Re: [leaf-user] shorewall.net down?
This is from Shorewall mailing list. So use http://www1.shorewall.net Tom Eastep wrote: The administrator of the main web/ftp site has informed me that the site is currently down. Until service is restored, you can use: http://www1.shorewall.net ftp://ftp1.shorewall.net Sorry for the inconvenience. I've updated the DNS server to point www.shorewall.net and ftp.shorewall.net to my own server. I'll keep you posted... -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key - Original Message - From: Brent Gardner [EMAIL PROTECTED] To: leaf-user@lists.sourceforge.net Sent: Thursday, May 17, 2007 3:49 PM Subject: [leaf-user] shorewall.net down? Does anyone have or know of a mirror of the shorewall.net web site? I haven't been able to access it for a few days now. Thanks. Brent Gardner - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Does Leaf works on VMWARE
Try to get the bootdisk.ima from the ISO and tell your VMWare to boot from that floppy image. Another solution is to extract all files and then rebuild the ISO with 'mkisofs' - Original Message - From: ram [EMAIL PROTECTED] To: leaf-user@lists.sourceforge.net Sent: Monday, January 29, 2007 4:18 PM Subject: [leaf-user] Does Leaf works on VMWARE Hi Does Leaf works on VMWARE i have download and try to install, when i start the Virtual Machine after selecting ISO image i get Boot Error any help ram - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] openntpd in BU 3.0
Hello, Does anyone have openntpd working? On my WRAP box, it started, synced time to a remote server and after a minute or so, it died. In initial 'ps' I saw 3042 root336 S /bin/sh /etc/rc2.d/S20openntpd start 1615 root268 S /usr/sbin/openntpd -s 17664 root276 S /usr/sbin/openntpd -s then the following messages appear in the log Jan 11 11:50:04 firewall /usr/sbin/openntpd[28441]: dispatch_imsg in main: pipe closed Jan 11 11:50:04 firewall /usr/sbin/openntpd[28441]: Terminating Regarding the config, I only changed the following in /etc/openntpd/ntpd.conf: - allow it to listen on all interfaces listen on * - specify a single server server 132.246.168.164 P.S. while googling, I see that openntpd uses /etc/ntp.conf. But in BU30, the config is in /etc/openntpd directory and I do not see where the config is explicitly specified. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] openntpd in BU 3.0
Thanks KP, Pls send me the package or let me know when the change is (/etc/init.d/shorewall?) so I can do it myself. - Original Message - From: KP Kirchdoerfer [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED]; leaf-user@lists.sourceforge.net Sent: Thursday, January 11, 2007 1:41 PM Subject: Re: [leaf-user] openntpd in BU 3.0 Hello M Lu Am Donnerstag, 11. Januar 2007 19:13 schrieb M Lu: Hello, Does anyone have openntpd working? Yes. On my WRAP box, it started, synced time to a remote server and after a minute or so, it died. In initial 'ps' I saw 3042 root336 S /bin/sh /etc/rc2.d/S20openntpd start 1615 root268 S /usr/sbin/openntpd -s 17664 root276 S /usr/sbin/openntpd -s then the following messages appear in the log Jan 11 11:50:04 firewall /usr/sbin/openntpd[28441]: dispatch_imsg in main: pipe closed Jan 11 11:50:04 firewall /usr/sbin/openntpd[28441]: Terminating Regarding the config, I only changed the following in /etc/openntpd/ntpd.conf: - allow it to listen on all interfaces listen on * - specify a single server server 132.246.168.164 Ok, this should work. There is a known issue with listen on * (use 0.0.0.0 instead) - but obviously it's not the case in your setup. I had the same pb when I booted my router, starting openntpd later by hand was successful and it ran a until next reboot. Reason is that network access is too late for openntpd due to a late shorewall start. Starting shorewall ASAP (S,21) fixes the pb. I can send you a modified shorewall package, if you think it will help you kp - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] OT question: Connect WRAP box to laptop display
Hi all, I am helping a friend to setup LEAF on a WRAP box. He does not have any old computer with serial port so I cannot use my null-modem cable. Is there anyway I can connect and use the display on a laptop? The laptop (Compaq nx9600) does not have serial port, nor printer port. Thank you.and merry Xmas/happy new year. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] OT question: Connect WRAP box to laptop display
Thank you Erich, That was a very quick response. So I understand that it makes USB into serial port so I can use my null-modem and there will not be any changes necessacry to the config files both in syslinux.cfg and in terminal programs (e.g. Windows TerraTerm or Linux minicom). Correct me if I am wrong. Thanks again. Cheers. - Original Message - From: Erich Titl [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Cc: leaf-user@lists.sourceforge.net Sent: Monday, December 18, 2006 8:55 AM Subject: Re: [leaf-user] OT question: Connect WRAP box to laptop display Hi M Lu wrote: Hi all, I am helping a friend to setup LEAF on a WRAP box. He does not have any old computer with serial port so I cannot use my null-modem cable. Is there anyway I can connect and use the display on a laptop? The laptop (Compaq nx9600) does not have serial port, nor printer port. The least painful IMHO is to buy a USB to serial adapter cable. cheers Erich - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Reboot in BU 3.0
Hi Erich and Paul, - I do have wd1100 loaded in /etc/modules and there is wd1100.o in /lib/modules (5316 bytes). - I do not have the reboot=bios in syslinux.cfg. I will try when going home tonight. Is it possible that the wd1100.o is not the latest, I will check in CVS? In WRAP 2.x I had the same settings (wd1000 loaded but not the option reboot=bios in syslinux.cfg) and it reboots fine. Thank you very much. - Original Message - From: Erich Titl [EMAIL PROTECTED] To: leaf-user@lists.sourceforge.net Sent: Wednesday, September 06, 2006 2:28 AM Subject: Re: [leaf-user] Reboot in BU 3.0 Hi M Lu wrote: When I try to reboot the WRAP running BU 3.0, it just shutdown all services and I saw the message Restarting but it never actually restarted, just hung there. I needed to unplug and plug the power. Is the wd1100 module loaded ? Without it you won't have any luck. The wd1100 module has just recently undergone a little revision, so it _might_ not be on the beta1 distro. Look in CVS cheers Erich -- - Original Message - From: Paul Traina [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Sent: Tuesday, September 05, 2006 10:48 PM Subject: Re: [leaf-user] Reboot in BU 3.0 Make sure your kernel is being booted with reboot=bios in the option line (syslinux.cfg if running straight B-U 3.0). egrep reboot=bios /proc/cmdline will tell you if it's set right... - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Reboot in BU 3.0
When looking at dmesg I saw the following: .. 6wd1100.c: a few hacks by [EMAIL PROTECTED] 3wd1100.c: Can't register device. .. whereas on my friend's WRAP (still 2.x) I do not see the second line, so it could be the reason BTW, what does 6 or 3 mean from dmesg? The old dmesg does not write such numbers at the beginning of each line. - Original Message - From: M Lu [EMAIL PROTECTED] To: Erich Titl [EMAIL PROTECTED]; leaf-user@lists.sourceforge.net; Paul Traina [EMAIL PROTECTED] Sent: Wednesday, September 06, 2006 8:59 AM Subject: Re: [leaf-user] Reboot in BU 3.0 Hi Erich and Paul, - I do have wd1100 loaded in /etc/modules and there is wd1100.o in /lib/modules (5316 bytes). - I do not have the reboot=bios in syslinux.cfg. I will try when going home tonight. Is it possible that the wd1100.o is not the latest, I will check in CVS? In WRAP 2.x I had the same settings (wd1000 loaded but not the option reboot=bios in syslinux.cfg) and it reboots fine. Thank you very much. - Original Message - From: Erich Titl [EMAIL PROTECTED] To: leaf-user@lists.sourceforge.net Sent: Wednesday, September 06, 2006 2:28 AM Subject: Re: [leaf-user] Reboot in BU 3.0 Hi M Lu wrote: When I try to reboot the WRAP running BU 3.0, it just shutdown all services and I saw the message Restarting but it never actually restarted, just hung there. I needed to unplug and plug the power. Is the wd1100 module loaded ? Without it you won't have any luck. The wd1100 module has just recently undergone a little revision, so it _might_ not be on the beta1 distro. Look in CVS cheers Erich -- - Original Message - From: Paul Traina [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Sent: Tuesday, September 05, 2006 10:48 PM Subject: Re: [leaf-user] Reboot in BU 3.0 Make sure your kernel is being booted with reboot=bios in the option line (syslinux.cfg if running straight B-U 3.0). egrep reboot=bios /proc/cmdline will tell you if it's set right... - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Reboot in BU 3.0
This is definitly the reason, what happens if you insmod wd1100? wrapbox# insmod wd1100 insmod: A module named wd1100 already exists What is the BIOS version of your wrap and did it work before on that machine? I do not know. I bought this box last May and the files in the BIOS-update file (Ver 1.11) on http://www.pcengines.ch/wrap.htm are dated 11/8/2005 so mine must be quite old. - Original Message - From: Eric Spakman [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Cc: leaf-user@lists.sourceforge.net; Erich Titl [EMAIL PROTECTED] Sent: Wednesday, September 06, 2006 9:12 AM Subject: Re: [leaf-user] Reboot in BU 3.0 Hello M Lu: .. 6wd1100.c: a few hacks by [EMAIL PROTECTED] 3wd1100.c: Can't register device. .. whereas on my friend's WRAP (still 2.x) I do not see the second line, so it could be the reason This is definitly the reason, what happens if you insmod wd1100? I also use a wrap with the same module and don't see that message. You could try to download the latest 2.4.33 kernel tarball (http://leaf.cvs.sourceforge.net/leaf/bin/bering-uclibc/packages/) and try the updated wd1100 module. What is the BIOS version of your wrap and did it work before on that machine? BTW, what does 6 or 3 mean from dmesg? The old dmesg does not write such numbers at the beginning of each line. I have no idea, dmesg in busybox got a rewrite and those numbers appear now. They probably mean something ;-) Eric - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] PXEInstall and WRAP
Thanks Bob, I will update the BIOS (latest version is 1.11, correct?) and will try PXEInstall. Probably I can get the MAC of 1st NIC by looking at the output of 'ip' command on my box as it is still running now. Cheers. - Original Message - From: Bob von Knobloch [EMAIL PROTECTED] To: LEAF Request leaf-user@lists.sourceforge.net Sent: Wednesday, September 06, 2006 9:20 AM Subject: [leaf-user] PXEInstall and WRAP Hi Eric, hi M Lu, Eric, thanks for the tip. According to pcengines web site my (old) BIOS should have supported etherbooot but, in fact, did not. I updated the BIOS with crossed fingers, hoping it would go OK, it did! M Lu, I did some tests and discovered that the WRAP box seems only to boot from the 1st NIC (next to the dc power connector) I had to discover it's MAC address by connecting it to my DHCP server, first serving normal addresses, and observed the connection with Ethereal. Having got the MAC address, I added the PXE section on the DHCP server, configured my TFTP server according to the LEAF docs and it all worked. I don't know another way to get the MAC, normal PCs tend to display their MAC address during PXE boot, but the Etherboot module in the WRAP does not seem to do this. Regards, Bob - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] PXEInstall and WRAP
Just so I know how to do it when configuring new system.In fact when I upgraded from 2.x to 3.0, I opened the case, remove the old CF and started from scratch with new CF as I am afraid that I could make mistake and the system cannot run anymore. I had to reuse the old CF a couple of times because my old madwifi configuration does not work. I still have the case wide open so I want to take advantage of this opportunity. Thanks Eric. - Original Message - From: Eric Spakman [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Cc: LEAF Request leaf-user@lists.sourceforge.net Sent: Wednesday, September 06, 2006 10:44 AM Subject: Re: [leaf-user] PXEInstall and WRAP Hi M, Why do you want to run pxeinstall on an already configured box? PXEinstall is created to initial configure a WRAP or simular system. Eric Thanks Bob, I will update the BIOS (latest version is 1.11, correct?) and will try PXEInstall. Probably I can get the MAC of 1st NIC by looking at the output of 'ip' command on my box as it is still running now. Cheers. - Original Message - From: Bob von Knobloch [EMAIL PROTECTED] To: LEAF Request leaf-user@lists.sourceforge.net Sent: Wednesday, September 06, 2006 9:20 AM Subject: [leaf-user] PXEInstall and WRAP Hi Eric, hi M Lu, Eric, thanks for the tip. According to pcengines web site my (old) BIOS should have supported etherbooot but, in fact, did not. I updated the BIOS with crossed fingers, hoping it would go OK, it did! M Lu, I did some tests and discovered that the WRAP box seems only to boot from the 1st NIC (next to the dc power connector) I had to discover it's MAC address by connecting it to my DHCP server, first serving normal addresses, and observed the connection with Ethereal. Having got the MAC address, I added the PXE section on the DHCP server, configured my TFTP server according to the LEAF docs and it all worked. I don't know another way to get the MAC, normal PCs tend to display their MAC address during PXE boot, but the Etherboot module in the WRAP does not seem to do this. Regards, Bob - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Reboot in BU 3.0
Nothing was written to the screen for both wrapbox# rmmod wd1100 wrapbox# insmod wd1100 When I go home I will reboot and see how it goes. But I will definitely upgrade the latest modules. The one I use is from the 3.0 ISO. - Original Message - From: Eric Spakman [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Cc: leaf-user@lists.sourceforge.net; Erich Titl [EMAIL PROTECTED] Sent: Wednesday, September 06, 2006 10:36 AM Subject: Re: [leaf-user] Reboot in BU 3.0 Op Wo, 6 september, 2006 4:38 pm schreef M Lu: This is definitly the reason, what happens if you insmod wd1100? wrapbox# insmod wd1100 insmod: A module named wd1100 already exists Ok, so an rmmod wd1100 and insmod wd1100 - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Reboot in BU 3.0
OK, I could reboot only after upgrading with the new modules. Thank you - Original Message - From: Eric Spakman [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Cc: leaf-user@lists.sourceforge.net; Erich Titl [EMAIL PROTECTED] Sent: Wednesday, September 06, 2006 10:36 AM Subject: Re: [leaf-user] Reboot in BU 3.0 Op Wo, 6 september, 2006 4:38 pm schreef M Lu: This is definitly the reason, what happens if you insmod wd1100? wrapbox# insmod wd1100 insmod: A module named wd1100 already exists Ok, so an rmmod wd1100 and insmod wd1100 What is the BIOS version of your wrap and did it work before on that machine? I do not know. I bought this box last May and the files in the BIOS-update file (Ver 1.11) on http://www.pcengines.ch/wrap.htm are dated 11/8/2005 so mine must be quite old. Eric - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] PXEInstall and WRAP
Thanks for your info, Bob and Erich, I did update to the latest BIOS v1.11. But I am too tired to try setting up the TFTP/DHCP server. I will have to leave it on the weekend. But your message is very encouranging. Cheers. - Original Message - From: Bob von Knobloch [EMAIL PROTECTED] To: LEAF Request leaf-user@lists.sourceforge.net Sent: Wednesday, September 06, 2006 9:20 AM Subject: [leaf-user] PXEInstall and WRAP Hi Eric, hi M Lu, Eric, thanks for the tip. According to pcengines web site my (old) BIOS should have supported etherbooot but, in fact, did not. I updated the BIOS with crossed fingers, hoping it would go OK, it did! M Lu, I did some tests and discovered that the WRAP box seems only to boot from the 1st NIC (next to the dc power connector) I had to discover it's MAC address by connecting it to my DHCP server, first serving normal addresses, and observed the connection with Ethereal. Having got the MAC address, I added the PXE section on the DHCP server, configured my TFTP server according to the LEAF docs and it all worked. I don't know another way to get the MAC, normal PCs tend to display their MAC address during PXE boot, but the Etherboot module in the WRAP does not seem to do this. Regards, Bob - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] elvis.lrp in BU 3.0
