Re: [leaf-user] shorewall.net down?

[M Lu]

This is from Shorewall mailing list. So use http://www1.shorewall.net


Tom Eastep wrote:
 The administrator of the main web/ftp site has informed me that the site
 is currently down. Until service is restored, you can use:
 
  http://www1.shorewall.net
  ftp://ftp1.shorewall.net
 
 Sorry for the inconvenience.

I've updated the DNS server to point www.shorewall.net and
ftp.shorewall.net to my own server.

I'll keep you posted...

-Tom
-- 
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key





- Original Message - 
From: Brent Gardner [EMAIL PROTECTED]
To: leaf-user@lists.sourceforge.net
Sent: Thursday, May 17, 2007 3:49 PM
Subject: [leaf-user] shorewall.net down?


 Does anyone have or know of a mirror of the shorewall.net web site?  I 
 haven't been able to access it for a few days now.
 
 Thanks.
 
 
 Brent Gardner
 
 
 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 
 leaf-user mailing list: leaf-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 Support Request -- http://leaf-project.org/


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Does Leaf works on VMWARE

[M Lu]

Try to get the bootdisk.ima from the ISO and tell your VMWare to boot from 
that floppy image.

Another solution is to extract all files and then rebuild the ISO with 
'mkisofs'



- Original Message - 
From: ram [EMAIL PROTECTED]
To: leaf-user@lists.sourceforge.net
Sent: Monday, January 29, 2007 4:18 PM
Subject: [leaf-user] Does Leaf works on VMWARE


 Hi

 Does Leaf works on VMWARE

 i have download and try to install,
 when i start the Virtual Machine after selecting ISO image
 i get Boot Error

 any help

 ram
 -
 Take Surveys. Earn Cash. Influence the Future of IT
 Join SourceForge.net's Techsay panel and you'll get the chance to share 
 your
 opinions on IT  business topics through brief surveys - and earn cash
 http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
 
 leaf-user mailing list: leaf-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 Support Request -- http://leaf-project.org/
 


-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] openntpd in BU 3.0

[M Lu]

Hello,

Does anyone have openntpd working? On my WRAP box, it started, synced time 
to a remote server and after a minute or so, it died. In initial 'ps' I saw

 3042 root336 S   /bin/sh /etc/rc2.d/S20openntpd start
 1615 root268 S   /usr/sbin/openntpd -s
17664 root276 S   /usr/sbin/openntpd -s

then the following messages appear in the log

Jan 11 11:50:04 firewall /usr/sbin/openntpd[28441]: dispatch_imsg in main: 
pipe closed
Jan 11 11:50:04 firewall /usr/sbin/openntpd[28441]: Terminating


Regarding the config, I only changed the following in 
/etc/openntpd/ntpd.conf:

- allow it to listen on all interfaces

listen on *

- specify a single server

server 132.246.168.164

P.S. while googling, I see that openntpd uses /etc/ntp.conf. But in BU30, 
the config is in /etc/openntpd directory and I do not see where the config 
is explicitly specified. 


-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] openntpd in BU 3.0

[M Lu]

Thanks KP,

Pls send me the package or let me know when the change is 
(/etc/init.d/shorewall?) so I can do it myself.




- Original Message - 
From: KP Kirchdoerfer [EMAIL PROTECTED]
To: M Lu [EMAIL PROTECTED]; leaf-user@lists.sourceforge.net
Sent: Thursday, January 11, 2007 1:41 PM
Subject: Re: [leaf-user] openntpd in BU 3.0


 Hello M Lu

 Am Donnerstag, 11. Januar 2007 19:13 schrieb M Lu:
 Hello,

 Does anyone have openntpd working?

 Yes.

 On my WRAP box, it started, synced time
 to a remote server and after a minute or so, it died. In initial 'ps' I 
 saw

  3042 root336 S   /bin/sh /etc/rc2.d/S20openntpd start
  1615 root268 S   /usr/sbin/openntpd -s
 17664 root276 S   /usr/sbin/openntpd -s

 then the following messages appear in the log

 Jan 11 11:50:04 firewall /usr/sbin/openntpd[28441]: dispatch_imsg in 
 main:
 pipe closed
 Jan 11 11:50:04 firewall /usr/sbin/openntpd[28441]: Terminating


 Regarding the config, I only changed the following in
 /etc/openntpd/ntpd.conf:

 - allow it to listen on all interfaces

 listen on *

 - specify a single server

 server 132.246.168.164

 Ok, this should work.

 There is a known issue with listen on * (use 0.0.0.0 instead) - but
 obviously it's not the case in your setup.

 I had the same pb when I booted my router, starting openntpd later by hand 
 was
 successful and it ran a until next reboot. Reason is that network access 
 is
 too late for openntpd due to a late shorewall start.
 Starting shorewall ASAP (S,21) fixes the pb.

 I can send you a modified shorewall package, if you think it will help you

 kp


 -
 Take Surveys. Earn Cash. Influence the Future of IT
 Join SourceForge.net's Techsay panel and you'll get the chance to share 
 your
 opinions on IT  business topics through brief surveys - and earn cash
 http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
 
 leaf-user mailing list: leaf-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 Support Request -- http://leaf-project.org/
 


-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] OT question: Connect WRAP box to laptop display

[M Lu]

Hi all,

I am helping a friend to setup LEAF on a WRAP box. He does not have any old 
computer with serial port so I cannot use my null-modem cable. Is there 
anyway I can connect and use the display on a laptop? The laptop (Compaq 
nx9600) does not have serial port, nor printer port.

Thank you.and merry Xmas/happy new year.





-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] OT question: Connect WRAP box to laptop display

[M Lu]

Thank you Erich,

That was a very quick response. So I understand that it makes USB into 
serial port so I can use my null-modem and there will not be any changes 
necessacry to the config files both in syslinux.cfg and in terminal programs 
(e.g. Windows TerraTerm or Linux minicom). Correct me if I am wrong.

Thanks again.

Cheers.


- Original Message - 
From: Erich Titl [EMAIL PROTECTED]
To: M Lu [EMAIL PROTECTED]
Cc: leaf-user@lists.sourceforge.net
Sent: Monday, December 18, 2006 8:55 AM
Subject: Re: [leaf-user] OT question: Connect WRAP box to laptop display


 Hi

 M Lu wrote:
 Hi all,

 I am helping a friend to setup LEAF on a WRAP box. He does not have any 
 old
 computer with serial port so I cannot use my null-modem cable. Is there
 anyway I can connect and use the display on a laptop? The laptop (Compaq
 nx9600) does not have serial port, nor printer port.

 The least painful IMHO is to buy a USB to serial adapter cable.

 cheers

 Erich



-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Reboot in BU 3.0

[M Lu]

Hi Erich and Paul,

- I do have wd1100 loaded in /etc/modules and there is wd1100.o in 
/lib/modules (5316 bytes).
- I do not have the reboot=bios in syslinux.cfg. I will try when going home 
tonight.

Is it possible that the wd1100.o is not the latest, I will check in CVS? In 
WRAP 2.x I had the same settings (wd1000 loaded but not the option 
reboot=bios in syslinux.cfg) and it reboots fine.

Thank you very much.



- Original Message - 
From: Erich Titl [EMAIL PROTECTED]
To: leaf-user@lists.sourceforge.net
Sent: Wednesday, September 06, 2006 2:28 AM
Subject: Re: [leaf-user] Reboot in BU 3.0


 Hi

 M Lu wrote:
 When I try to reboot the WRAP running BU 3.0, it just shutdown all 
 services
 and I saw the message Restarting but it never actually restarted, just
 hung there. I needed to unplug and plug the power.

 Is the wd1100 module loaded ? Without it you won't have any luck.
 The wd1100 module has just recently undergone a little revision, so it
 _might_ not be on the beta1 distro. Look in CVS

 cheers

 Erich

--

- Original Message - 
From: Paul Traina [EMAIL PROTECTED]
To: M Lu [EMAIL PROTECTED]
Sent: Tuesday, September 05, 2006 10:48 PM
Subject: Re: [leaf-user] Reboot in BU 3.0

 Make sure your kernel is being booted with reboot=bios in the option
 line (syslinux.cfg if running straight B-U 3.0).

 egrep reboot=bios /proc/cmdline

 will tell you if it's set right...
 


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Reboot in BU 3.0

[M Lu]

When looking at dmesg I saw the following:

..
6wd1100.c: a few hacks by [EMAIL PROTECTED]
3wd1100.c: Can't register device.
..

whereas on my friend's WRAP (still 2.x) I do not see the second line, so it 
could be the reason

BTW, what does 6 or 3 mean from dmesg? The old dmesg does not write such 
numbers at the beginning of each line.



- Original Message - 
From: M Lu [EMAIL PROTECTED]
To: Erich Titl [EMAIL PROTECTED]; leaf-user@lists.sourceforge.net; 
Paul Traina [EMAIL PROTECTED]
Sent: Wednesday, September 06, 2006 8:59 AM
Subject: Re: [leaf-user] Reboot in BU 3.0


 Hi Erich and Paul,

 - I do have wd1100 loaded in /etc/modules and there is wd1100.o in 
 /lib/modules (5316 bytes).
 - I do not have the reboot=bios in syslinux.cfg. I will try when going 
 home tonight.

 Is it possible that the wd1100.o is not the latest, I will check in CVS? 
 In WRAP 2.x I had the same settings (wd1000 loaded but not the option 
 reboot=bios in syslinux.cfg) and it reboots fine.

 Thank you very much.



 - Original Message - 
 From: Erich Titl [EMAIL PROTECTED]
 To: leaf-user@lists.sourceforge.net
 Sent: Wednesday, September 06, 2006 2:28 AM
 Subject: Re: [leaf-user] Reboot in BU 3.0


 Hi

 M Lu wrote:
 When I try to reboot the WRAP running BU 3.0, it just shutdown all 
 services
 and I saw the message Restarting but it never actually restarted, just
 hung there. I needed to unplug and plug the power.

 Is the wd1100 module loaded ? Without it you won't have any luck.
 The wd1100 module has just recently undergone a little revision, so it
 _might_ not be on the beta1 distro. Look in CVS

 cheers

 Erich

 --

 - Original Message - 
 From: Paul Traina [EMAIL PROTECTED]
 To: M Lu [EMAIL PROTECTED]
 Sent: Tuesday, September 05, 2006 10:48 PM
 Subject: Re: [leaf-user] Reboot in BU 3.0

 Make sure your kernel is being booted with reboot=bios in the option
 line (syslinux.cfg if running straight B-U 3.0).

 egrep reboot=bios /proc/cmdline

 will tell you if it's set right...

 


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Reboot in BU 3.0

[M Lu]

 This is definitly the reason, what happens if you insmod wd1100?

wrapbox# insmod wd1100
insmod: A module named wd1100 already exists

 What is the BIOS version of your wrap and did it work before on that 
 machine?

I do not know. I bought this box last May and the files in the BIOS-update 
file (Ver 1.11)  on http://www.pcengines.ch/wrap.htm are dated 11/8/2005 so 
mine must be quite old.



- Original Message - 
From: Eric Spakman [EMAIL PROTECTED]
To: M Lu [EMAIL PROTECTED]
Cc: leaf-user@lists.sourceforge.net; Erich Titl [EMAIL PROTECTED]
Sent: Wednesday, September 06, 2006 9:12 AM
Subject: Re: [leaf-user] Reboot in BU 3.0


 Hello M Lu:


 ..
 6wd1100.c: a few hacks by [EMAIL PROTECTED]
 3wd1100.c: Can't register device.
 ..

 whereas on my friend's WRAP (still 2.x) I do not see the second line, so
 it could be the reason

 This is definitly the reason, what happens if you insmod wd1100?
 I also use a wrap with the same module and don't see that message. You
 could try to download the latest 2.4.33 kernel tarball
 (http://leaf.cvs.sourceforge.net/leaf/bin/bering-uclibc/packages/) and try
 the updated wd1100 module.

 What is the BIOS version of your wrap and did it work before on that 
 machine?

 BTW, what does 6 or 3 mean from dmesg? The old dmesg does not write
 such numbers at the beginning of each line.

 I have no idea, dmesg in busybox got a rewrite and those numbers appear
 now. They probably mean something ;-)

 Eric


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] PXEInstall and WRAP

[M Lu]

Thanks Bob,

I will update the BIOS (latest version is 1.11, correct?) and will try 
PXEInstall. Probably I can get the MAC of 1st NIC by looking at the output 
of  'ip' command on my box as it is still running now.

Cheers.


- Original Message - 
From: Bob von Knobloch [EMAIL PROTECTED]
To: LEAF Request leaf-user@lists.sourceforge.net
Sent: Wednesday, September 06, 2006 9:20 AM
Subject: [leaf-user] PXEInstall and WRAP


 Hi Eric, hi M Lu,

 Eric, thanks for the tip. According to pcengines web site my (old) BIOS
 should have supported etherbooot but, in fact, did not. I updated the
 BIOS with crossed fingers, hoping it would go OK, it did!

 M Lu, I did some tests and discovered that the WRAP box seems only to
 boot from the 1st NIC (next to the dc power connector) I had to discover
 it's MAC address by connecting it to my DHCP server, first serving
 normal addresses, and observed the connection with Ethereal. Having got
 the MAC address, I added the PXE section on the DHCP server, configured
 my TFTP server according to the LEAF docs and it all worked.
 I don't know another way to get the MAC, normal PCs tend to display
 their MAC address during PXE boot, but the Etherboot module in the WRAP
 does not seem to do this.

 Regards,

 Bob


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] PXEInstall and WRAP

[M Lu]

Just so I know how to do it when configuring new system.In fact when I 
upgraded from 2.x to 3.0, I opened the case, remove the old CF and started 
from scratch with new CF as I am afraid that I could make mistake and the 
system cannot run anymore. I had to reuse the old CF a couple of times 
because my old madwifi configuration does not work. I still have the case 
wide open so I want to take advantage of this opportunity.

Thanks Eric.


- Original Message - 
From: Eric Spakman [EMAIL PROTECTED]
To: M Lu [EMAIL PROTECTED]
Cc: LEAF Request leaf-user@lists.sourceforge.net
Sent: Wednesday, September 06, 2006 10:44 AM
Subject: Re: [leaf-user] PXEInstall and WRAP


 Hi M,

 Why do you want to run pxeinstall on an already configured box? PXEinstall
 is created to initial configure a WRAP or simular system.

 Eric

 Thanks Bob,


 I will update the BIOS (latest version is 1.11, correct?) and will try
 PXEInstall. Probably I can get the MAC of 1st NIC by looking at the 
 output
  of  'ip' command on my box as it is still running now.

 Cheers.



 - Original Message -
 From: Bob von Knobloch [EMAIL PROTECTED]
 To: LEAF Request leaf-user@lists.sourceforge.net
 Sent: Wednesday, September 06, 2006 9:20 AM
 Subject: [leaf-user] PXEInstall and WRAP



 Hi Eric, hi M Lu,


 Eric, thanks for the tip. According to pcengines web site my (old) BIOS
  should have supported etherbooot but, in fact, did not. I updated the
 BIOS with crossed fingers, hoping it would go OK, it did!


 M Lu, I did some tests and discovered that the WRAP box seems only to
 boot from the 1st NIC (next to the dc power connector) I had to discover
  it's MAC address by connecting it to my DHCP server, first serving
 normal addresses, and observed the connection with Ethereal. Having got
  the MAC address, I added the PXE section on the DHCP server,
 configured my TFTP server according to the LEAF docs and it all worked. 
 I
 don't know another way to get the MAC, normal PCs tend to display
 their MAC address during PXE boot, but the Etherboot module in the WRAP
  does not seem to do this.

 Regards,


 Bob



 -
  Using Tomcat but need to do more? Need to support web services,
 security? Get stuff done quickly with pre-integrated technology to make
 your job easier Download IBM WebSphere Application Server v.1.0.1 based 
 on
 Apache Geronimo
 http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
 
 leaf-user mailing list: leaf-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 Support Request -- http://leaf-project.org/





 -
 Using Tomcat but need to do more? Need to support web services, security?
 Get stuff done quickly with pre-integrated technology to make your job 
 easier
 Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
 http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
 
 leaf-user mailing list: leaf-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 Support Request -- http://leaf-project.org/
 


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Reboot in BU 3.0

[M Lu]

Nothing was written to the screen for both

wrapbox# rmmod wd1100
wrapbox# insmod wd1100

When I go home I will reboot and see how it goes. But I will definitely 
upgrade the latest modules. The one I use is from the 3.0 ISO.



- Original Message - 
From: Eric Spakman [EMAIL PROTECTED]
To: M Lu [EMAIL PROTECTED]
Cc: leaf-user@lists.sourceforge.net; Erich Titl [EMAIL PROTECTED]
Sent: Wednesday, September 06, 2006 10:36 AM
Subject: Re: [leaf-user] Reboot in BU 3.0


 Op Wo, 6 september, 2006 4:38 pm schreef M Lu:
 This is definitly the reason, what happens if you insmod wd1100?

 wrapbox# insmod wd1100 insmod: A module named wd1100 already exists

 Ok, so an rmmod wd1100 and insmod wd1100



-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Reboot in BU 3.0

[M Lu]

OK, I could reboot only after upgrading with the new modules. 

Thank you 



- Original Message - 
From: Eric Spakman [EMAIL PROTECTED]
To: M Lu [EMAIL PROTECTED]
Cc: leaf-user@lists.sourceforge.net; Erich Titl [EMAIL PROTECTED]
Sent: Wednesday, September 06, 2006 10:36 AM
Subject: Re: [leaf-user] Reboot in BU 3.0


 Op Wo, 6 september, 2006 4:38 pm schreef M Lu:
 This is definitly the reason, what happens if you insmod wd1100?

 wrapbox# insmod wd1100 insmod: A module named wd1100 already exists

 Ok, so an rmmod wd1100 and insmod wd1100
 

 What is the BIOS version of your wrap and did it work before on that
 machine?

 I do not know. I bought this box last May and the files in the
 BIOS-update
 file (Ver 1.11)  on http://www.pcengines.ch/wrap.htm are dated 11/8/2005
 so mine must be quite old.

 Eric
 


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] PXEInstall and WRAP

[M Lu]

Thanks for your info, Bob and Erich,

I did update to the latest BIOS v1.11. But I am too tired to try setting up 
the TFTP/DHCP server. I will have to leave it on the weekend. But your 
message is very encouranging.

Cheers.


- Original Message - 
From: Bob von Knobloch [EMAIL PROTECTED]
To: LEAF Request leaf-user@lists.sourceforge.net
Sent: Wednesday, September 06, 2006 9:20 AM
Subject: [leaf-user] PXEInstall and WRAP


 Hi Eric, hi M Lu,

 Eric, thanks for the tip. According to pcengines web site my (old) BIOS
 should have supported etherbooot but, in fact, did not. I updated the
 BIOS with crossed fingers, hoping it would go OK, it did!

