Re: [leaf-user] Address block 82.0.0.0/8
Hi Giovanni On Thu, 05 Feb 2004 16:31:59 +0100, Giovanni Franza [EMAIL PROTECTED] wrote: In shorewall RFC1918 listings ( menu 3, 6 ,18 ) i see that 82.0.0.0/7 is blacklisted. IANA has now assigned 82.0.0.0/8 to RIPE that has assigned some net numbers (For example 82.89 to telecom italia) so, with this row enabled some people are locked. I've simply commented out (quite raw, i know). This is already fixed in newer versions of Shorewall (=1.4.8) If you don't want to upgrade, replace your version of the rfc1918 file with the version available here: http://shorewall.net/pub/shorewall/errata/1.4.8/rfc1918 cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Broken links to Bering documentation
Hi All I'm having some trouble with the LEAF website. The following two pages have links to the Bering Users', Installation and Developers' guides that are broken: http://leaf.sourceforge.net/mod.php?mod=userpagemenu=904page_id=21 http://leaf.sourceforge.net/devel/jnilo/ It looks like the guides have been moved, without the links being updated. Can anyone tell me where these docs reside these days? cheers Julian --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
Hi Sean On Mon, 15 Dec 2003 15:18:55 -0500, Sean E. Covel [EMAIL PROTECTED] wrote: Since this needs to be up-and-running quickly, and I'm doing it in my spare time, I wanted to go the path of least resistance. How soon till you implement? I was hoping to do it sometime over the Christmas holiday, but there seems to be a shortage of Airport Extreme cards (ie Apple's branded 802.11g cards) in the UK at the moment so I'm a bit stuck for now. I was hoping to learn from someone else's mistakes ;-). Don't want to be the trailblazer on this one. It just sounds too easy. Anyone actually done it? Even with 802.11a/b/g? I'll certainly get in touch if I get anywhere. Regards Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Weblet access
On Mon, 15 Dec 2003 21:07:18 -0500, Kory Krofft [EMAIL PROTECTED] wrote: The weblet config file has a setting for which networks can access it. I tried setting it to 0.0.0.0 but that did not help. What can I do to allow external requests to be answered by the weblet? I think weblet (sh-httpd) is started by inetd so you need to make sure your hosts.allow and hosts.deny are set up correctly. regards Julian Church --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
Hi Sean On Mon, 15 Dec 2003 10:02:35 -0500, Sean E. Covel [EMAIL PROTECTED] wrote: Here is what I am proposing to do: Cable Modem - Bering -- (Private Network) Current PC (Windows XP) | --- DMZ -- WAP -- Laptop (Windows XP) The question is, of course, how to secure the WIFI and Laptop. I was hoping that the Laptop could establish an IPSEC connection through the WAP to Bering. Strange! That's exactly what I'm planning at home, except there are two laptops, both running Mac OS X (which has an IPSEC client built in. As far as I've determined by searching the internet, as long as your access point is set up as a transparent bridge, the IPSEC traffic will pass straight through. cheers Julian --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Necessary to comment out /var/lib/shorewall ?
Hi Craig On Fri, 12 Dec 2003 06:05:37 -0800, Craig Caughlin [EMAIL PROTECTED] wrote: I'm not familiar with what this entry specifically does, so I thought I'd ask someone much more astute than myself. :-) Comments? AFAICR, It's to do with the lrpkg backup scripts - telling lrpkg what bits of shorewall to back up where. I suppose that means that if changes to shorewall survive a reboot, then you've found the correct config. : ) regards Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Thompson SpeedTouch 330 USB and Bering
On Thu, 23 Oct 2003 23:51:45 +0200, Michelle Konzack [EMAIL PROTECTED] wrote: Hello, I have tried to make Bering usabel for the Thompson SpeedTouch 330 USB but the Floppy is too small !!! I have only 120 kByte free on the Floppy. Does anyone has done this and HOW ? The simplest way is probably to use two floppies. Instructions on that (and a few other ways) here: http://leaf.sourceforge.net/doc/guide/bubooting.html Whenever I try to load the 3c509.o 3c515.o and pcnet32.o I get symbol errors... Try loading the PCI scan (pci-scan.o) module first - some of those modules may depend on it. cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] sending Email from Bering 1.2
Hi Felix On Fri, 17 Oct 2003 12:40:40 +0200 (CEST), Felix Theodor [EMAIL PROTECTED] wrote: Hi All, how can I let my Bering 1.2 send me a email eg. with the logs? If you've got your POSIXness settings right (see the lrcfg menu, System settings), the mail command will work: mail -s LEAF log file [EMAIL PROTECTED] /var/log/syslog.0 will send syslog.0 to your email address. You could also edit /etc/crontab to make this happen automatically at whatever time you want. hope that helps Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] really strange entries in shorewall log file
On Tue, 14 Oct 2003 23:51:41 -0500, arif [EMAIL PROTECTED] wrote: This evening, I noticed the following in my log files: Oct 14 23:00:14 firewall Shorewall:all2all:REJECT: IN= OUT=eth0 MAC=00:77:c1:00:02:ff:ff:02:01:77:c1:10:07 SRC=209.98.2.1 DST=209.101.210.198 LEN=92 TOS=00 PREC=0x00 TTL=64 ID=42724 PROTO=ICMP TYPE=0 CODE=0 ID=512 SEQ=4323 Oct 14 23:00:24 firewall Shorewall:all2all:REJECT: IN= OUT=eth0 MAC=71:10:c0:00:00:00:00:11:00:00:00:00:00:00:00:00:00:00:00:02:00:00:00:00:00:00:00:d2:05:00:00:00:00:00:00:d2:05:00:00:49:12:00:00:00:00:00:00:00:00:20:c1:00:00:20:c1:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:ec:45:00:00:5c SRC=209.98.2.1 DST=209.101.210.198 LEN=92 TOS=00 PREC=0x00 TTL=64 ID=23174 PROTO=ICMP TYPE=0 CODE=0 ID=512 SEQ=5091 I don't know if your situation is the same, but that's remeniscent of a bug that came up on the list in the summer: http://sourceforge.net/mailarchive/message.php?msg_id=5763503 regards Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] VIA vt6105
On Thu, 9 Oct 2003 14:12:29 -0300, Mariano Drzazga [EMAIL PROTECTED] wrote: Hi! I have a network card based on the VIA VT6105 chip. I couldn't make it work whith the via-rhine.o module (from http://leaf.sourceforge.net/devel/jnilo/bering/latest/modules/2.4.20/net /) I think you've got the right module, but it depends on pci-scan.o, so make sure you're loading that first. Also, there's another via-rhine module, at .../modules/2.4.20/kernel/drivers/net/via-rhine.o which depends on mii.o If the one via-rhine doesn't work for you, this one should be worth a try. hope that helps. Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Firewall Getting Hammered.