Over the weekend, I had upgraded my WRAP box to 3.0. Thank all of you for suggestions. For 'vi', I installed elvis.lrp and I noticed that I could not do 'vi' as it complained about wrapper being in wrong place. Compare 2.x elvis.lrp and new one, the binaries are really in different locations (/usr/sbin in new and /usr/bin in old 2.x). When I changed the location and repack elvis.lrp, then it works fine. What suprised me is that nobody mentioned this so I think either my environment is not correct or people use a different editor on LEAF. Any comments? Thank you. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Reboot in BU 3.0
When I try to reboot the WRAP running BU 3.0, it just shutdown all services and I saw the message Restarting but it never actually restarted, just hung there. I needed to unplug and plug the power. I think I could reboot fine in old 2.x, using 'reboot' or 'shutdown -r now' What could be the cause for this? Thank you. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] PXEInstall
Hi Bob, how did you connect the WRAP box to your TFTP/DHCP server? I looked into the WRAP BIOS setting and I turned on 'Etherboot Enable' but when it reboot I do not see any MAC address listed so I am not sure to which NIC I should connect . My box has 3 NICs. Thank you. M Lu - Original Message - From: Bob von Knobloch [EMAIL PROTECTED] To: LEAF Request leaf-user@lists.sourceforge.net Sent: Tuesday, September 05, 2006 7:42 AM Subject: [leaf-user] PXEInstall Eric, I have successfully used the PXEInstall system. Just 1 tiny mistake in the docs: Under Using pxeinstall.tgz Chapter Setting up the new system The line: # dd if=/usr/sbin/mbr.bin of=/dev/hda bs=512 count=1 should be ../usr/bin/mbr.bin.. (At least, that is where I found the image using 'default'). Thanks for your efforts, it really makes installing on WRAP etc. very easy Regards, Bob - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] [ANN] LEAF Bering-uClibc 3.0-beta1
Hi KP and Eric, Thank you and other for all hard work on this. I could not boot from the ISO image using Virtual PC, not VMWare. I also downloaded the latest 2.4.2 and could not boot either. It just complained Boot Error. I found some old Bering ISO and it boots fine. The sizes for the images are 34,004,992 Bering-uClibc_2.4.2_iso_bering-uclibc... 38,971,392 Bering-uClibc_3.0-beta1_iso_bering-uclibc... and I can open them and saw all files inside. I will find some blank CD and cut it physically but I doubt it will work. Is there anything special about booting from the CD? - Original Message - From: KP Kirchdoerfer [EMAIL PROTECTED] To: leaf-user@lists.sourceforge.net Sent: Wednesday, August 23, 2006 2:14 AM Subject: [leaf-user] [ANN] LEAF Bering-uClibc 3.0-beta1 The floppy images, ISO image, ipv6 addon and a modules tarball are available in the File Releases Area: http://sourceforge.net/project/showfiles.php?group_id=13751package_id=67534 - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Bering-U 3.x packages
Thank you very much, Eric. Let us know when it is available. M Lu. - Original Message - From: Eric Spakman [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Cc: leaf-user@lists.sourceforge.net Sent: Tuesday, August 22, 2006 2:34 AM Subject: Re: [leaf-user] Bering-U 3.x packages Hi M, No official iso yet, but there will be one in the next day or two. Eric Hi, While helping a friend to build a Bering-U router (WRAP box), I noticed that there are now 3.x packages and I would like to use them. Is there any big file (similar to Bering-uClibc_2.4.2_iso_bering-uclibc-iso.bin) containing all packages or do I have to download the packages individually? Thank you. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Bering-U 3.x packages
Hi, While helping a friend to build a Bering-U router (WRAP box), I noticed that there are now 3.x packages and I would like to use them. Is there any big file (similar to Bering-uClibc_2.4.2_iso_bering-uclibc-iso.bin) containing all packages or do I have to download the packages individually? Thank you. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Upgrading to new version of Bering-U on WRAP box
Hi Erich, I prefer this method over the other Eric said yesterday as the change is less and you can have a backup in case something goes wrong and you do not have the time to fix it. With PXE, I do not know if you always need another machine to boot WRAP or you just use that to install new files the 1st time; but using a 2nd machine to boot WRAP is not feasible to me. Actually I used your images for testing WRAP when I bought it. I tried to install GRUB like you did on your images but failed and eventually I used syslinux. I will see if syslinux can be tweaked like you said. In case of GRUB, can you specify the LRPs in some directory or they need be in another partition? If I need another partition, can I repartition the current CF I have in WRAP box or do I need to remove it from the box and start from scratch. Thank you. - Original Message - From: Erich Titl [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Cc: leaf-user@lists.sourceforge.net Sent: Tuesday, February 14, 2006 10:24 AM Subject: Re: [leaf-user] Upgrading to new version of Bering-U on WRAP box Hi I am using GRUB to boot the WRAP. This way I can just add a new menu item which boots from different files, copied to another partition on the CF, well linux and initrd have to be on the boot partition but may have arbitrary names. That way I always have a fallback system to boot from if anything goes wrong. I believe the same could be done by tweaking syslinux.cfg cheers Erich --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Upgrading to new version of Bering-U on WRAP box
Hello, I would like to upgrade my oldder version of BeringU to a newer on WRAP box and I use syslinux to boot. Is there any good and safe way to do that without opening the box and removing the CF. I am afraid that during the upgrade I may do something stupid and the box would not boot anymore. Thank you for your suggestions. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Multiple public IP problem
Hello all, I help a friend to upgrade his Bering-U (v2.2.2 - kernel 2.4.26) to the latest and greatest v2.4-beta1 (kernel 2.4.32) and at the same time move from PC to WRAP box. He has 2 static IPs (x.x.x.11 and x.x.x.12) and the setting in network/interfaces file on the old router is auto eth0 iface eth0 inet static address x.x.x.11 netmask 255.255.255.0 broadcast x.x.x.255 gateway x.x.x.1 # secondary IP up ip addr add x.x.x.12/24 dev eth0 I use the same settings for the new etc.lrp on WRAP box. From the old router, I can ping both IP, x.x.x.11 and x.x.x.12 from outside. But when booting WRAP, I can ping only the first one, x.x.x.11 but not the other. We also turn on shorewall logging to make sure ping is allowed and we did not see anything regarding this 'ping'. My friend rebooted the ADSL modem but results are the same. When he connect back to the old router, things are OK again and I can ping both IPs. Is that possible that the ISP keeps the old information about the card (e.g. MAC address) and so we need to turn off ADSL for a while to flush the cache or the syntax in 2.4.32 kernel has changed or is there anything I did wrong? Thank you for any suggestions. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Multiple public IP problem
Thank you Eric. As my friend connect WRAP box to a terminal PC and plug WRAP's eth0 to his private network for me to test, I remote login into his network and change the settings in network/interfaces to get private IP rather than public IPs and both syntax, old (up ip addr add x.x.x.12/24 dev eth0) and new (up ip addr add x.x.x.12/24 brd x.x.x.255 dev eth0 label eth0:0) work well. I could ping both IPs, could SSH via both of them. The only difference I see is the showing in 'ip addr show dev eth0' command, as one shows as secondary eth0, and the other secondary eth0:0, and I do not think we use anything regarding eth0:0 in shorewall. I just hardcode both IPs in shorewall params file. - my old syntax: 'up ip addr add 192.168.5.36/24 dev eth0' 3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:60:97:a7:d8:56 brd ff:ff:ff:ff:ff:ff inet 192.168.5.35/24 brd 192.168.5.255 scope global eth0 inet 192.168.5.36/24 scope global secondary eth0 - your newer syntax: 'up ip addr add 192.168.5.36/24 brd 192.168.5.255 dev eth0 label eth0:0' 3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:60:97:a7:d8:56 brd ff:ff:ff:ff:ff:ff inet 192.168.5.35/24 brd 192.168.5.255 scope global eth0 inet 192.168.5.36/24 brd 192.168.5.255 scope global secondary eth0:0 Anyway, I will try the newer syntax with public IPs tonight when we get home. - Original Message - From: Eric Spakman [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Cc: leaf-user@lists.sourceforge.net Sent: Thursday, February 09, 2006 10:09 AM Subject: Re: [leaf-user] Multiple public IP problem Hello, The best way to setup a secondary interface is by doing: auto eth0 iface eth0 inet static address x.x.x.11 auto eth0:0 iface eth0:0 inet static address x.x.x.12 netmask 255.255.255.0 broadcast x.x.x.255 gateway x.x.x.1 But something like the following added to the eth0 definition should also work: up ip addr add x.x.x.12/24 brd x.x.x.255 dev eth0 label eth0:0 I'm not sure why it worked with 2.2.2, maybe your friend did change something in the shorewall config with the older version. There is a good document on the shorewall site, in the documentation section (2.4), about Shorewall and Aliased Interfaces. The config changes needed in shorewall are also described there. Eric Hello all, I help a friend to upgrade his Bering-U (v2.2.2 - kernel 2.4.26) to the latest and greatest v2.4-beta1 (kernel 2.4.32) and at the same time move from PC to WRAP box. He has 2 static IPs (x.x.x.11 and x.x.x.12) and the setting in network/interfaces file on the old router is auto eth0 iface eth0 inet static address x.x.x.11 netmask 255.255.255.0 broadcast x.x.x.255 gateway x.x.x.1 # secondary IP up ip addr add x.x.x.12/24 dev eth0 I use the same settings for the new etc.lrp on WRAP box. From the old router, I can ping both IP, x.x.x.11 and x.x.x.12 from outside. But when booting WRAP, I can ping only the first one, x.x.x.11 but not the other. We also turn on shorewall logging to make sure ping is allowed and we did not see anything regarding this 'ping'. My friend rebooted the ADSL modem but results are the same. When he connect back to the old router, things are OK again and I can ping both IPs. Is that possible that the ISP keeps the old information about the card (e.g. MAC address) and so we need to turn off ADSL for a while to flush the cache or the syntax in 2.4.32 kernel has changed or is there anything I did wrong? Thank you for any suggestions. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Multiple public IP problem
I used your syntax but the result was the same. Then I tried to fake the MAC address (adding line hwaddress ether address old-router-mac-addr) and it worked. Still a mystery to me as if ISP keeps that info, why I can ping the 1st IP and not the second. Again thank you for your suggestions always quick and helpful. - Original Message - From: Eric Spakman [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Cc: leaf-user@lists.sourceforge.net Sent: Thursday, February 09, 2006 10:09 AM Subject: Re: [leaf-user] Multiple public IP problem Hello, The best way to setup a secondary interface is by doing: auto eth0 iface eth0 inet static address x.x.x.11 auto eth0:0 iface eth0:0 inet static address x.x.x.12 netmask 255.255.255.0 broadcast x.x.x.255 gateway x.x.x.1 But something like the following added to the eth0 definition should also work: up ip addr add x.x.x.12/24 brd x.x.x.255 dev eth0 label eth0:0 I'm not sure why it worked with 2.2.2, maybe your friend did change something in the shorewall config with the older version. There is a good document on the shorewall site, in the documentation section (2.4), about Shorewall and Aliased Interfaces. The config changes needed in shorewall are also described there. Eric Hello all, I help a friend to upgrade his Bering-U (v2.2.2 - kernel 2.4.26) to the latest and greatest v2.4-beta1 (kernel 2.4.32) and at the same time move from PC to WRAP box. He has 2 static IPs (x.x.x.11 and x.x.x.12) and the setting in network/interfaces file on the old router is auto eth0 iface eth0 inet static address x.x.x.11 netmask 255.255.255.0 broadcast x.x.x.255 gateway x.x.x.1 # secondary IP up ip addr add x.x.x.12/24 dev eth0 I use the same settings for the new etc.lrp on WRAP box. From the old router, I can ping both IP, x.x.x.11 and x.x.x.12 from outside. But when booting WRAP, I can ping only the first one, x.x.x.11 but not the other. We also turn on shorewall logging to make sure ping is allowed and we did not see anything regarding this 'ping'. My friend rebooted the ADSL modem but results are the same. When he connect back to the old router, things are OK again and I can ping both IPs. Is that possible that the ISP keeps the old information about the card (e.g. MAC address) and so we need to turn off ADSL for a while to flush the cache or the syntax in 2.4.32 kernel has changed or is there anything I did wrong? Thank you for any suggestions. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Openvpn - Bering uClibc 2.3
I use ntpdate and specify a NTP server in its config. This will correct the time right after your box is up. Make sure you allow your box to connect to that server. If you have an internal NTP server, it would be good. - Original Message - From: Bob von Knobloch [EMAIL PROTECTED] To: LEAF Request leaf-user@lists.sourceforge.net Sent: Friday, January 20, 2006 4:38 AM Subject: [leaf-user] Openvpn - Bering uClibc 2.3 Dear List, I have now succeeded in installing an OpenVPNZ on my WRAP LEAF Box. Everything works very well. This sort of surprised me, I am used to working with professional IKE/IPSEC VPNs and OpenVPN seems at least as good. For information, one small problem remains that is LEAF orientated: The boot-up process starts OpenVPN too soon, ntpsimpl needs to be started first. This acn be fixed but ntpsimpl, although modified with a script from Erich Titl does not actually set the system date for quite some time after it has fetched the time from the Internet. For OpenVPN this causes the startup process to reject all local Certificates as being invalid (this is true - when a Certificate's date lies in the apparent future, the Certificate is indeed not valid). This is not corrected by waiting. A new reboot is required. (To reiterate, the problem is caused by the ISP rejecting logon attempts for a period shortly after a disconnect - for example a 10 second power failure would cause the system to fail and stay failed). I will think about this and experiment with solutions. Any suggestions are, of course, very welcome. Bob --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] What modules are needed for shorewall 3.0 traffic shaping?
Thank you, Jaap, I could start shorewall with those # sch_ingress sch_htb sch_prio sch_sfq cls_u32 cls_fw - Original Message - From: Jaap Eldering [EMAIL PROTECTED] To: leaf-user@lists.sourceforge.net Sent: Tuesday, December 13, 2005 2:41 AM Subject: Re: [leaf-user] What modules are needed for shorewall 3.0 traffic shaping? On Mon, Dec 12, 2005 at 11:55:23PM -0500, M Lu wrote: I upgraded to shorewall 3.x and would like to use the built-in traffic shaping. After creating some simple tc-files I started shorewall and I got error Processing /etc/shorewall/tcdevices... RTNETLINK answers: Invalid argument and I think that some modules (for HTB?) are missing. According to shorewall documentation: ...For builtin support, you need the HTB scheduler, the PRIO pseudoscheduler and SFQ queue. The other scheduler or queue algorithms are not needed... Can somebody list what modules I need to specify in /etc/modules? For these you need: sch_htb sch_prio sch_sfq You can find these in directory kernel/net/sched of the modules tree. Jaap --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] What modules are needed for shorewall 3.0 traffic shaping?