 M Lu, I did some tests and discovered that the WRAP box seems only to
 boot from the 1st NIC (next to the dc power connector) I had to discover
 it's MAC address by connecting it to my DHCP server, first serving
 normal addresses, and observed the connection with Ethereal. Having got
 the MAC address, I added the PXE section on the DHCP server, configured
 my TFTP server according to the LEAF docs and it all worked.
 I don't know another way to get the MAC, normal PCs tend to display
 their MAC address during PXE boot, but the Etherboot module in the WRAP
 does not seem to do this.

 Regards,

 Bob



-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] elvis.lrp in BU 3.0

[M Lu]

Over the weekend, I had upgraded my WRAP box to 3.0. Thank all of you for 
suggestions.

For 'vi', I installed elvis.lrp and I noticed that I could not do 'vi' as it 
complained about wrapper being in wrong place. Compare 2.x elvis.lrp and new 
one, the binaries are really in different locations (/usr/sbin in new and 
/usr/bin in old 2.x). When I changed the location and repack elvis.lrp, then 
it works fine.

What suprised me is that nobody mentioned this so I think either my 
environment is not correct or people use a different editor on LEAF.

Any comments?

Thank you.

 


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] Reboot in BU 3.0

[M Lu]

When I try to reboot the WRAP running BU 3.0, it just shutdown all services 
and I saw the message Restarting but it never actually restarted, just 
hung there. I needed to unplug and plug the power.

I think I could reboot fine in old 2.x, using 'reboot' or 'shutdown -r now'

What could be the cause for this?

Thank you.



-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] PXEInstall

[M Lu]

Hi Bob,

how did you connect the WRAP box to your TFTP/DHCP server?

I looked into the WRAP BIOS setting and I turned on 'Etherboot Enable' but 
when it reboot I do not see any MAC address listed so I am not sure to which 
NIC I should connect . My box has 3 NICs.

Thank you.

M Lu



- Original Message - 
From: Bob von Knobloch [EMAIL PROTECTED]
To: LEAF Request leaf-user@lists.sourceforge.net
Sent: Tuesday, September 05, 2006 7:42 AM
Subject: [leaf-user] PXEInstall


 Eric,

 I have successfully used the PXEInstall system. Just 1 tiny mistake in
 the docs:

 Under Using pxeinstall.tgz

 Chapter Setting up the new system

 The line:

 # dd if=/usr/sbin/mbr.bin of=/dev/hda bs=512 count=1

 should be ../usr/bin/mbr.bin.. (At least, that is where I
 found the image using 'default').

 Thanks for your efforts, it really makes installing on WRAP etc. very easy

 Regards,

 Bob

 -
 Using Tomcat but need to do more? Need to support web services, security?
 Get stuff done quickly with pre-integrated technology to make your job 
 easier
 Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
 http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
 
 leaf-user mailing list: leaf-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 Support Request -- http://leaf-project.org/
 


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] [ANN] LEAF Bering-uClibc 3.0-beta1

[M Lu]

Hi KP and Eric,

Thank you and other for all hard work on this.


I could not boot from the ISO image using Virtual PC, not VMWare. I also 
downloaded the latest 2.4.2 and could not boot either. It just complained 
Boot Error. I found some old Bering ISO and it boots fine.

The sizes for the images are

34,004,992 Bering-uClibc_2.4.2_iso_bering-uclibc...
38,971,392 Bering-uClibc_3.0-beta1_iso_bering-uclibc...

and I can open them and saw all files inside. I will find some blank CD and 
cut it physically but I doubt it will work. Is there anything special about 
booting from the CD?




- Original Message - 
From: KP Kirchdoerfer [EMAIL PROTECTED]
To: leaf-user@lists.sourceforge.net
Sent: Wednesday, August 23, 2006 2:14 AM
Subject: [leaf-user] [ANN] LEAF Bering-uClibc 3.0-beta1



 The floppy images, ISO image, ipv6 addon and a modules tarball are
 available  in the File Releases Area:
 http://sourceforge.net/project/showfiles.php?group_id=13751package_id=67534



-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Bering-U 3.x packages

[M Lu]

Thank you very much, Eric. Let us know when it is available.


M Lu.


- Original Message - 
From: Eric Spakman [EMAIL PROTECTED]
To: M Lu [EMAIL PROTECTED]
Cc: leaf-user@lists.sourceforge.net
Sent: Tuesday, August 22, 2006 2:34 AM
Subject: Re: [leaf-user] Bering-U 3.x packages


 Hi M,

 No official iso yet, but there will be one in the next day or two.

 Eric

 Hi,


 While helping a friend to build a Bering-U router (WRAP box), I noticed
 that there are now 3.x packages and I would like to use them. Is there 
 any
 big file (similar to Bering-uClibc_2.4.2_iso_bering-uclibc-iso.bin)
 containing all packages or do I have to download the packages
 individually?

 Thank you.



-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] Bering-U 3.x packages

[M Lu]

Hi,

While helping a friend to build a Bering-U router (WRAP box), I noticed that 
there are now 3.x packages and I would like to use them. Is there any big 
file (similar to Bering-uClibc_2.4.2_iso_bering-uclibc-iso.bin) containing 
all packages or do I have to download the packages individually?

Thank you.







-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Upgrading to new version of Bering-U on WRAP box

[M Lu]

Hi Erich,

I prefer this method over the other Eric said yesterday as the change is 
less and you can have a backup in case something goes wrong and you do not 
have the time to fix it. With PXE, I do not know if you always need another 
machine to boot WRAP or you just use that to install new files the 1st time; 
but using a 2nd machine to boot WRAP is not feasible to me.


Actually I used your images for testing WRAP when I bought it. I tried to 
install GRUB like you did on your images but failed and eventually I used 
syslinux. I will see if syslinux can be tweaked like you said.


In case of GRUB, can you specify the LRPs in some directory or they need be 
in another partition? If I need another partition, can I repartition the 
current CF I have in WRAP box or do I need to remove it from the box and 
start from scratch.


Thank you.




- Original Message - 
From: Erich Titl [EMAIL PROTECTED]

To: M Lu [EMAIL PROTECTED]
Cc: leaf-user@lists.sourceforge.net
Sent: Tuesday, February 14, 2006 10:24 AM
Subject: Re: [leaf-user] Upgrading to new version of Bering-U on WRAP box



Hi


I am using GRUB to boot the WRAP. This way I can just add a new menu
item which boots from different files, copied to another partition on
the CF, well linux and initrd have to be on the boot partition but may
have arbitrary names. That way I always have a fallback system to boot
from if anything goes wrong. I believe the same could be done by
tweaking syslinux.cfg

cheers

Erich




---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] Upgrading to new version of Bering-U on WRAP box

[M Lu]

Hello,

I would like to upgrade my oldder version of BeringU to a newer on WRAP box 
and I use syslinux to boot. Is there any good and safe way to do that 
without opening the box and removing the CF. I am afraid that during the 
upgrade I may do something stupid and the box would not boot anymore.


Thank you for your suggestions.







---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] Multiple public IP problem

[M Lu]

Hello all,

I help a friend to upgrade his Bering-U (v2.2.2 - kernel 2.4.26) to the 
latest and greatest v2.4-beta1 (kernel 2.4.32) and at the same time move 
from PC to WRAP box. He has 2 static IPs (x.x.x.11 and x.x.x.12) and the 
setting in network/interfaces file on the old router is


auto eth0
iface eth0 inet static
   address x.x.x.11
   netmask 255.255.255.0
   broadcast x.x.x.255
   gateway x.x.x.1
   # secondary IP
   up ip addr add x.x.x.12/24 dev eth0

I use the same settings for the new etc.lrp on WRAP box.

From the old router, I can ping both IP, x.x.x.11 and x.x.x.12 from outside. 
But when booting WRAP, I can ping only the first one, x.x.x.11 but not the 
other. We also turn on shorewall logging to make sure ping is allowed and we 
did not see anything regarding this 'ping'. My friend rebooted the ADSL 
modem but results are the same. When he connect back to the old router, 
things are OK again and I can ping both IPs.


Is that possible that the ISP keeps the old information about the card (e.g. 
MAC address) and so we need to turn off ADSL for a while to flush the cache 
or the syntax in 2.4.32 kernel has changed or is there anything I did wrong?


Thank you for any suggestions.







---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Multiple public IP problem

[M Lu]

Thank you Eric.

As my friend connect WRAP box to a terminal PC and plug WRAP's eth0 to his 
private network for me to test, I remote login into his network and change 
the settings in network/interfaces to get private IP rather than public IPs 
and both syntax, old (up ip addr add x.x.x.12/24 dev eth0) and new (up ip 
addr add x.x.x.12/24 brd x.x.x.255 dev eth0 label eth0:0) work well. I could 
ping both IPs, could SSH via both of them.


The only difference I see is the showing in 'ip addr show dev eth0' command, 
as one shows as secondary eth0, and the other secondary eth0:0, and I do not 
think we use anything regarding eth0:0 in shorewall. I just hardcode both 
IPs in shorewall params file.


- my old syntax: 'up ip addr add 192.168.5.36/24 dev eth0'
3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000
   link/ether 00:60:97:a7:d8:56 brd ff:ff:ff:ff:ff:ff
   inet 192.168.5.35/24 brd 192.168.5.255 scope global eth0
   inet 192.168.5.36/24 scope global secondary eth0

- your newer syntax: 'up ip addr add 192.168.5.36/24 brd 192.168.5.255 dev 
eth0 label eth0:0'

3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000
   link/ether 00:60:97:a7:d8:56 brd ff:ff:ff:ff:ff:ff
   inet 192.168.5.35/24 brd 192.168.5.255 scope global eth0
   inet 192.168.5.36/24 brd 192.168.5.255 scope global secondary eth0:0

Anyway, I will try the newer syntax with public IPs tonight when we get 
home.



- Original Message - 
From: Eric Spakman [EMAIL PROTECTED]

To: M Lu [EMAIL PROTECTED]
Cc: leaf-user@lists.sourceforge.net
Sent: Thursday, February 09, 2006 10:09 AM
Subject: Re: [leaf-user] Multiple public IP problem



Hello,

The best way to setup a secondary interface is by doing:

auto eth0
iface eth0 inet static
   address x.x.x.11
   
   

auto eth0:0
iface eth0:0 inet static
   address x.x.x.12
   netmask 255.255.255.0
   broadcast x.x.x.255
   gateway x.x.x.1

But something like the following added to the eth0 definition should also
work:
up ip addr add x.x.x.12/24 brd x.x.x.255 dev eth0 label eth0:0

I'm not sure why it worked with 2.2.2, maybe your friend did change
something in the shorewall config with the older version.

There is a good document on the shorewall site, in the documentation
section (2.4), about Shorewall and Aliased Interfaces. The config
changes needed in shorewall are also described there.

Eric


Hello all,


I help a friend to upgrade his Bering-U (v2.2.2 - kernel 2.4.26) to the
latest and greatest v2.4-beta1 (kernel 2.4.32) and at the same time move
from PC to WRAP box. He has 2 static IPs (x.x.x.11 and x.x.x.12) and the
setting in network/interfaces file on the old router is

auto eth0 iface eth0 inet static address x.x.x.11 netmask 255.255.255.0
broadcast x.x.x.255 gateway x.x.x.1 # secondary IP
up ip addr add x.x.x.12/24 dev eth0

I use the same settings for the new etc.lrp on WRAP box.


From the old router, I can ping both IP, x.x.x.11 and x.x.x.12 from
outside. But when booting WRAP, I can ping only the first one, x.x.x.11
but not the other. We also turn on shorewall logging to make sure ping is
allowed and we did not see anything regarding this 'ping'. My friend
rebooted the ADSL modem but results are the same. When he connect back to
the old router, things are OK again and I can ping both IPs.

Is that possible that the ISP keeps the old information about the card
(e.g.
MAC address) and so we need to turn off ADSL for a while to flush the
cache or the syntax in 2.4.32 kernel has changed or is there anything I
did wrong?

Thank you for any suggestions.








---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files for problems?  Stop!  Download the new AJAX search engine that 
makes

 searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/









---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Multiple public IP problem

[M Lu]

I used your syntax but the result was the same. Then I tried to fake the MAC 
address (adding line hwaddress ether address old-router-mac-addr) and it 
worked. Still a mystery to me as if ISP keeps that info, why I can ping the 
1st IP and not the second.


Again thank you for your suggestions always quick and helpful.



- Original Message - 
From: Eric Spakman [EMAIL PROTECTED]

To: M Lu [EMAIL PROTECTED]
Cc: leaf-user@lists.sourceforge.net
Sent: Thursday, February 09, 2006 10:09 AM
Subject: Re: [leaf-user] Multiple public IP problem



Hello,

The best way to setup a secondary interface is by doing:

auto eth0
iface eth0 inet static
   address x.x.x.11
   
   

auto eth0:0
iface eth0:0 inet static
   address x.x.x.12
   netmask 255.255.255.0
   broadcast x.x.x.255
   gateway x.x.x.1

But something like the following added to the eth0 definition should also
work:
up ip addr add x.x.x.12/24 brd x.x.x.255 dev eth0 label eth0:0

I'm not sure why it worked with 2.2.2, maybe your friend did change
something in the shorewall config with the older version.

There is a good document on the shorewall site, in the documentation
section (2.4), about Shorewall and Aliased Interfaces. The config
changes needed in shorewall are also described there.

Eric


Hello all,


I help a friend to upgrade his Bering-U (v2.2.2 - kernel 2.4.26) to the
latest and greatest v2.4-beta1 (kernel 2.4.32) and at the same time move
from PC to WRAP box. He has 2 static IPs (x.x.x.11 and x.x.x.12) and the
setting in network/interfaces file on the old router is

auto eth0 iface eth0 inet static address x.x.x.11 netmask 255.255.255.0
broadcast x.x.x.255 gateway x.x.x.1 # secondary IP
up ip addr add x.x.x.12/24 dev eth0

I use the same settings for the new etc.lrp on WRAP box.


From the old router, I can ping both IP, x.x.x.11 and x.x.x.12 from
outside. But when booting WRAP, I can ping only the first one, x.x.x.11
but not the other. We also turn on shorewall logging to make sure ping is
allowed and we did not see anything regarding this 'ping'. My friend
rebooted the ADSL modem but results are the same. When he connect back to
the old router, things are OK again and I can ping both IPs.

Is that possible that the ISP keeps the old information about the card
(e.g.
MAC address) and so we need to turn off ADSL for a while to flush the
cache or the syntax in 2.4.32 kernel has changed or is there anything I
did wrong?

Thank you for any suggestions.



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Openvpn - Bering uClibc 2.3

[M Lu]

I use ntpdate and specify a NTP server in its config. This will correct the 
time right after your box is up. Make sure you allow your box to connect to 
that server. If you have an internal NTP server, it would be good.




- Original Message - 
From: Bob von Knobloch [EMAIL PROTECTED]

To: LEAF Request leaf-user@lists.sourceforge.net
Sent: Friday, January 20, 2006 4:38 AM
Subject: [leaf-user] Openvpn - Bering uClibc 2.3



Dear List,
I have now succeeded in installing an OpenVPNZ on my WRAP LEAF Box. 
Everything works very well. This sort of surprised me, I am used to 
working with professional IKE/IPSEC VPNs and OpenVPN seems at least as 
good.
For information, one small problem remains that is LEAF orientated: The 
boot-up process starts OpenVPN too soon, ntpsimpl needs to be started 
first. This acn be fixed but ntpsimpl, although modified with a script 
from Erich Titl does not actually set the system date for quite some time 
after it has fetched the time from the Internet.
For OpenVPN this causes the startup process to reject all local 
Certificates as being invalid (this is true - when a Certificate's date 
lies in the apparent future, the Certificate is indeed not valid).
This is not corrected by waiting. A new reboot is required. (To reiterate, 
the problem is caused by the ISP rejecting logon attempts for a period 
shortly after a disconnect - for example a 10 second power failure would 
cause the system to fail and stay failed).
I will think about this and experiment with solutions. Any suggestions 
are, of course, very welcome.

Bob





---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] What modules are needed for shorewall 3.0 traffic shaping?

[M Lu]

Thank you, Jaap,

I could start shorewall with those

#
sch_ingress
sch_htb
sch_prio
sch_sfq
cls_u32
cls_fw



- Original Message - 
From: Jaap Eldering [EMAIL PROTECTED]

To: leaf-user@lists.sourceforge.net
Sent: Tuesday, December 13, 2005 2:41 AM
Subject: Re: [leaf-user] What modules are needed for shorewall 3.0 traffic 
shaping?




On Mon, Dec 12, 2005 at 11:55:23PM -0500, M Lu wrote:


I upgraded to shorewall 3.x and would like to use the built-in traffic
shaping. After creating some simple tc-files I started shorewall and I 
got

error

Processing /etc/shorewall/tcdevices...
RTNETLINK answers: Invalid argument

and I think that some modules (for HTB?) are missing. According to
shorewall documentation: ...For builtin support, you need the HTB
scheduler, the PRIO pseudoscheduler and SFQ queue. The other scheduler or
queue algorithms are not needed...

Can somebody list what modules I need to specify in /etc/modules?


For these you need:

sch_htb
sch_prio
sch_sfq

You can find these in directory kernel/net/sched of the modules tree.

Jaap





---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] What modules are needed for shorewall 3.0 traffic shaping?

[M Lu]

Hi,

I upgraded to shorewall 3.x and would like to use the built-in traffic 
shaping. After creating some simple tc-files I started shorewall and I got 
error


Processing /etc/shorewall/tcdevices...
RTNETLINK answers: Invalid argument

and I think that some modules (for HTB?) are missing. According to shorewall 
documentation: ...For builtin support, you need the HTB scheduler, the PRIO 
pseudoscheduler and SFQ queue. The other scheduler or queue algorithms are 
not needed...


Can somebody list what modules I need to specify in /etc/modules?

Thank you.

M Lu 



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] New Problem with UClibc syslinux

[M Lu]

Richard,

Do you have those packages in syslinux.cfg or leaf.cfg?

Try leaf.cfg if you did not use it. Mine look like this

syslinux.cfg
---
..
default linux initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0 
LEAFCFG=/dev/hda1:msdos



leaf.cfg(in 3 lines, I guess the white spaces and returns are ignored in 
between quotes

---

LRP=root,config,etc,local,modules,iptables,dhcpcd,
ulogd,shorwall,dnscache,dropbear,
dhcpd,libm,libpcap,daemontl,tinydns
..