Hi Joe On Mon, 06 Oct 2003 20:23:58 -0500, j d [EMAIL PROTECTED] wrote: Anyway, in the last two days I've had a lot of hits on my external eth0 from these two sources (x.x.x.x is my eth0 address leased from the upstream DNS server via pump): Oct 5 07:43:33 cerberus Shorewall:net2all:DROP: IN=eth0 OUT= MAC=00:00:bc:11:17:0c:00:04:28:25:9c:54:08:00 SRC=61.143.182.138 DST=x.x.x.x LEN=550 TOS=00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=30110 DPT=1026 LEN=530 and Oct 5 08:02:58 cerberus Shorewall:net2all:DROP: IN=eth0 OUT= MAC=00:00:bc:11:17:0c:00:04:28:25:9c:54:08:00 SRC=210.5.22.10 DST=x.x.x.x LEN=367 TOS=00 PREC=0x00 TTL=242 ID=620 PROTO=UDP SPT=32775 DPT=1026 LEN=347 A few informative links here: http://www.google.com/search?q=UDP+1026 Looks like M$ Messenger Service spam. cheers Julian --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Operation not supported by device
On Thu, 21 Aug 2003 02:00:48 -0600, Darcy Parker [EMAIL PROTECTED] wrote: I have the following two NICs 3C905-TXIRQ10 D800 3C905-TXIRQ9D400 I am loading the following modules 3c59x.o netsemi.o tulip.o When it gets to configuing the NICs I get the following errors insmodinit_module:netsemi:operation not supported by device tulipinit_module:tulip:operation not supported by device Does this mean the only driver I need is 3c59x? Yes, that's what it means. cheers Julian --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] PARTNERSHIP
On Thu, 14 Aug 2003 14:38:11 -0600, Matt Russell [EMAIL PROTECTED] wrote: how do they make money off of this? i never understood the motivation behind it... So the scam goes, There's this big heap of money in some kind of bank account or vault somewhere, but there are various beaurocratic barriers to getting my hands on it - bank advance fees, officials to bribe, that kind of thing - so if you help me out by paying these fees for me, I'll make you handsomely rich by giving you a considerable share of the loot. Astonishingly, people have really fallen for this kind of thing. It generally ends in the fees spiralling upwards (thanks for the $10,000 - now they say I have to pay some kind of secondary release fee, please send another $5,000) until the scamee realises their money isn't ever going to materialise and starts impotently talking about lawyers, or else the scamee turns up in Lagos to pick up his riches and gets mugged (or worse) by the scammer's large aggressive friends. It's commonly known as Nigerian 419 fraud, 419 being the section of Nigerian law that covers this kind of stuff. cheers Julian --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Via-rhine driver not working properly
On Wed, 30 Jul 2003 15:09:46 +0200 (CEST), Alexander Borghgraef [EMAIL PROTECTED] wrote: Hi all, I'm trying to get Bering 1.2 with the 2.4.20 kernel to work. I have a D-link D nic which is supposed to work with the via-rhine driver. At first I got some errors but I solved those by installing the pci- scan.o module. But now I get an operation not allowed by device error when I try to load via-rhine. I'm also running the mii module, could it be that this conflicts with pci-scan? As far as I remember, there are two versions of the via-rhine driver, one that requires pci-scan, another that requires mii. I don't think you need both ever, so I'd guess that's the source of your problem. cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Win32 -- Bering Network file access.
Hi James On Mon, 28 Jul 2003 11:32:13 +0100, James Neave [EMAIL PROTECTED] wrote: SSH allows us to administer it, but at the moment the only way we can make print-outs of the rules is hacking it out of the floppy with WinZip. Can you tranfer files across ssh? Yes you can. The command scp is part of the ssh suite and does what you want. You could either log into the Bering box and use scp to push files to your windows machine, or there's pscp, which is the Windows command line version of scp from the people who brought you putty, which would allow you to pull files from your Bering box. pscp is downloadable here: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html regards Julian --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] *.lrp(nf!) - when packages are loaded
Hi Dominik On Tue, 22 Jul 2003 06:01:42 +0200, Dominik Strnad [EMAIL PROTECTED] wrote: Hello I am using Bearing 1.2, booting from flash. That's Bering, not Bearing. Sorry for being picky : ) I add few *.lrp packages to be loaded. Last one - and doesn't matter which - its everytime the last one, is shown with (nf!) mark and it isn't loaded to the system. There's a 255 character limit to the length of each line in syslinux.cfg, any characters after that are ignored. Don't worry though - there's an easy workaround for this. 1. remove everything after LRP= in syslinux.cfg 2. make a new file at the root of your CF called lrpkg.cfg that has a single line naming all the packages you need, something like: root,etc,local,modules,iptables,ppp,keyboard,shorwall,ulogd,wireless,wireutil,netutils,dhcpd,maradns,libz,sshd,sftp,weblet,ntpsimpl,ntpdate (the mail program might display this on two lines, but you should type it out all on one in a text editor) and that should do what you want. cheers Julian --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Problem installing Via Network card
On Fri, 18 Jul 2003 11:33:04 +0100, Simon Chalk [EMAIL PROTECTED] wrote: Hi Julian, I tried your suggested driver but it failed when using insmod with the following error unresolved symbol request_region Funnily enough if I try the pci-scan and via-rhine combination it installs without errors using insmod, but I don't see the the ethernet interface appear when I view using ip addr. So maybe the via-rhine is the correct driver, but there is smoe further setting required. You're right. Getting the driver installed is only part of the process. Bringing up the interface comes after that, and it's all taken care of by Bering. Now you've established what drivers you need, it should be fairly trivial to follow the Bering setup guide, which will take care of the rest. http://leaf.sourceforge.net/doc/guide/binstall.html cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Problem installing Via Network card
On Thu, 17 Jul 2003 10:49:46 +0100, Simon Chalk [EMAIL PROTECTED] wrote: If I use insmod via-rhine, I get the following error insmod: unresolved symbol pci_drv_unregister insmod: unresolved symbol pci_drv_register I think that means you need to insmod pci-scan before via-rhine. If that doesn't work, you may have luck with a driver called rhinefet that seems to support some of the newer via chipsets, which by the way doesn't need pci-scan afaicr. cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Problem installing Via Network card
Hi Simon On Thu, 17 Jul 2003 13:29:29 +0100, Simon Chalk [EMAIL PROTECTED] wrote: Do you know where I can get a compiled version of this file rhinefet.o which will work with Bering 1.2 There's one for download at this page: http://sourceforge.net/tracker/index.php?func=detailaid=764718group_id=13751atid=313751 If that doesn't work I'm afraid I'm out of ideas. Let me know how you get on. cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Booting VIA EPIA Mobo with Isolinux
At 00:06 04/04/03 +0200, Erich Titl wrote: Julian Church wrote the following at 16:37 03.04.2003: Hi All I'm attempting to put together a CD-based Bering firewall on a computer based around a VIA EPIA 5000 motherboard. To try out my new motherboard, I tried an existing Bering CD from another firewall I use (Bering 1.0 I think). I get the following error very early in the boot process: .. Otherwise, can anyone give me any general pointers? Would a newer version of isolinux help? How about varying the isolinux settings when I generate the disk image? How about alternatives to isolinux? I don't know how you created the CD, but there are certainly several possibilities you can play with, either in native (isolinux) mode or to use a cd boot image. Thanks for the advice, Erich. Victor McAlistair pointed me at a post he produced about a month ago that explains another method for making a Bering boot CD - I think that should work. The syslinux guys will certainly have more experience as this is not strictly a LEAF problem but one of a rather generic nature. Thanks - I just joined the Syslinux list. It sounds pretty hopeful that I'll work something out soon. regards Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Booting VIA EPIA Mobo with Isolinux
Hi All I'm attempting to put together a CD-based Bering firewall on a computer based around a VIA EPIA 5000 motherboard. To try out my new motherboard, I tried an existing Bering CD from another firewall I use (Bering 1.0 I think). I get the following error very early in the boot process: ISOLINUX 1.67 2002-02-03 isolinux: Loading spec packet failed, trying to wing it ... isolinux: Failed to locate CD-ROM device; boot failed. Googling for fragments of this error message tells me that others have had this problem, and that it's due to BIOS bugs, but doesn't give a clear solution. The first disc in my debian 3.0 set gives the same error message, but later discs in the set boot OK (I think they use different booting methods to help people with difficult BIOS's). I know others on this list have used these motherboards - has anyone here solved this problem? Otherwise, can anyone give me any general pointers? Would a newer version of isolinux help? How about varying the isolinux settings when I generate the disk image? How about alternatives to isolinux? Sorry about the general nature of these questions. regards Julian Church --- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Anyone using VIA?
