzz dev ipsec0 192.168.1.0/24 via 64.216.xxx.zzz dev ipsec0 default via 64.216.xxx.yyy dev eth0 Firewall A is at the office. Secret has a couple of people working on stuff Private has no access to, but Secret can see the file server on Private. Firewall A needs to be in Secret, Firewall B needs to be in Private. Everything works as I want, but there is a poetential race condition if the firewall reboots, conectivity lost, whatever. The connection that was ipsec0 may end up ipsec1 if it's second to get a connection. I'm looking through the docs, as I thought I saw something about an interface option for ipsec.conf, but I'm thinking it was for what interface to allow tunnels to bind to. Would that also allow me to specify the tunnel name (ipsec0, etc) in the area where I set up the connection as well? I'm needing to make sure that upon reconnection, that everyone gets the right tunnel. Thanks! --- Homer Parker http://www.homershut.net telnet://bbs.homershut.net msg10999/pgp0.pgp Description: PGP signature
[leaf-user] IPSec shared secret problem
I have a Bering RC3 firewall with an IPSec tunnel to a SonicWall that works fine... Until the Bering box gets a new IP... Here's what I have in ipsec.secrets: 64.216.xxx.xxx 208.189.yyy.yyy @0040100F1311 : PSK "PreSharedKey" Of course, the first IP is Bering, the second SonicWall.. If the Bering box gets a new IP, I ssh in, change the IP, restart, and IPSec works fine... I've tried 0.0.0.0, %any, 64.216.xxx.(left blank).. Several things, and it always says in the logs that it can't find a suitable preshared key for the link.. Any ideas? --- Homer Parker http://www.homershut.net telnet://bbs.homershut.net msg10352/pgp0.pgp Description: PGP signature
Re: [leaf-user] via-rhine in WISP
On Mon, 7 Oct 2002 16:28:19 -0500 Homer Parker <[EMAIL PROTECTED]> wrote > The VIA Eden motherboards have a VIA NIC in them (go figure! ;). > After > finding out you don't just copy things to /lib/modules and backup as in > Bering, I'm asking 1) how to add modules, 2) can it be added in the > distro? OK, figured out how to get it... Actually, the biggest problem was it was segfaulting because I was trying to use modules from Bering rc3... Would still like to see it included by default ;) --- Homer Parker http://www.homershut.net telnet://bbs.homershut.net This e-mail message is 100% Microsoft free! WARNING: THIS ACCOUNT BELONGS TO A RABID ANTI-SPAMMER NET-NAZI DOT-COMMUNIST. /"\ \ / ASCII Ribbon Campaign X Against HTML Mail / \ --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] via-rhine in WISP
The VIA Eden motherboards have a VIA NIC in them (go figure! ;). After finding out you don't just copy things to /lib/modules and backup as in Bering, I'm asking 1) how to add modules, 2) can it be added in the distro? --- Homer Parker http://www.homershut.net telnet://bbs.homershut.net msg10092/pgp0.pgp Description: PGP signature
Re: [leaf-user] Tunnel problems
On Thu, 5 Sep 2002 11:46:53 -0500 guitarlynn <[EMAIL PROTECTED]> wrote Begin Quote: > On Wednesday 04 September 2002 12:43, Homer Parker wrote: > > > . So, the questions come down to, > > can I run more than one tunnel through a LEAF Bering rc3 box that is > > initiated on PC's behind the firewall? > > Yes, you can. Any idea why a second VPN would fail? Any kind of testing I can do to try and determine? I was logged into the firewall watching logs from remote, and saw no bandwidth/response type issues, and nothing in the logs... --- Homer Parker --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Tunnel problems
Running Bering rc3 on a Duron 850, 128 megs, booting from CF... The customer has a SonicWall at the parent office... Using the SonicWall software, they can only establish 1 tunnel from behind the LEAF box... If they drop that tunnel, they can get the second pc connected to the SonicWall... Looked at doing a plain IPSec tunnel to tie the two LANs together, and can't figure that one out either... I'm not even sure it is possable to tie something other than another SonicWall, or their client to it... So, the questions come down to, can I run more than one tunnel through a LEAF Bering rc3 box that is initiated on PC's behind the firewall? Can I get the firewall to talk directly to a SonicWall? Thanks for any and all help... --- Homer Parker msg09484/pgp0.pgp Description: PGP signature
Re: [leaf-user] Are there other "Soekris" like appliances to run LEAF on?