- Original Message - 
From: Tibbs, Richard [EMAIL PROTECTED]

To: Leaf-User (E-mail) leaf-user@lists.sourceforge.net
Sent: Tuesday, November 29, 2005 12:13 PM
Subject: [leaf-user] New Problem with UClibc syslinux


OK, I put a new modules file together from Arne's web page, and back to
square one.  Stops after local.  I tried 3 different diskettes all with
same result.
Nothing of the following loads from syslinux LRP=
modules,mawk,lpthread,ipsec,libcrpto,shorwall,dnscache,dhcpd

What could be wrong here?
Rick.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tibbs,
Richard
Sent: Monday, November 28, 2005 2:48 PM
To: Leaf-User (E-mail)
Subject: RE: [leaf-user] Problem with UClibc syslinux

Well, the quotes did not help, but putting together a package via Arne's
modules.cgi fixed the problem.  I think modules from the floppy was
hanging it up


Thanks,
Rick.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric Spakman
Sent: Monday, November 28, 2005 1:37 PM
To: Leaf-User
Subject: Re: [leaf-user] Problem with UClibc syslinux

Hello Richard,

Not sure, but it can be a hidden character. You could try the line
with
quotes around it:
LRP=root,keyboard,config,etc,local,modules,mawk,lpthread,ipsec,libcrpto
,shorwall,dnscache,dhcpd

Eric


Tried Bering UClibc with some strange results this w/e.


My syslinux config file is:
display syslinux.dpy timeout 0 default linux initrd=initrd.lrp

init=/linuxrc

rw root=/dev/ram0 LEAFCFG=/dev/fd0:msdos
PKGPATH=/dev/fd0:msdos,/dev/cdrom:iso9660
syst_size=12M log_size=4M


LRP=root,keyboard,config,etc,local,modules,mawk,lpthread,ipsec,libcrpto,

shorwall,dnscache,dhcpd

(no line breaks from default... dhcpd)


But, syslog file says the kernel command line stops at local.
I used EditPadlite on windoze to edit syslinux.cfg ... This has worked
for many leafs before including Bering 1.2

Anyone know what might be the problem?


TIA
Rick.



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files for problems?  Stop!  Download the new AJAX search engine that

makes

 searching your log files as easy as surfing the  web.  DOWNLOAD

SPLUNK!

http://ads.osdn.com/?ad_idv37alloc_id865op=click




leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/







---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37alloc_id865op=ick

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37alloc_id865op=ick

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!

[leaf-user] shorewall3.lrp not accessible

[M Lu]

I see that package in testing area but the link is not correct. Same for 
siproxd.lrp. Can anybody fix them?


Thank you.


---
This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
Register for a JBoss Training Course.  Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628alloc_id=16845op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] hostapd with madwifi NIC

[M Lu]

Hi Eric,

I am sorry for the delay. Since Sunday, I runs hostapd.lrp you sent me with 
madwifi and it is great, no problem so far. I just do not know why I do not 
see messages dumped to the dumpfile as I specified in the config file (see 
below), only to daemon.log, but other than that it is OK.


I am busy with other work so I cannot test the current hostapd package in 
the latest 2.3 ISO CD, but like you said, it should work too. Can anybody 
from the list confirm that?


Just want to thank you again for all your help.



What I am using now are:

- madwifi modules from 2.3 ISO, i.e. old codebase from madwifi
- hostapd you sent me (0.4.5-2)
- wireless 28pre10 which I compiled myself. The one in ISO is 28pre8

There is no need to include hostapd.o module in /etc/modules like you said. 
I run hostapd as 'hostapd -B -dd /etc/hostapd/madwifi.conf', and the config 
file looks like the following


   START of /etc/hostapd/madwifi.conf
#
interface=ath0
driver=madwifi

logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2

# Debugging: 0 = no, 1 = minimal, 2 = verbose, 3 = msg dumps, 4 = excessive
debug=3
# Dump file for state information (on SIGUSR1)
dump_file=/tmp/hostapd.dump

# SSID to be used in IEEE 802.11 management frames
ssid=myssid

# Station MAC address -based authentication
# 1 = deny unless in accept list
macaddr_acl=1
# this file contains all MACs of the machines you allow, one per one line
accept_mac_file=/etc/hostapd/hostapd.accept

eapol_key_index_workaround=0
eap_server=0

# WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit
wpa=1
wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
wpa_group_rekey=600
#
   END of /etc/hostapd/madwifi.conf




- Original Message - 
From: Eric Spakman [EMAIL PROTECTED]

To: M Lu [EMAIL PROTECTED]
Sent: Tuesday, November 01, 2005 3:35 PM
Subject: Re: [leaf-user] hostapd with madwifi NIC



Hi,

I compiled the latest Debian unstable version of hostapd (0.4.5-2) with
madwifi support, I have attached it to this mail. You may give it a try
when you don't succeed with the stable version.

Eric




---
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42 plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] hostapd with madwifi NIC

[M Lu]

Hi,

When using hostapd with madwifi wireless NIC (I specidy driver=madwifi in 
the hostapd.conf file), do I need to load the hostap.o module and other 
hostap modules (such as hostap_crypt_xxx.o) in /etc/modules?


Thank you.



---
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Changing mac address in dhcp mode

[M Lu]

You can look at the DHCP client files and see where to send MAC address to 
DHCP server, then specify the MAC of the old NIC.



- Original Message - 
From: Stephen Lee [EMAIL PROTECTED]

To: Leaf-user Leaf-user@lists.sourceforge.net
Sent: Tuesday, November 01, 2005 4:28 PM
Subject: [leaf-user] Changing mac address in dhcp mode



Hi,

I'm replacing our current USR firewall/router to a current release
Bering box. I need to change the wan nic mac address (eth0) on the
Bering box to ensure I get the same IP number back from my ISP. I was
able to change it if I had set eth0 to static with the additional
hwaddress line in the interfaces file:

iface eth0 inet static
   address 12.34.56.78
   netmask 255.255.255.0
   broadcast 12.34.56.255
   gateway 12.34.56.78.1
   hwaddress ether address 00:00:00:00:00:00

but the same line has no effect if eth0 is set for dhcp:

auto eth0
iface eth0 inet dhcp
  hwaddress ether address 00:00:00:00:00:00

How do I set the mac address if eth0 is set to dhpc mode?

Thanks,
Stephen




---
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42 plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] ttys errros on Bering 2.3

[M Lu]

Hi Eric,

After starting with untouched files from the CD and changing only 
/etc/inittab and /etc/securetty for the serial console, I could boot the 
WRAP box OK and no errors on ttys. Then I started adding my own packages one 
by one and eventually I see that when I added dnscache.lrp then the errors 
showed.


Looking carefully at this bad dnscache.lrp and my working dnscache.lrp I 
found out the size of the bad one is about 2-times larger and here is the 
mistake I made: I untar-gz etc.lrp into a temp place, then forgot to clean 
it and went on with dnscache.lrp, made changes and tar-gz it back. The 
original /etc/inittab went into dnscache.lrp and because dnscache.lrp 
appeared after etc.lrp in leaf.cfg, the original inittab is used which 
caused ttys errors.


I apologize for causing false alarm and taking up your time for my stupid 
mistake.


Thanks again for your quick support.



- Original Message - 
From: Eric Spakman [EMAIL PROTECTED]

To: M Lu [EMAIL PROTECTED]
Cc: leaf-user@lists.sourceforge.net
Sent: Wednesday, October 26, 2005 4:28 PM
Subject: Re: [leaf-user] ttys errros on Bering 2.3



Hello,



Hi Eric,


the ttys errors still happened and I am scratching my hair on what could
use tty1 and tty2. I even deleted all lines referring to tty1, tty2... in
/etc/inittab and the errors are still there. I could not see the login
promt on the console attached via minicom and so I cannot login. Is there
a way to see what process/package is using those ttys?


The only way I know of is using ps to see the running processes, but
that is somewhat difficult without a working console.

I searched through all source, but couldn't find an other place besides
/etc/inittab where a getty is started on tty1/tty2.
The problem seems to start during, or just after crond runs. Do you have
some custom cron scripts?
Which packages do you have installed?

Eric


Thank you.





---
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] madwifi drivers on Bering 2.3

[M Lu]

I understand that madwifi is now moving to new codebase 
(http://madwifi.org/wiki/NewCodebase), which has a lot of new features 
(virtual AP, WDS support etc). Are you planning to have that new codebase in 
LEAF Bering-U?



- Original Message - 
From: Eric Spakman [EMAIL PROTECTED]

To: M Lu [EMAIL PROTECTED]
Cc: leaf-user@lists.sourceforge.net
Sent: Wednesday, October 26, 2005 4:54 PM
Subject: Re: [leaf-user] madwifi drivers on Bering 2.3



Hello M,

The madwifi drivers are still in beta stage, so it's possible that some
debug code is enabled by default. I will take a look anyway.

Eric




---
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Madwifi Drivers for Bering uClibc 2.3 rc1- 3rd try

[M Lu]

Jeremy,

with new madwifi, it seems a little bit more complicated. You will have 
wifi0 as the place holder for each wireless NIC (previously) and then you 
need to use some tool (hopefully Eric built together with modules) to create 
ath0 out of wifi0 and then apply the settings on ath0.


So basically when you do 'ip addr' you should see both wifi0 and ath0 but 
when 'iwconfig' you see ath0 having wireless settings.


In fact I am just reading the readme file and will try to see if I can use 
them later.


Also your NIC could be still new and not sure if it is supported.



- Original Message - 
From: Jeremy Tourville [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; 
leaf-user@lists.sourceforge.net

Sent: Friday, October 28, 2005 10:03 PM
Subject: Re: [leaf-user] Madwifi Drivers for Bering uClibc 2.3 rc1- 3rd try



Hello Jeremy,


Attached you will find the drivers from today's snapshot. I hope they 
work!


Eric




Well, I tried the new drivers you compiled with no luck.  Is my card still 
not supported by the new code drop?  I have a MIMO card.  It is a D Link 
DWL-G520M. It has the AR5513 processor/chipset.  Here is some diagnostic 
output for everyone.  I have snipped some output to only include relevant 
info.


firewall# cat /proc/pci
PCI devices found:
  Bus  0, device  11, function  0:
   Class 0200: PCI device 168c:0020 (rev 1).
 IRQ 9.
 Master Capable.  Latency=80.  Min Gnt=10.Max Lat=28.
 Non-prefetchable 32 bit memory at 0xfcfe [0xfcff].


firewall# dmesg
wlan: 0.8.4.2 (Atheros/multi-bss)
wlan: mac acl policy registered
ath_hal: 0.9.15.1 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
ath_rate_onoe: 1.0
ath_pci: 0.9.4.5 (Atheros/multi-bss)

firewall# more modules
# /etc/modules: kernel modules to load at boot time.
#
# Wireless AP
wlan
wlan_acl
wlan_tkip
wlan_xauth
ath_hal
ath_rate_onoe
ath_pci

firewall# lsmod
Module  Size  Used byTainted: P
ath_pci56820   0 (unused)
ath_rate_onoe   2900   0 [ath_pci]
ath_hal   179184   0 [ath_pci]
wlan_xauth   216   0 (unused)
wlan_tkip   8368   0 (unused)
wlan_acl1784   0 (unused)
wlan  116530   0 [ath_pci ath_rate_onoe wlan_xauth 
wlan_tkip wlan_acl]

softdog 1360   1
ipt_state272  17
ipt_helper   400   0 (unused)
ipt_conntrack692   0
ipt_REDIRECT 480   0 (unused)
ipt_MASQUERADE  1024   2
ip_nat_irc  1704   0 (unused)
ip_nat_ftp  2152   0 (unused)
iptable_nat14332   3 [ipt_REDIRECT ipt_MASQUERADE ip_nat_irc 
ip_nat_ftp]

ip_conntrack_irc2484   1
ip_conntrack_ftp3132   1
ip_conntrack   16516   2 [ipt_state ipt_helper ipt_conntrack 
ipt_REDIRECT ipt_MASQUERADE ip_nat_irc ip_nat_ftp iptable_nat 
ip_conntrack_irc ip_conntrack_ftp]

3c59x  23768   2
3c515  11052   1
isofs  15732   0 (unused)
ide-detect   132   0 (unused)
ide-cd 26748   0
ide-disk   11308   0
ide-core   80476   0 [ide-detect ide-cd ide-disk]
cdrom  25344   0 [ide-cd]


firewall# ip address show
1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   inet 127.0.0.1/8 scope host lo
2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop
   link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000
   link/ether 00:10:4b:6e:ef:9a brd ff:ff:ff:ff:ff:ff
   inet 70.224.209.172/24 brd 70.224.209.255 scope global eth0
4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000
   link/ether 00:a0:24:37:d4:c0 brd ff:ff:ff:ff:ff:ff
   inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1
5: eth2: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000
   link/ether 00:a0:24:75:b2:50 brd ff:ff:ff:ff:ff:ff
   inet 192.168.2.100/24 brd 192.168.2.255 scope global eth2

# /etc/network/interfaces -- configuration file for LEAF network
# Step 7 (optional): configure wireless AP (Madwifi)
auto ath0
iface ath0 inet static
   address 192.168.3.1
   netmask 255.255.255.0
   broadcast 192.168.3.255
   wireless-mode master
   wireless rate 54M
   wireless-essid default
   up /sbin/iwpriv/ ath0 mode 3

Thanks all in advance for your help!

Jeremy




---
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- 

Re: [leaf-user] madwifi drivers on Bering 2.3

[M Lu]

Hi Eric,

I will send you off list. It is possible that the file is corrupted. I used 
a Fedora Core machine to edit the files, but I did copy and paste some lines 
from Windows Ultra Edit. Hopefully you can detect my mistake. I did not use 
insmod manually. I should have done it. I will do it tonight.


Thank you.



- Original Message - 
From: Eric Spakman [EMAIL PROTECTED]

To: M Lu [EMAIL PROTECTED]
Cc: leaf-user@lists.sourceforge.net
Sent: Wednesday, October 26, 2005 2:36 AM
Subject: Re: [leaf-user] madwifi drivers on Bering 2.3



Can you mail the exact contents of /etc/modules? Insmod is displaying its
options because an illegal option is found.

Did you try to insmod the modules by hand?

Eric



I have them in /etc/modules as


wlan wlan_acl wlan_ccmp wlan_tkip wlan_wep wlan_xauth ath_hal

ath_rate_sample

ath_pci

but on loading wlan_ccmp as well as a couple of other modules, BusyBox
reported error:


wlan - Using /var/lib/lrpkg/mnt/modules/net//./wlan.o wlan: 0.8.6.0
(EXPERIMENTAL)
wlan_acl - Using /var/lib/lrpkg/mnt/modules/net//./wlan_acl.o wlan: mac 
acl

policy registered wlan_ccmp - BusyBox v1.00 (2005.08.02-19:26+)
multi-call binary

Usage: insmod [OPTION]... MODULE [symbol=value]...
^^



wlan_tkip - BusyBox v1.00 (2005.08.02-19:26+) multi-call binary

Usage: insmod [OPTION]... MODULE [symbol=value]...


wlan_wep - Using /var/lib/lrpkg/mnt/modules/net//./wlan_wep.o 
wlan_xauth -

BusyBox v1.00 (2005.08.02-19:26+) multi-call binary


Usage: insmod [OPTION]... MODULE [symbol=value]...


ath_hal - Using /var/lib/lrpkg/mnt/modules/net//./ath_hal.o Warning:
loading ath_hal will taint the kernel: non-GPL license ath_hal: 0.9.14.9
(- Proprietary
AR5210 See http://www., AR5211tux.org/lkml/#ex, AR5212port-tainted for,
RF5111 information abo, RF5112ut tainted modul, Rs)
ath_rate_sample - BusyBox v1.00 (2005.08.02-19:26+) multi-call binary

Usage: insmod [OPTION]... MODULE [symbol=value]...


ath_pci - Using /var/lib/lrpkg/mnt/modules/net//./ath_pci.o insmod:
unresolved symbol ath_rate_findrate insmod: unresolved symbol
ath_rate_newassoc insmod: unresolved symbol ath_rate_detach
insmod: unresolved symbol ath_rate_node_init
insmod: unresolved symbol ath_rate_setupxtxdesc
insmod: unresolved symbol ath_rate_dynamic_sysctl_register
insmod: unresolved symbol ath_rate_node_cleanup
insmod: unresolved symbol ath_rate_attach
insmod: unresolved symbol ath_rate_tx_complete
insmod: unresolved symbol ath_rate_newstate


--



Could anybody help?


Thank you.








---
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/







---
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/




---
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] madwifi drivers on Bering 2.3

[M Lu]

Hi Eric,

Thanks a lot for suggestions.

I started from the original modules.lrp from CD and I copied all needed 
modules to that modules.lrp. This time the madwifi modules are loaded OK. I 
did not test the wireless yet but I think it should be fine.


So for some reason my old /etc/modules has been corrupted.

This time I saw 2 lines about Debugging version (see below) and not sure 
if that's just warning or we are using debugging version


wlan - Using /lib/modules/./wlan.o
wlan: 0.8.6.0 (EXPERIMENTAL)
wlan_acl - Using /lib/modules/./wlan_acl.o
wlan: mac acl policy registered
wlan_ccmp - Using /lib/modules/./wlan_ccmp.o
wlan_tkip - Using /lib/modules/./wlan_tkip.o
wlan_wep - Using /lib/modules/./wlan_wep.o
wlan_xauth - Using /lib/modules/./wlan_xauth.o
ath_hal - Using /lib/modules/./ath_hal.o
Warning: loading ath_hal will taint the kernel: non-GPL license ath_hal: 
0.9.14.9 (- Proprietary
AR5210 See http://www., AR5211tux.org/lkml/#ex, AR5212port-tainted for, 
RF5111 information abo, RF5112ut tainted modul, Rs)

ath_rate_sample - Using /lib/modules/./ath_rate_sample.o
ath_rate_sample: 1.2
ath_pci - Using /lib/modules/./ath_pci.o
ath_pci: 0.9.6.0 (EXPERIMENTAL)
Build date: Aug  6 2005
Debugging version (IEEE80211)
^^
ath0: 11a rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
ath0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
ath0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 
36Mbps 48Mbps 54Mbps

ath0: turboA rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
ath0: turboG rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
ath0: H/W encryption support: WEP AES AES_CCM TKIP
ath0: mac 5.9 phy 4.3 radio 3.6
ath0: Use hw queue 1 for WME_AC_BE traffic
ath0: Use hw queue 0 for WME_AC_BK traffic
ath0: Use hw queue 2 for WME_AC_VI traffic
ath0: Use hw queue 3 for WME_AC_VO traffic
ath0: Use hw queue 8 for CAB traffic
ath0: Use hw queue 9 for beacons
Debugging version (ATH)





- Original Message - 
From: Eric Spakman [EMAIL PROTECTED]

To: M Lu [EMAIL PROTECTED]
Sent: Wednesday, October 26, 2005 10:51 AM
Subject: Re: [leaf-user] madwifi drivers on Bering 2.3



That's a pity, I can't see anything special in your modules file. No
strange characters or so. You could try to remove the # between
wlan_xauth and ath_hal, but that shouldn't be the problem.