At 02:41 13/03/03 -0500, [EMAIL PROTECTED] wrote: The ones I use have a 110V-12V transformer. It keeps the computer cooler, which is more important to me than the transformer. It's *NOT* a wall-wart: it has a power cord on both ends of the transformer, so it only uses a single outlet. aside When I was younger and a fair collection of electronic music gear, we used to call those things Line Lumps /aside cheers Julian --- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Setting up First DMZ - Help Wanted
At 08:34 13/03/03 -0500, Sean E. Covel wrote: I'm trying to setup my first DMZ on Bering 1.0. I downloaded the Shorewall 3 Interface example and made the changes. I now have 2-2 port NICs in the firewall. I edited /etc/interfaces and added eth2 as 192.168.2.254. The result of ip addr is as follows: # ip addr 1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:03:47:08:40:1a brd ff:ff:ff:ff:ff:ff inet 12.243.231.253/25 brd 255.255.255.255 scope global eth0 4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:03:47:08:40:1b brd ff:ff:ff:ff:ff:ff inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1 5: eth2: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:03:47:08:4a:d6 brd ff:ff:ff:ff:ff:ff inet 192.168.2.254/24 brd 192.168.2.255 scope global eth2 6: eth3: BROADCAST,MULTICAST mtu 1500 qdisc noop qlen 100 link/ether 00:03:47:08:4a:d7 brd ff:ff:ff:ff:ff:ff So it appear to be setup. That's a little confusing - is eth2 your dmz? In any case, this shows that you have three interfaces set up, drivers loaded and ip addresses assigned etc, plus a fourth interface that has no ip address yet. That's only the first part of getting a dmz going. The next step is to edit your shorewall rules, policy etc to set up the services you want. Take another look at the three-interface guide: http://www.shorewall.net/three-interface.htm cheers Julian --- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] VIA LAN driver
Hi Dave At 00:57 12/03/03 -0800, Dave Yonovitz wrote: Which driver is correct for the VIA VT6103 10/100 chip? Using Bering 2.4.18 kernel. Anyone using it? I've seen those boards and like the look of them, but I've not tried them yet. As far as I can tell from this link http://www.viaarena.com/?PageID=214 the driver you need is via-rhine.o cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering/pppoe: ignoring mtu setting...
At 18:26 11/03/03 +0100, Thomas V. Fischer wrote: Unfortunately that is not it... I have CLAMPMSS set to Yess What symptoms are you seeing? What diagnostics are you doing to diagnose the problem? Are you able to pass large packets over your pppoe link? I'm not an expert on mtu settings, it's just that I vaguely recall that some of the messages you get when negotiating the pppoe link can be a bit misleading - I think you can still get Unable to set MTU... type messages from one part of the system, while shorewall is quietly taking care of the MTU by some other method. In any case, providing details of symptoms and diagnostics is probably a good idea, because beyond what I've told you, I'm pretty much stumped : ) cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] PPTP Netfilter Modules for Bering 1.0-rc2
Hi Brian At 07:51 05/03/03 -0600, Brian Credeur wrote: Thanks for the link, but I still can't get those modules to load on my 1.0-rc2 system. Same unresolved symbols messages. # uname -a Linux fw 2.4.18 #1 Sun Apr 21 12:50:34 CEST 2002 i586 unknown fw: -root- # insmod ip_nat_pptp.o Using ip_nat_pptp.o insmod: unresolved symbol ip_ct_gre_keymap_del insmod: unresolved symbol ip_conntrack_change_expect insmod: unresolved symbol ip_ct_gre_keymap_add fw: -root- # insmod ip_conntrack_pptp.o Using ip_conntrack_pptp.o insmod: unresolved symbol ip_ct_gre_keymap_add both those modules are dependent on ip_conntrack_proto_gre.o (see the modules.dep file at http://leaf.sourceforge.net/devel/jnilo/bering/1.0-stable/modules/2.4.18/ ) Are you sure you're loading that module first. cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Connecting to ssh with WinXP
At 15:16 03/02/03 +0100, Elmar Gerwalin wrote: Is there a Win32 ssh client available? I just can't find even a hint of one. Preferably free? :P TeraTermPro+SSH and Putty could do what you want. In addition to the recommendations you've already got, a search at google for free ssh client windows turns up a load of other options cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] tracing spoofed IPs?