On Sun, 25 Aug 2002 17:41:29 +0530 "S Mohan" <[EMAIL PROTECTED]> wrote Begin Quote: > Got a quote from Nagasaki. > > 2100 which is 300mhz geode, 128mb ram, cf, 2 pcmcia.. $225. > 2300L which is 800mhz geode, 512mb ram, cf, 2pcmcia, 1 lan is $250, 2 > LAN $275 3 LAN $295. Wow! First quote I got from them was $420... Then a month or so later a 'special' price of $404... Than about a month and a half later, wondered why I still hadn't ordered any... Told them they were too pricy for my projects.. Sent me a dealer app and gave me my 'dealer' cost of $309.92 qty 1-19 $225 is a price that fits the projects better... Who did you get your quote from, sounds like I go the wrong sales rep :( I've been using micro-ATX cases and boards... Using the Shuttle MK20N lately... It and a Duron , 128 megs, and a CF-IDE adapter.. Somewhere between an 8 and a 32 meg CF card... Usually comes in around $200, but it's still a PC with a power supply fan... --- Homer Parker http://www.homershut.net telnet://bbs.homershut.net This e-mail message is 100% Microsoft free! WARNING: THIS ACCOUNT BELONGS TO A RABID ANTI-SPAMMER NET-NAZI DOT-COMMUNIST. /"\ \ / ASCII Ribbon Campaign X Against HTML Mail / \ msg09144/pgp0.pgp Description: PGP signature
Re: [leaf-user] Strange error in netcs1!?!?!
On Thu, 01 Aug 2002 18:45:36 -0300 Samuel Abreu <[EMAIL PROTECTED]> wrote Begin Quote: > Using wisp, in AAEON SBC, with one orinoco card, im getting the message: > > Aug 1 15:34:50 10.50.1.10 kernel: netcs1: Tx error, status 1 (FID=016A) > > Some times, and the client are saying that theyr network is slow! =/// > > The FID= always change... > > What is that??? =) > If you find an answer, please let me know as well... I've got two out that give those errors, one complains it is slow, the other doesn't... I'm going to be installing a larger antenna on the one complaining to see if that clears up the speed issue.. The one complaining shows a 16db connection, the one not complaining shows 33... 16 *should* be enough, they're only getting a 128k feed, but --- Homer Parker http://www.homershut.net telnet://bbs.homershut.net This e-mail message is 100% Microsoft free! WARNING: THIS ACCOUNT BELONGS TO A RABID ANTI-SPAMMER NET-NAZI DOT-COMMUNIST. /"\ \ / ASCII Ribbon Campaign X Against HTML Mail / \ msg08611/pgp0.pgp Description: PGP signature
[leaf-user] Pump problems
Grabbed the latest wdist, but it happens with everything I setup that
uses pump and not ISC's dhclient I'm running ISC's dhcpd server..
Here's how I have it setup:
class "128k" {
match option dhcp-client-identifier;
}
subclass "128k" 01:00:02:2d:53:20:18;
I add subscribers to different classes, that gives them an IP out of a
pool that coorespods with the bandwidth throttling I have setup... Anytime
I try to use anything that uses pump, here's what I get in the log:
Jul 25 11:28:18 jupiter dhcpd: DHCPDISCOVER from 00:02:2d:53:20:18 via
eth1: network wireless: no free leases
Jul 25 11:28:57 jupiter last message repeated 3 times
Using ISC's dhclient, I set it up like this:
send dhcp-client-identifier 01:00:60:1d:f0:a6:f9;
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, host-name;
require subnet-mask, domain-name-servers;
timeout 60;
retry 60;
reboot 10;
select-timeout 5;
initial-interval 2;
script "/etc/dhclient-script";
Looking at the man page for pump, there's a --win-client-ident... Added
that to the end of the line calling pump in /etc/network/ifup, didn't
help... Took it out of there and added an entry to /etc/pump.conf as such:
device netcs0 {
win-client-ident
}
That gives an "unknown option" type of error on bootup :( I have been
replacing pump with the ISC version, but only because I know I can make it
work... Please CC: replies to my personal address as I'm *way* behind in
the mailing list right now... Thanks!!!