---
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] ttys errros on Bering 2.3

[M Lu]

Hi Eric,

the ttys errors still happened and I am scratching my hair on what could use 
tty1 and tty2. I even deleted all lines referring to tty1, tty2... in 
/etc/inittab and the errors are still there. I could not see the login promt 
on the console attached via minicom and so I cannot login. Is there a way to 
see what process/package is using those ttys?


Thank you.

Here are some of the lines I copy and paste from minicom window:

..
Linux version 2.4.31 ([EMAIL PROTECTED]) (gcc version 3.3.3) #1 Thu Aug 18 
21:03:20 CEST 2005

BIOS-provided physical RAM map:
BIOS-e820:  - 000a (usable)
BIOS-e820: 000f - 0010 (reserved)
BIOS-e820: 0010 - 0800 (usable)
BIOS-e820: fff0 - 0001 (reserved)
128MB LOWMEM available.
On node 0 totalpages: 32768
zone(0): 4096 pages.
zone(1): 28672 pages.
zone(2): 0 pages.
DMI not present.
Kernel command line: console=ttyS0,38400 BOOT_IMAGE=linux initrd=initrd.lrp 
init=/linuxrc rw root=/dev/ram0 LEAFCFG=/dev/hsInitializing CPU#0

Detected 266.636 MHz processor.



...
Processing /etc/shorewall/start ...
Shorewall Started
Processing /etc/shorewall/started ...
Starting svscan ...
dnscache queries allowed from 10.9
Starting dnscache with daemontools ...
Creating cdb for tinydns-private
Starting private DNS server listening on 127.0.0.1 with daemontools
Creating cdb for tinydns-public
Starting public DNS server listening on xx.xx.xx.xx with daemontools
Shutting down dnscache with daemontools ...
dnscache queries allowed from 10.9
Starting dnscache with daemontools ...
Running ntpdate to synchronize clock.
Starting periodic command scheduler: cron.
getty: /dev/tty1: cannot open as standard input: No such device
getty: /dev/tty2: cannot open as standard input: No such device
getty: /dev/tty1: cannot open as standard input: No such device
getty: /dev/tty2: cannot open as standard input: No such device
getty: /dev/tty1: cannot open as standard input: No such device
..
INIT: Id 1 respawning too fast: disabled for 5 minutes
INIT: Id 2 respawning too fast: disabled for 5 minutes
INIT: no more processes left in this runlevel




- Original Message - 
From: Eric Spakman [EMAIL PROTECTED]

To: M Lu [EMAIL PROTECTED]
Sent: Wednesday, October 26, 2005 2:33 PM
Subject: Re: [leaf-user] madwifi drivers on Bering 2.3





I will try again from scratch. I just would like to confirm with you the
following:


- I rename 'initrd_ide.lrp' on CD to initrd.lrp but I made no changes to
it. Is that OK?


Yes, that's ok.


- You have tested 2.3 on a WRAP box.


Not me, but Martin Hejl did (he is also one of the Bering-uClibc team).




- Original Message - 
From: Eric Spakman [EMAIL PROTECTED]

To: M Lu [EMAIL PROTECTED]
Sent: Wednesday, October 26, 2005 10:51 AM
Subject: Re: [leaf-user] madwifi drivers on Bering 2.3



But it's somewhat strange the problems you see, the call to getty is only
done in /etc/inittab and you commented it out. So it shouldn't be possible
that you see those messages...

You even can't login with a serial console?

Eric




Actually I could not do it manually even if I wanted to as I cannot login
 into the router yet due to the tty errors.





---
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] ttys errros on Bering 2.3

[M Lu]

Hello Eric,

- I could not login as the screen is filled with the ttys errors.
- I do not run any special cron jobs. It must be the default. The packages I 
have are declared in leaf.cfg


LRP=root,config,etc,local,modules,iptables,dhcpcd,ulogd,
shorwall,dnscache,dropbear,weblet,
sh-httpd,dhcpd,libm,libpcap,daemontl,tinydns,
ntpdate,ntpsimpl,libssl,libcrpto,wireless,madwifi,
liblzo,openvpnz,tc,bridge
PKGPATH=/dev/hda1:msdos
syst_size=48M
log_size=32M

Besides not-able-to-login into the box, everything else seems working. Just 
for the sake of it, I shut it down, remove the CF, and mount it in my Fedora 
box, extract etc.lrp and here is the /etc/inittab


 BEGIN

FC_/root/NEWBOX vi etc/inittab

# /etc/inittab: init(8) configuration.
# $Id: inittab,v 1.1 2004/10/14 19:09:29 espakman Exp $

# The default runlevel.
id:2:initdefault:

# Boot-time system configuration/initialization script.
# This is run first except when booting in emergency (-b) mode.
si::sysinit:/etc/init.d/rcS

# What to do in single-user mode.
~~:S:wait:/sbin/sulogin

# /etc/init.d executes the S and K scripts upon change
# of runlevel.
#
# Runlevel 0 is halt.
# Runlevel 1 is single-user.
# Runlevels 2-5 are multi-user.
# Runlevel 6 is reboot.

l0:0:wait:/etc/init.d/rc 0
l1:1:wait:/etc/init.d/rc 1
l2:2:wait:/etc/init.d/rc 2
l3:3:wait:/etc/init.d/rc 3
l4:4:wait:/etc/init.d/rc 4
l5:5:wait:/etc/init.d/rc 5
l6:6:wait:/etc/init.d/rc 6

# Normally not reached, but fallthrough in case of emergency.
#z6:6:respawn:/sbin/sulogin

# What to do when CTRL-ALT-DEL is pressed.
#ca:12345:ctrlaltdel:/sbin/shutdown -t1 -r now

# Action on special keypress (ALT-UpArrow).
kb::kbrequest:/bin/echo Keyboard Request--edit /etc/inittab to let this 
work.


# What to do when the power fails/returns.
pf::powerwait:/etc/init.d/powerfail start
pn::powerfailnow:/etc/init.d/powerfail now
po::powerokwait:/etc/init.d/powerfail stop

# /sbin/getty invocations for the runlevels.
#
# The id field MUST be the same as the last
# characters of the device (after tty).
#
# Format:
#  id:runlevels:action:process
# Example how to put a getty on a serial line (for a terminal)
#
# for WRAP box
#
T1:2345:respawn:/sbin/getty -L 38400 ttyS0 vt100

---  END 

P.S. With the current working CF I have

Shorewall Started
Processing /etc/shorewall/started ...
Starting svscan ...
dnscache queries allowed from 10.9
Starting dnscache with daemontools ...
Creating cdb for tinydns-private
Starting private DNS server listening on 127.0.0.1 with daemontools
Creating cdb for tinydns-public
Starting public DNS server listening on xx.xx.xx.xx with daemontools
Shutting down dnscache with daemontools ...
dnscache queries allowed from 10.9
Starting dnscache with daemontools ...
Running ntpdate to synchronize clock.
Starting periodic command scheduler: cron.

LEAF Bering-uClibc 2.3 uClibc 0.9.20 Rev 3 wrapbox ttyS0
wrapbox login:


- Original Message - 
From: Eric Spakman [EMAIL PROTECTED]

To: M Lu [EMAIL PROTECTED]
Cc: leaf-user@lists.sourceforge.net
Sent: Wednesday, October 26, 2005 4:28 PM
Subject: Re: [leaf-user] ttys errros on Bering 2.3



Hello,



Hi Eric,


the ttys errors still happened and I am scratching my hair on what could
use tty1 and tty2. I even deleted all lines referring to tty1, tty2... in
/etc/inittab and the errors are still there. I could not see the login
promt on the console attached via minicom and so I cannot login. Is there
a way to see what process/package is using those ttys?


The only way I know of is using ps to see the running processes, but
that is somewhat difficult without a working console.

I searched through all source, but couldn't find an other place besides
/etc/inittab where a getty is started on tty1/tty2.
The problem seems to start during, or just after crond runs. Do you have
some custom cron scripts?
Which packages do you have installed?

Eric


Thank you.


Here are some of the lines I copy and paste from minicom window:


..
Linux version 2.4.31 ([EMAIL PROTECTED]) (gcc version 3.3.3) #1 Thu Aug 18
21:03:20 CEST 2005
BIOS-provided physical RAM map:
BIOS-e820:  - 000a (usable)
BIOS-e820: 000f - 0010 (reserved)
BIOS-e820: 0010 - 0800 (usable)
BIOS-e820: fff0 - 0001 (reserved)
128MB LOWMEM available.
On node 0 totalpages: 32768
zone(0): 4096 pages.
zone(1): 28672 pages.
zone(2): 0 pages.
DMI not present.
Kernel command line: console=ttyS0,38400 BOOT_IMAGE=linux
initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0
LEAFCFG=/dev/hsInitializing CPU#0
Detected 266.636 MHz processor.




...
Processing /etc/shorewall/start ...
Shorewall Started
Processing /etc/shorewall/started ...
Starting svscan ...
dnscache queries allowed from 10.9 Starting dnscache with daemontools ...
Creating cdb for tinydns-private
Starting private DNS server listening on 127.0.0.1 with daemontools
Creating cdb for tinydns

Re: [leaf-user] Bering-uClibc-2.3 files

[M Lu]

Hi KP,

Thank you for the explanation and also for the final release.

M Lu




- Original Message - 
From: KP Kirchdoerfer [EMAIL PROTECTED]

To: leaf-user@lists.sourceforge.net
Sent: Tuesday, October 25, 2005 7:35 AM
Subject: Re: [leaf-user] Bering-uClibc-2.3 files




Well, different view's of the same packages...

The packages were build and committed to a cvs subdir a week before the 
packages has been committed to main cvs respository and the page you are 
referring to has been build by a script using the dates in cvs log.  




Should I get the ISO and then update with latest packages?


Just use the ISO image.


sorry for confusion.
kp




---
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] tty errors on Bering 2.3 with WRAP box

[M Lu]

I encounter some trouble updating my WRAP box to latest Bering 2.3.

- I use initrd_ide.lrp from the CD image as initrd.lrp for the WRAP box.

- I got the tty errors after crontab being installed

Starting periodic command scheduler: cron.
getty: /dev/tty1: cannot open as standard input: No such device
getty: /dev/tty2: cannot open as standard input: No such device
..

I copied the old /etc/securetty and /etc/inittab as well as syslinux.cfg. 
They are


/etc/inittab
-
#1:2345:respawn:/sbin/getty 38400 tty1
#2:23:respawn:/sbin/getty 38400 tty2
# for WRAP box
#
T1:2345:respawn:/sbin/getty -L ttyS0 38400 vt100

/etc/securetty

ttyS0
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
ttyS1

and syslinux.cfg:

serial 0 38400
display syslinux.dpy
timeout 0
append console=ttyS0,38400
default linux initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0 
LEAFCFG=/dev/hda1:msdos


My current working version is 2.3beta4. Does something related to tty change 
in between. I think somebody reported similar error on RC1, but I am not 
sure he fixed it.


Any suggestions?




---
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] madwifi drivers on Bering 2.3

[M Lu]

I have them in /etc/modules as

wlan
wlan_acl
wlan_ccmp
wlan_tkip
wlan_wep
wlan_xauth
ath_hal
ath_rate_sample
ath_pci

but on loading wlan_ccmp as well as a couple of other modules, BusyBox 
reported error:



wlan - Using /var/lib/lrpkg/mnt/modules/net//./wlan.o
wlan: 0.8.6.0 (EXPERIMENTAL)
wlan_acl - Using /var/lib/lrpkg/mnt/modules/net//./wlan_acl.o
wlan: mac acl policy registered
wlan_ccmp - BusyBox v1.00 (2005.08.02-19:26+) multi-call binary

Usage: insmod [OPTION]... MODULE [symbol=value]...
^^


wlan_tkip - BusyBox v1.00 (2005.08.02-19:26+) multi-call binary

Usage: insmod [OPTION]... MODULE [symbol=value]...

wlan_wep - Using /var/lib/lrpkg/mnt/modules/net//./wlan_wep.o
wlan_xauth - BusyBox v1.00 (2005.08.02-19:26+) multi-call binary

Usage: insmod [OPTION]... MODULE [symbol=value]...

ath_hal - Using /var/lib/lrpkg/mnt/modules/net//./ath_hal.o
Warning: loading ath_hal will taint the kernel: non-GPL license ath_hal: 
0.9.14.9 (- Proprietary
AR5210 See http://www., AR5211tux.org/lkml/#ex, AR5212port-tainted for, 
RF5111 information abo, RF5112ut tainted modul, Rs)

ath_rate_sample - BusyBox v1.00 (2005.08.02-19:26+) multi-call binary

Usage: insmod [OPTION]... MODULE [symbol=value]...

ath_pci - Using /var/lib/lrpkg/mnt/modules/net//./ath_pci.o
insmod: unresolved symbol ath_rate_findrate
insmod: unresolved symbol ath_rate_newassoc
insmod: unresolved symbol ath_rate_detach
insmod: unresolved symbol ath_rate_node_init
insmod: unresolved symbol ath_rate_setupxtxdesc
insmod: unresolved symbol ath_rate_dynamic_sysctl_register
insmod: unresolved symbol ath_rate_node_cleanup
insmod: unresolved symbol ath_rate_attach
insmod: unresolved symbol ath_rate_tx_complete
insmod: unresolved symbol ath_rate_newstate

--


Could anybody help?

Thank you.







---
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] Bering-uClibc-2.3 files

[M Lu]

Is the final 2.3 released? On the download link 
(http://sourceforge.net/project/showfiles.php?group_id=13751package_id=67534) 
I see the images released on Oct 16 (when mounted ISO, the files inside are 
Oct 15), whereas a lot of core packages are released Oct 23 
(http://leaf.sourceforge.net/bering-uclibc/index.php?module=pagemasterPAGE_user_op=view_pagePAGE_id=3MMN_position=3:3#CHANGELOG)


Should I get the ISO and then update with latest packages?

Thank you. 



---
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Madwifi drivers for Bering uClibc 2.3 rc1 -2nd Try

[M Lu]

Jeremy,

Not sure if it will help you, but I guess that you need to use wireless tool 
to bring the card up. I have the following in my interface. My card is also 
madwifi based.



auto ath0
iface ath0 inet static
   address 172.27.0.254
   netmask 255.255.255.0
   broadcast 172.27.0.255
   wireless-mode master
   wireless-rate 54M
   wireless-essid mySSID
   wireless-key myKEY
   up /sbin/iwpriv ath0 mode 3

Note that this is just normal WEP security as I use OpenVPN to login in 
actualy later. But you can try this to make sure the card is recognized and 
works.




- Original Message - 
From: Jeremy Tourville [EMAIL PROTECTED]

To: leaf-user@lists.sourceforge.net
Sent: Monday, September 19, 2005 8:21 PM
Subject: [leaf-user] Madwifi drivers for Bering uClibc 2.3 rc1 -2nd Try



My overall goal is to use the D Link DWL-G520M card as an access point.

snip

part of my /etc/network/interfaces looks like-

auto ath0
iface ath0 inet static
   address 192.168.2.1
   netmask 255.255.255.0
   broadcast 192.168.2.255

Any other ideas?  Thanks again.

Jeremy







---
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42 plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Port-forwarding ssh thru Dachstein

[M Lu]

I do not remember Dachstein very well but just wonder why you have


EXTERN_SSH_PORT=24?


Also I have seen some ISPs rejecting SSH traffic so consider that 
possibility too. You can test that by temporary portforwarding some other 
port (e.g. 80 as you know for sure 80 is allowed) to 22 and test SSH client 
with port 80.




- Original Message - 
From: Earl Wilson [EMAIL PROTECTED]

To: leaf-user@lists.sourceforge.net
Sent: Monday, August 15, 2005 11:04 PM
Subject: Fw: [leaf-user] Port-forwarding ssh thru Dachstein


..

 TCP services open to outside world
# Space seperated list: srcip/mask_dstport
EXTERN_TCP_PORTS=0/0_21 0/0_80 0/0_22


(next 2 lines show open ports that are working w/no issues)

INTERN_FTP_SERVER=192.168.1.4  # Internal FTP server to make available
INTERN_WWW_SERVER=192.168.1.200 # Internal WWW server to make

available



INTERN_SSH_SERVER=192.168.1.200 # Internal SSH server to make

available

EXTERN_SSH_PORT=24  # External port to use for internal

SSH

access





---
SF.Net email is Sponsored by the Better Software Conference  EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile  Plan-Driven Development * Managing Projects  Teams * Testing  QA
Security * Process Improvement  Measurement * http://www.sqe.com/bsce5sf

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Port-forwarding ssh thru Dachstein

[M Lu]

If Earl wants to use external port 24, then may be he should use

EXTERN_TCP_PORTS=0/0_21 0/0_80 0/0_24

instead of


 EXTERN_TCP_PORTS=0/0_21 0/0_80 0/0_22


Anyway, Earl will figure the port usage.



- Original Message - 
From: [EMAIL PROTECTED]

To: M Lu [EMAIL PROTECTED]
Cc: Earl Wilson [EMAIL PROTECTED]; 
leaf-user@lists.sourceforge.net

Sent: Tuesday, August 16, 2005 9:04 AM
Subject: Re: [leaf-user] Port-forwarding ssh thru Dachstein



This allows an individual to SSH directly to the external IP address,
using port 24, and Dachstein has an explicit rule to forward port 24
(ssh traffic only) to the internal_ssh_server ... actually works quite
nicely, and is essentially the same thing as the DNAT under Shorewall,
except that you don't have to change the SSHd server on the internal box
to 24, you leave it as 22 (if I recall correctly).

Sorry to throw in my 2 cents into the thread...

joey

- Original Message -
From: M Lu [EMAIL PROTECTED]
Date: Tuesday, August 16, 2005 7:30 am
Subject: Re: [leaf-user] Port-forwarding ssh thru Dachstein


I do not remember Dachstein very well but just wonder why you have

 EXTERN_SSH_PORT=24?

Also I have seen some ISPs rejecting SSH traffic so consider that
possibility too. You can test that by temporary portforwarding some
other
port (e.g. 80 as you know for sure 80 is allowed) to 22 and test
SSH client
with port 80.