At 09:51 29/01/03 -0600, Joey Officer wrote: Jan 29 11:23:47 firewall kernel: Packet log: input DENY eth0 PROTO=17 10.51.192.1:67 255.255.255.255:68 L=350 S=0x00 I=25217 F=0x T=255 (#8) What you have there is just static from your ISP, that you can safely put in silent deny. Your ISP's DHCP server is replying to an IP address request from one of their customers. At this stage in the IP lease negotiation, the recipient has no IP address, so broadcast addresses are required and consequently the packets turn up in lots of places they're not needed. Although it can seem odd to find to see packets bearing source addresses in this range on your external interface, it's not uncommon for ISP's to use RFC1918 IP's to host this kind of service. regards Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Trouble with virgin setup of Bering 1.0, on PPPoE DSL
At 01:22 27/01/03 -0500, freeman wrote: Observations: - I need to have both 'auto ppp0' (et al) and 'auto eth0' (et al) in my interfaces file (/etc/interfaces) because of my 'dual IP' connection from the router to the DSL connection (static 172.16... and PPPoE assigned 64.39...)?! Adding to the advice already offered in this thread, something occured to me. My ADSL modem (not PPPoE, but perhaps quite similar) also has two IP addresses, one is the proper, routable gateway address that the modem offers to the LAN, the other is a private range 192.168.x.x IP address used to access the modem to check config etc. That is, the gateway address I have to put in my Bering config files is something like 217.149.x.x, but if I put http://192.168.x.x into a web browser running on any machine on my local net, I find myself at a set of html pages that allow me to check up on my modem config. Perhaps your modem is similar - one IP address for config, one to be the gateway, in which case you shouldn't have to put the 172.16 address anywhere in your Bering config. hope that helps Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] DHCP problem
Hi Gerd At 06:26 17/01/03 -0500, [EMAIL PROTECTED] wrote: I'm having a Samsung Cablemodem connected via a Accton-Ethernet card to my ISP and i'm not able to get an IP-Address via dhclient/pump, only when i use the dhcpcd package (older one, found it somewhere in the net :-)). Pump and dhclient are DHCP client programs, generally used in LEAF so your firewall can get an IP address from your ISP's DHCP Servers. dhcpd is a DHCP server, if you run it on your firewall then computers on your LAN will be able to get a DHCP lease. Pump and dhclient do the same thing, and that's different to what dhcpd does, so you can't replace either of the former with the latter. A nice shiny up to date version of dhcpd is included as standard in most LEAF distributions. I'm afraid I can't help you with your question about Wake On LAN. regards Julian --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LEAF Printing
At 06:03 10/12/02 -0500, John Mullan wrote: I'm sure this topic has been covered to one degree or another, but here it goes: Is there a LEAF package available to allow me to connect up my inkejet printer to the router for shared printing across my Windoz network? You have two options afaik. The p9100.lrp package, or a suitable version of samba packaged for LEAF. Personally I think I'd prefer the samba-based solution but I had trouble getting it to work at the time. The p9100 method was so much easier and I had to get things going in a rush. I followed the instructions on using the p9100 package found at http://www.mysunrise.ch/users/cmu/dachlpd.htm cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] 4 nics with Bering
At 09:38 23/11/02 -0800, Stephen Lee wrote: As for running out of IRQs, how do I address that, since they are pci cards? In the bios perhaps? Yes. Have a look at the BIOS, to see which unused features of your motherboard can be disabled. With the LEAF boxes I've worked with I've been able to to disable two COM ports, the parallel port, and one or two IDE interfaces by editing BIOS settings, each of which frees up an IRQ. cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] How to add Cron on bering RC3
Hi Thitiporn At 17:08 15/11/02 +0700, Thitiporn Pornpirunrak wrote: Hi all I would like to add cron on bering RC3. I add my task in /etc/cron.d/multicron. I found that it doesn't work why. This is my multicron file. I think you may be editing the wrong file - try adding your task to /etc/crontab instead of /etc/cron.d/multicron. cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] How to send mail on bering box without CTRL+D
Hi Thitiporn At 17:19 14/11/02 +0700, Thitiporn Pornpirunrak wrote: mail -s Error to [EMAIL PROTECTED] I have to use CTRL+D to send that mail. I would like to know how to send them without CTRL+D. Anyone who know please tell me. If you prepare a text file, called something like message.txt, containing the message you want to send, you can use the following syntax and the mail will be sent without using CTRL+D. mail -s Error to [EMAIL PROTECTED] message.txt Hope that helps Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Via VT86C926 nic drivers
That card is an ne2000 compatible, so you'll need to use 8390 then ne2k-pci cheers Julian At 09:00 04/11/02 -0300, Roberto Pereyra wrote: Hi I have a Via VT86C926 PCI network adapter, and not find his bering driver. I just looking in bering modules package. Where can find it ?? thanks roberto --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering RC3 updatetime script not working..
Hi Anders At 16:10 22/09/02 +0200, Anders Åkesson wrote: $ ps axc | grep [x]ntpd Put [ ] around xntpd. Again, haven't tested on ash, just on ksh. But presuming it is a sh compatible shell, it should work. W! :D Works like a charm. Seems that [x] makes all the difference. What does it do? (Trying to learn a bit about scripts..) This is all pretty much straight from a textbook I read recently - I'm not that clever :) It was presented as the standard way of stopping grep processes matching themselves in process lists generated by the ps command. [x]ntpd is a regular expression that only matches the string xntpd, but the entry the grep command generates in the `ps axc` list will be grep [x]ntpd, so won't match. cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Looking for files - smb.lrp lpd.lrp
Hi Len Thanks for the information. It sounds like you've saved me some real problems. I'm also forwarding this reply (including the information you sent) to the leaf-user list, as the information may be useful to others fiddling around with printers on LEAF. regards Julian At 09:03 06/09/02 -0700, Len Ovens wrote: I found that lpd.lrp was broken as it came. It would not start the lpd daemon on system startup, I had to do this manually. The problem is in the /etc/init.d/lpd file. You may need to add a line right after any comments at the begining of the file that says: RCDLINKS=2,S60 6,K60 This creates the links in the rc2.d and rc6.d directories at startup. I found this very confusing as I could see that the package installed these two links when it loaded but then they seemed to get deleted before they were run. I finally figured it out by looking at some of the other files in /etc/init.d. I have been running a linux based system for years, but this is the first debian based system I have tried. I normally run Slackware. -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Looking for files - smb.lrp lpd.lrp
I'm trying to put together a lightweight Samba print server for the NT network at my office. The idea being, sturdy old Oki dot matrix + old PC + LEAF = dedicated LAN-accessible mailing label printer. The doc I'm working with (LRP-SambaPrinter.txt) refers to the Koon Wong packages archive, which appears to be currently defunct. Anyone know where I can find smb.lrp lpd.lrp ? Thanks Julian --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Looking for files - smb.lrp lpd.lrp
Replying to my own post - sorry. At 12:07 06/09/02 +0100, I wrote: snip /...the Koon Wong packages archive, which appears to be currently defunct. Anyone know where I can find smb.lrp lpd.lrp I've found a still-working mirror of the Koon Wong archive at http://leaf.sourceforge.net/devel/thc/files/kwarchive/ so now I've got the files I need. Sorry for wasted bandwidth. cheers Julian --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering SSH set-up...SSH file???
Hi Craig At 08:04 04/09/02 -0700, Craig wrote: I'm trying to set-up SSH on Bering and have a couple of questions: Do I also need to use the ssh.lrp package or do I truly only need the libz.lrp, sshd.lrp, and sshkey.lrp packages? You need libz.lrp and sshd.lrp for day-to-day running, and sshkey.lrp when initially setting up. For the setup you describe, you won't need ssh.lrp. I know the documentation at http://leaf.sourceforge.net/devel/jnilo/openssh.html says that I don't need the ssh.lrp but the reason I ask is because I don't have a /etc/init.d/ssh file as is referenced in the how-to at http://sourceforge.net/docman/display_doc.php?docid=1441group_id=13751 entitled How Do I add SSH to the LEAF boot disk Description: v0.8.0 by Steven Peck and I'm wondering why I don't??? Also, is the command to generate your key makekey (without the quotes of course) or ./mkhostkey as referenced in the How-to? Thank you. My sshd-enabled Bering install calls this file /etc/init.d/sshd - that's the file you'll want to examine. Steven's document is quite a bit older than Jacques', and it relates to significantly older, no-longer maintained releases of both LEAF and sshd, so may not be so useful or accurate. cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Mailing logs from Bering
Hi Michael At 09:04 30/08/02 -0400, Michael Leone wrote: I'm having trouble getting Bering 1.0-rc3 to mail me it's logs everyday. snip mail -s $LOG [EMAIL PROTECTED] /var/log/$LOG. The line I have in crontab to do (more or less) what you're doing is: mail -s Daily firewall log report to [EMAIL PROTECTED] /var/log/messages.0 So I think you're missing the to keyword. The line in your script should be: mail -s $LOG to [EMAIL PROTECTED] /var/log/$LOG.0 cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Mailing logs from Bering
Hi Michael At 10:18 30/08/02 -0400, Michael Leone wrote: Julian Church said: I think you're missing the to keyword. The line in your script should be: No, the to is unecessary; mail will work without it. My problem was that Shorewall was blocking SMTP traffic from the firewall out to other hosts. Thanks for the clarification, and sorry for the misleading info. Cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Upgrade of shorewall / teenager access control
At 06:50 22/08/02 -0700, Craig wrote: Hi folks, I want to just make sure that I'm understanding Kory's project that's he's been working on. He's disabling internet access for on of his kids computers on his LAN at a particular time (that much I understand). What I want to clarify is: he's specifying the IP address in Shorewall which he can do only because he statically sets addresses on his LAN, right? In other words, this project won't work if you have your firewall dynamically assign addresses, right? That's all just about right, except for one detail. Yes, it sounds like Kory is blacklisting by IP and you're right, that appoach only works if all relevant IP's remain static. However, it's also possible to make Shorewall blacklist by MAC address, which would still work if the IP's changed around (eg if Kory was using dhcpd etc). By the way, where do you find Shorewall 1.3.5? I've looked around, and can't seem to find it? www.shorewall.net - lots of other info there too. cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Identifying the scanning culprit???