---
Homer Parker (The Bogus One)
http://www.homershut.net
telnet://bbs.homershut.net
msg08331/pgp0.pgp
Description: PGP signature
[leaf-user] Adding routes
I've got a Bering RC2 setup that I need to add a static route to, but I can't figure out where to add it... I know what I need, just not sure where is the proper place to implement... Any help appreciated.. --- Homer Parker (The Bogus One) http://www.homershut.net telnet://bbs.homershut.net This e-mail message is 100% Microsoft free! WARNING: THIS ACCOUNT BELONGS TO A RABID ANTI-SPAMMER NET-NAZI DOT-COMMUNIST. /"\ \ / ASCII Ribbon Campaign X Against HTML Mail / \ msg07944/pgp0.pgp Description: PGP signature
Re: [leaf-user] EthX assignments
On Thu, 30 May 2002 09:23:01 -0700 Ray Olszewski <[EMAIL PROTECTED]> wrote Begin Quote: > See below. > > At 08:50 AM 5/30/02 -0500, Homer Parker wrote: > > Having a bit of trouble getting my wireless card to be the > > external > >interface (wireless ISP).. Any pointers, tips, tricks, etc > >appreciated.. I'm currently trying to get everything reversed so eth1 > >is external, but that seems to be a bandaid approach... Also having Is there something functional the same as modules.conf? Where I could do a 'alias eth1 natsemi" type thing to try and force the internal adapter to eth1.. Would I do that in /etc/modules? --- Homer Parker (The Bogus One) http://www.homershut.net telnet://bbs.homershut.net This e-mail message is 100% Microsoft free! WARNING: THIS ACCOUNT BELONGS TO A RABID ANTI-SPAMMER NET-NAZI DOT-COMMUNIST. /"\ \ / ASCII Ribbon Campaign X Against HTML Mail / \ msg07063/pgp0.pgp Description: PGP signature
Re: [leaf-user] EthX assignments
On Thu, 30 May 2002 09:23:01 -0700 Ray Olszewski <[EMAIL PROTECTED]> wrote Begin Quote: > > From other recent reports on the list, a problem with wireless > interfaces > *seems* to be the amount of time they take to initialize. This leads to > your DHCP client trying to get a lease via the wireless interface before > it completes the initialization process. Of course, later the > initialization is complete, so you can get a lease successfully from the > command line. That coincides with what I'm seeing... > I *think* the proposed solution was simply to put a delay into the init > sequence somewhere ... but you'd do better to check the list archive for > > the details than to rely on my memory. I wonder if I couldn't just run /etc/init.d/dhclient again at the end.. Be easier than a delay I think.. Have to look and see if there's an rc.local to play with... Thanks! > As to the interface order ... the usual approach (at least when the two > NICs use different modules, as would surely be the case here) is to > reverse the order in which the modules load (that is, change their order > in /etc/modules). Since you don't say (at least not in the body of your > message) what you've tried, I don't know if this suggestion is helpful > or is something you tried already. Sorry about that... It was one of them looonnnggg days (Not enough caffiene after an all nighter)... /etc/modules won't help, as it's a PCMCIA radio.. I did try moving it up in the list in syslinux.cfg, but.. I'm booting this from a flash drive, so there's hardly any time for anything... I appreciate the reply, and I'll try re-running dhclient from the last thing run (this is my second LEAF setup, so I'm still learning it's innards)... --- Homer Parker (The Bogus One) http://www.homershut.net telnet://bbs.homershut.net This e-mail message is 100% Microsoft free! WARNING: THIS ACCOUNT BELONGS TO A RABID ANTI-SPAMMER NET-NAZI DOT-COMMUNIST. /"\ \ / ASCII Ribbon Campaign X Against HTML Mail / \ msg07062/pgp0.pgp Description: PGP signature
[leaf-user] EthX assignments
Having a bit of trouble getting my wireless card to be the external interface (wireless ISP).. Any pointers, tips, tricks, etc appreciated.. I'm currently trying to get everything reversed so eth1 is external, but that seems to be a bandaid approach... Also having another 'little' problem (asides from forgetting to go to bad last night ;).. On bootup, the dhclient is trying to get an IP address, but doesn't succeed.. I don't see it's requests in the logs for the dhcp server... But, once it's booted, if I log in and run '/etc/init.d/dhclient restart', it comes up with an IP just fine... This is through the wireless interface... Any ideas? --- Homer Parker (The Bogus One) http://www.homershut.net telnet://bbs.homershut.net This e-mail message is 100% Microsoft free! WARNING: THIS ACCOUNT BELONGS TO A RABID ANTI-SPAMMER NET-NAZI DOT-COMMUNIST. /"\ \ / ASCII Ribbon Campaign X Against HTML Mail / \ msg07057/pgp0.pgp Description: PGP signature
Re: [Leaf-user] bering - pump fails to obtain lease on boot
On Tue, 28 May 2002 22:46:53 +0200 Jacques Nilo <[EMAIL PROTECTED]> wrote Begin Quote: > > Having problems getting pump to talk to my ISC dhcp server, so thought > > I would drop dhclient.lrp into it instead, as it should work easy > > enough.. Problem is that it's looking for info in /etc/network.conf, > > and that file doesn't exist (ok, I can't find it), in Bering 1rc2 :( > > Any help appreciated.. > > > Yes, Charles's dhclient.lrp needs some (small) changes to work with > Bering. I made a Bering compatible version which is available here: > http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/dhclient.lrp Being new to LEAF, those 'small changes' seem like mountains... Thanks for the new package, I'll give it a try and let you know how it goes.. --- Homer Parker (The Bogus One) http://www.homershut.net telnet://bbs.homershut.net This e-mail message is 100% Microsoft free! WARNING: THIS ACCOUNT BELONGS TO A RABID ANTI-SPAMMER NET-NAZI DOT-COMMUNIST. /"\ \ / ASCII Ribbon Campaign X Against HTML Mail / \ msg07045/pgp0.pgp Description: PGP signature