- Original Message - 
From: Earl Wilson [EMAIL PROTECTED]

To: leaf-user@lists.sourceforge.net
Sent: Monday, August 15, 2005 11:04 PM
Subject: Fw: [leaf-user] Port-forwarding ssh thru Dachstein


..
  TCP services open to outside world
 # Space seperated list: srcip/mask_dstport
 EXTERN_TCP_PORTS=0/0_21 0/0_80 0/0_22


 (next 2 lines show open ports that are working w/no issues)

 INTERN_FTP_SERVER=192.168.1.4  # Internal FTP server to make
available INTERN_WWW_SERVER=192.168.1.200 # Internal WWW server
to make
 available


 INTERN_SSH_SERVER=192.168.1.200 # Internal SSH server to make
 available
 EXTERN_SSH_PORT=24  # External port to use for internal
 SSH
 access




---
SF.Net email is Sponsored by the Better Software Conference  EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile  Plan-Driven Development * Managing Projects  Teams * Testing  QA
Security * Process Improvement  Measurement * http://www.sqe.com/bsce5sf

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Security and LEAF Bering UClibc

[M Lu]

Hi Troy,

I myself do not consider your concerns trivial at all. Probably many people 
have the same concerns. However I find it very difficult to implement and 
the main reason is resource. As far as I understand most of the LEAF 
developers are volunteers and work un-paid for the project so how can we 
expect that they can find the time and efforts to watch for the security all 
the time and fix the bugs? I remember Martin Hejl saying that there are a 
lot of new features they can add but they do not have enough time.


However they did an excellent job of creating a build-environment and you 
can build the LRP yourself if needed. In your case, I suggest that you 
subscribe to the security list and if there is any bug you think it could 
affect your firewall, then get the updated source and patch it yourself. 
Probably other folks here would not mind if you can then contribute those 
LRPs back to the list -:).


Or LEAF team can consider Richard's suggestion about the money contribution 
and think of some mechanism.


Otherwise, your office needs to go with some commercial products and pays 
big bucks for them.


BTW, I am just a user, not a developer, so I apologize for anything I say 
incorrect.


Cheers.



- Original Message - 
From: Troy Aden [EMAIL PROTECTED]
To: Richard Amerman [EMAIL PROTECTED]; 
leaf-user@lists.sourceforge.net

Sent: Wednesday, August 03, 2005 5:00 PM
Subject: RE: [leaf-user] Security and LEAF Bering UClibc


Wow I am sort of surprised that no one has responded to this thread. I guess 
my concerns must be trivial. I really did not want to switch away from this 
distro since it has worked so well for us for so many years but my case for 
keeping it seems to be getting weaker and weaker since I have nothing to say 
that it is truly secure since there does not seem to be any mechanisms for 
making sure that the packages I am using are always kept up to date with the 
latest security patches. I guess my wish list would be having apt-get 
functionality. But I guess that that would add allot of bulk to the current 
distro.


Troy


-Original Message-
From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Richard Amerman

Sent: Monday, August 01, 2005 3:36 PM
To: leaf-user@lists.sourceforge.net
Subject: RE: [leaf-user] Security and LEAF Bering UClibc

I'm sure that this topic is not new but it is probably one that should be 
brought up regularly incase there are new options as to how to address the 
issue.


My company, and other companies I work with (and I'm very sure we are not 
alone in this) would find it extremely valuable if there was a 
system/process where all the core LRP's were monitored for security 
bulletins. When one of these bulletins were to be released it would trigger 
a process of updating the LRP ASAP and letting everyone on, what may be a 
new list, that the update was available, a LEAF errata per say.


I think that people, including us, would contribute $ to see this put 
together, while not making it any kind of premium service, but available to 
everyone. It could just be a voluntary donation thing, or/also involve one 
or more bounties. It would also be valuable if this task was taken on by 
something other than just an individual or group of individuals, but a 
business that has a large stake in things, or some organization with some 
structure. The idea on this is credibility and stability, not only in 
reality but from a perception standpoint.

(Translate, I have to show my boss something that he can put some faith in.)

What do you think? What kind of discussion has happened in the past on this 
topic? Or what am I missing that is already in place to take care of this? 
(and yes I will be searching the list archive to see what I can find, but we 
all know this is not as simple as it looks.)


Thanks!

Richard Amerman


-Original Message-
From: troy [mailto:[EMAIL PROTECTED]




How do you handle security patches for packages? For example,
if you were running a full Debian distro, a simple apt-get
update would insure that you pull down the latest security
patches... What is the approach to making sure UClibc is secure...?



---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=ick

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/


---
SF.Net email is Sponsored by the Better Software Conference  EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile  Plan-Driven Development * Managing Projects  Teams * 

Re: [leaf-user] CF Card Issues

[M Lu]

Hi Richard.

A couple of weeks ago I got a small file 'leaf.cfg' corrupted after 
modifying it directly (mount /hda1 on /mnt). As other folks here said that I 
may forget to un-mount /mnt before rebooting. So now I always checked to 
make sure the CF is umounted before rebooting and so far no more corruptions 
eventhough I modified a lot a lot of things day after day because of my new 
setup.


Do you think you may mount the CF somehow? Just check the mountpoints before 
rebooting. Maybe some script did that and you do not know about it.


I use Lexar 64M. I also used Canon 32M and it was OK but very short time so 
I cannot say if its quality is good.


Hope your CF is not bad. You probably can test its quality inside another 
machine.





- Original Message - 
From: Richard Amerman [EMAIL PROTECTED]

To: leaf-user@lists.sourceforge.net
Sent: Wednesday, July 27, 2005 2:17 PM
Subject: [leaf-user] CF Card Issues


I have a Lex NEO CV863A from Hacom. I bought my CF card based on
recommendations for Lexar on this page:
http://www.openbrick.org/openbrick/wiki/cf/view

I have a Lexar Media 512MB CF card p/n 2175 Rev A.

Everything was going very well, installed a uClibc system primarily
using the CD ISO on the CF card and the firewall was working fine,
though not in production yet.

Recently I made some Shorewall changes and backed them up but when I
rebooted the next time there was no shorewall. It turned out that the
shorwall.lrp file was corrupt.

When I try: tar zxvf shorwall.lrp
I get: tar: Invalid gzip magic

Soon after I made a new folder called lrpbackup on the CF card. It shows
up though as lrpbacku
Also when I try ls in that folder my whole SSH session gets corrupted. I
also can not delete the folder or its contents.

Also when I now try to write to the CF card in this machine, everything
returns:
Cannot create directory `lrpb': Read-only file system

Now I know that I have multiple things that could be wrong, but since my
timeline is very short, I'm supposed to put this FW in production in a
few days, I'm pursuing them in parallel.

One possibility is that the CF card I bought is not ideal.
Another is that the Machine has an issue.
Another is that this CF card may be bad.

Some questions:
Does any one have any specific recommendations on a CF card?
Does anyone have an alternate LRP backup script that keeps backups kind
of like rotating logs (backing up the existing LRP to another folder and
renaming *.lrp.0 type thing)?
Is there anything in hdsupp.lrp to check the health of a drive, like
scandisk?

Any help, ideas, or shared experiences would be helpful.

I did call Hacom and the do use Lexar but mainly use Kingston  Elite Pro
CF cards now. I'm thinking of just buying two of them.

Thanks,

Richard Amerman
RBA International
703 Broadway, Suite 600
Vancouver, WA 98660
360-696-9272 x440
[EMAIL PROTECTED]


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=ick

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/


---
SF.Net email is Sponsored by the Better Software Conference  EXPO September
19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile  Plan-Driven Development * Managing Projects  Teams * Testing  QA
Security * Process Improvement  Measurement * http://www.sqe.com/bsce5sf

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] CF Card Issues

[M Lu]

Victor, can you post that little lrp and tell me how to use it?

Thank you.


- Original Message - 
From: Victor McAllister [EMAIL PROTECTED]

To: Richard Amerman [EMAIL PROTECTED]
Cc: M Lu [EMAIL PROTECTED]; leaf-user@lists.sourceforge.net
Sent: Wednesday, July 27, 2005 8:08 PM
Subject: Re: [leaf-user] CF Card Issues


I  umount and remove the modules that allow the CF to be mounted.  This 
way there are only two ways to remount.  1.  Reboot.  2.  Bring the 
moules in over the wire and insmod them so that the CF can be mounted.  
I have a little lrp that loads the scripts to remove and reinstall the 
modules for my WRAP uClibc system.  This way the CF can not be accessed 
by a buffer overflow or hacker and is write protected until I 
deliberately make it writable.





---
SF.Net email is Sponsored by the Better Software Conference  EXPO September
19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile  Plan-Driven Development * Managing Projects  Teams * Testing  QA
Security * Process Improvement  Measurement * http://www.sqe.com/bsce5sf

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Vonage

[M Lu]

I have Vonage with Bering-U. Nothing needs be done regarding shorewall 
networking etc. Assuming you have Vonage to get the IP dynamically and your 
existing subnets are not 192,168.102.x (that's my Vonage subnet) then just 
plug the WAN port of the Vonage to your local network and you should be able 
to make/get phone calls.





- Original Message - 
From: Roger McClurg [EMAIL PROTECTED]

To: leaf-user@lists.sourceforge.net
Sent: Monday, July 25, 2005 9:03 PM
Subject: [leaf-user] Vonage


Is anyone using Vonage with Bering or Bering uClibc? If so how did you set 
it up?





---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Backing up LEAF disks over the network.

[M Lu]

Thank you for the tips.

I tried them to backup my compact flash. But the speed is very slow. I did 
try both ways, dd to /tmp and then scp (Erich's way) and dd on the fly using 
ssh (Charles' way). In both cases it took about 5 minutes to either 'scp' or 
'dd-over-ssh' 64M.


In case of  'scp', I think it could be the fact that my /tmp is 99% full 
after dd to it. But I do not understand why 'dd-over-ssh' is also slow. 
Could it be anything wrong with my setup?




- Original Message - 
From: Charles Steinkuehler [EMAIL PROTECTED]

To: James Neave [EMAIL PROTECTED]
Cc: leaf-user@lists.sourceforge.net
Sent: Thursday, July 21, 2005 8:08 AM
Subject: Re: [leaf-user] Backing up LEAF disks over the network.



-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

James Neave wrote:

| Hi Charles,
|
| I guess that will only work if you're connecting to the LEAF box with a
| *NIX box, yes?
|
| I have PuTTY on my WinXP machine, I don't think I can do that command
| with it.

It works with the standard command-line ssh.  There are versions that run 
on

windows, both native and as part of Cygwin.  These should work.  Putty
probably won't.

| Could I pipe the output of dd through gzip?

Yes, but you'd probably want to do this on your host system, not the 
router

(assuming your router is probably not a high-powered box), ie:

ssh my.router.ip dd if=/dev/fd0u1680 | gzip -9 disk.img.gz

| Or is there anyway to directly read /dev/fd0u1680 with scp I have
| WinSCP?

I don't think you can play tricks like this with scp...

- --
Charles Steinkuehler
[EMAIL PROTECTED]
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFC35A8LywbqEHdNFwRAlXCAKDxQSYGhWrGOeQCiUOo9NgEaDvFBgCg26vP
ykC61+qwmRb2CU1g4GaJJNc=
=WMt/
-END PGP SIGNATURE-


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/




---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Backing up LEAF disks over the network.

[M Lu]

My LEAF is WRAP box, the other machine is Pentium 3 running Fedora Core 3. I 
know SCP/SSH encrypts data but this is done via local network and should not 
be such slow.



- Original Message - 
From: Charles Steinkuehler [EMAIL PROTECTED]

To: M Lu [EMAIL PROTECTED]
Cc: leaf-user@lists.sourceforge.net
Sent: Thursday, July 21, 2005 10:17 AM
Subject: Re: [leaf-user] Backing up LEAF disks over the network.



-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

M Lu wrote:

| Thank you for the tips.
|
| I tried them to backup my compact flash. But the speed is very slow. I 
did
| try both ways, dd to /tmp and then scp (Erich's way) and dd on the fly 
using
| ssh (Charles' way). In both cases it took about 5 minutes to either 
'scp' or

| 'dd-over-ssh' 64M.
|
| In case of  'scp', I think it could be the fact that my /tmp is 99% full
| after dd to it. But I do not understand why 'dd-over-ssh' is also slow.
| Could it be anything wrong with my setup?

What kind of system are you using for the LEAF box?

Transferring data via ssh (or scp) encrypts everything, which can cause a
substantial performance penalty for slower systems.

- --
Charles Steinkuehler
[EMAIL PROTECTED]



---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Backing up LEAF disks over the network.

[M Lu]

I forgot to mention that I am running dropbear, not Secure Shell Server.


- Original Message - 
From: M Lu [EMAIL PROTECTED]



My LEAF is WRAP box, the other machine is Pentium 3 running Fedora Core 3. 
I know SCP/SSH encrypts data but this is done via local network and should 
not be such slow.


- Original Message - 
From: Charles Steinkuehler [EMAIL PROTECTED]


What kind of system are you using for the LEAF box?

Transferring data via ssh (or scp) encrypts everything, which can cause a
substantial performance penalty for slower systems.

- --
Charles Steinkuehler
[EMAIL PROTECTED]





---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Backing up LEAF disks over the network.

[M Lu]

I think my /tmp is just about this size. diff scp-image ssh-image shows they 
are the same.



- Original Message - 
From: Erich Titl [EMAIL PROTECTED]

To: M Lu [EMAIL PROTECTED]
Cc: leaf-user@lists.sourceforge.net
Sent: Thursday, July 21, 2005 12:25 PM
Subject: Re: [leaf-user] Backing up LEAF disks over the network.




Be careful, your tmp may not be big enough for an entire 64 MB flash
disk, although the current WRAP boxes come with 128Mb on board. I don't
think that the crypto stuff is _that_ hard on the CPU.




---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Problem with wired, wireless cards on WRAP

[M Lu]

I second that. I just got WRAP box and the latest Bering-U runs just fine. 
Just for testing, you can get Erich's prebuilt image and run it to see if 
the NICs are recognized with natsemi. Be aware that Erich specified natsemi 
module inside initrd.lrp, not in /etc/modules.




- Original Message - 
From: Philippe Jayet [EMAIL PROTECTED]

To: leaf-user@lists.sourceforge.net
Sent: Tuesday, July 19, 2005 12:13 PM
Subject: Re: [leaf-user] Problem with wired, wireless cards on WRAP



Hi Suman,


crc32 - Using /lib/modules/./crc32.o
natsemi - Using /lib/modules/./natsemi.o
insmod: unresolved symbol gr_task_is_capable


Mmmh ... it seems to me you are using different versions of the kernel
and the modules, maybe modules compiled against a more recent kernel
than your running one. This may cause some unresolved symbol in the
grsecurity code. Take care to take the modules from the tarball with the
same version as your running kernel, or upgrade your kernel and modules
to the latest version.

Hope this helps,

Philippe J.


PS : sorry for sending it twice, forgot to Cc the list before ...



---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] RE: Some questions regarding LEAF on WRAP box

[M Lu]

With all help I got from the list members, I am now running the latest and 
greatest Bering-U on my WRAP box. Thank you all.


The next step would be adding wireless card and make it into the access 
point. I look around and I see the a/b/g 5004 MP Atheros mPCI CM9 bundled 
with a pigtail and antenna on netgate site is good, and Erich mentioned that 
it will work with madwifi drivers. The only thing is that Bering-U official 
release does not have madwifi drivers and I need to compile them myself -:(


Is there any plan to include them into the release in the future? Are there 
any other recommended mPCI to be used with WRAP box?



I also have another question. Yesterday, I needed to add the ntpdate.lrp 
package. After vi-ing leaf.cfg and save it, I reboot the box and it does not 
boot because the file is corrupted. The content became something like this


Ã.Ãs8690Ã?ÃS®-VO««Ý¢´%puÂ¥`F...
..

What could cause this corruption? What can be done to avoid that? I used 
64-M LEXAR card which came together with the box.



Thanks.



---
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] RE: Some questions regarding LEAF on WRAP box

[M Lu]

Thanks Peter,

That's a good thing to remember. I cannot remember if I did umount or not 
but likely not. My OpenVPN did not run because of the time on WRAP (1999 or 
so) and VPN certificate are exclusive. Once time synced, it is running 
again. So I needed to test the reboot.


Cheers.



- Original Message - 
From: Peter Mueller [EMAIL PROTECTED]

To: Erich Titl [EMAIL PROTECTED]; M Lu [EMAIL PROTECTED]
Cc: leaf-user@lists.sourceforge.net
Sent: Tuesday, July 12, 2005 5:38 PM
Subject: RE: [leaf-user] RE: Some questions regarding LEAF on WRAP box



 Ã.Ãs8690Ã?ÃS®-VO««Ý¢´%puÂ¥`F...

Yes, funny, the same thing happened to me some time ago. For unknown
reasons I had a line of garbage in leaf.cfg. It feels like IDE I/O is
shaky with CF's. Maybe one should have a look at hdparams.
Else it might
be possible that I did not correctly unmount the CF before
rebooting and
so the system had no chance to flush the buffers correctly and this
might be lethal when writing directly to the CF.


It's easy to destroy CF cards this way.  I went through two on my routers
before understanding that you need to unmount the card ASAP.

Regards,

P


---
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/


---
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] RE: Some questions regarding LEAF on WRAP box

[M Lu]

Thanks a lot, guys, it definitely helps. Have a nice vacation.



- Original Message - 
From: Luis.F.Correia [EMAIL PROTECTED]

To: leaf-user@lists.sourceforge.net
Sent: Friday, July 08, 2005 4:08 AM
Subject: [leaf-user] RE: Some questions regarding LEAF on WRAP box



Hope this helps a bit.


P.s. i'm going away for a two week vacation, meanwhile another developer 
or

User will eventually step in if I have said a huge lie :):):)

Take care!



---
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] OT: why is WRAP much more expensive than normal routers

[M Lu]

I got my 1st WRAP box and with all help I got here and Erich's ready image, 
I could boot it up and see it running. I paid more than US $200 (board, 
case, 64M CF, shipping) for it and that's without the wireless. I just 
wonder why it is so much more expensive than the routers they sell in Best 
Buy, CompUSA (Linksys, DLink...). Apart from the OS control you have on 
WRAP, are there any hardware advantages or something else compared to the 
other?


I would like to defend myself in case my friends think I am crazy -:)

M Lu.





---
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] iso for Bering uClibc

[M Lu]

The floppy you used is 1680K and the path pointing to that is 
'/dev/fd0u1680:msdos'. When you boot from CD, the path is 
'/dev/fd0:msdos,/dev/cdrom:iso9660' so your leaf.cfg on your floppy is not 
found and the leaf.cfg on CD (actually from the boot.ima) is used. In this 
case only 'root,config,etc,local' are loaded.