Hi, I upgraded to shorewall 3.x and would like to use the built-in traffic shaping. After creating some simple tc-files I started shorewall and I got error Processing /etc/shorewall/tcdevices... RTNETLINK answers: Invalid argument and I think that some modules (for HTB?) are missing. According to shorewall documentation: ...For builtin support, you need the HTB scheduler, the PRIO pseudoscheduler and SFQ queue. The other scheduler or queue algorithms are not needed... Can somebody list what modules I need to specify in /etc/modules? Thank you. M Lu --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] New Problem with UClibc syslinux
Richard, Do you have those packages in syslinux.cfg or leaf.cfg? Try leaf.cfg if you did not use it. Mine look like this syslinux.cfg --- .. default linux initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0 LEAFCFG=/dev/hda1:msdos leaf.cfg(in 3 lines, I guess the white spaces and returns are ignored in between quotes --- LRP=root,config,etc,local,modules,iptables,dhcpcd, ulogd,shorwall,dnscache,dropbear, dhcpd,libm,libpcap,daemontl,tinydns .. - Original Message - From: Tibbs, Richard [EMAIL PROTECTED] To: Leaf-User (E-mail) leaf-user@lists.sourceforge.net Sent: Tuesday, November 29, 2005 12:13 PM Subject: [leaf-user] New Problem with UClibc syslinux OK, I put a new modules file together from Arne's web page, and back to square one. Stops after local. I tried 3 different diskettes all with same result. Nothing of the following loads from syslinux LRP= modules,mawk,lpthread,ipsec,libcrpto,shorwall,dnscache,dhcpd What could be wrong here? Rick. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tibbs, Richard Sent: Monday, November 28, 2005 2:48 PM To: Leaf-User (E-mail) Subject: RE: [leaf-user] Problem with UClibc syslinux Well, the quotes did not help, but putting together a package via Arne's modules.cgi fixed the problem. I think modules from the floppy was hanging it up Thanks, Rick. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Spakman Sent: Monday, November 28, 2005 1:37 PM To: Leaf-User Subject: Re: [leaf-user] Problem with UClibc syslinux Hello Richard, Not sure, but it can be a hidden character. You could try the line with quotes around it: LRP=root,keyboard,config,etc,local,modules,mawk,lpthread,ipsec,libcrpto ,shorwall,dnscache,dhcpd Eric Tried Bering UClibc with some strange results this w/e. My syslinux config file is: display syslinux.dpy timeout 0 default linux initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0 LEAFCFG=/dev/fd0:msdos PKGPATH=/dev/fd0:msdos,/dev/cdrom:iso9660 syst_size=12M log_size=4M LRP=root,keyboard,config,etc,local,modules,mawk,lpthread,ipsec,libcrpto, shorwall,dnscache,dhcpd (no line breaks from default... dhcpd) But, syslog file says the kernel command line stops at local. I used EditPadlite on windoze to edit syslinux.cfg ... This has worked for many leafs before including Bering 1.2 Anyone know what might be the problem? TIA Rick. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37alloc_id865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37alloc_id865op=ick leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37alloc_id865op=ick leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
[leaf-user] shorewall3.lrp not accessible
I see that package in testing area but the link is not correct. Same for siproxd.lrp. Can anybody fix them? Thank you. --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_id=7628alloc_id=16845op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] hostapd with madwifi NIC
Hi Eric, I am sorry for the delay. Since Sunday, I runs hostapd.lrp you sent me with madwifi and it is great, no problem so far. I just do not know why I do not see messages dumped to the dumpfile as I specified in the config file (see below), only to daemon.log, but other than that it is OK. I am busy with other work so I cannot test the current hostapd package in the latest 2.3 ISO CD, but like you said, it should work too. Can anybody from the list confirm that? Just want to thank you again for all your help. What I am using now are: - madwifi modules from 2.3 ISO, i.e. old codebase from madwifi - hostapd you sent me (0.4.5-2) - wireless 28pre10 which I compiled myself. The one in ISO is 28pre8 There is no need to include hostapd.o module in /etc/modules like you said. I run hostapd as 'hostapd -B -dd /etc/hostapd/madwifi.conf', and the config file looks like the following START of /etc/hostapd/madwifi.conf # interface=ath0 driver=madwifi logger_syslog=-1 logger_syslog_level=2 logger_stdout=-1 logger_stdout_level=2 # Debugging: 0 = no, 1 = minimal, 2 = verbose, 3 = msg dumps, 4 = excessive debug=3 # Dump file for state information (on SIGUSR1) dump_file=/tmp/hostapd.dump # SSID to be used in IEEE 802.11 management frames ssid=myssid # Station MAC address -based authentication # 1 = deny unless in accept list macaddr_acl=1 # this file contains all MACs of the machines you allow, one per one line accept_mac_file=/etc/hostapd/hostapd.accept eapol_key_index_workaround=0 eap_server=0 # WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit wpa=1 wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP wpa_group_rekey=600 # END of /etc/hostapd/madwifi.conf - Original Message - From: Eric Spakman [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Sent: Tuesday, November 01, 2005 3:35 PM Subject: Re: [leaf-user] hostapd with madwifi NIC Hi, I compiled the latest Debian unstable version of hostapd (0.4.5-2) with madwifi support, I have attached it to this mail. You may give it a try when you don't succeed with the stable version. Eric --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] hostapd with madwifi NIC
Hi, When using hostapd with madwifi wireless NIC (I specidy driver=madwifi in the hostapd.conf file), do I need to load the hostap.o module and other hostap modules (such as hostap_crypt_xxx.o) in /etc/modules? Thank you. --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Changing mac address in dhcp mode
You can look at the DHCP client files and see where to send MAC address to DHCP server, then specify the MAC of the old NIC. - Original Message - From: Stephen Lee [EMAIL PROTECTED] To: Leaf-user Leaf-user@lists.sourceforge.net Sent: Tuesday, November 01, 2005 4:28 PM Subject: [leaf-user] Changing mac address in dhcp mode Hi, I'm replacing our current USR firewall/router to a current release Bering box. I need to change the wan nic mac address (eth0) on the Bering box to ensure I get the same IP number back from my ISP. I was able to change it if I had set eth0 to static with the additional hwaddress line in the interfaces file: iface eth0 inet static address 12.34.56.78 netmask 255.255.255.0 broadcast 12.34.56.255 gateway 12.34.56.78.1 hwaddress ether address 00:00:00:00:00:00 but the same line has no effect if eth0 is set for dhcp: auto eth0 iface eth0 inet dhcp hwaddress ether address 00:00:00:00:00:00 How do I set the mac address if eth0 is set to dhpc mode? Thanks, Stephen --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] ttys errros on Bering 2.3
Hi Eric, After starting with untouched files from the CD and changing only /etc/inittab and /etc/securetty for the serial console, I could boot the WRAP box OK and no errors on ttys. Then I started adding my own packages one by one and eventually I see that when I added dnscache.lrp then the errors showed. Looking carefully at this bad dnscache.lrp and my working dnscache.lrp I found out the size of the bad one is about 2-times larger and here is the mistake I made: I untar-gz etc.lrp into a temp place, then forgot to clean it and went on with dnscache.lrp, made changes and tar-gz it back. The original /etc/inittab went into dnscache.lrp and because dnscache.lrp appeared after etc.lrp in leaf.cfg, the original inittab is used which caused ttys errors. I apologize for causing false alarm and taking up your time for my stupid mistake. Thanks again for your quick support. - Original Message - From: Eric Spakman [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Cc: leaf-user@lists.sourceforge.net Sent: Wednesday, October 26, 2005 4:28 PM Subject: Re: [leaf-user] ttys errros on Bering 2.3 Hello, Hi Eric, the ttys errors still happened and I am scratching my hair on what could use tty1 and tty2. I even deleted all lines referring to tty1, tty2... in /etc/inittab and the errors are still there. I could not see the login promt on the console attached via minicom and so I cannot login. Is there a way to see what process/package is using those ttys? The only way I know of is using ps to see the running processes, but that is somewhat difficult without a working console. I searched through all source, but couldn't find an other place besides /etc/inittab where a getty is started on tty1/tty2. The problem seems to start during, or just after crond runs. Do you have some custom cron scripts? Which packages do you have installed? Eric Thank you. --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] madwifi drivers on Bering 2.3
I understand that madwifi is now moving to new codebase (http://madwifi.org/wiki/NewCodebase), which has a lot of new features (virtual AP, WDS support etc). Are you planning to have that new codebase in LEAF Bering-U? - Original Message - From: Eric Spakman [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Cc: leaf-user@lists.sourceforge.net Sent: Wednesday, October 26, 2005 4:54 PM Subject: Re: [leaf-user] madwifi drivers on Bering 2.3 Hello M, The madwifi drivers are still in beta stage, so it's possible that some debug code is enabled by default. I will take a look anyway. Eric --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Madwifi Drivers for Bering uClibc 2.3 rc1- 3rd try
Jeremy, with new madwifi, it seems a little bit more complicated. You will have wifi0 as the place holder for each wireless NIC (previously) and then you need to use some tool (hopefully Eric built together with modules) to create ath0 out of wifi0 and then apply the settings on ath0. So basically when you do 'ip addr' you should see both wifi0 and ath0 but when 'iwconfig' you see ath0 having wireless settings. In fact I am just reading the readme file and will try to see if I can use them later. Also your NIC could be still new and not sure if it is supported. - Original Message - From: Jeremy Tourville [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; leaf-user@lists.sourceforge.net Sent: Friday, October 28, 2005 10:03 PM Subject: Re: [leaf-user] Madwifi Drivers for Bering uClibc 2.3 rc1- 3rd try Hello Jeremy, Attached you will find the drivers from today's snapshot. I hope they work! Eric Well, I tried the new drivers you compiled with no luck. Is my card still not supported by the new code drop? I have a MIMO card. It is a D Link DWL-G520M. It has the AR5513 processor/chipset. Here is some diagnostic output for everyone. I have snipped some output to only include relevant info. firewall# cat /proc/pci PCI devices found: Bus 0, device 11, function 0: Class 0200: PCI device 168c:0020 (rev 1). IRQ 9. Master Capable. Latency=80. Min Gnt=10.Max Lat=28. Non-prefetchable 32 bit memory at 0xfcfe [0xfcff]. firewall# dmesg wlan: 0.8.4.2 (Atheros/multi-bss) wlan: mac acl policy registered ath_hal: 0.9.15.1 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413) ath_rate_onoe: 1.0 ath_pci: 0.9.4.5 (Atheros/multi-bss) firewall# more modules # /etc/modules: kernel modules to load at boot time. # # Wireless AP wlan wlan_acl wlan_tkip wlan_xauth ath_hal ath_rate_onoe ath_pci firewall# lsmod Module Size Used byTainted: P ath_pci56820 0 (unused) ath_rate_onoe 2900 0 [ath_pci] ath_hal 179184 0 [ath_pci] wlan_xauth 216 0 (unused) wlan_tkip 8368 0 (unused) wlan_acl1784 0 (unused) wlan 116530 0 [ath_pci ath_rate_onoe wlan_xauth wlan_tkip wlan_acl] softdog 1360 1 ipt_state272 17 ipt_helper 400 0 (unused) ipt_conntrack692 0 ipt_REDIRECT 480 0 (unused) ipt_MASQUERADE 1024 2 ip_nat_irc 1704 0 (unused) ip_nat_ftp 2152 0 (unused) iptable_nat14332 3 [ipt_REDIRECT ipt_MASQUERADE ip_nat_irc ip_nat_ftp] ip_conntrack_irc2484 1 ip_conntrack_ftp3132 1 ip_conntrack 16516 2 [ipt_state ipt_helper ipt_conntrack ipt_REDIRECT ipt_MASQUERADE ip_nat_irc ip_nat_ftp iptable_nat ip_conntrack_irc ip_conntrack_ftp] 3c59x 23768 2 3c515 11052 1 isofs 15732 0 (unused) ide-detect 132 0 (unused) ide-cd 26748 0 ide-disk 11308 0 ide-core 80476 0 [ide-detect ide-cd ide-disk] cdrom 25344 0 [ide-cd] firewall# ip address show 1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:10:4b:6e:ef:9a brd ff:ff:ff:ff:ff:ff inet 70.224.209.172/24 brd 70.224.209.255 scope global eth0 4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:a0:24:37:d4:c0 brd ff:ff:ff:ff:ff:ff inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1 5: eth2: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:a0:24:75:b2:50 brd ff:ff:ff:ff:ff:ff inet 192.168.2.100/24 brd 192.168.2.255 scope global eth2 # /etc/network/interfaces -- configuration file for LEAF network # Step 7 (optional): configure wireless AP (Madwifi) auto ath0 iface ath0 inet static address 192.168.3.1 netmask 255.255.255.0 broadcast 192.168.3.255 wireless-mode master wireless rate 54M wireless-essid default up /sbin/iwpriv/ ath0 mode 3 Thanks all in advance for your help! Jeremy --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request --
Re: [leaf-user] madwifi drivers on Bering 2.3
Hi Eric, I will send you off list. It is possible that the file is corrupted. I used a Fedora Core machine to edit the files, but I did copy and paste some lines from Windows Ultra Edit. Hopefully you can detect my mistake. I did not use insmod manually. I should have done it. I will do it tonight. Thank you. - Original Message - From: Eric Spakman [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Cc: leaf-user@lists.sourceforge.net Sent: Wednesday, October 26, 2005 2:36 AM Subject: Re: [leaf-user] madwifi drivers on Bering 2.3 Can you mail the exact contents of /etc/modules? Insmod is displaying its options because an illegal option is found. Did you try to insmod the modules by hand? Eric I have them in /etc/modules as wlan wlan_acl wlan_ccmp wlan_tkip wlan_wep wlan_xauth ath_hal ath_rate_sample ath_pci but on loading wlan_ccmp as well as a couple of other modules, BusyBox reported error: wlan - Using /var/lib/lrpkg/mnt/modules/net//./wlan.o wlan: 0.8.6.0 (EXPERIMENTAL) wlan_acl - Using /var/lib/lrpkg/mnt/modules/net//./wlan_acl.o wlan: mac acl policy registered wlan_ccmp - BusyBox v1.00 (2005.08.02-19:26+) multi-call binary Usage: insmod [OPTION]... MODULE [symbol=value]... ^^ wlan_tkip - BusyBox v1.00 (2005.08.02-19:26+) multi-call binary Usage: insmod [OPTION]... MODULE [symbol=value]... wlan_wep - Using /var/lib/lrpkg/mnt/modules/net//./wlan_wep.o wlan_xauth - BusyBox v1.00 (2005.08.02-19:26+) multi-call binary Usage: insmod [OPTION]... MODULE [symbol=value]... ath_hal - Using /var/lib/lrpkg/mnt/modules/net//./ath_hal.o Warning: loading ath_hal will taint the kernel: non-GPL license ath_hal: 0.9.14.9 (- Proprietary AR5210 See http://www., AR5211tux.org/lkml/#ex, AR5212port-tainted for, RF5111 information abo, RF5112ut tainted modul, Rs) ath_rate_sample - BusyBox v1.00 (2005.08.02-19:26+) multi-call binary Usage: insmod [OPTION]... MODULE [symbol=value]... ath_pci - Using /var/lib/lrpkg/mnt/modules/net//./ath_pci.o insmod: unresolved symbol ath_rate_findrate insmod: unresolved symbol ath_rate_newassoc insmod: unresolved symbol ath_rate_detach insmod: unresolved symbol ath_rate_node_init insmod: unresolved symbol ath_rate_setupxtxdesc insmod: unresolved symbol ath_rate_dynamic_sysctl_register insmod: unresolved symbol ath_rate_node_cleanup insmod: unresolved symbol ath_rate_attach insmod: unresolved symbol ath_rate_tx_complete insmod: unresolved symbol ath_rate_newstate -- Could anybody help? Thank you. --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] madwifi drivers on Bering 2.3
Hi Eric, Thanks a lot for suggestions. I started from the original modules.lrp from CD and I copied all needed modules to that modules.lrp. This time the madwifi modules are loaded OK. I did not test the wireless yet but I think it should be fine. So for some reason my old /etc/modules has been corrupted. This time I saw 2 lines about Debugging version (see below) and not sure if that's just warning or we are using debugging version wlan - Using /lib/modules/./wlan.o wlan: 0.8.6.0 (EXPERIMENTAL) wlan_acl - Using /lib/modules/./wlan_acl.o wlan: mac acl policy registered wlan_ccmp - Using /lib/modules/./wlan_ccmp.o wlan_tkip - Using /lib/modules/./wlan_tkip.o wlan_wep - Using /lib/modules/./wlan_wep.o wlan_xauth - Using /lib/modules/./wlan_xauth.o ath_hal - Using /lib/modules/./ath_hal.o Warning: loading ath_hal will taint the kernel: non-GPL license ath_hal: 0.9.14.9 (- Proprietary AR5210 See http://www., AR5211tux.org/lkml/#ex, AR5212port-tainted for, RF5111 information abo, RF5112ut tainted modul, Rs) ath_rate_sample - Using /lib/modules/./ath_rate_sample.o ath_rate_sample: 1.2 ath_pci - Using /lib/modules/./ath_pci.o ath_pci: 0.9.6.0 (EXPERIMENTAL) Build date: Aug 6 2005 Debugging version (IEEE80211) ^^ ath0: 11a rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps ath0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps ath0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps ath0: turboA rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps ath0: turboG rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps ath0: H/W encryption support: WEP AES AES_CCM TKIP ath0: mac 5.9 phy 4.3 radio 3.6 ath0: Use hw queue 1 for WME_AC_BE traffic ath0: Use hw queue 0 for WME_AC_BK traffic ath0: Use hw queue 2 for WME_AC_VI traffic ath0: Use hw queue 3 for WME_AC_VO traffic ath0: Use hw queue 8 for CAB traffic ath0: Use hw queue 9 for beacons Debugging version (ATH) - Original Message - From: Eric Spakman [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Sent: Wednesday, October 26, 2005 10:51 AM Subject: Re: [leaf-user] madwifi drivers on Bering 2.3 That's a pity, I can't see anything special in your modules file. No strange characters or so. You could try to remove the # between wlan_xauth and ath_hal, but that shouldn't be the problem. --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] ttys errros on Bering 2.3
Hi Eric, the ttys errors still happened and I am scratching my hair on what could use tty1 and tty2. I even deleted all lines referring to tty1, tty2... in /etc/inittab and the errors are still there. I could not see the login promt on the console attached via minicom and so I cannot login. Is there a way to see what process/package is using those ttys? Thank you. Here are some of the lines I copy and paste from minicom window: .. Linux version 2.4.31 ([EMAIL PROTECTED]) (gcc version 3.3.3) #1 Thu Aug 18 21:03:20 CEST 2005 BIOS-provided physical RAM map: BIOS-e820: - 000a (usable) BIOS-e820: 000f - 0010 (reserved) BIOS-e820: 0010 - 0800 (usable) BIOS-e820: fff0 - 0001 (reserved) 128MB LOWMEM available. On node 0 totalpages: 32768 zone(0): 4096 pages. zone(1): 28672 pages. zone(2): 0 pages. DMI not present. Kernel command line: console=ttyS0,38400 BOOT_IMAGE=linux initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0 LEAFCFG=/dev/hsInitializing CPU#0 Detected 266.636 MHz processor. ... Processing /etc/shorewall/start ... Shorewall Started Processing /etc/shorewall/started ... Starting svscan ... dnscache queries allowed from 10.9 Starting dnscache with daemontools ... Creating cdb for tinydns-private Starting private DNS server listening on 127.0.0.1 with daemontools Creating cdb for tinydns-public Starting public DNS server listening on xx.xx.xx.xx with daemontools Shutting down dnscache with daemontools ... dnscache queries allowed from 10.9 Starting dnscache with daemontools ... Running ntpdate to synchronize clock. Starting periodic command scheduler: cron. getty: /dev/tty1: cannot open as standard input: No such device getty: /dev/tty2: cannot open as standard input: No such device getty: /dev/tty1: cannot open as standard input: No such device getty: /dev/tty2: cannot open as standard input: No such device getty: /dev/tty1: cannot open as standard input: No such device .. INIT: Id 1 respawning too fast: disabled for 5 minutes INIT: Id 2 respawning too fast: disabled for 5 minutes INIT: no more processes left in this runlevel - Original Message - From: Eric Spakman [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Sent: Wednesday, October 26, 2005 2:33 PM Subject: Re: [leaf-user] madwifi drivers on Bering 2.3 I will try again from scratch. I just would like to confirm with you the following: - I rename 'initrd_ide.lrp' on CD to initrd.lrp but I made no changes to it. Is that OK? Yes, that's ok. - You have tested 2.3 on a WRAP box. Not me, but Martin Hejl did (he is also one of the Bering-uClibc team). - Original Message - From: Eric Spakman [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Sent: Wednesday, October 26, 2005 10:51 AM Subject: Re: [leaf-user] madwifi drivers on Bering 2.3 But it's somewhat strange the problems you see, the call to getty is only done in /etc/inittab and you commented it out. So it shouldn't be possible that you see those messages... You even can't login with a serial console? Eric Actually I could not do it manually even if I wanted to as I cannot login into the router yet due to the tty errors. --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] ttys errros on Bering 2.3