Hi Joey There's nothing wrong with what Cass is telling you, but I get the impression a simpler approach might also be suitable. There already exist online tools to do just what you are trying to do. I generally use the following site, but there are others (try Googling for ipwhois) http://www.dnsstuff.com/ It's just a single webpage with a lot of handy DNS-related lookup tools on it. The IPWHOIS one is the one you want - enter the IP address you're interested in the box and click the button. cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Re: re sh-httpd perm Bug
Hi Dan At 00:07 30/07/02 -0700, Dan Harkless wrote: Of course weblet is still doing something I consider wrong -- it's saying the firewall is in red light / ERROR mode just because it has 251 denied or rejected packets. Isn't this the whole point of a firewall, to deny and reject those packets? How is this an ERROR? At worst, it should be at yellow alert. It's possible to adjust this behaviour by changing the weblet's OK/warning/error thresholds. I see you've got some advice on that already. There's also the possibility that the bulk of those packets are from one or two harmless sources that you don't really need to worry about - it's common for cable/ADSL systems to spew forth all sorts of stuff of this type. If this is the case it might be helpful to fiddle with your firewall rules so these things don't get logged in the first place. I'd be inclined to do the latter, mainly because I only really want stuff that I have to think about in my logs and I find a lot of extra rows of harmless activity often make more important entries difficult to spot, but it's your firewall - you should do whichever you want. cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk --- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Problem booting Bering RC3
Hi Patrick At 22:37 24/07/02 -0500, Patrick Teague wrote: I'm having problems when the computer boots. It gets as far as starting to load the packages, but after it starts loading the 1st or 2nd package it reboots starts all over. snip Now here's the really weird thing... it *was* working just fine. Then I actually mounted the floppy drives to the casing, screwed the cards in, put the top back on it took it downstairs... now it doesn't work no matter what I do. Not only that, but if I screw the screw that holds the video card in all the way it gives me an FDC error when it boots, I have to unscrew it half a turn to a full turn to get it to boot without this. snip Any ideas as to whether this is a software or hardware problem?? Thanks for any help. The fact that screwing in the cards makes the difference suggests to me that there's a problem with some bit of hardware somewhere. Perhaps the motherboard has a bit of damage somewhere and flexing it (by tightening screws, etc) or otherwise moving it about a bit is enough to make some part of it misbehave. If the problem was software, then tightening a few screws wouldn't make any difference. You could try testing this by using your cards, drives and boot disk with another motherboard or computer, if you can get hold of one. P.S. anyone know what drivers would work with a gigafast ethernet card? the drivers disk came with rtl8139.c snip For an RTL8139 card and Bering I think you need to load mii.o and 8139too.o, in that order. If that doesn't work, try using 8139cp.o instead of 8139too.o - you'll still need mii.o first afaict. cheers Julian --- This sf.net email is sponsored by: Jabber - The world's fastest growing real-time communications platform! Don't just IM. Build it in! http://www.jabber.com/osdn/xim leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] bering and ne2000 card?
Hi Klint At 18:33 15/05/02 +1000, Klint Gore wrote: I'm having trouble getting bering to recognize my isa ne2000 card ... You need to load the 8390 module before the ne module - could that be the problem? cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Hosts allow, SSH and dynamic IP addresses.
I've been trying to ssh into my firewall (Dachstein) from the internet at large (instead of from the internal network like I generally do). Experimenting, I added a line to hosts.allow, and used ipchains to put in a rule to accept the packets that came from my IP address, destined for the relevant port etc, and found I was able to log in by ssh without any problems. The problem I have is when I'll be doing this for real, I'll be using my internet connection at home where I have a dynamic IP address (changes about once a day). I'm wary of opening up the firewall to a big range of IP addresses (or whatever) so I tried setting up a hostname with a dynamic DNS system (dynDNS) and using the hostname instead of IP's. I think I have half a grasp of why that didn't work (I'd basically given my IP address an extra hostname, so forward and reverse name lookups didn't necessarily match - or something like that), and get the feeling that was the wrong approach to take for this problem. Can anyone give any pointers? What's the best way to grant yourself access by ssh if you have a dynamic IP? Do I need to relax a bit and put something pretty broad in hosts.allow, or is there a way to make a dynamic DNS system work the way I want? Thanks Julian Church -- [EMAIL PROTECTED] www.ljchurch.co.uk leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [Leaf-user] tulip problems
Hi All At 20:52 10/04/02 -0500, David Goodrich wrote: you can change the irq addresses with 3c5x9cfg.exe ... 3com doesn't have it on their site any more... Yes they do - it's on disk 1 of their Etherdisk package, downloadable here: http://support.3com.com/infodeli/tools/nic/3c509/3c5096.1.htm Cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] 3c509 and DHCP
Hi Everyone At 09:40 24/03/02 +1100, Glenn McKechnie wrote: Paul M. Wright, Jr. wrote: [...] The card on the internal network works fine, but the card on the cable modem side just will not get a DHCP address. I receive a couple of console messages: ETH0: Receive set to 1 addresses ETH0: Receive set to 0 addresses ETH0: Receive set to 1 addresses Operation failed Then the boot continues but 'ifconfig -v eth0' show no IP address. Is there something peculiar about these cards and dhclient? snip...you'll need the config program 3c5x9cfg.exe , run under dos. I've seen the file on leaf.sourceforge somewhere but a quick google should find one --- that's if it *is* you're problem :-) I've also used a few 3c509B NIC's and I really like them. But, adding to the advice already given to Paul, I have never got any of them to work without first setting them up in DOS with 3c5x9cfg.exe. This program, by the way, is distributed by 3com as part of their Etherdisk 1 drivers/utilities floppy. According to 3com, this can be downloaded at http://support.3com.com/infodeli/tools/nic/3c509/3c5096.1.htm, although I can't get that link to work at the moment. I had another thought. I still consider myself a bit of a newbie at this, but could the cable modem still have the old NIC's MAC address cached, and so be simply refusing to talk to the new card? For instance, with my cable provider (Telewest Blueyonder) I have to tell them if I attach a new NIC to the cable modem, either by using configuration control panel form type thing on their website or by phoning their tech support people. cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: Fw: [Leaf-user] lrp.c0wz.com and Rick Onanian's status
At 15:14 24/02/02 -0500, Lee F. Johnson III wrote: Rick is alive and kicking in Rhode Island, just taking an extended computer holiday, mountain biking, etc. Getting his head straight, etc., after some probably grueling PC work. I expect we'll see him back sometime in the not too distant future. And yes, c0wz.com went down due to @Home's port blocking of port 80. Wasn't it running OK on port 81 for a while after they did that, or did they block that too? cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Dachstein dial on demand PPP?