Anyway, take a blank 1.44 floppy and  copy the leaf.cfg from your 1680 
floppy. Remember to change the


PKGPATH=/dev/fd0u1680:msdos

to

PKGPATH=/dev/fd0:msdos,/dev/cdrom:iso9660




- Original Message - 
From: Stephen More [EMAIL PROTECTED]

To: M Lu [EMAIL PROTECTED]
Cc: leaf-user@lists.sourceforge.net
Sent: Thursday, July 07, 2005 7:28 AM
Subject: Re: [leaf-user] iso for Bering uClibc


Here is my problem...

I can boot from the floppy generated by
Bering-uClibc_2.3-beta4_img_bering-uclibc-1680.exe, and all 15
packages from the floppy are loaded. Therefore I am assuming the
leaf.cfg on the floppy is good. Now if I insert the CD-ROM, leave the
same floppy in and reboot, all 15 packages should get loaded, but this
is not happening only 5 packages are loaded. I have tried this with
both 2.3-beta4.iso and 2.2.2.iso. What step am I missing ?



On 7/6/05, M Lu [EMAIL PROTECTED] wrote:
Assuming you use recent Bering-U, boot from CDROM but use floppy to 
specify

what you want to load, then you can use leaf.cfg on the floppy to specify
them (the LRP variable). Here is a sample

/root more leaf.cfg

# Other variables you might want to set in this file include:
# LRP   Packages to load
# PKGPATH   Device(s) to load packages from
# syst_size Size of root ramdisk
# tmp_size  Size of /tmp ramdisk
# log_size  Size of /var/log ramdisk

LRP=root,config,etc,local,modules,iptables,dhcpcd,ulogd,shorwall,dnscache,dropbear,weblet,
sh-httpd,dhcpd,libm,libpcap,daemontl,libssl,libcrpto,
liblzo,openvpnz
PKGPATH=/dev/fd0:msdos,/dev/cdrom:iso9660



- Original Message -
From: Stephen More [EMAIL PROTECTED]
To: leaf-user@lists.sourceforge.net
Sent: Wednesday, July 06, 2005 10:15 PM
Subject: [leaf-user] iso for Bering uClibc

I am booting off the CD, but I can't seem to get other packages to
load. Dachstein used a pkgpath.cfg file on floppy, what do I use for
Bering uClibc ?

-Thanks
Steve More





---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=ick

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] ANN: Bering-uClibc 2.3 beta4 released

[M Lu]

Thank you, KP.

I actually make 'modules' directory and move '2.4.31' there before burning 
the CD and it is working now.


Another thing is that shorewall is supposed to be 2.4 but shorewall version 
still shows 2.2.3. When I looked at the sample config files, they also start 
with Shorewall 2.2 and not Shorewall 2.4 as from Tom's Website.


I am not using anything special which requires 2.4 (like 2 ISPs etc) so it 
does not matter. Just want to make sure I get the right thing.



- Original Message - 
From: KP Kirchdoerfer [EMAIL PROTECTED]

To: leaf-user@lists.sourceforge.net
Sent: Wednesday, July 06, 2005 2:22 AM
Subject: Re: [leaf-user] ANN: Bering-uClibc 2.3 beta4 released




I've obviously made an error while building the ISO image.

Please try

! mount iso9660 /dev/cdrom
! dir /lib/2.4.31/kernel/drivers/net

sorry
kp





---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] iso for Bering uClibc

[M Lu]

Assuming you use recent Bering-U, boot from CDROM but use floppy to specify 
what you want to load, then you can use leaf.cfg on the floppy to specify 
them (the LRP variable). Here is a sample


/root more leaf.cfg

# Other variables you might want to set in this file include:
# LRP   Packages to load
# PKGPATH   Device(s) to load packages from
# syst_size Size of root ramdisk
# tmp_size  Size of /tmp ramdisk
# log_size  Size of /var/log ramdisk

LRP=root,config,etc,local,modules,iptables,dhcpcd,ulogd,shorwall,dnscache,dropbear,weblet,
sh-httpd,dhcpd,libm,libpcap,daemontl,libssl,libcrpto,
liblzo,openvpnz
PKGPATH=/dev/fd0:msdos,/dev/cdrom:iso9660



- Original Message - 
From: Stephen More [EMAIL PROTECTED]

To: leaf-user@lists.sourceforge.net
Sent: Wednesday, July 06, 2005 10:15 PM
Subject: [leaf-user] iso for Bering uClibc

I am booting off the CD, but I can't seem to get other packages to
load. Dachstein used a pkgpath.cfg file on floppy, what do I use for
Bering uClibc ?

-Thanks
Steve More



---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] ANN: Bering-uClibc 2.3 beta4 released

[M Lu]

Hi KP,

I tried the CD today but I could not load modules.


My /etc/modules looks something like this



# More modules available from:
# http://cvs.sourceforge.net/viewcvs.py/leaf/bin/bering-uclibc/packages/


! mount iso9660 /dev/cdrom
! dir /lib/modules/2.4.31/kernel/drivers/net

3c509
..



however I got errors when loading modules:

firewall#  svi modutils reload
Loading modules:
3c509 - find: /var/lib/lrpkg/mnt/lib/modules/2.4.31/kernel/drivers/net/.: No 
such file or directory

BusyBox v1.00 (2005.06.26-19:58+) multi-call binary

..


When going back to old CD, beta3, I got the modules working again with 
replacing 2.4.31 with 2.4.30


Has the soft-link or anything changed in beta 4?

Thanks.





- Original Message - 
From: KP Kirchdoerfer [EMAIL PROTECTED]

To: leaf-devel@lists.sourceforge.net; leaf-user@lists.sourceforge.net
Sent: Saturday, July 02, 2005 6:01 PM
Subject: [leaf-user] ANN: Bering-uClibc 2.3 beta4 released



The Bering-uClibc team released today Bering-uClibc 2.3 beta4.

We decided to release another beta version due to a kernel update to 
2.4.31.


Other changes are upgrades of various packages, including shorewall to 
2.4.0,

some patches (like hfsc support for iproute), some fixes and cleanups.

For a complete changelog please read:
http://leaf.sourceforge.net/bering-uclibc/index.php?module=pagemasterPAGE_user_op=view_pagePAGE_id=2MMN_position=2:2

Please note, that kernel-related packages for 2.3betax have now their
own cvs repository - the packages page will move you to the right
direction.
Other packages shouldnt be affected.

The floppy images, ISO image, ipv6 addon and a modules tarball
are available in the FRS:

http://sourceforge.net/project/showfiles.php?group_id=13751package_id=67534release_id=339385

Please send your notes, bug reports, feature requests or whatelse
youll like to add to the LEAF mailing-lists.

You may also visit the LEAF IRC channel
http://slashnet.org/channels/leaf/
irc://irc.slashnet.org/%26leaf


Thx for reading
kp


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/




---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: LEAF on WRAP box - was Re: [leaf-user] lets talk about something--anything!

[M Lu]

Thank all of you very much for your useful information. So I think I will 
need


- WRAP box
- corresponding enclosure case
- Power supply
- CF card
- a mini-PCI wireless card

Do you recommend me any specific power supply and/or CF card? Is the 
18V-0.83A-15W power supply from one of the WRAP distributors good enough for 
all LANs and added-wifi?


Thanks again.

M Lu.


- Original Message - 
From: Luis.F.Correia [EMAIL PROTECTED]

To: leaf-user@lists.sourceforge.net
Sent: Wednesday, June 29, 2005 3:46 AM
Subject: RE: LEAF on WRAP box - was Re: [leaf-user] lets talk about 
something--anything!




Hi!

Comments from a WRAP user ;)


-Original Message-
From: Martin Hejl [mailto:[EMAIL PROTECTED]
Hyperterminal, at least in my experience). The biggest hurdle here is
finding the proper terminal settings (default should be 9600 8N1 - but
as I said, I haven't used a WRAP box yet). It _should_ be mentioned in
the manual though.


Well, there are two settings, 9600 and 38400, BIOS selectable.


happen to have lying around in your electronics junk box). Most of the
problems I've seen on the various mailing lists are due to marginal
power supplies (marginal in the sense that they provide enough power for
average usage, but fail and cause the box to crash/lock up if for some
reason power consumption jumps up).


Guilty! It has happened to me after adding the wireless card...


To get going (the easy way), the only thing else you need is a CF card
reader (if you don't want to boot with PXE - I don't know if the WRAP
boards support that), so you can transfer the base image to the compact
flash card (it's also convenient to get your box back up and running if
you've mis-configured it in a way that it will no longer boot - it's
happened to me a few times, and being able to pop in the CF into my
desktop and fix things saved a lot of time).


No, the WRAP board does not support PXE booting, and you have to prepare
the CF first. Personally I edit the files in my Windows system, and 
transfer

it to the CF using na USB card reader. I even use syslinux from within
Windows itself.



I hope that helps

Martin


Luis Correia


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/




---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: LEAF on WRAP box - was Re: [leaf-user] lets talk about something--anything!

[M Lu]

Hi Erich,

Your reminding me on the pigtail and antenna is very good. Martin Hejl was 
kind enough to explain 'pigtail' to me as I did not know what it was.


I will try to make the WRAP box work first and will add WIFI later.

Cheers.



- Original Message - 
From: Erich Titl [EMAIL PROTECTED]

To: M Lu [EMAIL PROTECTED]
Cc: leaf-user@lists.sourceforge.net
Sent: Wednesday, June 29, 2005 2:58 PM
Subject: Re: LEAF on WRAP box - was Re: [leaf-user] lets talk about 
something--anything!




Hi

M Lu wrote:
Thank all of you very much for your useful information. So I think I will 
need


- WRAP box
- corresponding enclosure case
- Power supply
- CF card
- a mini-PCI wireless card


+ Pigtail
+ Antenna



Do you recommend me any specific power supply and/or CF card? Is the 
18V-0.83A-15W power supply from one of the WRAP distributors good enough 
for all LANs and added-wifi?


Should be OK the WRAP draws AFAIK about 7W. I am running mine on a 12W 
power supply.


cheers

Erich



---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/




---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

LEAF on WRAP box - was Re: [leaf-user] lets talk about something--anything!

[M Lu]

As we are encouraged to talk about anything, I just want to ask questions 
regarding running LEAF on an embedded PC. I would like to move my LEAF on an 
old PC to a smaller device, such as WRAP box. The good news is that there is 
some documentation about how to set it up, so I hope I can somehow manage 
it.


But regarding hardware I cannot imagine it well. Because I have to order 
on-line, I would like to know what pieces I need to order. I would like to 
have 3 LAN and one wireless if possible. In case of wireless, do I have to 
buy the card from them or can I use other cards I can buy locally (in 
BestBuy, CompUSA etc)? How do I have screen/keyboard with that etc? Could 
anybody explain me a little bit to me, a hardware-dumb person?


Thank you.









---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] 3c509 module overriding the 8390ne2k-pci modules

[M Lu]

I suggest that you download the diagnostics package from 3COM and boot the 
machine in DOS mode and make sure that the cards are not conflicted. Based 
on the diagnostics, you can set the IRQ for the ISA so that the conflict 
goes away.


In the past, I have used this for older Bering and not sure if it still 
works with newer Bering


# ISA ethernet cards
#3c509 - eth0
3c509 irq=5



- Original Message - 
From: mystik_cool [EMAIL PROTECTED]

To: leaf-user@lists.sourceforge.net
Sent: Wednesday, June 01, 2005 12:22 PM
Subject: [leaf-user] 3c509 module overriding the 8390ne2k-pci modules



Hi,

I've a small problem here.  Here's the story :

I've 3 network cards in the box running Bering-uClib LEAF firewall (last
version). Two are PCI, one configured as eth0 and connected to my modem 
(and
getting IP via DHCP), other one is eth1, has a static IP and is connected 
to
my local network, via a switch. Everything works fine since a long time 
with

this configuration.

Now I recently found an old ISA network card, which is the third one. I 
added

the 3c509 module to my module's package to be able to use it, and edited
the /etc/modules, uncommenting the #3c509 line. Now the ISA card is
detected fine, as eth2. But it seems that there is a conflict : when I
restart the system now, the PCI card eth0 seems to be driven by this new
module, and I've errors when it sends DHCP requests.
How can I say to my computer use the 3c509 module only for the ISA card 
? :)

Maybe with an irq=... parameter ?

Thank you very much in advance for any help



---
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/




---
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

RE: [leaf-user] multiple addresses

[M Lu]

You can try the following:

# Configure Interface
auto eth1
iface eth1 inet static
  address 192.168.1.155
  netmask 255.255.255.0
  broadcast 192.168.1.0
  gateway 192.168.1.1
  up ip addr add 192.168.2.155/24 dev eth1



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of ALParada
Sent: Tuesday, January 18, 2005 5:48 PM
To: leaf-user@lists.sourceforge.net
Subject: [leaf-user] multiple addresses

Hello,

Exactly how do you add mutiple ip addresses to the same interface? I tried
adding this under network config/interfaces:

# Configure Interface
auto eth1
iface eth1 inet static
  address 192.168.1.155
  netmask 255.255.255.0
  broadcast 192.168.1.0
  gateway 192.168.1.1

auto eth1:0
iface eth1 inet static
  address 192.168.2.155
  netmask 255.255.255.0
  broadcast 192.168.2.0

When I restarted networking I had lost all my addresses. I did an ip addr
and they were all gone. I commented the second address and did a:

ip addr add 192.168.2.155/24 brd 192.168.1.255 dev eth0 label eth0:0

and it worked. Since I don't want to do this everytime I reboot what am I
doing wrong and how do I fix it?

TIA.






---
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


---
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Can Multiple openvpn processes run on LEAF?

[M Lu]

Tom, can he specify openvpn twice in the tunnel file, e.g.
openvpn:udp:5000
openvpn:udp:5001
I think I had the problems with that so I use generic instead.

- Original Message - 
From: Tom Eastep [EMAIL PROTECTED]
To: Tibbs, Richard [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, December 13, 2004 12:56 PM
Subject: RE: [leaf-user] Can Multiple openvpn processes run on LEAF?


On Mon, 2004-12-13 at 12:44 -0500, Tibbs, Richard wrote:
Arg. shorewall 1.4.2 does not support generic tunnels. 
But I can upgrade to 2.0.9 or the latest.
Thanks for the suggestion --- I did forget to change the port on one of
the tunnels.
Note that you can also specify the port number on an 'openvpn' tunnel so
long as the source and destination port are the same.
-Tom 
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key


---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Can Multiple openvpn processes run on LEAF?

[M Lu]

Hi Rick,
I suggest that you use different ports, different tunX and different 
end-points for each instance at the beginning and refine them later if you 
want to. So in the CONF file you may have

dev tun0
dev tun1
the shorewall tunnels could be
openvpn loc 192.168.1.0/24  vpn3
generic:udp:5001 net 137.p.q.r   vpn4
also note that OpenVPN official port is now TCP/UDP 1194 so it may be better 
to have the ports listed in all config files as well as shorewall tunnels so 
you can upgrade to later version easily.

The script /etc/init.d/openvpn will look at the /etc/openvpn and for each 
CONF file it finds, it will start a openvpn deamon on it, that's why you see 
2 tunnels coming up.


- Original Message - 
From: Tibbs, Richard [EMAIL PROTECTED]
To: Martin Hejl [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Monday, December 13, 2004 10:48 AM
Subject: RE: [leaf-user] Can Multiple openvpn processes run on LEAF?

ok, apologize for this being so long. Wanted to give the list enough
info to make analysis possible...  This is the bering 1.2 (non-uclibc)
First, I have put two openvpn.conf files in /etc/openvpn, et viola, two
tunnels come up!  Somehow there is auto-svi-ing for multiple.confs.
Second, I added new tunnels to Shorewall, Shown below the .confs . But,
I can not ping the other end of either tunnel, nor pull up a web page
any more. (E.!)
The principle problem is that a route command fails (see daemon.log at
very end of email) from the second config file. (This config used to be
the first, sorry... tun0 protecting the WLAN has become tun1).
The route command is the same as the other conf file, so that makes
sense -- can't have a route with two different via's and devs, I
suppose.
But, the only thing that made the original WLAN tunnel work was not
forming a route loop on the WLAN tunnel, i.e. winxp openvpn has a route
192.168.1.254, and if I point the openvpn route on bering back to the
winxp box, nothing passes. So, in the bering openvpn.conf, I used
route 216.x.y.z (my static public IP on the net side of my bering fw).
Then everything worked.
What is the way out of this quandry ??
TIA
Rick
== file openvp2.conf (comes up as tun0)==
dev tun
disable-occ
local 216.x.y.z
# Our remote peer (office subnet)
remote 137.p.q.r
route 216.x.y.z
secret static.key
verb 5
mute 10
== file openvpn.conf (comes up as tun1, was tun0)==
dev tun
# For compatability with 2.x openvpn clients/servers
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
disable-occ
local 192.168.1.254
float
ifconfig 10.1.1.1 10.1.1.2
route 216.x.y.z
secret static.key
== Shorewall files (abbrev)===
=== zones
vpn3WLAN-OPENVPNOpenvpn to wireless internal
vpn4WiredOPENVPNOpenvpn to office firewall
=== interfaces
vpn3tun1
vpn4tun0
=== policy
loc vpn3ACCEPT
fw  vpn3ACCEPT
net vpn3ACCEPT
loc vpn4ACCEPT
fw  vpn4ACCEPT
net vpn4ACCEPT
vpn3loc ACCEPT
vpn3fw  ACCEPT
vpn3net ACCEPT
vpn4loc ACCEPT
vpn4fw  ACCEPT
vpn4net ACCEPT
fw  loc ACCEPT
=== tunnels
openvpn loc 192.168.1.0/24  vpn3
openvpn net 137.p.q.r   vpn4
=
firewall: -root-
# ip addr sho
1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop
   link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100
   link/ether 00:02:e3:13:02:78 brd ff:ff:ff:ff:ff:ff
   inet 216.12.22.89/26 brd 216.12.22.127 scope global eth0
4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100
   link/ether 00:02:e3:12:7d:94 brd ff:ff:ff:ff:ff:ff
   inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1
5: tun0: POINTOPOINT,MULTICAST,NOARP,UP mtu 1256 qdisc pfifo_fast qlen
10
   link/ppp
   inet 10.1.10.1 peer 10.1.10.2/32 scope global tun0
6: tun1: POINTOPOINT,MULTICAST,NOARP,UP mtu 1500 qdisc pfifo_fast qlen
10
   link/ppp
   inet 10.1.1.1 peer 10.1.1.2/32 scope global tun1
7: ipsec0: NOARP,UP mtu 16260 qdisc pfifo_fast qlen 10
   link/ether 00:02:e3:13:02:78 brd ff:ff:ff:ff:ff:ff
   inet 216.12.22.89/26 brd 216.12.22.127 scope global ipsec0
8: ipsec1: NOARP mtu 0 qdisc noop qlen 10
   link/ipip
9: ipsec2: NOARP mtu 0 qdisc noop qlen 10
   link/ipip
10: ipsec3: NOARP mtu 0 qdisc noop qlen 10
   link/ipip
firewall: -root-
#  ip route sho
10.1.10.2 dev tun0  proto kernel  scope link  src 10.1.10.1
216.12.22.89 via 10.1.10.2 dev tun0
10.1.1.2 dev 

[leaf-user] Module for network card HP NC3161

[M Lu]

A friend of mine has an old Compaq machine with a built-in NIC, 'HP NC3161'. 
Does anyone have use this card in Bering router 2.x and if so what module 
should I use?