Hello Eric, - I could not login as the screen is filled with the ttys errors. - I do not run any special cron jobs. It must be the default. The packages I have are declared in leaf.cfg LRP=root,config,etc,local,modules,iptables,dhcpcd,ulogd, shorwall,dnscache,dropbear,weblet, sh-httpd,dhcpd,libm,libpcap,daemontl,tinydns, ntpdate,ntpsimpl,libssl,libcrpto,wireless,madwifi, liblzo,openvpnz,tc,bridge PKGPATH=/dev/hda1:msdos syst_size=48M log_size=32M Besides not-able-to-login into the box, everything else seems working. Just for the sake of it, I shut it down, remove the CF, and mount it in my Fedora box, extract etc.lrp and here is the /etc/inittab BEGIN FC_/root/NEWBOX vi etc/inittab # /etc/inittab: init(8) configuration. # $Id: inittab,v 1.1 2004/10/14 19:09:29 espakman Exp $ # The default runlevel. id:2:initdefault: # Boot-time system configuration/initialization script. # This is run first except when booting in emergency (-b) mode. si::sysinit:/etc/init.d/rcS # What to do in single-user mode. ~~:S:wait:/sbin/sulogin # /etc/init.d executes the S and K scripts upon change # of runlevel. # # Runlevel 0 is halt. # Runlevel 1 is single-user. # Runlevels 2-5 are multi-user. # Runlevel 6 is reboot. l0:0:wait:/etc/init.d/rc 0 l1:1:wait:/etc/init.d/rc 1 l2:2:wait:/etc/init.d/rc 2 l3:3:wait:/etc/init.d/rc 3 l4:4:wait:/etc/init.d/rc 4 l5:5:wait:/etc/init.d/rc 5 l6:6:wait:/etc/init.d/rc 6 # Normally not reached, but fallthrough in case of emergency. #z6:6:respawn:/sbin/sulogin # What to do when CTRL-ALT-DEL is pressed. #ca:12345:ctrlaltdel:/sbin/shutdown -t1 -r now # Action on special keypress (ALT-UpArrow). kb::kbrequest:/bin/echo Keyboard Request--edit /etc/inittab to let this work. # What to do when the power fails/returns. pf::powerwait:/etc/init.d/powerfail start pn::powerfailnow:/etc/init.d/powerfail now po::powerokwait:/etc/init.d/powerfail stop # /sbin/getty invocations for the runlevels. # # The id field MUST be the same as the last # characters of the device (after tty). # # Format: # id:runlevels:action:process # Example how to put a getty on a serial line (for a terminal) # # for WRAP box # T1:2345:respawn:/sbin/getty -L 38400 ttyS0 vt100 --- END P.S. With the current working CF I have Shorewall Started Processing /etc/shorewall/started ... Starting svscan ... dnscache queries allowed from 10.9 Starting dnscache with daemontools ... Creating cdb for tinydns-private Starting private DNS server listening on 127.0.0.1 with daemontools Creating cdb for tinydns-public Starting public DNS server listening on xx.xx.xx.xx with daemontools Shutting down dnscache with daemontools ... dnscache queries allowed from 10.9 Starting dnscache with daemontools ... Running ntpdate to synchronize clock. Starting periodic command scheduler: cron. LEAF Bering-uClibc 2.3 uClibc 0.9.20 Rev 3 wrapbox ttyS0 wrapbox login: - Original Message - From: Eric Spakman [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Cc: leaf-user@lists.sourceforge.net Sent: Wednesday, October 26, 2005 4:28 PM Subject: Re: [leaf-user] ttys errros on Bering 2.3 Hello, Hi Eric, the ttys errors still happened and I am scratching my hair on what could use tty1 and tty2. I even deleted all lines referring to tty1, tty2... in /etc/inittab and the errors are still there. I could not see the login promt on the console attached via minicom and so I cannot login. Is there a way to see what process/package is using those ttys? The only way I know of is using ps to see the running processes, but that is somewhat difficult without a working console. I searched through all source, but couldn't find an other place besides /etc/inittab where a getty is started on tty1/tty2. The problem seems to start during, or just after crond runs. Do you have some custom cron scripts? Which packages do you have installed? Eric Thank you. Here are some of the lines I copy and paste from minicom window: .. Linux version 2.4.31 ([EMAIL PROTECTED]) (gcc version 3.3.3) #1 Thu Aug 18 21:03:20 CEST 2005 BIOS-provided physical RAM map: BIOS-e820: - 000a (usable) BIOS-e820: 000f - 0010 (reserved) BIOS-e820: 0010 - 0800 (usable) BIOS-e820: fff0 - 0001 (reserved) 128MB LOWMEM available. On node 0 totalpages: 32768 zone(0): 4096 pages. zone(1): 28672 pages. zone(2): 0 pages. DMI not present. Kernel command line: console=ttyS0,38400 BOOT_IMAGE=linux initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0 LEAFCFG=/dev/hsInitializing CPU#0 Detected 266.636 MHz processor. ... Processing /etc/shorewall/start ... Shorewall Started Processing /etc/shorewall/started ... Starting svscan ... dnscache queries allowed from 10.9 Starting dnscache with daemontools ... Creating cdb for tinydns-private Starting private DNS server listening on 127.0.0.1 with daemontools Creating cdb for tinydns
Re: [leaf-user] Bering-uClibc-2.3 files
Hi KP, Thank you for the explanation and also for the final release. M Lu - Original Message - From: KP Kirchdoerfer [EMAIL PROTECTED] To: leaf-user@lists.sourceforge.net Sent: Tuesday, October 25, 2005 7:35 AM Subject: Re: [leaf-user] Bering-uClibc-2.3 files Well, different view's of the same packages... The packages were build and committed to a cvs subdir a week before the packages has been committed to main cvs respository and the page you are referring to has been build by a script using the dates in cvs log. Should I get the ISO and then update with latest packages? Just use the ISO image. sorry for confusion. kp --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] tty errors on Bering 2.3 with WRAP box
I encounter some trouble updating my WRAP box to latest Bering 2.3. - I use initrd_ide.lrp from the CD image as initrd.lrp for the WRAP box. - I got the tty errors after crontab being installed Starting periodic command scheduler: cron. getty: /dev/tty1: cannot open as standard input: No such device getty: /dev/tty2: cannot open as standard input: No such device .. I copied the old /etc/securetty and /etc/inittab as well as syslinux.cfg. They are /etc/inittab - #1:2345:respawn:/sbin/getty 38400 tty1 #2:23:respawn:/sbin/getty 38400 tty2 # for WRAP box # T1:2345:respawn:/sbin/getty -L ttyS0 38400 vt100 /etc/securetty ttyS0 tty1 tty2 tty3 tty4 tty5 tty6 tty7 tty8 ttyS1 and syslinux.cfg: serial 0 38400 display syslinux.dpy timeout 0 append console=ttyS0,38400 default linux initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0 LEAFCFG=/dev/hda1:msdos My current working version is 2.3beta4. Does something related to tty change in between. I think somebody reported similar error on RC1, but I am not sure he fixed it. Any suggestions? --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] madwifi drivers on Bering 2.3
I have them in /etc/modules as wlan wlan_acl wlan_ccmp wlan_tkip wlan_wep wlan_xauth ath_hal ath_rate_sample ath_pci but on loading wlan_ccmp as well as a couple of other modules, BusyBox reported error: wlan - Using /var/lib/lrpkg/mnt/modules/net//./wlan.o wlan: 0.8.6.0 (EXPERIMENTAL) wlan_acl - Using /var/lib/lrpkg/mnt/modules/net//./wlan_acl.o wlan: mac acl policy registered wlan_ccmp - BusyBox v1.00 (2005.08.02-19:26+) multi-call binary Usage: insmod [OPTION]... MODULE [symbol=value]... ^^ wlan_tkip - BusyBox v1.00 (2005.08.02-19:26+) multi-call binary Usage: insmod [OPTION]... MODULE [symbol=value]... wlan_wep - Using /var/lib/lrpkg/mnt/modules/net//./wlan_wep.o wlan_xauth - BusyBox v1.00 (2005.08.02-19:26+) multi-call binary Usage: insmod [OPTION]... MODULE [symbol=value]... ath_hal - Using /var/lib/lrpkg/mnt/modules/net//./ath_hal.o Warning: loading ath_hal will taint the kernel: non-GPL license ath_hal: 0.9.14.9 (- Proprietary AR5210 See http://www., AR5211tux.org/lkml/#ex, AR5212port-tainted for, RF5111 information abo, RF5112ut tainted modul, Rs) ath_rate_sample - BusyBox v1.00 (2005.08.02-19:26+) multi-call binary Usage: insmod [OPTION]... MODULE [symbol=value]... ath_pci - Using /var/lib/lrpkg/mnt/modules/net//./ath_pci.o insmod: unresolved symbol ath_rate_findrate insmod: unresolved symbol ath_rate_newassoc insmod: unresolved symbol ath_rate_detach insmod: unresolved symbol ath_rate_node_init insmod: unresolved symbol ath_rate_setupxtxdesc insmod: unresolved symbol ath_rate_dynamic_sysctl_register insmod: unresolved symbol ath_rate_node_cleanup insmod: unresolved symbol ath_rate_attach insmod: unresolved symbol ath_rate_tx_complete insmod: unresolved symbol ath_rate_newstate -- Could anybody help? Thank you. --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Bering-uClibc-2.3 files
Is the final 2.3 released? On the download link (http://sourceforge.net/project/showfiles.php?group_id=13751package_id=67534) I see the images released on Oct 16 (when mounted ISO, the files inside are Oct 15), whereas a lot of core packages are released Oct 23 (http://leaf.sourceforge.net/bering-uclibc/index.php?module=pagemasterPAGE_user_op=view_pagePAGE_id=3MMN_position=3:3#CHANGELOG) Should I get the ISO and then update with latest packages? Thank you. --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Madwifi drivers for Bering uClibc 2.3 rc1 -2nd Try
Jeremy, Not sure if it will help you, but I guess that you need to use wireless tool to bring the card up. I have the following in my interface. My card is also madwifi based. auto ath0 iface ath0 inet static address 172.27.0.254 netmask 255.255.255.0 broadcast 172.27.0.255 wireless-mode master wireless-rate 54M wireless-essid mySSID wireless-key myKEY up /sbin/iwpriv ath0 mode 3 Note that this is just normal WEP security as I use OpenVPN to login in actualy later. But you can try this to make sure the card is recognized and works. - Original Message - From: Jeremy Tourville [EMAIL PROTECTED] To: leaf-user@lists.sourceforge.net Sent: Monday, September 19, 2005 8:21 PM Subject: [leaf-user] Madwifi drivers for Bering uClibc 2.3 rc1 -2nd Try My overall goal is to use the D Link DWL-G520M card as an access point. snip part of my /etc/network/interfaces looks like- auto ath0 iface ath0 inet static address 192.168.2.1 netmask 255.255.255.0 broadcast 192.168.2.255 Any other ideas? Thanks again. Jeremy --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Port-forwarding ssh thru Dachstein
I do not remember Dachstein very well but just wonder why you have EXTERN_SSH_PORT=24? Also I have seen some ISPs rejecting SSH traffic so consider that possibility too. You can test that by temporary portforwarding some other port (e.g. 80 as you know for sure 80 is allowed) to 22 and test SSH client with port 80. - Original Message - From: Earl Wilson [EMAIL PROTECTED] To: leaf-user@lists.sourceforge.net Sent: Monday, August 15, 2005 11:04 PM Subject: Fw: [leaf-user] Port-forwarding ssh thru Dachstein .. TCP services open to outside world # Space seperated list: srcip/mask_dstport EXTERN_TCP_PORTS=0/0_21 0/0_80 0/0_22 (next 2 lines show open ports that are working w/no issues) INTERN_FTP_SERVER=192.168.1.4 # Internal FTP server to make available INTERN_WWW_SERVER=192.168.1.200 # Internal WWW server to make available INTERN_SSH_SERVER=192.168.1.200 # Internal SSH server to make available EXTERN_SSH_PORT=24 # External port to use for internal SSH access --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Port-forwarding ssh thru Dachstein
If Earl wants to use external port 24, then may be he should use EXTERN_TCP_PORTS=0/0_21 0/0_80 0/0_24 instead of EXTERN_TCP_PORTS=0/0_21 0/0_80 0/0_22 Anyway, Earl will figure the port usage. - Original Message - From: [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Cc: Earl Wilson [EMAIL PROTECTED]; leaf-user@lists.sourceforge.net Sent: Tuesday, August 16, 2005 9:04 AM Subject: Re: [leaf-user] Port-forwarding ssh thru Dachstein This allows an individual to SSH directly to the external IP address, using port 24, and Dachstein has an explicit rule to forward port 24 (ssh traffic only) to the internal_ssh_server ... actually works quite nicely, and is essentially the same thing as the DNAT under Shorewall, except that you don't have to change the SSHd server on the internal box to 24, you leave it as 22 (if I recall correctly). Sorry to throw in my 2 cents into the thread... joey - Original Message - From: M Lu [EMAIL PROTECTED] Date: Tuesday, August 16, 2005 7:30 am Subject: Re: [leaf-user] Port-forwarding ssh thru Dachstein I do not remember Dachstein very well but just wonder why you have EXTERN_SSH_PORT=24? Also I have seen some ISPs rejecting SSH traffic so consider that possibility too. You can test that by temporary portforwarding some other port (e.g. 80 as you know for sure 80 is allowed) to 22 and test SSH client with port 80. - Original Message - From: Earl Wilson [EMAIL PROTECTED] To: leaf-user@lists.sourceforge.net Sent: Monday, August 15, 2005 11:04 PM Subject: Fw: [leaf-user] Port-forwarding ssh thru Dachstein .. TCP services open to outside world # Space seperated list: srcip/mask_dstport EXTERN_TCP_PORTS=0/0_21 0/0_80 0/0_22 (next 2 lines show open ports that are working w/no issues) INTERN_FTP_SERVER=192.168.1.4 # Internal FTP server to make available INTERN_WWW_SERVER=192.168.1.200 # Internal WWW server to make available INTERN_SSH_SERVER=192.168.1.200 # Internal SSH server to make available EXTERN_SSH_PORT=24 # External port to use for internal SSH access --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Security and LEAF Bering UClibc
Hi Troy, I myself do not consider your concerns trivial at all. Probably many people have the same concerns. However I find it very difficult to implement and the main reason is resource. As far as I understand most of the LEAF developers are volunteers and work un-paid for the project so how can we expect that they can find the time and efforts to watch for the security all the time and fix the bugs? I remember Martin Hejl saying that there are a lot of new features they can add but they do not have enough time. However they did an excellent job of creating a build-environment and you can build the LRP yourself if needed. In your case, I suggest that you subscribe to the security list and if there is any bug you think it could affect your firewall, then get the updated source and patch it yourself. Probably other folks here would not mind if you can then contribute those LRPs back to the list -:). Or LEAF team can consider Richard's suggestion about the money contribution and think of some mechanism. Otherwise, your office needs to go with some commercial products and pays big bucks for them. BTW, I am just a user, not a developer, so I apologize for anything I say incorrect. Cheers. - Original Message - From: Troy Aden [EMAIL PROTECTED] To: Richard Amerman [EMAIL PROTECTED]; leaf-user@lists.sourceforge.net Sent: Wednesday, August 03, 2005 5:00 PM Subject: RE: [leaf-user] Security and LEAF Bering UClibc Wow I am sort of surprised that no one has responded to this thread. I guess my concerns must be trivial. I really did not want to switch away from this distro since it has worked so well for us for so many years but my case for keeping it seems to be getting weaker and weaker since I have nothing to say that it is truly secure since there does not seem to be any mechanisms for making sure that the packages I am using are always kept up to date with the latest security patches. I guess my wish list would be having apt-get functionality. But I guess that that would add allot of bulk to the current distro. Troy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Amerman Sent: Monday, August 01, 2005 3:36 PM To: leaf-user@lists.sourceforge.net Subject: RE: [leaf-user] Security and LEAF Bering UClibc I'm sure that this topic is not new but it is probably one that should be brought up regularly incase there are new options as to how to address the issue. My company, and other companies I work with (and I'm very sure we are not alone in this) would find it extremely valuable if there was a system/process where all the core LRP's were monitored for security bulletins. When one of these bulletins were to be released it would trigger a process of updating the LRP ASAP and letting everyone on, what may be a new list, that the update was available, a LEAF errata per say. I think that people, including us, would contribute $ to see this put together, while not making it any kind of premium service, but available to everyone. It could just be a voluntary donation thing, or/also involve one or more bounties. It would also be valuable if this task was taken on by something other than just an individual or group of individuals, but a business that has a large stake in things, or some organization with some structure. The idea on this is credibility and stability, not only in reality but from a perception standpoint. (Translate, I have to show my boss something that he can put some faith in.) What do you think? What kind of discussion has happened in the past on this topic? Or what am I missing that is already in place to take care of this? (and yes I will be searching the list archive to see what I can find, but we all know this is not as simple as it looks.) Thanks! Richard Amerman -Original Message- From: troy [mailto:[EMAIL PROTECTED] How do you handle security patches for packages? For example, if you were running a full Debian distro, a simple apt-get update would insure that you pull down the latest security patches... What is the approach to making sure UClibc is secure...? --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=ick leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams *
Re: [leaf-user] CF Card Issues
Hi Richard. A couple of weeks ago I got a small file 'leaf.cfg' corrupted after modifying it directly (mount /hda1 on /mnt). As other folks here said that I may forget to un-mount /mnt before rebooting. So now I always checked to make sure the CF is umounted before rebooting and so far no more corruptions eventhough I modified a lot a lot of things day after day because of my new setup. Do you think you may mount the CF somehow? Just check the mountpoints before rebooting. Maybe some script did that and you do not know about it. I use Lexar 64M. I also used Canon 32M and it was OK but very short time so I cannot say if its quality is good. Hope your CF is not bad. You probably can test its quality inside another machine. - Original Message - From: Richard Amerman [EMAIL PROTECTED] To: leaf-user@lists.sourceforge.net Sent: Wednesday, July 27, 2005 2:17 PM Subject: [leaf-user] CF Card Issues I have a Lex NEO CV863A from Hacom. I bought my CF card based on recommendations for Lexar on this page: http://www.openbrick.org/openbrick/wiki/cf/view I have a Lexar Media 512MB CF card p/n 2175 Rev A. Everything was going very well, installed a uClibc system primarily using the CD ISO on the CF card and the firewall was working fine, though not in production yet. Recently I made some Shorewall changes and backed them up but when I rebooted the next time there was no shorewall. It turned out that the shorwall.lrp file was corrupt. When I try: tar zxvf shorwall.lrp I get: tar: Invalid gzip magic Soon after I made a new folder called lrpbackup on the CF card. It shows up though as lrpbacku Also when I try ls in that folder my whole SSH session gets corrupted. I also can not delete the folder or its contents. Also when I now try to write to the CF card in this machine, everything returns: Cannot create directory `lrpb': Read-only file system Now I know that I have multiple things that could be wrong, but since my timeline is very short, I'm supposed to put this FW in production in a few days, I'm pursuing them in parallel. One possibility is that the CF card I bought is not ideal. Another is that the Machine has an issue. Another is that this CF card may be bad. Some questions: Does any one have any specific recommendations on a CF card? Does anyone have an alternate LRP backup script that keeps backups kind of like rotating logs (backing up the existing LRP to another folder and renaming *.lrp.0 type thing)? Is there anything in hdsupp.lrp to check the health of a drive, like scandisk? Any help, ideas, or shared experiences would be helpful. I did call Hacom and the do use Lexar but mainly use Kingston Elite Pro CF cards now. I'm thinking of just buying two of them. Thanks, Richard Amerman RBA International 703 Broadway, Suite 600 Vancouver, WA 98660 360-696-9272 x440 [EMAIL PROTECTED] --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=ick leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] CF Card Issues
Victor, can you post that little lrp and tell me how to use it? Thank you. - Original Message - From: Victor McAllister [EMAIL PROTECTED] To: Richard Amerman [EMAIL PROTECTED] Cc: M Lu [EMAIL PROTECTED]; leaf-user@lists.sourceforge.net Sent: Wednesday, July 27, 2005 8:08 PM Subject: Re: [leaf-user] CF Card Issues I umount and remove the modules that allow the CF to be mounted. This way there are only two ways to remount. 1. Reboot. 2. Bring the moules in over the wire and insmod them so that the CF can be mounted. I have a little lrp that loads the scripts to remove and reinstall the modules for my WRAP uClibc system. This way the CF can not be accessed by a buffer overflow or hacker and is write protected until I deliberately make it writable. --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Vonage
I have Vonage with Bering-U. Nothing needs be done regarding shorewall networking etc. Assuming you have Vonage to get the IP dynamically and your existing subnets are not 192,168.102.x (that's my Vonage subnet) then just plug the WAN port of the Vonage to your local network and you should be able to make/get phone calls. - Original Message - From: Roger McClurg [EMAIL PROTECTED] To: leaf-user@lists.sourceforge.net Sent: Monday, July 25, 2005 9:03 PM Subject: [leaf-user] Vonage Is anyone using Vonage with Bering or Bering uClibc? If so how did you set it up? --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Backing up LEAF disks over the network.