Hi All To save me a headache, has anyone already got a Dachstein-based dial on demand PPP disk image they wouldn't mind letting me have a copy of? I did this once (at home before I got broadband) using a ready-made disk image and information I from a 1999 Trevor Marshall BYTE magazine article, (link was on c0wz) but that was a bit reliable, and must be really old by now, so I'd prefer something more up to date. If not, anyone know of a decent, recent HOWTO for getting this going? I already started trying to do this myself starting with an ordinary dachstein image and I've found useful-sounding files such as ppp.lrp and diald.lrp, but not a lot of information. There is some information out there, but it seems mainly to relate to the old mountain releases, or LRP 2.9.4 etc, and now I'm used to Dachstein, it all seems a bit unfamiliar. Regards Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dachstein dial on demand PPP?
To Larry, Stephen and Erik Thanks for the information. I think I'm going to have a go with the khadley PPP disk, but I've got a copy of the jnilo bering disk in case I run into problems. cheers all Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] NIC card switching
Hi Doug At 20:14 12/02/02 -0800, Doug Sampson wrote: ... I've identified two possibilities for switching these two cards around as follows: 1) rearrange the order in which the NICs are listed in the /etc/modules file. That would do it and it's probably the quickest, neatest way to do achieve what you want. It's the way I'd go, certainly. 2) identify eth1 as the external card in /etc/network.conf and allow dlclient to retrieve an ip address for eth0. That might work too, but I don't think I'd go this way. It seems pretty much universal for eth0 to be the external interface on LEAF. There's nothing wrong with changing that per se, but I reckon it could confuse matters later. For instance, if you're installing new packages where the author has assumed eth0 is the external interface, or if need to get help troubleshooting from people who aren't so familiar with your setup. cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Beep on logged packet?
Hi All I'm trying to make my Dachstein (floppy) system beep whenever a packet gets logged in messages. I've got beep.lrp installed, and seem to have found a way to make suitable not-too annoying but still audible little noises by typing beep commands at the console prompt, but I don't know how to make the system trigger the beeping automatically. I'm hoping it's going to be a fairly simple matter of adding a beep command to a script somewhere, but I don't really know which script to edit or even if it is that simple. Hopefully it'll be fairly easy to disable later too. If it's really complicated I probably won't want to bother, so if there's no simple answer please just say. Can anyone suggest anything? cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Problems with 192.168 type ISP DHCP IP Address
At 06:54 12/02/02 -0700, Lance Robertson wrote: See my cable company doesn't give out real IPs they use a form of IPMasq themselves so my IP address is 192.168.107.40 on their internal network. Also my gateway is an internal IP address 192.168.96.0. Well all these addresses are being denied via ipchains. About midnight I finally just flushed everything in ipchains and set it up (somehow) so I could forward packets for my specific IP address and I finally got out. The solution is as simple as commenting out a line in the file /etc/ipfilter.conf. Find the part of ipfilter.conf that says # RFC 1918/1627/1597 blocks It'll be at about line 220 in a virgin Dachstein setup. A couple of lines below this you'll see the line $IPCH -A $LIST -j DENY -p all -s 192.168.0.0/16 -d 0/0 -l $* This is the one that's causing you problems, so comment it out. Backup your boot floppy and reboot, and you should be all set. cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Problems with 192.168 type ISP DHCP IP Address
Hi Lance At 07:40 12/02/02 -0700, Lance Robertson wrote: Thanks for the fast and simple response. I knew it had to be easy. Does this fix open me up to people trying to hack in via the cable modems internal network? No. It just means that packets with source IP's in the 192.168 range aren't rejected at such an early stage. To get to your network they'll still have to go through the rest of Dachstein's firewall rule set, just as if they came from the Internet at large. Nefarious packets will still be filtered out, whether they come from your ISP's semi-local network or the other side of the world. cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] What logs mean.
Hi Jason At 21:31 05/02/02 -0800, Jason C. Leach wrote: If I have an entry: Packet log: remote DENY eth0 PROTO=6 208.181.x.y:3254 208.181.x.y:80 L=48 S=0x00 I=63245 F=0x4000 T=121 SYN (#15) What does the PROTO=6 snip SYN #15 Mean. There's a really handy one-sheet PDF file about interpreting these log entries: http://leaf.sourceforge.net/devel/msensney/packetlog.pdf There's also an automatic tool that extracts all the important information for you: http://www.echogent.com/cgi-bin/fwlog.pl cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Need help getting LEAF running
At 09:03 06/02/02 -0800, Ray Olszewski wrote: At 06:32 AM 2/6/02 -0700, Hall, Michael A wrote: Now I can proceed to try to get the Win machine applications to access the outside world (mail, http, etc.). Is it necessary to enable these within network.conf? In general, no. snip For some problem services, you need to insmod special modules to handle outgoing connections properly ... ftp is the most common of these. I seem to remember that Dachstein has a load of these (including FTP) set up by default. Correct me if I'm wrong, by all means, but I'm pretty sure that's the case. -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Getting cable modem status
Hi Paul At 15:33 26/01/02 -0700, Paul Rimmer wrote: I'd like to be able to access my cable modem's built in web server through my DCD v1.01 firewall. Unfortunately the cable modem's IP is 192.168.100.1. Is there something I can add to my firewall scripts that will allow me to get at this IP from the internal (192.168.1.x) network? I had a similar problem with my ADSL box's status page. I got around this by adding the following to etc/ipfilter.conf $IPCH -I input 1 -j ACCEPT -p tcp -s 192.168.100.1 80 ! -y -d 0/0 -i $EXTERN_IF Cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Getting cable modem status
Hi John At 09:21 28/01/02 -0500, [EMAIL PROTECTED] wrote: Hello all. Perhaps somebody could shed a little for me. Do ADSL and Cable modems have built-in web pages? I was never aware of this.. I think the answer is that some do and some don't. At least mine (ADSL) does. It sounds like Paul's cable modem does too. cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] An ssh attack against ESb2
At 20:42 27/01/02 -0800, Jeff Newmiller wrote: I don't know if there is an ssh v1.2.32 LRP file, but I think Jacques Nilo's OpenSSH is up to date. I think you're right. sshd -h tells me (amongst other things) sshd version OpenSSH_3.0p1 Following the link you gave, http://www.kb.cert.org/vuls/id/JPLA-53TPWS says the vulnerability was fixed in OpenSSH 2.3.0 cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Getting cable modem status