The HP site has the rpm for RedHat 7.1, SuSE 7.0 as e100-1.5.6-1.src.rpm. 
This seems corresponding to e100, but I also found some links where they say 
this card uses eepro100.

Thanks.


---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Re: [leaf-devel] ANN: leaf-project.org website

[M Lu]

Hi Mike,
Thank you for your hard work. I have found the following.
It seems to me that the Addionnal packages for Bering-uClibc 2.x is old. I 
used to see a nice summary of the newly updated packages at the end. Now I 
do not see it anymore and there are not any things recent, e.g. 2004-09, 
2004-10 etc.

Also the link to this page from Read more to find out what's available 
today. is not correct, I had to click on Packages 2.x on the left side.

And the site is quite slow especially when I click back, but it could be my 
connection too.


- Original Message - 
From: Mike Noyes [EMAIL PROTECTED]
To: leaf-devel [EMAIL PROTECTED]
Cc: leaf-user [EMAIL PROTECTED]; leaf-announce 
[EMAIL PROTECTED]
Sent: Tuesday, December 07, 2004 3:21 PM
Subject: [leaf-user] Re: [leaf-devel] ANN: leaf-project.org website


On Sun, 2004-12-05 at 19:42, Mike Noyes wrote:
leaf.sourceforge.net is working properly, but something isn't quite
right with leaf-project.org. I'll work on it tomorrow.
Everyone,
Our leaf-project.org domain should be working properly now.

---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Where's the NIC drivers?

[M Lu]

I am using CD image and here is part of my /etc/modules. Pay attention to 
the 'mount', 'umount' and 'dir' commands so you can specify the modules 
directly from CD and you do not have to copy them to your modules.lrp.

! mount iso9660 /dev/cdrom
# You can directly reference modules, like this:
#/scsi/aic7xxx
#/fs/ext2
# Or change the default directory, like this:
#! dir /lib/modules/net
! dir /lib/modules/2.4.26/kernel/drivers/net
# PCI ethernet cards
#pci-scan
mii
eepro100
# pci-scan required by drivers below...
3c59x
# Masquerading 'helper' modules
# Don't remove anything here, unless you know what you are doing
# Other modules available in kernel/net/ipv4/netfilter
#
! dir /lib/modules/2.4.26/kernel/net/ipv4/netfilter
ip_conntrack
ip_conntrack_ftp
...
# the end of file
! umount


- Original Message - 
From: Jaap Eldering [EMAIL PROTECTED]
To: LEAF [EMAIL PROTECTED]
Sent: Tuesday, December 07, 2004 5:20 AM
Subject: Re: [leaf-user] Where's the NIC drivers?


On Mon, Dec 06, 2004 at 06:47:27PM -0800, Craig Caughlin wrote:
Thank you, Jaap.
O.K., that's what I thought. But here's the odd part; I have an 
/etc/modules
file and a /lib/modules directory IF I use the
Bering-uClibc 2.2.2 floppy image, but not the CD .iso. Is something 
missing,
or am I doing something wrong?

Thanks,
Craig
I have no experience with the CD image, but from what I see from the
ISO, you'd just have to load the modules.lrp package, which has the
/etc/modules and /lib/modules in it.
If this doesn't help, maybe somebody else can provide more help.
Jaap

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jaap Eldering
Sent: Monday, December 06, 2004 7:03 AM
To: LEAF
Subject: Re: [leaf-user] Where's the NIC drivers?
On Mon, Dec 06, 2004 at 06:22:57AM -0800, Craig Caughlin wrote:
 Hmmm, am I missing something? I'm trying to set up Bering-uClibc
 2.2.2, and I can't figure out how / where to specify which NIC
 driver(s) to load. Can someone tell me which file(s) I need to edit
 and which directory I'll need to copy drivers to should the default
 install not have my needed driver?

 Thank you,
 Craig

 P.S. Did this change? In my old version of Bering I could edit this
 from the lrcfg main menu. Just curious.
You have to configure this in the file /etc/modules, which should be
(almost) the same as in Bering. Modules configured here, are loaded from
/lib/modules, so if your NIC's driver (module) is not present, you should
copy it from the modules tarball to /lib/modules.
Jaap
---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Windows VPN software with RSA and NAT support?

[M Lu]

I  used to use 'SafeNet_VPN_Client9.2' with preshared key and NAT client. I
am not sure if it can work with RSA keys but if you want I can find that
client and send its help to you for more information.



- Original Message - 
From: Timothy J. Massey [EMAIL PROTECTED]
To: Leaf List [EMAIL PROTECTED]
Sent: Thursday, November 04, 2004 11:21 AM
Subject: [leaf-user] Windows VPN software with RSA and NAT support?


 I'm looking for some suggestions for Windows VPN software.  I have three
 requirements:

 1) Works with SuperFreeS/WAN 1.99.6.2.
 2) Must be able to use plain RSA keys, in addition to certificates and PSK
 3) Must be able to work with SuperFreeS/WAN 1.99.6.2 when it (the
 Windows computer, not the LEAF box) is behind a NAT firewall.

 Is there anyone using software that they have used to do these things?
 Even if not, what are you using, and how well does it work for you?
 This does *not* have to be free software:  I want something that works
 well, not something that kinda works but is free.

 I know about the Windows 2000 VPN tool (http://vpn.ebootis.de/).  It
 basically puts a FreeS/WAN face on standard Windows 2000 IPSec support.
 AFAIK, Windows 2000 does not support raw RSA keys:  only certificates.
 I'd prefer to stay with plain RSA keys:  they can be managed completely
 on the firewall, they don't expire, and they're just plain simpler.

 Any other thoughts?

 Thank you very much for your input.  I appreciate your help.

 Tim Massey



 ---
 This SF.Net email is sponsored by:
 Sybase ASE Linux Express Edition - download now for FREE
 LinuxWorld Reader's Choice Award Winner for best database on Linux.
 http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] tulip.o problems (Bering-uClibc 2.2.2)

[M Lu]

tulip.o depends on crc32.o so you need to load crc32 too
/lib/modules/2.4.26/kernel/drivers/net/tulip/tulip.o: 
/lib/modules/2.4.26/kernel/lib/crc32.o


- Original Message - 
From: Troy Aden [EMAIL PROTECTED]
To: Leaf-User (E-mail) [EMAIL PROTECTED]
Sent: Thursday, October 28, 2004 6:30 PM
Subject: [leaf-user] tulip.o problems (Bering-uClibc 2.2.2)


I am running the Bering-uClibc 2.2.2.
The tulip.o module seems to not bee working.
Do I have to load additional modules to make it work?
Here are the errors I get on boot:
Tulip - Using /lib/modules ./tulip.o
Insmod: unresolved symbol CRC_Le
Insmod: unresolved symbol Bitreverse
Can anyone help me out here?
Thanks in advance!
Troy
---
This Newsletter Sponsored by: Macrovision
For reliable Linux application installations, use the industry's leading
setup authoring tool, InstallShield X. Learn more and evaluate
today. http://clk.atdmt.com/MSI/go/ins003001msi/direct/01/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

---
This Newsletter Sponsored by: Macrovision 
For reliable Linux application installations, use the industry's leading
setup authoring tool, InstallShield X. Learn more and evaluate 
today. http://clk.atdmt.com/MSI/go/ins003001msi/direct/01/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] OpenVpn

[M Lu]

I think you will be much better off with OpenVPN regarding NATed clients.
You can have road-warriors with 1.6 but you have to use different port for
each warrior.

- Original Message - 
From: theoleyre fabrice [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, October 22, 2004 9:14 AM
Subject: [leaf-user] OpenVpn


 Hi,

 I try to set up VPN with a leaf box.
 I want to create VPN tunnels between the router and
 several clients (Linux, WinXP, Win2K...). Some clients
 have a NATed connection, with private addresses, which
 cause some troubles with Ipsec.

 OpenVPN is interesting: a single udp port is required
 for the connection, not impacted by NAT because of the
 encapsulation. However, I want VPN for roadwarriors:
 several clients, with different addresses, dynamic,
 not known. I saw that several clients on a signle udp
 port is only supported in the 2.0 beta version. The
 version for Leaf Bering is the 1.6.0.

 Does it exist a solution to connect roadwarriors with
 OpenVpn 1.6.0, without the mode-server of openvpn
 2.0 ? Did anybody try to set up such connections ?

 Regards,







 Vous manquez d'espace pour stocker vos mails ?
 Yahoo! Mail vous offre GRATUITEMENT 100 Mo !
 Créez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/

 Le nouveau Yahoo! Messenger est arrivé ! Découvrez toutes les nouveautés
pour dialoguer instantanément avec vos amis. A télécharger gratuitement sur
http://fr.messenger.yahoo.com


 ---
 This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
 Use IT products in your business? Tell us what you think of them. Give us
 Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out
more
 http://productguide.itmanagersjournal.com/guidepromo.tmpl
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] OpenVpn

[M Lu]

In that case, you can contact Martin Hejl and see if he can port the 2.0 to
LEAF. We are looking forward to it too.


- Original Message - 
From: theoleyre fabrice [EMAIL PROTECTED]
To: M Lu [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Friday, October 22, 2004 9:54 AM
Subject: Re: [leaf-user] OpenVpn


 I forgot to explain that I have a firewall between my
 clients and my leaf box. This firewall is a Border
 Router, not on my responsability. I can only ask for
 the opening of some ports. So, all clients must
 connect to the leaf box via a single udp port.

 Client --- Internet --- Firewall --- LeafBox (VPN)



  --- M Lu [EMAIL PROTECTED] a écrit :
  I think you will be much better off with OpenVPN
  regarding NATed clients.
  You can have road-warriors with 1.6 but you have to
  use different port for
  each warrior.
 
  - Original Message - 
  From: theoleyre fabrice
  [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Sent: Friday, October 22, 2004 9:14 AM
  Subject: [leaf-user] OpenVpn
 
 
   Hi,
  
   I try to set up VPN with a leaf box.
   I want to create VPN tunnels between the router
  and
   several clients (Linux, WinXP, Win2K...). Some
  clients
   have a NATed connection, with private addresses,
  which
   cause some troubles with Ipsec.
  
   OpenVPN is interesting: a single udp port is
  required
   for the connection, not impacted by NAT because of
  the
   encapsulation. However, I want VPN for
  roadwarriors:
   several clients, with different addresses,
  dynamic,
   not known. I saw that several clients on a signle
  udp
   port is only supported in the 2.0 beta version.
  The
   version for Leaf Bering is the 1.6.0.
  
   Does it exist a solution to connect roadwarriors
  with
   OpenVpn 1.6.0, without the mode-server of
  openvpn
   2.0 ? Did anybody try to set up such connections ?
  
   Regards,
  
  
  
  
  
  
  
   Vous manquez d'espace pour stocker vos mails ?
   Yahoo! Mail vous offre GRATUITEMENT 100 Mo !
   Créez votre Yahoo! Mail sur
  http://fr.benefits.yahoo.com/
  
   Le nouveau Yahoo! Messenger est arrivé ! Découvrez
  toutes les nouveautés
  pour dialoguer instantanément avec vos amis. A
  télécharger gratuitement sur
  http://fr.messenger.yahoo.com
  
  
  
 
 ---
   This SF.net email is sponsored by: IT Product
  Guide on ITManagersJournal
   Use IT products in your business? Tell us what you
  think of them. Give us
   Your Opinions, Get Free ThinkGeek Gift
  Certificates! Click to find out
  more
  
 
 http://productguide.itmanagersjournal.com/guidepromo.tmpl
  
 
 
   leaf-user mailing list:
  [EMAIL PROTECTED]
  
 
 https://lists.sourceforge.net/lists/listinfo/leaf-user
   SR FAQ:
 
 http://leaf-project.org/pub/doc/docmanager/docid_1891.html
  
 





 Vous manquez d'espace pour stocker vos mails ?
 Yahoo! Mail vous offre GRATUITEMENT 100 Mo !
 Créez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/

 Le nouveau Yahoo! Messenger est arrivé ! Créez vos avatars et envoyez des
audiofuns. Découvrez toutes les nouveautés en le téléchargeant sur :
http://fr.messenger.yahoo.com


 ---
 This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
 Use IT products in your business? Tell us what you think of them. Give us
 Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out
more
 http://productguide.itmanagersjournal.com/guidepromo.tmpl
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Re: How to use QOS traffic shaping in Being U 2.2

[M Lu]

Hi Japp, Eric.
After reading your suggestions, I tried to tune up my shorewall 'tcstart' 
and 'tcrules'. I set UPLINK to 200 kbit and DOWNLINK to 2700kbit as my 
Comcast has 3.0M download, 256Kbps upload. Here is how I modified the 
original wondershaper and tcrules as below

1 - Add 'ceil' parameters to the classes, e.g.
tc class add dev $DEV parent 1: classid 1:1 htb rate $(($UPLINK))kbit ceil 
$(($UPLINK))kbit burst 6k

# high prio class 1:10:
tc class add dev $DEV parent 1:1 classid 1:10 htb rate $(($UPLINK))kbit \
  ceil $(($UPLINK))kbit burst 6k prio 1
so my output of  'tc class show dev eth0' is
class htb 1:1 root rate 200Kbit ceil 200Kbit burst 6143b cburst 1855b
class htb 1:10 parent 1:1 leaf 10: prio 1 rate 200Kbit ceil 200Kbit burst 
6143b cburst 1855b
class htb 1:20 parent 1:1 leaf 20: prio 2 rate 180Kbit ceil 180Kbit burst 
6143b cburst 1829b
class htb 1:30 parent 1:1 leaf 30: prio 2 rate 160Kbit ceil 160Kbit burst 
6143b cburst 1803b

2 - Add FW mark into those classes
tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 1 fw classid 
1:10
tc filter add dev eth0 parent 1:0 protocol ip prio 2 handle 2 fw classid 
1:20
tc filter add dev eth0 parent 1:0 protocol ip prio 3 handle 3 fw classid 
1:30

3 - My vonage is on separate 'eth3' and it uses UDP (a lot of ports) so my 
rules in 'tcrules' are

#MARK   SOURCE DESTPROTO   PORT(S) CLIENT  USER
1   eth3  0.0.0.0/0 udp -   -
2   eth1,eth2   0.0.0.0/0   tcp 80,443  -
3   0.0.0.0/0   0.0.0.0/0   tcp 21
Could you please let me know if my rules make any sense?
---
Then I asked a friend to initiate about 15 FTPs, all getting the Bering ISO 
(around 40M). It seems to work as I can still talk with him on the phone, 
while my access to the Internet is crawling.

But again because all FTPs came from one machine so it is not a very good 
test as my friend's bandwidth is just a residential ADSL. Also I lloked at 
the count then I see something like below. I do not see any borrowed values 
and not sure if it is a bad sign.

Your suggestions are appreciated.
'tc -s class show dev eth0'
class htb 1:1 root rate 200Kbit ceil 200Kbit burst 6143b cburst 1855b
Sent 99465998 bytes 395941 pkts (dropped 0, overlimits 0)
rate 2840bps 51pps
lended: 0 borrowed: 0 giants: 0
tokens: 195072 ctokens: 57856
class htb 1:10 parent 1:1 leaf 10: prio 1 rate 200Kbit ceil 200Kbit burst 
6143b cburst 1855b
Sent 49831860 bytes 348338 pkts (dropped 0, overlimits 0)
rate 2801bps 50pps
lended: 348338 borrowed: 0 giants: 0
tokens: 195072 ctokens: 57856

class htb 1:20 parent 1:1 leaf 20: prio 2 rate 180Kbit ceil 180Kbit burst 
6143b cburst 1829b
Sent 49634138 bytes 47603 pkts (dropped 0, overlimits 0)
rate 38bps
lended: 47603 borrowed: 0 giants: 0
tokens: 215892 ctokens: 62506

class htb 1:30 parent 1:1 leaf 30: prio 2 rate 160Kbit ceil 160Kbit burst 
6143b cburst 1803b
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 245760 ctokens: 72159

-
Jaap Eldering [EMAIL PROTECTED] wrote in message 
news:[EMAIL PROTECTED]
On Wed, Sep 29, 2004 at 03:53:13PM +0200, Erich Titl wrote:

Indeed. Only difference is that the '$(( ))' is handled by the shell
itself, but 'expr' is an external command. This is only evaluated at
startup however, so doesn't affect performance.
About the '$[ ]': I don't know where it comes from, but it's not default
bash syntax either. I also replaced it by '$(( ))' arith. evaluation.
 I do not have anything in 'tcrules' yet. So far there is no error
 and it seems that something happens because it slowed down my
 downloading significantly. I tried to download a 15-M file from Sun
 and with 'tcstart' present, I got about 2K/sec, whereas if I remove
 'tcstart' and restart shorewall, I got 100K/sec. I will try to
 refine the script soon. By the way, is there any way to test the
 wonderscript and tell if it works the way we want it to?
Maybe a stupid question, but have you set the DOWNLINK and UPLINK
variables in the wondershaper script correctly?
Anyways, I recall something strange about the units being used by 'tc'.
I myself have the rates specified in Kbits/sec and in the calls to 'tc'
have the rates followed by 'Kbit' (with capital K).
You might also look at what tc says the outgoing rate is with the
command 'tc class show dev $DEV'.
Jaap Eldering









---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: 

Re: [leaf-user] 2.2 iso and boot floppy

[M Lu]

I think you need to use
PKGPATH=/dev/fd0:msdos,/dev/cdrom:iso9660
syst_size=128M
log_size=32M

- Original Message - 
From: Stephen More [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, October 03, 2004 9:48 PM
Subject: [leaf-user] 2.2 iso and boot floppy


The floppy image that exists on the 2.2 iso image is missing the leaf.cfg.
So I created a leaf.cfg with
LRP=root config etc local modules iptables dhcpcd keyboard shorwall ulogd
dnscache dropbear weblet
PKGPATH=/dev/cdrom:iso9660
syst_size=6M
log_size=2M
The system now boots, but when I try to backup a package there is no
floppy option, I have to make it using custom.
Then after the system reboots, it does not load the backed up package from
disk.
What have I done wrong ?
-Thanks
Steve More

___
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out 
more
http://productguide.itmanagersjournal.com/guidepromo.tmpl

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] 2.2 iso and boot floppy

[M Lu]

Sorry, I meant the PKGPATH only. The syst_size adn log_size are specific to 
my system.