Thank you for the tips. I tried them to backup my compact flash. But the speed is very slow. I did try both ways, dd to /tmp and then scp (Erich's way) and dd on the fly using ssh (Charles' way). In both cases it took about 5 minutes to either 'scp' or 'dd-over-ssh' 64M. In case of 'scp', I think it could be the fact that my /tmp is 99% full after dd to it. But I do not understand why 'dd-over-ssh' is also slow. Could it be anything wrong with my setup? - Original Message - From: Charles Steinkuehler [EMAIL PROTECTED] To: James Neave [EMAIL PROTECTED] Cc: leaf-user@lists.sourceforge.net Sent: Thursday, July 21, 2005 8:08 AM Subject: Re: [leaf-user] Backing up LEAF disks over the network. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James Neave wrote: | Hi Charles, | | I guess that will only work if you're connecting to the LEAF box with a | *NIX box, yes? | | I have PuTTY on my WinXP machine, I don't think I can do that command | with it. It works with the standard command-line ssh. There are versions that run on windows, both native and as part of Cygwin. These should work. Putty probably won't. | Could I pipe the output of dd through gzip? Yes, but you'd probably want to do this on your host system, not the router (assuming your router is probably not a high-powered box), ie: ssh my.router.ip dd if=/dev/fd0u1680 | gzip -9 disk.img.gz | Or is there anyway to directly read /dev/fd0u1680 with scp I have | WinSCP? I don't think you can play tricks like this with scp... - -- Charles Steinkuehler [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFC35A8LywbqEHdNFwRAlXCAKDxQSYGhWrGOeQCiUOo9NgEaDvFBgCg26vP ykC61+qwmRb2CU1g4GaJJNc= =WMt/ -END PGP SIGNATURE- --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Backing up LEAF disks over the network.
My LEAF is WRAP box, the other machine is Pentium 3 running Fedora Core 3. I know SCP/SSH encrypts data but this is done via local network and should not be such slow. - Original Message - From: Charles Steinkuehler [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Cc: leaf-user@lists.sourceforge.net Sent: Thursday, July 21, 2005 10:17 AM Subject: Re: [leaf-user] Backing up LEAF disks over the network. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 M Lu wrote: | Thank you for the tips. | | I tried them to backup my compact flash. But the speed is very slow. I did | try both ways, dd to /tmp and then scp (Erich's way) and dd on the fly using | ssh (Charles' way). In both cases it took about 5 minutes to either 'scp' or | 'dd-over-ssh' 64M. | | In case of 'scp', I think it could be the fact that my /tmp is 99% full | after dd to it. But I do not understand why 'dd-over-ssh' is also slow. | Could it be anything wrong with my setup? What kind of system are you using for the LEAF box? Transferring data via ssh (or scp) encrypts everything, which can cause a substantial performance penalty for slower systems. - -- Charles Steinkuehler [EMAIL PROTECTED] --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Backing up LEAF disks over the network.
I forgot to mention that I am running dropbear, not Secure Shell Server. - Original Message - From: M Lu [EMAIL PROTECTED] My LEAF is WRAP box, the other machine is Pentium 3 running Fedora Core 3. I know SCP/SSH encrypts data but this is done via local network and should not be such slow. - Original Message - From: Charles Steinkuehler [EMAIL PROTECTED] What kind of system are you using for the LEAF box? Transferring data via ssh (or scp) encrypts everything, which can cause a substantial performance penalty for slower systems. - -- Charles Steinkuehler [EMAIL PROTECTED] --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Backing up LEAF disks over the network.
I think my /tmp is just about this size. diff scp-image ssh-image shows they are the same. - Original Message - From: Erich Titl [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Cc: leaf-user@lists.sourceforge.net Sent: Thursday, July 21, 2005 12:25 PM Subject: Re: [leaf-user] Backing up LEAF disks over the network. Be careful, your tmp may not be big enough for an entire 64 MB flash disk, although the current WRAP boxes come with 128Mb on board. I don't think that the crypto stuff is _that_ hard on the CPU. --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Problem with wired, wireless cards on WRAP
I second that. I just got WRAP box and the latest Bering-U runs just fine. Just for testing, you can get Erich's prebuilt image and run it to see if the NICs are recognized with natsemi. Be aware that Erich specified natsemi module inside initrd.lrp, not in /etc/modules. - Original Message - From: Philippe Jayet [EMAIL PROTECTED] To: leaf-user@lists.sourceforge.net Sent: Tuesday, July 19, 2005 12:13 PM Subject: Re: [leaf-user] Problem with wired, wireless cards on WRAP Hi Suman, crc32 - Using /lib/modules/./crc32.o natsemi - Using /lib/modules/./natsemi.o insmod: unresolved symbol gr_task_is_capable Mmmh ... it seems to me you are using different versions of the kernel and the modules, maybe modules compiled against a more recent kernel than your running one. This may cause some unresolved symbol in the grsecurity code. Take care to take the modules from the tarball with the same version as your running kernel, or upgrade your kernel and modules to the latest version. Hope this helps, Philippe J. PS : sorry for sending it twice, forgot to Cc the list before ... --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] RE: Some questions regarding LEAF on WRAP box
With all help I got from the list members, I am now running the latest and greatest Bering-U on my WRAP box. Thank you all. The next step would be adding wireless card and make it into the access point. I look around and I see the a/b/g 5004 MP Atheros mPCI CM9 bundled with a pigtail and antenna on netgate site is good, and Erich mentioned that it will work with madwifi drivers. The only thing is that Bering-U official release does not have madwifi drivers and I need to compile them myself -:( Is there any plan to include them into the release in the future? Are there any other recommended mPCI to be used with WRAP box? I also have another question. Yesterday, I needed to add the ntpdate.lrp package. After vi-ing leaf.cfg and save it, I reboot the box and it does not boot because the file is corrupted. The content became something like this Ã.Ãs8690Ã?ÃS®-VO««Ã¢´%puÂ¥`F... .. What could cause this corruption? What can be done to avoid that? I used 64-M LEXAR card which came together with the box. Thanks. --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] RE: Some questions regarding LEAF on WRAP box
Thanks Peter, That's a good thing to remember. I cannot remember if I did umount or not but likely not. My OpenVPN did not run because of the time on WRAP (1999 or so) and VPN certificate are exclusive. Once time synced, it is running again. So I needed to test the reboot. Cheers. - Original Message - From: Peter Mueller [EMAIL PROTECTED] To: Erich Titl [EMAIL PROTECTED]; M Lu [EMAIL PROTECTED] Cc: leaf-user@lists.sourceforge.net Sent: Tuesday, July 12, 2005 5:38 PM Subject: RE: [leaf-user] RE: Some questions regarding LEAF on WRAP box Ã.Ãs8690Ã?ÃS®-VO««Ã¢´%puÂ¥`F... Yes, funny, the same thing happened to me some time ago. For unknown reasons I had a line of garbage in leaf.cfg. It feels like IDE I/O is shaky with CF's. Maybe one should have a look at hdparams. Else it might be possible that I did not correctly unmount the CF before rebooting and so the system had no chance to flush the buffers correctly and this might be lethal when writing directly to the CF. It's easy to destroy CF cards this way. I went through two on my routers before understanding that you need to unmount the card ASAP. Regards, P --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] RE: Some questions regarding LEAF on WRAP box
Thanks a lot, guys, it definitely helps. Have a nice vacation. - Original Message - From: Luis.F.Correia [EMAIL PROTECTED] To: leaf-user@lists.sourceforge.net Sent: Friday, July 08, 2005 4:08 AM Subject: [leaf-user] RE: Some questions regarding LEAF on WRAP box Hope this helps a bit. P.s. i'm going away for a two week vacation, meanwhile another developer or User will eventually step in if I have said a huge lie :):):) Take care! --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] OT: why is WRAP much more expensive than normal routers
I got my 1st WRAP box and with all help I got here and Erich's ready image, I could boot it up and see it running. I paid more than US $200 (board, case, 64M CF, shipping) for it and that's without the wireless. I just wonder why it is so much more expensive than the routers they sell in Best Buy, CompUSA (Linksys, DLink...). Apart from the OS control you have on WRAP, are there any hardware advantages or something else compared to the other? I would like to defend myself in case my friends think I am crazy -:) M Lu. --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] iso for Bering uClibc
The floppy you used is 1680K and the path pointing to that is '/dev/fd0u1680:msdos'. When you boot from CD, the path is '/dev/fd0:msdos,/dev/cdrom:iso9660' so your leaf.cfg on your floppy is not found and the leaf.cfg on CD (actually from the boot.ima) is used. In this case only 'root,config,etc,local' are loaded. Anyway, take a blank 1.44 floppy and copy the leaf.cfg from your 1680 floppy. Remember to change the PKGPATH=/dev/fd0u1680:msdos to PKGPATH=/dev/fd0:msdos,/dev/cdrom:iso9660 - Original Message - From: Stephen More [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Cc: leaf-user@lists.sourceforge.net Sent: Thursday, July 07, 2005 7:28 AM Subject: Re: [leaf-user] iso for Bering uClibc Here is my problem... I can boot from the floppy generated by Bering-uClibc_2.3-beta4_img_bering-uclibc-1680.exe, and all 15 packages from the floppy are loaded. Therefore I am assuming the leaf.cfg on the floppy is good. Now if I insert the CD-ROM, leave the same floppy in and reboot, all 15 packages should get loaded, but this is not happening only 5 packages are loaded. I have tried this with both 2.3-beta4.iso and 2.2.2.iso. What step am I missing ? On 7/6/05, M Lu [EMAIL PROTECTED] wrote: Assuming you use recent Bering-U, boot from CDROM but use floppy to specify what you want to load, then you can use leaf.cfg on the floppy to specify them (the LRP variable). Here is a sample /root more leaf.cfg # Other variables you might want to set in this file include: # LRP Packages to load # PKGPATH Device(s) to load packages from # syst_size Size of root ramdisk # tmp_size Size of /tmp ramdisk # log_size Size of /var/log ramdisk LRP=root,config,etc,local,modules,iptables,dhcpcd,ulogd,shorwall,dnscache,dropbear,weblet, sh-httpd,dhcpd,libm,libpcap,daemontl,libssl,libcrpto, liblzo,openvpnz PKGPATH=/dev/fd0:msdos,/dev/cdrom:iso9660 - Original Message - From: Stephen More [EMAIL PROTECTED] To: leaf-user@lists.sourceforge.net Sent: Wednesday, July 06, 2005 10:15 PM Subject: [leaf-user] iso for Bering uClibc I am booting off the CD, but I can't seem to get other packages to load. Dachstein used a pkgpath.cfg file on floppy, what do I use for Bering uClibc ? -Thanks Steve More --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=ick leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] ANN: Bering-uClibc 2.3 beta4 released
Thank you, KP. I actually make 'modules' directory and move '2.4.31' there before burning the CD and it is working now. Another thing is that shorewall is supposed to be 2.4 but shorewall version still shows 2.2.3. When I looked at the sample config files, they also start with Shorewall 2.2 and not Shorewall 2.4 as from Tom's Website. I am not using anything special which requires 2.4 (like 2 ISPs etc) so it does not matter. Just want to make sure I get the right thing. - Original Message - From: KP Kirchdoerfer [EMAIL PROTECTED] To: leaf-user@lists.sourceforge.net Sent: Wednesday, July 06, 2005 2:22 AM Subject: Re: [leaf-user] ANN: Bering-uClibc 2.3 beta4 released I've obviously made an error while building the ISO image. Please try ! mount iso9660 /dev/cdrom ! dir /lib/2.4.31/kernel/drivers/net sorry kp --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] iso for Bering uClibc
Assuming you use recent Bering-U, boot from CDROM but use floppy to specify what you want to load, then you can use leaf.cfg on the floppy to specify them (the LRP variable). Here is a sample /root more leaf.cfg # Other variables you might want to set in this file include: # LRP Packages to load # PKGPATH Device(s) to load packages from # syst_size Size of root ramdisk # tmp_size Size of /tmp ramdisk # log_size Size of /var/log ramdisk LRP=root,config,etc,local,modules,iptables,dhcpcd,ulogd,shorwall,dnscache,dropbear,weblet, sh-httpd,dhcpd,libm,libpcap,daemontl,libssl,libcrpto, liblzo,openvpnz PKGPATH=/dev/fd0:msdos,/dev/cdrom:iso9660 - Original Message - From: Stephen More [EMAIL PROTECTED] To: leaf-user@lists.sourceforge.net Sent: Wednesday, July 06, 2005 10:15 PM Subject: [leaf-user] iso for Bering uClibc I am booting off the CD, but I can't seem to get other packages to load. Dachstein used a pkgpath.cfg file on floppy, what do I use for Bering uClibc ? -Thanks Steve More --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] ANN: Bering-uClibc 2.3 beta4 released
Hi KP, I tried the CD today but I could not load modules. My /etc/modules looks something like this # More modules available from: # http://cvs.sourceforge.net/viewcvs.py/leaf/bin/bering-uclibc/packages/ ! mount iso9660 /dev/cdrom ! dir /lib/modules/2.4.31/kernel/drivers/net 3c509 .. however I got errors when loading modules: firewall# svi modutils reload Loading modules: 3c509 - find: /var/lib/lrpkg/mnt/lib/modules/2.4.31/kernel/drivers/net/.: No such file or directory BusyBox v1.00 (2005.06.26-19:58+) multi-call binary .. When going back to old CD, beta3, I got the modules working again with replacing 2.4.31 with 2.4.30 Has the soft-link or anything changed in beta 4? Thanks. - Original Message - From: KP Kirchdoerfer [EMAIL PROTECTED] To: leaf-devel@lists.sourceforge.net; leaf-user@lists.sourceforge.net Sent: Saturday, July 02, 2005 6:01 PM Subject: [leaf-user] ANN: Bering-uClibc 2.3 beta4 released The Bering-uClibc team released today Bering-uClibc 2.3 beta4. We decided to release another beta version due to a kernel update to 2.4.31. Other changes are upgrades of various packages, including shorewall to 2.4.0, some patches (like hfsc support for iproute), some fixes and cleanups. For a complete changelog please read: http://leaf.sourceforge.net/bering-uclibc/index.php?module=pagemasterPAGE_user_op=view_pagePAGE_id=2MMN_position=2:2 Please note, that kernel-related packages for 2.3betax have now their own cvs repository - the packages page will move you to the right direction. Other packages shouldnt be affected. The floppy images, ISO image, ipv6 addon and a modules tarball are available in the FRS: http://sourceforge.net/project/showfiles.php?group_id=13751package_id=67534release_id=339385 Please send your notes, bug reports, feature requests or whatelse youll like to add to the LEAF mailing-lists. You may also visit the LEAF IRC channel http://slashnet.org/channels/leaf/ irc://irc.slashnet.org/%26leaf Thx for reading kp --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: LEAF on WRAP box - was Re: [leaf-user] lets talk about something--anything!