At 10:35 28/01/02 -0500, Netcom wrote: Julian I believe you have passed along some good information here. I would like to ask you for a favor. At 01:45 PM 1/28/02 +, Julian Church wrote (snipped): $IPCH -I input 1 -j ACCEPT -p tcp -s 192.168.100.1 80 ! -y -d 0/0 -i $EXTERN_IF Would you explain with a little more detail what thus rule is doing? I get some of it, and don't get some.THANKS, eitherway. Although I've been fiddling about with LEAF for about a year now, I still feel like a bit of newbie about this, so if anyone wants to correct anything, they should just jump in. This is what worked for me. In general terms this ipchains command, modifies your firewall rules to allow packets of a certain type through. First bit is about where the new rule should go. -I input 1 insert at position one in the input chain (that's a capital I, not an l or anything) Then what to do with the packets. -j ACCEPT jump to the accept chain (basically just let the data through) The next part is where we specify what packets the new rule should act on. Remember this should describe packets we want to let through, not the ones we want to stop. -p tcp protocol is TCP -s 192.168.100.1 80 with source IP 192.168.100.1 and source port 80 -d 0/0 with any destination address (not sure if I need this really) ! -ywithout the SYN flag (see below) -i eth0 packets arriving at eth0 (I'm assuming eth0 is the external interface) I'm not 100% sure about the SYN flag thing. As I understand it, the SYN flag indicates that a packet is sent to initiate a connection. If you're viewing the modem's web page, then your browser will be the one initiating the connection, so packets returning from the modem's webpage shouldn't have SYN set. I get the impression that SYN packets can be used by hackers to cause more damage, so it seemed sensible to specify a rule that would still exclude them. Hope that helps Julian Church -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] remote access to dachstein
Hi All At 13:35 17/01/02 -0800, Victor McAllisteer wrote: There was a post here recently from someone who got libz.lrp and sshd.lrp to fit on a single floppy. He stripped the pretty version of weblet and used one without graphics if I remember correctly. Unfortunately the search feature does not appear to work on the list so I can't find the message. That was me actually, and it really isn't that hard. A standard Dachstein 1680K floppy has about 275KB of free space anyway, while libz.lrp and sshd.lrp total around 330KB - you've only got to find about 55 KB. Here's exactly what I did: 1. In /var/sh-www/, I deleted lrpStat.jar, the weblet's java-based bandwidth monitor, and netmon.html, the html document that's used to display it. To keep things neat and tidy, I then opened up index.html and edited out the resulting broken link to netmon.html. 2. Then I had a look at the file etc/modules (from lrcfg, menu options 3, 3, then 1), took notes of the ethernet card modules I'm using, then commented out all the ip_masq modules I'm unlikely to use. Then, in lib/modules/, I deleted everything I didn't need. I notice that the ethernet card modules are in general bigger than the ip_masq ones, so get rid of the unused ethernet ones first if you're unsure. 3. Then, I backed up. Weblet.lrp reduced in size from about 67 K to about 18 K, and modules went from 113 K to about 24 K. Giving me an extra 138K of extra space (that's about 400-odd K in total) which was plenty. You might not get modules to get so small - I was lucky because I didn't need many ip_masq modules, and both NIC's in my firewall use the ne.o module which is one of the smallest. Still, I have space to spare so you'll still probably have made enough space even if your setup is a fair bit more complex. 4. I still didn't have room for the ssh key generator program, sshkey.lrp, on the floppy so had to install it manually after boot. Once the key is generated though, you don't need it any more so there isn't actually much point in trying too hard to fit it on the boot floppy in any case. Instructions for this part are at http://leaf.sourceforge.net/devel/jnilo/openssh.html. If anyone thinks I should flesh this out into a howto, just let me know. cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Repeated tcp port 21 connection attempts
Hi All I keep getting connection attempts on tcp port 21 from this particular IP address. I'm pretty sure this is someone trying to connect to an FTP server on my network. Incidentally, there are no FTP servers on my LAN. The packets come in a fixed pattern, four over a period of about 30 seconds, then about five minutes later, a similar packet but without the SYN flag set appears, like this: Jan 17 07:38:28 thingeek kernel: Packet log: input DENY eth0 PROTO=6 202.64.203. 30:41900 217.149.96.2:21 L=44 S=0x00 I=33343 F=0x T=110 SYN (#73) Jan 17 07:38:31 thingeek kernel: Packet log: input DENY eth0 PROTO=6 202.64.203. 30:41900 217.149.96.2:21 L=44 S=0x00 I=35647 F=0x T=110 SYN (#73) Jan 17 07:38:37 thingeek kernel: Packet log: input DENY eth0 PROTO=6 202.64.203. 30:41900 217.149.96.2:21 L=44 S=0x00 I=35903 F=0x T=110 SYN (#73) Jan 17 07:38:49 thingeek kernel: Packet log: input DENY eth0 PROTO=6 202.64.203. 30:41900 217.149.96.2:21 L=44 S=0x00 I=38719 F=0x T=110 SYN (#73) Jan 17 07:43:51 thingeek kernel: Packet log: input DENY eth0 PROTO=6 202.64.203. 30:41900 217.149.96.2:21 L=43 S=0x00 I=0 F=0x T=14 (#73) What might be the significance of there being no SYN flag on the last packet? I did a few whois lookups etc and found the email address of a technical contact at the ISP responsible for 202.64.203.30, but it occurred to me that if this address might be spoofed. What do you think? What action would you take? thanks Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Confusing packet in firewall logs
Hi Patrick, At 22:16 15/01/02 +0100, Patrick Benson wrote: Julian Church wrote: I was getting several of these packets per minute so I think it's fair to conclude that the problem has been solved. So it seems pretty certain that the fault was with the router somehow. My guess is that the router started sporadically NAT-ing packets again, giving them it's old/default NAT'd internal IP address 192.168.254.254. Have you tried typing 192.168.254.254 in a web browser? Since it's using the http port you just may have some sort of configuration manager installed that comes along with the router, sort of like weblet on Eigerstein and Dachstein. I have a Motorola Surfboard SB4100 which has 192.168.100.1 configured for the browser Yeah, it's got one of those pages, but I don't access it using the address 192.168.254.254. But I just now found that browsing to 192.168.254.254 makes the firewall produce packets very similar to the ones I was confused by yesterday in my logs... Jan 16 08:17:44 firewall kernel: Packet log: input DENY eth0 PROTO=6 192.168.254.254:80 217.149.96.2:62984 L=44 S=0x00 I=91 F=0x T=60 (#42) The router then just goes on producing them, and on and on and on - it's still doing it, so mystery solved! Many thanks for the pointers! Can anyone give me advice what to do with these things? I tried adding tcp_192.168.254.254_80 to SILENT_DENY but it doesn't seem to have done the trick for some reason. Also, I think it would be helpful to block requests from my LAN from reaching 192.168.254.254 port 80, so it's harder for anyone to accidentally set the router off doing this. Can anyone help? Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Confusing packet in firewall logs