Thank all of you very much for your useful information. So I think I will need - WRAP box - corresponding enclosure case - Power supply - CF card - a mini-PCI wireless card Do you recommend me any specific power supply and/or CF card? Is the 18V-0.83A-15W power supply from one of the WRAP distributors good enough for all LANs and added-wifi? Thanks again. M Lu. - Original Message - From: Luis.F.Correia [EMAIL PROTECTED] To: leaf-user@lists.sourceforge.net Sent: Wednesday, June 29, 2005 3:46 AM Subject: RE: LEAF on WRAP box - was Re: [leaf-user] lets talk about something--anything! Hi! Comments from a WRAP user ;) -Original Message- From: Martin Hejl [mailto:[EMAIL PROTECTED] Hyperterminal, at least in my experience). The biggest hurdle here is finding the proper terminal settings (default should be 9600 8N1 - but as I said, I haven't used a WRAP box yet). It _should_ be mentioned in the manual though. Well, there are two settings, 9600 and 38400, BIOS selectable. happen to have lying around in your electronics junk box). Most of the problems I've seen on the various mailing lists are due to marginal power supplies (marginal in the sense that they provide enough power for average usage, but fail and cause the box to crash/lock up if for some reason power consumption jumps up). Guilty! It has happened to me after adding the wireless card... To get going (the easy way), the only thing else you need is a CF card reader (if you don't want to boot with PXE - I don't know if the WRAP boards support that), so you can transfer the base image to the compact flash card (it's also convenient to get your box back up and running if you've mis-configured it in a way that it will no longer boot - it's happened to me a few times, and being able to pop in the CF into my desktop and fix things saved a lot of time). No, the WRAP board does not support PXE booting, and you have to prepare the CF first. Personally I edit the files in my Windows system, and transfer it to the CF using na USB card reader. I even use syslinux from within Windows itself. I hope that helps Martin Luis Correia --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: LEAF on WRAP box - was Re: [leaf-user] lets talk about something--anything!
Hi Erich, Your reminding me on the pigtail and antenna is very good. Martin Hejl was kind enough to explain 'pigtail' to me as I did not know what it was. I will try to make the WRAP box work first and will add WIFI later. Cheers. - Original Message - From: Erich Titl [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Cc: leaf-user@lists.sourceforge.net Sent: Wednesday, June 29, 2005 2:58 PM Subject: Re: LEAF on WRAP box - was Re: [leaf-user] lets talk about something--anything! Hi M Lu wrote: Thank all of you very much for your useful information. So I think I will need - WRAP box - corresponding enclosure case - Power supply - CF card - a mini-PCI wireless card + Pigtail + Antenna Do you recommend me any specific power supply and/or CF card? Is the 18V-0.83A-15W power supply from one of the WRAP distributors good enough for all LANs and added-wifi? Should be OK the WRAP draws AFAIK about 7W. I am running mine on a 12W power supply. cheers Erich --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
LEAF on WRAP box - was Re: [leaf-user] lets talk about something--anything!
As we are encouraged to talk about anything, I just want to ask questions regarding running LEAF on an embedded PC. I would like to move my LEAF on an old PC to a smaller device, such as WRAP box. The good news is that there is some documentation about how to set it up, so I hope I can somehow manage it. But regarding hardware I cannot imagine it well. Because I have to order on-line, I would like to know what pieces I need to order. I would like to have 3 LAN and one wireless if possible. In case of wireless, do I have to buy the card from them or can I use other cards I can buy locally (in BestBuy, CompUSA etc)? How do I have screen/keyboard with that etc? Could anybody explain me a little bit to me, a hardware-dumb person? Thank you. --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] 3c509 module overriding the 8390ne2k-pci modules
I suggest that you download the diagnostics package from 3COM and boot the machine in DOS mode and make sure that the cards are not conflicted. Based on the diagnostics, you can set the IRQ for the ISA so that the conflict goes away. In the past, I have used this for older Bering and not sure if it still works with newer Bering # ISA ethernet cards #3c509 - eth0 3c509 irq=5 - Original Message - From: mystik_cool [EMAIL PROTECTED] To: leaf-user@lists.sourceforge.net Sent: Wednesday, June 01, 2005 12:22 PM Subject: [leaf-user] 3c509 module overriding the 8390ne2k-pci modules Hi, I've a small problem here. Here's the story : I've 3 network cards in the box running Bering-uClib LEAF firewall (last version). Two are PCI, one configured as eth0 and connected to my modem (and getting IP via DHCP), other one is eth1, has a static IP and is connected to my local network, via a switch. Everything works fine since a long time with this configuration. Now I recently found an old ISA network card, which is the third one. I added the 3c509 module to my module's package to be able to use it, and edited the /etc/modules, uncommenting the #3c509 line. Now the ISA card is detected fine, as eth2. But it seems that there is a conflict : when I restart the system now, the PCI card eth0 seems to be driven by this new module, and I've errors when it sends DHCP requests. How can I say to my computer use the 3c509 module only for the ISA card ? :) Maybe with an irq=... parameter ? Thank you very much in advance for any help --- This SF.Net email is sponsored by Yahoo. Introducing Yahoo! Search Developer Network - Create apps using Yahoo! Search APIs Find out how you can build Yahoo! directly into your own Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.Net email is sponsored by Yahoo. Introducing Yahoo! Search Developer Network - Create apps using Yahoo! Search APIs Find out how you can build Yahoo! directly into your own Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
RE: [leaf-user] multiple addresses
You can try the following: # Configure Interface auto eth1 iface eth1 inet static address 192.168.1.155 netmask 255.255.255.0 broadcast 192.168.1.0 gateway 192.168.1.1 up ip addr add 192.168.2.155/24 dev eth1 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ALParada Sent: Tuesday, January 18, 2005 5:48 PM To: leaf-user@lists.sourceforge.net Subject: [leaf-user] multiple addresses Hello, Exactly how do you add mutiple ip addresses to the same interface? I tried adding this under network config/interfaces: # Configure Interface auto eth1 iface eth1 inet static address 192.168.1.155 netmask 255.255.255.0 broadcast 192.168.1.0 gateway 192.168.1.1 auto eth1:0 iface eth1 inet static address 192.168.2.155 netmask 255.255.255.0 broadcast 192.168.2.0 When I restarted networking I had lost all my addresses. I did an ip addr and they were all gone. I commented the second address and did a: ip addr add 192.168.2.155/24 brd 192.168.1.255 dev eth0 label eth0:0 and it worked. Since I don't want to do this everytime I reboot what am I doing wrong and how do I fix it? TIA. --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Can Multiple openvpn processes run on LEAF?
Tom, can he specify openvpn twice in the tunnel file, e.g. openvpn:udp:5000 openvpn:udp:5001 I think I had the problems with that so I use generic instead. - Original Message - From: Tom Eastep [EMAIL PROTECTED] To: Tibbs, Richard [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, December 13, 2004 12:56 PM Subject: RE: [leaf-user] Can Multiple openvpn processes run on LEAF? On Mon, 2004-12-13 at 12:44 -0500, Tibbs, Richard wrote: Arg. shorewall 1.4.2 does not support generic tunnels. But I can upgrade to 2.0.9 or the latest. Thanks for the suggestion --- I did forget to change the port on one of the tunnels. Note that you can also specify the port number on an 'openvpn' tunnel so long as the source and destination port are the same. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Can Multiple openvpn processes run on LEAF?
Hi Rick, I suggest that you use different ports, different tunX and different end-points for each instance at the beginning and refine them later if you want to. So in the CONF file you may have dev tun0 dev tun1 the shorewall tunnels could be openvpn loc 192.168.1.0/24 vpn3 generic:udp:5001 net 137.p.q.r vpn4 also note that OpenVPN official port is now TCP/UDP 1194 so it may be better to have the ports listed in all config files as well as shorewall tunnels so you can upgrade to later version easily. The script /etc/init.d/openvpn will look at the /etc/openvpn and for each CONF file it finds, it will start a openvpn deamon on it, that's why you see 2 tunnels coming up. - Original Message - From: Tibbs, Richard [EMAIL PROTECTED] To: Martin Hejl [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, December 13, 2004 10:48 AM Subject: RE: [leaf-user] Can Multiple openvpn processes run on LEAF? ok, apologize for this being so long. Wanted to give the list enough info to make analysis possible... This is the bering 1.2 (non-uclibc) First, I have put two openvpn.conf files in /etc/openvpn, et viola, two tunnels come up! Somehow there is auto-svi-ing for multiple.confs. Second, I added new tunnels to Shorewall, Shown below the .confs . But, I can not ping the other end of either tunnel, nor pull up a web page any more. (E.!) The principle problem is that a route command fails (see daemon.log at very end of email) from the second config file. (This config used to be the first, sorry... tun0 protecting the WLAN has become tun1). The route command is the same as the other conf file, so that makes sense -- can't have a route with two different via's and devs, I suppose. But, the only thing that made the original WLAN tunnel work was not forming a route loop on the WLAN tunnel, i.e. winxp openvpn has a route 192.168.1.254, and if I point the openvpn route on bering back to the winxp box, nothing passes. So, in the bering openvpn.conf, I used route 216.x.y.z (my static public IP on the net side of my bering fw). Then everything worked. What is the way out of this quandry ?? TIA Rick == file openvp2.conf (comes up as tun0)== dev tun disable-occ local 216.x.y.z # Our remote peer (office subnet) remote 137.p.q.r route 216.x.y.z secret static.key verb 5 mute 10 == file openvpn.conf (comes up as tun1, was tun0)== dev tun # For compatability with 2.x openvpn clients/servers tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 disable-occ local 192.168.1.254 float ifconfig 10.1.1.1 10.1.1.2 route 216.x.y.z secret static.key == Shorewall files (abbrev)=== === zones vpn3WLAN-OPENVPNOpenvpn to wireless internal vpn4WiredOPENVPNOpenvpn to office firewall === interfaces vpn3tun1 vpn4tun0 === policy loc vpn3ACCEPT fw vpn3ACCEPT net vpn3ACCEPT loc vpn4ACCEPT fw vpn4ACCEPT net vpn4ACCEPT vpn3loc ACCEPT vpn3fw ACCEPT vpn3net ACCEPT vpn4loc ACCEPT vpn4fw ACCEPT vpn4net ACCEPT fw loc ACCEPT === tunnels openvpn loc 192.168.1.0/24 vpn3 openvpn net 137.p.q.r vpn4 = firewall: -root- # ip addr sho 1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:02:e3:13:02:78 brd ff:ff:ff:ff:ff:ff inet 216.12.22.89/26 brd 216.12.22.127 scope global eth0 4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:02:e3:12:7d:94 brd ff:ff:ff:ff:ff:ff inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1 5: tun0: POINTOPOINT,MULTICAST,NOARP,UP mtu 1256 qdisc pfifo_fast qlen 10 link/ppp inet 10.1.10.1 peer 10.1.10.2/32 scope global tun0 6: tun1: POINTOPOINT,MULTICAST,NOARP,UP mtu 1500 qdisc pfifo_fast qlen 10 link/ppp inet 10.1.1.1 peer 10.1.1.2/32 scope global tun1 7: ipsec0: NOARP,UP mtu 16260 qdisc pfifo_fast qlen 10 link/ether 00:02:e3:13:02:78 brd ff:ff:ff:ff:ff:ff inet 216.12.22.89/26 brd 216.12.22.127 scope global ipsec0 8: ipsec1: NOARP mtu 0 qdisc noop qlen 10 link/ipip 9: ipsec2: NOARP mtu 0 qdisc noop qlen 10 link/ipip 10: ipsec3: NOARP mtu 0 qdisc noop qlen 10 link/ipip firewall: -root- # ip route sho 10.1.10.2 dev tun0 proto kernel scope link src 10.1.10.1 216.12.22.89 via 10.1.10.2 dev tun0 10.1.1.2 dev
[leaf-user] Module for network card HP NC3161
A friend of mine has an old Compaq machine with a built-in NIC, 'HP NC3161'. Does anyone have use this card in Bering router 2.x and if so what module should I use? The HP site has the rpm for RedHat 7.1, SuSE 7.0 as e100-1.5.6-1.src.rpm. This seems corresponding to e100, but I also found some links where they say this card uses eepro100. Thanks. --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Re: [leaf-devel] ANN: leaf-project.org website
Hi Mike, Thank you for your hard work. I have found the following. It seems to me that the Addionnal packages for Bering-uClibc 2.x is old. I used to see a nice summary of the newly updated packages at the end. Now I do not see it anymore and there are not any things recent, e.g. 2004-09, 2004-10 etc. Also the link to this page from Read more to find out what's available today. is not correct, I had to click on Packages 2.x on the left side. And the site is quite slow especially when I click back, but it could be my connection too. - Original Message - From: Mike Noyes [EMAIL PROTECTED] To: leaf-devel [EMAIL PROTECTED] Cc: leaf-user [EMAIL PROTECTED]; leaf-announce [EMAIL PROTECTED] Sent: Tuesday, December 07, 2004 3:21 PM Subject: [leaf-user] Re: [leaf-devel] ANN: leaf-project.org website On Sun, 2004-12-05 at 19:42, Mike Noyes wrote: leaf.sourceforge.net is working properly, but something isn't quite right with leaf-project.org. I'll work on it tomorrow. Everyone, Our leaf-project.org domain should be working properly now. --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Where's the NIC drivers?
I am using CD image and here is part of my /etc/modules. Pay attention to the 'mount', 'umount' and 'dir' commands so you can specify the modules directly from CD and you do not have to copy them to your modules.lrp. ! mount iso9660 /dev/cdrom # You can directly reference modules, like this: #/scsi/aic7xxx #/fs/ext2 # Or change the default directory, like this: #! dir /lib/modules/net ! dir /lib/modules/2.4.26/kernel/drivers/net # PCI ethernet cards #pci-scan mii eepro100 # pci-scan required by drivers below... 3c59x # Masquerading 'helper' modules # Don't remove anything here, unless you know what you are doing # Other modules available in kernel/net/ipv4/netfilter # ! dir /lib/modules/2.4.26/kernel/net/ipv4/netfilter ip_conntrack ip_conntrack_ftp ... # the end of file ! umount - Original Message - From: Jaap Eldering [EMAIL PROTECTED] To: LEAF [EMAIL PROTECTED] Sent: Tuesday, December 07, 2004 5:20 AM Subject: Re: [leaf-user] Where's the NIC drivers? On Mon, Dec 06, 2004 at 06:47:27PM -0800, Craig Caughlin wrote: Thank you, Jaap. O.K., that's what I thought. But here's the odd part; I have an /etc/modules file and a /lib/modules directory IF I use the Bering-uClibc 2.2.2 floppy image, but not the CD .iso. Is something missing, or am I doing something wrong? Thanks, Craig I have no experience with the CD image, but from what I see from the ISO, you'd just have to load the modules.lrp package, which has the /etc/modules and /lib/modules in it. If this doesn't help, maybe somebody else can provide more help. Jaap -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jaap Eldering Sent: Monday, December 06, 2004 7:03 AM To: LEAF Subject: Re: [leaf-user] Where's the NIC drivers? On Mon, Dec 06, 2004 at 06:22:57AM -0800, Craig Caughlin wrote: Hmmm, am I missing something? I'm trying to set up Bering-uClibc 2.2.2, and I can't figure out how / where to specify which NIC driver(s) to load. Can someone tell me which file(s) I need to edit and which directory I'll need to copy drivers to should the default install not have my needed driver? Thank you, Craig P.S. Did this change? In my old version of Bering I could edit this from the lrcfg main menu. Just curious. You have to configure this in the file /etc/modules, which should be (almost) the same as in Bering. Modules configured here, are loaded from /lib/modules, so if your NIC's driver (module) is not present, you should copy it from the modules tarball to /lib/modules. Jaap --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Windows VPN software with RSA and NAT support?