Hi Patrick At 13:06 16/01/02 +0100, Patrick Benson wrote: Is that your model that is shown here? http://www.adslguide.org.uk/hardware/pictures.asp http://www.efficientnetworks.com/products/routbus.html Yes it is, but BT supply the router with different software including no user-configurable options and without the extra features of the proper Efficient Networks badged version, like DHCP etc. Because of this the BT version's configuration manager is really just a status / login page. Hope you resolve the issue!.. Solved it just now! My hunch was that once the ADSL router received an http request on 192.168.254.254 tcp port 80, it replies on the same port. When the firewall is set to DENY these packets they're just logged, dropped and ignored, the router gets no indication that the data has been received, so retries and retries and retries forever. I set the firewall to let these packets from this address and port pass through with : $IPCH -I input 1 -j ACCEPT -p tcp -s 192.168.254.254 80 ! -y -d 0/0 -i $EXTERN_IF So now (I suppose) the ADSL router can serve it's status page data properly, get whatever response it expects from the browser, and stop sending data. Thanks to everyone who helped. Julian Church. -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Confusing packet in firewall logs
I know What's this in my logs is a common query, but I really am confused this time. I'm getting a few of these in /var/log/messages per minute. Jan 15 10:40:14 firewall kernel: Packet log: input DENY eth0 PROTO=6 192.168.254 .254:80 217.149.96.2:61797 L=44 S=0x00 I=23250 F=0x T=60 (#42) Jan 15 10:40:29 firewall kernel: Packet log: input DENY eth0 PROTO=6 192.168.254 .254:80 217.149.96.2:61795 L=44 S=0x00 I=23251 F=0x T=60 (#42) I'm confused because eth0 is my external interface. 217.149.96.2 is the ext IP of the firewall. 192.168.254.254 doesn't appear anywhere on the LAN. The log analyser at http://www.echogent.com/cgi-bin/fwlog.pl tells me it's a return packet from a website someone on my network is trying to view, but given the 192.168.x.x source address I'm not sure that's correct. One more thing that may be significant (or just simple coincidence), I had our ADSL service changed from NAT to no-NAT in December, and the NAT router's internal address was 192.168.254.254. I changed over from Eigerstein to Dachstein at the same time though (effectively starting from scratch), so I don't think it's possible I've got some old setting in the firewall still hidden somewhere. Does anyone have any ideas? thanks Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Confusing packet in firewall logs
Sorry for replying to myself, but although I don't fully understand what was going on I seem to have made the problem stop. At 11:44 15/01/02 +, Julian Church wrote: I'm getting a few of these in /var/log/messages per minute. Jan 15 10:40:14 firewall kernel: Packet log: input DENY eth0 PROTO=6 192.168.254 .254:80 217.149.96.2:61797 L=44 S=0x00 I=23250 F=0x T=60 (#42) I switched the ADSL router's power off then on about an hour ago, and haven't had any of these packets since. I was getting several of these packets per minute so I think it's fair to conclude that the problem has been solved. So it seems pretty certain that the fault was with the router somehow. My guess is that the router started sporadically NAT-ing packets again, giving them it's old/default NAT'd internal IP address 192.168.254.254. I suppose it's worth noting (for the benefit of others who might experience similar problems) that the Model 5861 BT-branded ADSL routers that British Telecom install when you subscribe to their ADSL service can go spontaneously wonky in this particular way. cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] ssh / openssh?
Hi All, I use ssh to access and administer my Dachstein firewalls. (one home, one office). I'm a bit confused because there seem to be two versions of sshd.lrp available at the moment - The one I've always used is quite small, is called sshd.lrp, is available at ftp://ftp.linuxrouter.org/linux-router/dists/2.9.8/packages/ and is referenced in Steve Peck's sshd howto http://c0wz.steinkuehler.net/dox/sshd.txt. The other one is much bigger (too big for my floppy), is also called sshd.lrp, requires that I use libz.lrp and is part of openssh maintained by Jaques Nilo at http://leaf.sourceforge.net/devel/jnilo/index.html. Could someone explain the differences? Are the differences worth worrying about? Should I consider upgrading? cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] LEAF shell scripting novice resources
I know this is only just on topic, but I've been dabbling in a bit of shell scripting lately on my LEAF (Eigerstein) machine, and find it quite interesting. I find I can mangle scripts others have written to customise how they work a bit, but I can also see there's a lot more going on than I understand. I get the impression I need to start from the beginning to give myself a bit more of a solid foundation if I'm going to do anything really useful. I've not really done any Linux shell scripting apart from messing about with LEAF, although I've dabbled in a few programming/scripting languages over the past couple of years generally with half-decent results (mainly LotusScript, AppleScript, DOS batch files and a bit of C++, Javascript and Perl). 1. What is the LEAF (I generally use Eigerstein) shell script language called - is it just sh? 2. Can anyone recommend resources to get me started? Online resources are good, textbooks are better, and I find I tend to get on with O'Reilly books quite well. cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Debian 2.1 CD-ROM
Hi Stephen At 11:17 09/11/01 -0500, Stephen More wrote: According to the Guide Developing for LRP: The easiest way to write programs to work under LRP is to use Debian 2.1 (Slink). I can't seem to find slink or version 2.1 at: ftp://ftp.us.debian.org/debian/dists/ Can someone tell me where I can get this older version of debian from (I would prefer it on CD-ROM) ? Start at the link below, and find a local vendor. http://www.debian.org/distrib/vendors Some of the people listed are enthusiasts with CD-burners (the one I chose was), but I suppose some of them will be larger organisations - it all seems pretty informal. They'll burn the CDR's and mail them to you, probably charging a small fee per disk for delivery and duplication costs etc. I got a 3-disk set of a later version of debian for £12 (~$15 - ish) cheers Julian. -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] minor weblet change
At 18:16 30/10/01 -0600, Charles Steinkuehler wrote: Even better, create a new set of three images that look good but are smaller (in terms of file-size...keep the image size the same :). If no-one gets to this, I'll probably re-create the images from scratch...they'll be ugly, but they'll be small. I might not be very good at linux but I can do images. I'm a bit busy this morning but I can do something for you during lunch. I'll have some images mailed over to you in about three or four hours, Charles. cheers Julian -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] couple of questions....
Hi Wade At 10:42 10/09/01 -0400, Wade Hampton wrote: I am just getting back into trying LRP (been away for quite a while). I noticed several things on the LRP home page. It really should be updated and include links to LEAF and EigerStein You're talking about linuxrouter.org, yes? Trying to be as impartial as I can, about three months ago there was a big fall out amongst a lot of the LRP big boys. The guy who runs linuxrouter.org posted some political things on one of his web sites that a lot of people found pretty outrageous. Indeed, enough people were sufficiently and genuinely upset for a lot of the links between the linuxrouter.org guy and the rest of the LRP community to be severed. LRP development seems to be centred around http://leaf.sourceforge.net these days, but I generally start at http://lrp.c0wz.com:81 because it's good for more general LEAF/LRP info, and seems to have links to just about everywhere you need. The linuxrouter.org list is still running, but a lot of the gurus don't go there any more, so I'd advise that you're more likely to get the answers you need on this list. hope that helps cheers Julian Church -- [EMAIL PROTECTED] www.ljchurch.co.uk ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