I used to use 'SafeNet_VPN_Client9.2' with preshared key and NAT client. I am not sure if it can work with RSA keys but if you want I can find that client and send its help to you for more information. - Original Message - From: Timothy J. Massey [EMAIL PROTECTED] To: Leaf List [EMAIL PROTECTED] Sent: Thursday, November 04, 2004 11:21 AM Subject: [leaf-user] Windows VPN software with RSA and NAT support? I'm looking for some suggestions for Windows VPN software. I have three requirements: 1) Works with SuperFreeS/WAN 1.99.6.2. 2) Must be able to use plain RSA keys, in addition to certificates and PSK 3) Must be able to work with SuperFreeS/WAN 1.99.6.2 when it (the Windows computer, not the LEAF box) is behind a NAT firewall. Is there anyone using software that they have used to do these things? Even if not, what are you using, and how well does it work for you? This does *not* have to be free software: I want something that works well, not something that kinda works but is free. I know about the Windows 2000 VPN tool (http://vpn.ebootis.de/). It basically puts a FreeS/WAN face on standard Windows 2000 IPSec support. AFAIK, Windows 2000 does not support raw RSA keys: only certificates. I'd prefer to stay with plain RSA keys: they can be managed completely on the firewall, they don't expire, and they're just plain simpler. Any other thoughts? Thank you very much for your input. I appreciate your help. Tim Massey --- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] tulip.o problems (Bering-uClibc 2.2.2)
tulip.o depends on crc32.o so you need to load crc32 too /lib/modules/2.4.26/kernel/drivers/net/tulip/tulip.o: /lib/modules/2.4.26/kernel/lib/crc32.o - Original Message - From: Troy Aden [EMAIL PROTECTED] To: Leaf-User (E-mail) [EMAIL PROTECTED] Sent: Thursday, October 28, 2004 6:30 PM Subject: [leaf-user] tulip.o problems (Bering-uClibc 2.2.2) I am running the Bering-uClibc 2.2.2. The tulip.o module seems to not bee working. Do I have to load additional modules to make it work? Here are the errors I get on boot: Tulip - Using /lib/modules ./tulip.o Insmod: unresolved symbol CRC_Le Insmod: unresolved symbol Bitreverse Can anyone help me out here? Thanks in advance! Troy --- This Newsletter Sponsored by: Macrovision For reliable Linux application installations, use the industry's leading setup authoring tool, InstallShield X. Learn more and evaluate today. http://clk.atdmt.com/MSI/go/ins003001msi/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This Newsletter Sponsored by: Macrovision For reliable Linux application installations, use the industry's leading setup authoring tool, InstallShield X. Learn more and evaluate today. http://clk.atdmt.com/MSI/go/ins003001msi/direct/01/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] OpenVpn
I think you will be much better off with OpenVPN regarding NATed clients. You can have road-warriors with 1.6 but you have to use different port for each warrior. - Original Message - From: theoleyre fabrice [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 22, 2004 9:14 AM Subject: [leaf-user] OpenVpn Hi, I try to set up VPN with a leaf box. I want to create VPN tunnels between the router and several clients (Linux, WinXP, Win2K...). Some clients have a NATed connection, with private addresses, which cause some troubles with Ipsec. OpenVPN is interesting: a single udp port is required for the connection, not impacted by NAT because of the encapsulation. However, I want VPN for roadwarriors: several clients, with different addresses, dynamic, not known. I saw that several clients on a signle udp port is only supported in the 2.0 beta version. The version for Leaf Bering is the 1.6.0. Does it exist a solution to connect roadwarriors with OpenVpn 1.6.0, without the mode-server of openvpn 2.0 ? Did anybody try to set up such connections ? Regards, Vous manquez d'espace pour stocker vos mails ? Yahoo! Mail vous offre GRATUITEMENT 100 Mo ! Créez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/ Le nouveau Yahoo! Messenger est arrivé ! Découvrez toutes les nouveautés pour dialoguer instantanément avec vos amis. A télécharger gratuitement sur http://fr.messenger.yahoo.com --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] OpenVpn
In that case, you can contact Martin Hejl and see if he can port the 2.0 to LEAF. We are looking forward to it too. - Original Message - From: theoleyre fabrice [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, October 22, 2004 9:54 AM Subject: Re: [leaf-user] OpenVpn I forgot to explain that I have a firewall between my clients and my leaf box. This firewall is a Border Router, not on my responsability. I can only ask for the opening of some ports. So, all clients must connect to the leaf box via a single udp port. Client --- Internet --- Firewall --- LeafBox (VPN) --- M Lu [EMAIL PROTECTED] a écrit : I think you will be much better off with OpenVPN regarding NATed clients. You can have road-warriors with 1.6 but you have to use different port for each warrior. - Original Message - From: theoleyre fabrice [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 22, 2004 9:14 AM Subject: [leaf-user] OpenVpn Hi, I try to set up VPN with a leaf box. I want to create VPN tunnels between the router and several clients (Linux, WinXP, Win2K...). Some clients have a NATed connection, with private addresses, which cause some troubles with Ipsec. OpenVPN is interesting: a single udp port is required for the connection, not impacted by NAT because of the encapsulation. However, I want VPN for roadwarriors: several clients, with different addresses, dynamic, not known. I saw that several clients on a signle udp port is only supported in the 2.0 beta version. The version for Leaf Bering is the 1.6.0. Does it exist a solution to connect roadwarriors with OpenVpn 1.6.0, without the mode-server of openvpn 2.0 ? Did anybody try to set up such connections ? Regards, Vous manquez d'espace pour stocker vos mails ? Yahoo! Mail vous offre GRATUITEMENT 100 Mo ! Créez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/ Le nouveau Yahoo! Messenger est arrivé ! Découvrez toutes les nouveautés pour dialoguer instantanément avec vos amis. A télécharger gratuitement sur http://fr.messenger.yahoo.com --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html Vous manquez d'espace pour stocker vos mails ? Yahoo! Mail vous offre GRATUITEMENT 100 Mo ! Créez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/ Le nouveau Yahoo! Messenger est arrivé ! Créez vos avatars et envoyez des audiofuns. Découvrez toutes les nouveautés en le téléchargeant sur : http://fr.messenger.yahoo.com --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: How to use QOS traffic shaping in Being U 2.2
Hi Japp, Eric. After reading your suggestions, I tried to tune up my shorewall 'tcstart' and 'tcrules'. I set UPLINK to 200 kbit and DOWNLINK to 2700kbit as my Comcast has 3.0M download, 256Kbps upload. Here is how I modified the original wondershaper and tcrules as below 1 - Add 'ceil' parameters to the classes, e.g. tc class add dev $DEV parent 1: classid 1:1 htb rate $(($UPLINK))kbit ceil $(($UPLINK))kbit burst 6k # high prio class 1:10: tc class add dev $DEV parent 1:1 classid 1:10 htb rate $(($UPLINK))kbit \ ceil $(($UPLINK))kbit burst 6k prio 1 so my output of 'tc class show dev eth0' is class htb 1:1 root rate 200Kbit ceil 200Kbit burst 6143b cburst 1855b class htb 1:10 parent 1:1 leaf 10: prio 1 rate 200Kbit ceil 200Kbit burst 6143b cburst 1855b class htb 1:20 parent 1:1 leaf 20: prio 2 rate 180Kbit ceil 180Kbit burst 6143b cburst 1829b class htb 1:30 parent 1:1 leaf 30: prio 2 rate 160Kbit ceil 160Kbit burst 6143b cburst 1803b 2 - Add FW mark into those classes tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 1 fw classid 1:10 tc filter add dev eth0 parent 1:0 protocol ip prio 2 handle 2 fw classid 1:20 tc filter add dev eth0 parent 1:0 protocol ip prio 3 handle 3 fw classid 1:30 3 - My vonage is on separate 'eth3' and it uses UDP (a lot of ports) so my rules in 'tcrules' are #MARK SOURCE DESTPROTO PORT(S) CLIENT USER 1 eth3 0.0.0.0/0 udp - - 2 eth1,eth2 0.0.0.0/0 tcp 80,443 - 3 0.0.0.0/0 0.0.0.0/0 tcp 21 Could you please let me know if my rules make any sense? --- Then I asked a friend to initiate about 15 FTPs, all getting the Bering ISO (around 40M). It seems to work as I can still talk with him on the phone, while my access to the Internet is crawling. But again because all FTPs came from one machine so it is not a very good test as my friend's bandwidth is just a residential ADSL. Also I lloked at the count then I see something like below. I do not see any borrowed values and not sure if it is a bad sign. Your suggestions are appreciated. 'tc -s class show dev eth0' class htb 1:1 root rate 200Kbit ceil 200Kbit burst 6143b cburst 1855b Sent 99465998 bytes 395941 pkts (dropped 0, overlimits 0) rate 2840bps 51pps lended: 0 borrowed: 0 giants: 0 tokens: 195072 ctokens: 57856 class htb 1:10 parent 1:1 leaf 10: prio 1 rate 200Kbit ceil 200Kbit burst 6143b cburst 1855b Sent 49831860 bytes 348338 pkts (dropped 0, overlimits 0) rate 2801bps 50pps lended: 348338 borrowed: 0 giants: 0 tokens: 195072 ctokens: 57856 class htb 1:20 parent 1:1 leaf 20: prio 2 rate 180Kbit ceil 180Kbit burst 6143b cburst 1829b Sent 49634138 bytes 47603 pkts (dropped 0, overlimits 0) rate 38bps lended: 47603 borrowed: 0 giants: 0 tokens: 215892 ctokens: 62506 class htb 1:30 parent 1:1 leaf 30: prio 2 rate 160Kbit ceil 160Kbit burst 6143b cburst 1803b Sent 0 bytes 0 pkts (dropped 0, overlimits 0) lended: 0 borrowed: 0 giants: 0 tokens: 245760 ctokens: 72159 - Jaap Eldering [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Wed, Sep 29, 2004 at 03:53:13PM +0200, Erich Titl wrote: Indeed. Only difference is that the '$(( ))' is handled by the shell itself, but 'expr' is an external command. This is only evaluated at startup however, so doesn't affect performance. About the '$[ ]': I don't know where it comes from, but it's not default bash syntax either. I also replaced it by '$(( ))' arith. evaluation. I do not have anything in 'tcrules' yet. So far there is no error and it seems that something happens because it slowed down my downloading significantly. I tried to download a 15-M file from Sun and with 'tcstart' present, I got about 2K/sec, whereas if I remove 'tcstart' and restart shorewall, I got 100K/sec. I will try to refine the script soon. By the way, is there any way to test the wonderscript and tell if it works the way we want it to? Maybe a stupid question, but have you set the DOWNLINK and UPLINK variables in the wondershaper script correctly? Anyways, I recall something strange about the units being used by 'tc'. I myself have the rates specified in Kbits/sec and in the calls to 'tc' have the rates followed by 'Kbit' (with capital K). You might also look at what tc says the outgoing rate is with the command 'tc class show dev $DEV'. Jaap Eldering --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ:
Re: [leaf-user] 2.2 iso and boot floppy
I think you need to use PKGPATH=/dev/fd0:msdos,/dev/cdrom:iso9660 syst_size=128M log_size=32M - Original Message - From: Stephen More [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, October 03, 2004 9:48 PM Subject: [leaf-user] 2.2 iso and boot floppy The floppy image that exists on the 2.2 iso image is missing the leaf.cfg. So I created a leaf.cfg with LRP=root config etc local modules iptables dhcpcd keyboard shorwall ulogd dnscache dropbear weblet PKGPATH=/dev/cdrom:iso9660 syst_size=6M log_size=2M The system now boots, but when I try to backup a package there is no floppy option, I have to make it using custom. Then after the system reboots, it does not load the backed up package from disk. What have I done wrong ? -Thanks Steve More ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] 2.2 iso and boot floppy
Sorry, I meant the PKGPATH only. The syst_size adn log_size are specific to my system. - Original Message - From: M Lu [EMAIL PROTECTED] To: Stephen More [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Sunday, October 03, 2004 10:02 PM Subject: Re: [leaf-user] 2.2 iso and boot floppy I think you need to use PKGPATH=/dev/fd0:msdos,/dev/cdrom:iso9660 syst_size=128M log_size=32M - Original Message - From: Stephen More [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, October 03, 2004 9:48 PM Subject: [leaf-user] 2.2 iso and boot floppy The floppy image that exists on the 2.2 iso image is missing the leaf.cfg. So I created a leaf.cfg with LRP=root config etc local modules iptables dhcpcd keyboard shorwall ulogd dnscache dropbear weblet PKGPATH=/dev/cdrom:iso9660 syst_size=6M log_size=2M The system now boots, but when I try to backup a package there is no floppy option, I have to make it using custom. Then after the system reboots, it does not load the backed up package from disk. What have I done wrong ? -Thanks Steve More ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] module 8390
- Original Message - From: Stephen More [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, October 02, 2004 9:45 AM Subject: [leaf-user] module 8390 When I insmod 8390 I get unresolved symbol crc32_le. I noticed in the release notes for 2.1.3 it has added a note about crc32 http://sourceforge.net/project/shownotes.php?release_id=249940 What is this note about ? Do I just need to load another module ? Yes, if you use 8390, you need crc32. To see the dependency, you can look at file 'modules.dep' in the module tar-ball file. Should I just give up now and download 2.2 iso or will I have the same problem ? Same problem. But may I ask why upgrade to 2.1.3 when 2.2 is available --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] How to use QOS traffic shaping in Being U 2.2
Hi Jaap, thank you for the information. I have started to load tc.lrp, bash.lrp (as the wonder-script is a bash script) and load all modules specified in the qos-htb howto. I also modified slightly the script, commenting 4 lines #echo Please read the documentation in 'README' first #exit and #tc filter add dev $DEV parent 1: protocol ip prio 18 u32 \ # match ip dst 0.0.0.0/0 flowid 1:20 Running the script alone is OK but when run by 'shorewall restart', I need to replace $[9*$UPLINK/10] with $((9*$UPLINK/10)). I guess because 'bash' is not recognized within shorewall script. I do not have anything in 'tcrules' yet. So far there is no error and it seems that something happens because it slowed down my downloading significantly. I tried to download a 15-M file from Sun and with 'tcstart' present, I got about 2K/sec, whereas if I remove 'tcstart' and restart shorewall, I got 100K/sec. I will try to refine the script soon. By the way, is there any way to test the wonderscript and tell if it works the way we want it to? Thanks again. M Lu. - Original Message - From: Jaap Eldering [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 28, 2004 6:53 PM Subject: Re: [leaf-user] How to use QOS traffic shaping in Being U 2.2 On Mon, Sep 27, 2004 at 11:19:46PM -0400, M Lu wrote: Hi, I am using Vonage phone and would like to use traffic shaping to give it some priority. As I read thru the mail archive and documents, I found out that there are possible ways 1 - Download Wondershaper script and copy it to Shorewall tcstart script etc, as described on Tom's Web site. 2 - Use the package qos-htb.lrp prepared by Eric Spakman and probably follow instruction at http://leaf.sourceforge.net/doc/guide/buhtb-qos.html It seems to me that the first way is more straighforward, but since the package is prepared for Bering U 2.x, I am not sure if I should use it. Any suggestions? I have tried this a time ago with Bering 1.x and I couldn't get it working (but that may be my fault). Recently I have tried it on my firewall again, which I had upgraded to Bering-uclibc 2.2. This I got working within little time. I installed the tc.lrp package and also the cls_*.o and sch_*.o modules and I am now using a modified version of the wondershaper script (slightly better ping times and down/upload speeds by also doing shaping on my internal interface). I'd suggest using the wondershaper. This way you don't have to know all the configuration details of the qos-htb package, which is just another script frontend to the HTB scheduler. I also have another following questions: - Is Bering U 2.2 kernel ready for QOS HTB? Yes, you can use the HTB scheduler right away, only need the bering-uclibc tc package and the modules for the schedulers and filters, you will be using. - If I use Shorewall's approach, do I have to declare the netfilter modules as in the instructions for second approach? Note that was writen for original Bering? Yes, you have to load these. I don't know exactly which ones the wonderscript uses. You could load them all to be on the safe side, but I think you need at least the following: sch_sfq, sch_prio, sch_ingress, sch_htb, cls_u32, cls_fw Jaap Eldering --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] How to use QOS traffic shaping in Being U 2.2
Hi, I am using Vonage phone and would like to use traffic shaping to give it some priority. As I read thru the mail archive and documents, I found out that there are possible ways 1 - Download Wondershaper script and copy it to Shorewall tcstart script etc, as described on Tom's Web site. 2 - Use the package qos-htb.lrp prepared by Eric Spakman and probably follow instruction at http://leaf.sourceforge.net/doc/guide/buhtb-qos.html It seems to me that the first way is more straighforward, but since the package is prepared for Bering U 2.x, I am not sure if I should use it. Any suggestions? I also have another following questions: - Is Bering U 2.2 kernel ready for QOS HTB? - If I use Shorewall's approach, do I have to declare the netfilter modules as in the instructions for second approach? Note that was writen for original Bering? Thank you a lot. M Lu. --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] I can't backup files in /etc/dnscache/root/servers
Hi Geoff, Just tried on my Bering U 2.2 with /var/lib/lrpkg more dnscache.exclude.list etc/dnscache/log/supervise etc/dnscache/supervise etc/dnscache/root/ip/* /var/lib/lrpkg more dnscache.list usr/bin/dnscache etc/dnscache etc/init.d/dnscache var/lib/lrpkg/dnscache.* etc/dnscache/root/servers/* and when I tried to untar the temporary LRP then I see the files. Are those file you want to backup? /tmp/ttt tar xzvf ../dnscache.lrp .. etc/dnscache/root/servers/myhouse.com etc/dnscache/root/servers/.1.168.192.in-addr.arpa etc/dnscache/root/servers/@ .. var/lib/lrpkg/dnscache.version var/lib/lrpkg/dnscache.list var/lib/lrpkg/dnscache.help var/lib/lrpkg/dnscache.exclude.list var/lib/lrpkg/dnscache.conf var/lib/lrpkg/dnscache.bktype etc/init.d/dnscache etc/dnscache etc/dnscache/seed etc/dnscache/root etc/dnscache/root/servers .. etc/dnscache/root/ip etc/dnscache/run etc/dnscache/env etc/dnscache/env/QUERYLOG - Original Message - From: Geoff Nordli [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 23, 2004 6:27 PM Subject: [leaf-user] I can't backup files in /etc/dnscache/root/servers Hello Everyone. For some reason I can't backup the files that are stored in /etc/dnscache/root/servers for the dnscache package. I am not sure why but the dnscache has an exclusion on that directory. Even if I remove that exclusion I still can't backup it up. Can someone please tell me how to backup those files, Thanks, Geoff Nordli Asentus Consulting Group 4941 Hartwig Cres Nanaimo, BC V9V 1R2 Office: 604.639.6928 Cell: 250.714.4102 --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Shorewall rfc1918 list
I believe Tom has updated that file some time ago on his site. Here is a message on his mailing list: - Original Message - From: Tom Eastep [EMAIL PROTECTED] To: Mailing List for Shorewall Users [EMAIL PROTECTED] Sent: Tuesday, April 27, 2004 4:49 PM Subject: Re: [Shorewall-users] Problem accessing shorewall.net (rfc1918 problem?) Alex Martin wrote: Hello, For the www.shorewall.net mirror, I updated the version 2.0 shorewall with http://shorewall.net/pub/shorewall/errata/1.4.10/rfc1918 I does seem to drop 84.0.0.0/6. 83.0.0.0/8 DROP# Reserved 84.0.0.0/6 DROP# Reserved 88.0.0.0/5 DROP# Reserved I assume this is the updated version? No. The updated version: 71.0.0.0/8 logdrop # Reserved 72.0.0.0/5 logdrop # Reserved 89.0.0.0/8 logdrop # Reserved 90.0.0.0/7 logdrop # Reserved -Tom - Original Message - From: Erich Titl [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, September 23, 2004 3:39 AM Subject: [leaf-user] Shorewall rfc1918 list Hi everybody Networks 83.0.0.0 and 84.0.0.0 have been assigned to RIPE last year. In my version (1.4.8) of shorewall these networks are still blocked by the rfc1918 rules. It it probably worthwhile to remove these two networks from /etc/shorewall/rfc1918 if they should still be there. cheers Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ftp from behind a Dachstein firewall
I think you need to use a specific feature (called passive ports or something like that) in FTP Server (both Windows Serv-U and Linux wu-ftp FTP Server have) where you specify the public IP and then server ports (e.g. 50001 to 50010, if you expect to have 10 clients at the same time). When client connects, server will send that public IP and one of those ports, then client will connect to that public IP and port to exchange data. Of course you need to portforward all port above to the internal machine where you have FTP Server running. Search for help in your FTP Server. M Lu. - Original Message - From: Temp User [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 25, 2004 10:41 PM Subject: Re: [leaf-user] ftp from behind a Dachstein firewall I always load the (ip_masq_ftp) in /etc/modules. The thing is I am pretty sure without ip_masq_ftp, I wouldn't even be able to ftp to the server behind the firewall. My problem is I cannot ftp FROM behind the firewall to an ftp server, which is also behind a firewall. --- Charles Steinkuehler [EMAIL PROTECTED] wrote: Temp User wrote: Hi Here is the setup: FTP server is behind a Dachstein firewall. FTP client is also behind a Dachstein firewall. When trying to ftp to the ftp server, login was successful but failed to get directory listing. Error was 500 invalid port number. FTP works fine if the client is NOT behind the Dachstein firewall. From the client behind the firewall, I tried passive mode with no result. I think the problem has to do with IP masq but not sure how to fix it. Could someone help? Make sure you're loading the ftp masquerade 'helper' module (ip_masq_ftp) in /etc/modules. -- Charles Steinkuehler [EMAIL PROTECTED] ___ Do you Yahoo!? Win 1 of 4,000 free domain names from Yahoo! Enter now. http://promotions.yahoo.com/goldrush --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering-uClibc ISO 2.2
Hi Adam, Read release notes about the changes. But FYI, here is how I specify the modules in /etc/modules # /etc/modules ! mount iso9660 /dev/cdrom # You can directly reference modules, like this: #/scsi/aic7xxx #/fs/ext2 # Or change the default directory, like this: #! dir /lib/modules/net ! dir /lib/modules/2.4.26/kernel/drivers/net mii eepro100 3c59x # Masquerading 'helper' modules # Don't remove anything here, unless you know what you are doing # Other modules available in kernel/net/ipv4/netfilter # ! dir /lib/modules/2.4.26/kernel/net/ipv4/netfilter ip_conntrack ip_conntrack_ftp ip_conntrack_irc ... ! umount Hope this helps. M Lu - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 24, 2004 10:28 PM Subject: [leaf-user] Bering-uClibc ISO 2.2 If I do any insmods using the iso I get module not found messages. 2.0 would mount the cd to /cdmnt and point /lib/modules/2.4.22 to the modules directory of the cd. However 2.2 does not mount the cd to anything and links /lib/modules/2.4.26 to /lib/modules. I wanted to avoid manually coping in all modules I need and just use the directory on the cd like in 2.0. I was trying to modify root.linuxrc to do what it did in 2.0, but I can't seem to get the change backed up to my config floppy. Is something special required to save this change besides backing up the root package? -- Adam Oliver Even in trifling matters the depths of one's heart can be seen. From Hagakure, The Book of the Samurai --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Sshd won't start in BeringCD 1.2
From http://leaf.sourceforge.net/mod.php?mod=userpagemenu=91017page_id=51 OpenSSH sshd daemon. See http://www.openssh.org Requires libcrpto.lrp libz.lrp so you need to also load the other two packages, libcrpto.lrp and libz.lrp - Original Message - From: Tibbs, Richard [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 04, 2004 12:25 PM Subject: [leaf-user] Sshd won't start in BeringCD 1.2 Dear list: I have loaded the sshd.lrp but the daemon is not active upon boot. When I try to start it manually I get this error. (/etc/ssh/sshd_config below) # cd /usr/sbin firewall: -root- # ./sshd /sshd: error in loading shared libraries libcrypto.so.0.9.7: cannot open shared object file: No such file or directory firewall: -root- # cd / firewall: -root- # find . -name libcrypto.so.0.9.7 firewall: -root- # What could be the problem? Rick. --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering-uClibc_2.2-beta5 w/ OpenVPN ver 1.6.0 Rev 1 Multiple Tunne l
Hi Chris, I believe that the /etc/init.d/openvpn script will scan all .conf in /etc/openvpn and start all of them for you. So after having creating another conf file, just do svi openvpn restart and you should have the tunnels up. A 'ps' also shows if the tunnels is really up. You may use the log command in .conf to check for errors if the tunnel is not up. I hope this helps. M Lu. - Original Message - From: Chris Lee [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, July 28, 2004 9:52 PM Subject: RE: [leaf-user] Bering-uClibc_2.2-beta5 w/ OpenVPN ver 1.6.0 Rev 1 Multiple Tunne l Dear M Lu, I think no problem for me to setup multi .conf for multi tunnel. But how to start up multi openvpn process at startup? Pls kindly advise. Regards, Chris Lee --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering-uClibc_2.2-beta5 w/ OpenVPN ver 1.6.0 Rev 1 Multiple Tunne l
Yes, it is possible. For each tunnel you have one .conf file in /etc/openvpn. The OpenVPN script will create the tunnels for you. You also need to modify shorewall to allow the new tunnels. Do a search on the mail archive on this topic. M Lu - Original Message - From: Chris Lee [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 12:36 AM Subject: [leaf-user] Bering-uClibc_2.2-beta5 w/ OpenVPN ver 1.6.0 Rev 1 Multiple Tunne l Is it possible to setup more than can one OpenVPN tunnel per Server? If yes, how? i.e. Main Server --Tunnel upd:5000-- Server A ^--Tunnel upd:5001-- Server B ^--Tunnel upd:5002-- Server C I am using Bering-uClibc_2.2-beta5 w/ OpenVPN ver 1.6.0 Rev 1 Many thanks in advance. Regards, Chris Lee --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Does dropbear support port forwarding?
Sorry that I cannot help but FYI I also got trouble with port-forwarding with dropbear. I used it to Remote-Terminal to Win2K server and IIRC I could go into the login screen but then things stopped. Switching back to SSHD and everything worked. However it was about half a year ago and later versions of dropbear may fix that. M Lu. - Original Message - From: John Desmond [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, July 23, 2004 2:46 PM Subject: Re: [leaf-user] Does dropbear support port forwarding? Ooops! I meant to say that I have already added a rule to shorewall to allow port 22 conections from fw to loc. -John --- John Desmond [EMAIL PROTECTED] wrote: I've replaced my Bering/sshd firewall with a Bering uClibc/dropbear combo and I don't seem to be able to make tunnels like I used to from an outside location using PuTTY. (For instance, I used to connect with Windows/PuTTY to my firewall and open a shell while forwarding a local port. Then I could connect local port xyz on my work desktop to port 22 on my home desktop through the firewall and open a shell there. And then on to my SL-5500 which is connected and left running. All great fun. I often demo these abilities to amazed engineers in the office whose only computer experience is MS Office on MS Windows) Now, I can open the shell but the tunnel doesn't seem to happen. If I try to use it, the original session crashes. The man page for the full-up version of dropbear indicates that forwarding ports is the default behavior and a switch is used to disable it. But when Bering-uClibc 2.01 was introduced, dropbear port forwarding evidently only partly worked. Has anyone sucessfully used dropbear 0.41 for port forwarding? Is there a diagnostic that will show the forwarding is active? netstat -a shows the server listening and the established connection but would a forwarded port show up there? -John --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] LEAFCFG
Hi, I tried to build a CD from 2.2b5 and inside the syslinux.cfg of the floppy-image I specify ..LEAFCFG=/dev/fd0:msdos,/dev/cdrom:iso9660 What I want is to use the file leaf.cfg from floppy if there is floppy inserted, or leaf.cfg on CD if there is no floppy when booting. However it works if there is a floppy but it failed if there is no floppy and it complianed that there is no packages to install... Does LEAFCFG above only take in the first parameter, i.e. /dev/fd0:msdos or should I do something else? Thank you. --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Portforwarding error
Thank you Tom for your advice. When using '-n' with tcpdump, the IP has been printed and it also looks good. Well, I will try to ask him to replace the DMZ machine with another one for testing and see if the problem goes away. Thanks again, Tom. -- tcpdump -n -i eth2 host 24.61.157.240 20:24:25.944632 24.61.157.240.3453 10.0.18.201.80: S 506447029:506447029(0) win 16384 mss 1460,nop,nop,sackOK (DF) 20:24:25.945120 10.0.18.201.80 24.61.157.240.3453: S 2207623183:2207623183(0) ack 506447030 win 65535 mss 1460,nop,nop,sackOK (DF) 20:24:28.890543 10.0.18.201.80 24.61.157.240.3453: S 2207623183:2207623183(0) ack 506447030 win 65535 mss 1460,nop,nop,sackOK (DF) 20:24:28.912287 24.61.157.240.3453 10.0.18.201.80: S 506447029:506447029(0) win 16384 mss 1460,nop,nop,sackOK (DF) 20:24:28.912429 10.0.18.201.80 24.61.157.240.3453: . ack 1 win 65535 (DF) 20:24:34.898505 10.0.18.201.80 24.61.157.240.3453: S 2207623183:2207623183(0) ack 506447030 win 65535 mss 1460,nop,nop,sackOK (DF) 20:24:34.920981 24.61.157.240.3453 10.0.18.201.80: S 506447029:506447029(0) win 16384 mss 1460,nop,nop,sackOK (DF) 20:24:34.921121 10.0.18.201.80 24.61.157.240.3453: . ack 1 win 65535 (DF) - Original Message - From: Tom Eastep [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Sunday, July 18, 2004 11:13 AM Subject: Re: [leaf-user] Portforwarding error Tom Eastep wrote: After I sent this, I realized that it is probably nonsense since the SYN is reaching the server. I would still make sure that the SYN,ACK has the proper ethernet destination address though... Another piece of advice -- *Always* use the -n option when using tcpdump; otherwise, DNS problems can totally mislead you as to what is going on. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Portforwarding error
Hi, I helped a friend of mine to have his Web Server running on DMZ network. It used to work OK until now. I just know that he has changed his network card on the Web Server machine, but everything seems fine when he accesses his machine locally. I can also access that machine via OpenVPN. I looked and I saw the corresponding rule in /etc/shorewall/rules DNATnet dmz:$WIN2K tcp www - $ETH0_IP 'tcpdump' reports the following when I do a web request to his Web Server: request-in: 20:53:58.122175 h0004ac37ca95.ne.client2.attbi.com.2776 10.0.18.201.www: S 431139811:431139811(0) win 16384 mss 1460,nop,nop,sackOK (DF) replies-out: 20:53:58.122402 10.0.18.201.www h0004ac37ca95.ne.client2.attbi.com.2776: S 2205133957:2205133957(0) ack 431139812 win 65535 mss 1460,nop,nop,sackOK (DF) 20:54:01.045846 h0004ac37ca95.ne.client2.attbi.com.2776 10.0.18.201.www: S 431139811:431139811(0) win 16384 mss 1460,nop,nop,sackOK (DF) 20:54:01.046012 10.0.18.201.www h0004ac37ca95.ne.client2.attbi.com.2776: . ack 1 win 65535 (DF) 20:54:01.088418 10.0.18.201.www h0004ac37ca95.ne.client2.attbi.com.2776: S 2205133957:2205133957(0) ack 431139812 win 65535 mss 1460,nop,nop,sackOK (DF) 20:54:07.054606 h0004ac37ca95.ne.client2.attbi.com.2776 10.0.18.201.www: S 431139811:431139811(0) win 16384 mss 1460,nop,nop,sackOK (DF) 20:54:07.054771 10.0.18.201.www h0004ac37ca95.ne.client2.attbi.com.2776: . ack 1 win 65535 (DF) 20:54:07.096386 10.0.18.201.www h0004ac37ca95.ne.client2.attbi.com.2776: S 2205133957:2205133957(0) ack 431139812 win 65535 mss 1460,nop,nop,sackOK (DF) where '10.0.18.201' is his DMZ Web Server address, and 'h0004ac37ca95.ne.client2.attbi.com' is my public IP. So it indicates that I can send request to him, then his server sent replies, however I got nothing and eventually I got error in my browser. What could be a problem? Thank you. M Lu. --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bind multiple IP addresses?
I think you can have aliases in DCD 1.02 but cannot remember how. Try to search for ALIAS in the scripts. In Bering you will specify additional IPs in /etc/network/interfaces, e.g. (numbers are just for sample) auto eth0 iface eth0 inet static address 1.2.3.4 netmask 255.255.255.0 broadcast 1.2.3.255 gateway 1.2.3.1 # secondary IP is defined here up ip addr add 5.6.7.8/24 dev eth0 and simply portforwarding port 80 on each IP to different internal server of your choice. - Original Message - From: Doug Sampson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, July 07, 2004 7:41 PM Subject: [leaf-user] Bind multiple IP addresses? Can I bind more than one public IP address to an external interface in Dachstein 1.02CD? If so, how? I've googled around to no avail. If not, is there another app that does this? Bering? The reason for this is I wish to port-forward packets to another web server that is behind the firewall. Port 80 is already used by this one web server. I do not wish to force users to add the port designation at the end of the URL in order to reach the second web server. So I got around to thinking that if I could bind a different public IP address to the external interface, then add a rule to the firewall stating that if someone comes knocking at this IP address at port 80 to please forward the packets to the second web server. I'm fully aware that I could establish port-forwarding at the ISP's name server redirecting http packets to a different port- say 8000- which could be redirected to port 80 of the second web server. I just would like to see if I can avoid paying extra bucks for the port-forwarding feature. I happen to have a few unused public IP addresses left. Is that possible? ~Doug --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: Bering-uClibc 2.1.3 Question (2. PS1)
With bering shell, you can set PS1 but then you cannot use 'cd' and see the new directory. So the way I do is that I have to define a new command, e.g. 'nd' inside /etc/profile like that export PS1=`pwd` nd(){ cd $* ; PS1=`pwd` ; } now you can use 'nd' instead of 'cd' and it will show the current directory. It is not very convenient but if you need to know where you are, you can always type 'nd .' If anybody knows of something more elegant, please share with us. Thanks. Chris Lee [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, Some Newbie questions: 2. PS1 It is possible to set PS1, so that it show current folder? (e.g. [firewall /etc] #) --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Re: Bering-uClibc 2.1.3 Question (2. PS1)
Tom, I think 'nd' is defined as function of cd, so maybe the recursion will not work. M Lu. - Original Message - From: Tom Eastep [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Cc: Chris Lee [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, July 06, 2004 5:11 PM Subject: Re: [leaf-user] Re: Bering-uClibc 2.1.3 Question (2. PS1) M Lu wrote: With bering shell, you can set PS1 but then you cannot use 'cd' and see the new directory. So the way I do is that I have to define a new command, e.g. 'nd' inside /etc/profile like that export PS1=`pwd` nd(){ cd $* ; PS1=`pwd` ; } now you can use 'nd' instead of 'cd' and it will show the current directory. It is not very convenient but if you need to know where you are, you can always type 'nd .' alias cd='nd' -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Re: Bering-uClibc 2.1.3 Question (2. PS1)
Thank you, Tom. Indeed it is fine. - Original Message - From: Tom Eastep [EMAIL PROTECTED] To: M Lu [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, July 06, 2004 5:54 PM Subject: Re: [leaf-user] Re: Bering-uClibc 2.1.3 Question (2. PS1) M Lu wrote: Tom, I think 'nd' is defined as function of cd, so maybe the recursion will not work. The shell 'alias' implementation avoids recursion -- it works fine. \h:\w$ export PS1=`pwd` nd(){ cd $* ; PS1=`pwd` ; }/root /root alias cd='nd' /root cd /etc/shorewall /etc/shorewall /etc/shorewall -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] mail in Bering-uClibc 2.2. beta 2
Thanks kp, Sorry, I should have printed the commands I used. I realized that the Posixness file has been modified between 2.1 and 2.2 beta 2 and I also traced the output but I was involved in something else so did not have a chance to look at it once more. - Original Message - From: K.-P. Kirchdörfer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 03, 2004 12:53 PM Subject: Re: [leaf-user] mail in Bering-uClibc 2.2. beta 2 Am Dienstag, 1. Juni 2004 05:05 schrieb M Lu: seems to me that mail script is broken. I always got 'broken pipe' or 'connection error' and the commands I use used to work fine on 2.1 Anyone has the same problem? Hi; you are right - I can reproduce your problem. We try to solve for next release. kp --- This SF.Net email is sponsored by the new InstallShield X. From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by the new InstallShield X. From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html