- Original Message - 
From: M Lu [EMAIL PROTECTED]
To: Stephen More [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Sunday, October 03, 2004 10:02 PM
Subject: Re: [leaf-user] 2.2 iso and boot floppy


I think you need to use
PKGPATH=/dev/fd0:msdos,/dev/cdrom:iso9660
syst_size=128M
log_size=32M

- Original Message - 
From: Stephen More [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, October 03, 2004 9:48 PM
Subject: [leaf-user] 2.2 iso and boot floppy


The floppy image that exists on the 2.2 iso image is missing the 
leaf.cfg.

So I created a leaf.cfg with
LRP=root config etc local modules iptables dhcpcd keyboard shorwall 
ulogd
dnscache dropbear weblet
PKGPATH=/dev/cdrom:iso9660
syst_size=6M
log_size=2M

The system now boots, but when I try to backup a package there is no
floppy option, I have to make it using custom.
Then after the system reboots, it does not load the backed up package 
from
disk.

What have I done wrong ?
-Thanks
Steve More

___
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out 
more
http://productguide.itmanagersjournal.com/guidepromo.tmpl

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out 
more
http://productguide.itmanagersjournal.com/guidepromo.tmpl

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] module 8390

[M Lu]

- Original Message - 
From: Stephen More [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, October 02, 2004 9:45 AM
Subject: [leaf-user] module 8390


When I insmod 8390 I get unresolved symbol crc32_le.
I noticed in the release notes for 2.1.3 it has added a note about crc32
   http://sourceforge.net/project/shownotes.php?release_id=249940
What is this note about ?
Do I just need to load another module ?
Yes, if you use 8390, you need crc32. To see the dependency, you can look at 
file 'modules.dep' in the module tar-ball file.


Should I just give up now and download 2.2 iso or will I have the same
problem ?
Same problem. But may I ask why upgrade to 2.1.3 when 2.2 is available

---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] How to use QOS traffic shaping in Being U 2.2

[M Lu]

Hi Jaap, thank you for the information.

I have started to load tc.lrp, bash.lrp (as the wonder-script is a bash
script) and load all modules specified in the qos-htb howto. I also modified
slightly the script, commenting 4 lines

#echo Please read the documentation in 'README' first
#exit

and

#tc filter add dev $DEV parent 1: protocol ip prio 18 u32 \
#   match ip dst 0.0.0.0/0 flowid 1:20

Running the script alone is OK but when run by 'shorewall restart', I need
to replace $[9*$UPLINK/10] with $((9*$UPLINK/10)). I guess because 'bash' is
not recognized within shorewall script.

I do not have anything in 'tcrules' yet. So far there is no error and it
seems that something happens because it slowed down my downloading
significantly. I tried to download a 15-M file from Sun and with 'tcstart'
present, I got about 2K/sec, whereas if I remove 'tcstart' and restart
shorewall, I got 100K/sec. I will try to refine the script soon.

By the way, is there any way to test the wonderscript and tell if it works
the way we want it to?

Thanks again.

M Lu.


- Original Message - 
From: Jaap Eldering [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, September 28, 2004 6:53 PM
Subject: Re: [leaf-user] How to use QOS traffic shaping in Being U 2.2


 On Mon, Sep 27, 2004 at 11:19:46PM -0400, M Lu wrote:
  Hi,
 
  I am using Vonage phone and would like to use traffic shaping to give it
  some priority. As I read thru the mail archive and documents, I found
out
  that there are possible ways
 
  1 - Download Wondershaper script and copy it to Shorewall tcstart script
  etc, as described on Tom's Web site.
  2 - Use the package qos-htb.lrp prepared by Eric Spakman and probably
  follow instruction at
http://leaf.sourceforge.net/doc/guide/buhtb-qos.html
 
  It seems to me that the first way is more straighforward, but since the
  package is prepared for Bering U 2.x, I am not sure if I should use it.
 
  Any suggestions?

 I have tried this a time ago with Bering 1.x and I couldn't get it
 working (but that may be my fault).

 Recently I have tried it on my firewall again, which I had upgraded to
 Bering-uclibc 2.2. This I got working within little time.

 I installed the tc.lrp package and also the cls_*.o and sch_*.o modules
 and I am now using a modified version of the wondershaper script
 (slightly better ping times and down/upload speeds by also doing shaping
 on my internal interface).

 I'd suggest using the wondershaper. This way you don't have to know all
 the configuration details of the qos-htb package, which is just another
 script frontend to the HTB scheduler.

  I also have another following questions:
 
  - Is Bering U 2.2 kernel ready for QOS HTB?

 Yes, you can use the HTB scheduler right away, only need the
 bering-uclibc tc package and the modules for the schedulers and filters,
 you will be using.

  - If I use Shorewall's approach, do I have to declare the netfilter
modules
  as in the instructions for second approach? Note that was writen for
  original Bering?

 Yes, you have to load these. I don't know exactly which ones the
 wonderscript uses. You could load them all to be on the safe side, but I
 think you need at least the following: sch_sfq, sch_prio, sch_ingress,
 sch_htb, cls_u32, cls_fw


 Jaap Eldering


 ---
 This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
 Use IT products in your business? Tell us what you think of them. Give us
 Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out
more
 http://productguide.itmanagersjournal.com/guidepromo.tmpl
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] How to use QOS traffic shaping in Being U 2.2

[M Lu]

Hi,
I am using Vonage phone and would like to use traffic shaping to give it 
some priority. As I read thru the mail archive and documents, I found out 
that there are possible ways

1 - Download Wondershaper script and copy it to Shorewall tcstart script 
etc, as described on Tom's Web site.
2 - Use the package qos-htb.lrp prepared by Eric Spakman and probably follow 
instruction at http://leaf.sourceforge.net/doc/guide/buhtb-qos.html

It seems to me that the first way is more straighforward, but since the 
package is prepared for Bering U 2.x, I am not sure if I should use it.

Any suggestions?
I also have another following questions:
- Is Bering U 2.2 kernel ready for QOS HTB?
- If I use Shorewall's approach, do I have to declare the netfilter modules 
as in the instructions for second approach? Note that was writen for 
original Bering?

Thank you a lot.
M Lu.

---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] I can't backup files in /etc/dnscache/root/servers

[M Lu]

Hi Geoff,

Just tried on my Bering U 2.2 with

/var/lib/lrpkg more dnscache.exclude.list
etc/dnscache/log/supervise
etc/dnscache/supervise
etc/dnscache/root/ip/*

/var/lib/lrpkg more dnscache.list
usr/bin/dnscache
etc/dnscache
etc/init.d/dnscache
var/lib/lrpkg/dnscache.*
etc/dnscache/root/servers/*

and when I tried to untar the temporary LRP then I see the files. Are those
file you want to backup?

/tmp/ttt tar xzvf ../dnscache.lrp
..
etc/dnscache/root/servers/myhouse.com
etc/dnscache/root/servers/.1.168.192.in-addr.arpa
etc/dnscache/root/servers/@
..
var/lib/lrpkg/dnscache.version
var/lib/lrpkg/dnscache.list
var/lib/lrpkg/dnscache.help
var/lib/lrpkg/dnscache.exclude.list
var/lib/lrpkg/dnscache.conf
var/lib/lrpkg/dnscache.bktype
etc/init.d/dnscache
etc/dnscache
etc/dnscache/seed
etc/dnscache/root
etc/dnscache/root/servers
..
etc/dnscache/root/ip
etc/dnscache/run
etc/dnscache/env
etc/dnscache/env/QUERYLOG






- Original Message - 
From: Geoff Nordli [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, September 23, 2004 6:27 PM
Subject: [leaf-user] I can't backup files in /etc/dnscache/root/servers


 Hello Everyone.

 For some reason I can't backup the files that are stored in
 /etc/dnscache/root/servers for the dnscache package.  I am not sure why
but
 the dnscache has an exclusion on that directory.  Even if I remove that
 exclusion I still can't backup it up.

 Can someone please tell me how to backup those files,

 Thanks,



 Geoff Nordli
 Asentus Consulting Group
 4941 Hartwig Cres
 Nanaimo, BC V9V 1R2
 Office:  604.639.6928
 Cell:  250.714.4102



 ---
 This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
 Project Admins to receive an Apple iPod Mini FREE for your judgement on
 who ports your project to Linux PPC the best. Sponsored by IBM.
 Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Shorewall rfc1918 list

[M Lu]

I believe Tom has updated that file some time ago on his site.

Here is a message on his mailing list:

- Original Message - 
From: Tom Eastep [EMAIL PROTECTED]
To: Mailing List for Shorewall Users [EMAIL PROTECTED]
Sent: Tuesday, April 27, 2004 4:49 PM
Subject: Re: [Shorewall-users] Problem accessing shorewall.net (rfc1918
problem?)


 Alex Martin wrote:
  Hello,
 
  For the www.shorewall.net mirror, I updated the version 2.0 shorewall
  with http://shorewall.net/pub/shorewall/errata/1.4.10/rfc1918
 
  I does seem to drop 84.0.0.0/6.
 
  83.0.0.0/8  DROP# Reserved
  84.0.0.0/6  DROP# Reserved
  88.0.0.0/5  DROP# Reserved
 
  I assume this is the updated version?

 No. The updated version:

 71.0.0.0/8 logdrop # Reserved
 72.0.0.0/5 logdrop # Reserved
 89.0.0.0/8 logdrop # Reserved
 90.0.0.0/7 logdrop # Reserved

 -Tom




- Original Message - 
From: Erich Titl [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Thursday, September 23, 2004 3:39 AM
Subject: [leaf-user] Shorewall rfc1918 list


Hi everybody

Networks 83.0.0.0 and 84.0.0.0 have been assigned to RIPE last year. In my
version (1.4.8) of shorewall these networks are still blocked by the rfc1918
rules. It it probably worthwhile to remove these two networks from
/etc/shorewall/rfc1918 if they should still be there.

cheers
Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16




---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] ftp from behind a Dachstein firewall

[M Lu]

I think you need to use a specific feature (called passive ports or 
something like that) in FTP Server (both Windows Serv-U and Linux wu-ftp FTP 
Server have) where you specify the public IP and then server ports (e.g. 
50001 to 50010, if you expect to have 10 clients at the same time). When 
client connects, server will send that public IP and one of those ports, 
then client will connect to that public IP and port to exchange data. Of 
course you need to portforward all port above to the internal machine where 
you have FTP Server running.

Search for help in your FTP Server.
M Lu.

- Original Message - 
From: Temp User [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, August 25, 2004 10:41 PM
Subject: Re: [leaf-user] ftp from behind a Dachstein firewall


I always load the (ip_masq_ftp) in /etc/modules. The
thing is I am pretty sure without ip_masq_ftp, I
wouldn't even be able to ftp to the server behind the
firewall.  My problem is I cannot ftp FROM behind the
firewall to an ftp server, which is also behind a
firewall.
--- Charles Steinkuehler [EMAIL PROTECTED]
wrote:
Temp User wrote:
 Hi

 Here is the setup:  FTP server is behind a
Dachstein
 firewall.  FTP client is also behind a Dachstein
 firewall.  When trying to ftp to the ftp server,
login
 was successful but failed to get directory
listing.
 Error was 500 invalid port number.

 FTP works fine if the client is NOT behind the
 Dachstein firewall.

From the client behind the firewall, I tried
passive
 mode with no result.  I think the problem has to
do
 with IP masq but not sure how to fix it.  Could
 someone help?
Make sure you're loading the ftp masquerade 'helper'
module
(ip_masq_ftp) in /etc/modules.
--
Charles Steinkuehler
[EMAIL PROTECTED]


___
Do you Yahoo!?
Win 1 of 4,000 free domain names from Yahoo! Enter now.
http://promotions.yahoo.com/goldrush
---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink  Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink  Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering-uClibc ISO 2.2

[M Lu]

Hi Adam,
Read release notes about the changes. But FYI, here is how I specify the 
modules in /etc/modules

# /etc/modules
! mount iso9660 /dev/cdrom
# You can directly reference modules, like this:
#/scsi/aic7xxx
#/fs/ext2
# Or change the default directory, like this:
#! dir /lib/modules/net
! dir /lib/modules/2.4.26/kernel/drivers/net
mii
eepro100
3c59x
# Masquerading 'helper' modules
# Don't remove anything here, unless you know what you are doing
# Other modules available in kernel/net/ipv4/netfilter
#
! dir /lib/modules/2.4.26/kernel/net/ipv4/netfilter
ip_conntrack
ip_conntrack_ftp
ip_conntrack_irc
...
! umount
Hope this helps.
M Lu
- Original Message - 
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 10:28 PM
Subject: [leaf-user] Bering-uClibc ISO 2.2


If I do any insmods using the iso I get module not found messages.  2.0 
would mount the cd to /cdmnt and point /lib/modules/2.4.22 to the modules 
directory of the cd.  However 2.2 does not mount the cd to anything and 
links /lib/modules/2.4.26 to /lib/modules.  I wanted to avoid manually 
coping in all modules I need and just use the directory on the cd like in 
2.0.  I was trying to modify root.linuxrc to do what it did in 2.0, but I 
can't seem to get the change backed up to my config floppy.  Is something 
special required to save this change besides backing up the root package?

--
Adam Oliver
Even in trifling matters the
depths of one's heart can be seen.
From Hagakure, The Book of the
Samurai
---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink  Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink  Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Sshd won't start in BeringCD 1.2

[M Lu]

From http://leaf.sourceforge.net/mod.php?mod=userpagemenu=91017page_id=51

OpenSSH sshd daemon.
See http://www.openssh.org
Requires libcrpto.lrp libz.lrp

so you need to also load the other two packages, libcrpto.lrp and libz.lrp


- Original Message - 
From: Tibbs, Richard [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, August 04, 2004 12:25 PM
Subject: [leaf-user] Sshd won't start in BeringCD 1.2


Dear list:
I have loaded the sshd.lrp but the daemon is not active upon boot.
When I try to start it manually I get this error. (/etc/ssh/sshd_config
below)

# cd /usr/sbin

firewall: -root-
# ./sshd
/sshd: error in loading shared libraries
libcrypto.so.0.9.7: cannot open shared object file: No such file or
directory

firewall: -root-
# cd /

firewall: -root-
# find . -name libcrypto.so.0.9.7

firewall: -root-
#

What could be the problem?
Rick.




---
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering-uClibc_2.2-beta5 w/ OpenVPN ver 1.6.0 Rev 1 Multiple Tunne l

[M Lu]

Hi Chris,

I believe that the /etc/init.d/openvpn script will scan all .conf in
/etc/openvpn and start all of them for you. So after having creating another
conf file, just do svi openvpn restart and you should have the tunnels up.
A 'ps' also shows if the tunnels is really up. You may use the log command
in .conf to check for errors if the tunnel is not up.

I hope this helps.

M Lu.


- Original Message - 
From: Chris Lee [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, July 28, 2004 9:52 PM
Subject: RE: [leaf-user] Bering-uClibc_2.2-beta5 w/ OpenVPN ver 1.6.0 Rev 1
Multiple Tunne l


 Dear M Lu,

 I think no problem for me to setup multi .conf for multi tunnel.
 But how to start up multi openvpn process at startup?

 Pls kindly advise.

 Regards,
 Chris Lee



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering-uClibc_2.2-beta5 w/ OpenVPN ver 1.6.0 Rev 1 Multiple Tunne l

[M Lu]

Yes, it is possible. For each tunnel you have one .conf file in
/etc/openvpn. The OpenVPN script will create the tunnels for you. You also
need to modify shorewall to allow the new tunnels. Do a search on the mail
archive on this topic.

M Lu


- Original Message - 
From: Chris Lee [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 12:36 AM
Subject: [leaf-user] Bering-uClibc_2.2-beta5 w/ OpenVPN ver 1.6.0 Rev 1
Multiple Tunne l


 Is it possible to setup more than can one OpenVPN tunnel per Server?
 If yes, how?

 i.e. Main Server --Tunnel upd:5000-- Server A
  ^--Tunnel upd:5001-- Server B
  ^--Tunnel upd:5002-- Server C

 I am using Bering-uClibc_2.2-beta5 w/ OpenVPN ver 1.6.0 Rev 1

 Many thanks in advance.

 Regards,
 Chris Lee


 ---
 This SF.Net email is sponsored by BEA Weblogic Workshop
 FREE Java Enterprise J2EE developer tools!
 Get your free copy of BEA WebLogic Workshop 8.1 today.
 http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Does dropbear support port forwarding?

[M Lu]

Sorry that I cannot help but FYI I also got trouble with port-forwarding
with dropbear. I used it to Remote-Terminal to Win2K server and IIRC I could
go into the login screen but then things stopped. Switching back to SSHD and
everything worked. However it was about half a year ago and later versions
of dropbear may fix that.

M Lu.


- Original Message - 
From: John Desmond [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, July 23, 2004 2:46 PM
Subject: Re: [leaf-user] Does dropbear support port forwarding?


 Ooops! I meant to say that I have already added a rule
 to shorewall to allow port 22 conections from fw to
 loc.
 -John

 --- John Desmond [EMAIL PROTECTED] wrote:
  I've replaced my Bering/sshd firewall with a Bering
  uClibc/dropbear combo and I don't seem to be able to
  make tunnels like I used to from an outside location
  using PuTTY. (For instance, I used to connect with
  Windows/PuTTY to my firewall and open a shell while
  forwarding a local port. Then I could connect local
  port xyz on my work desktop to port 22 on my home
  desktop through the firewall and open a shell there.
  And then on to my SL-5500 which is connected and
  left
  running. All great fun. I often demo these abilities
  to amazed engineers in the office whose only
  computer
  experience is MS Office on MS Windows)
 
  Now, I can open the shell but the tunnel doesn't
  seem
  to happen. If I try to use it, the original session
  crashes.
 
  The man page for the full-up version of dropbear
  indicates that forwarding ports is the default
  behavior and a switch is used to disable it. But
  when
  Bering-uClibc 2.01 was introduced, dropbear port
  forwarding evidently only partly worked.
 
  Has anyone sucessfully used dropbear 0.41 for port
  forwarding?
  Is there a diagnostic that will show the forwarding
  is
  active?
  netstat -a shows the server listening and the
  established connection but would a forwarded port
  show
  up there?
 
  -John
 
 
 
 
 ---
  This SF.Net email is sponsored by BEA Weblogic
  Workshop
  FREE Java Enterprise J2EE developer tools!
  Get your free copy of BEA WebLogic Workshop 8.1
  today.
 
 http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click
 
 
  leaf-user mailing list:
  [EMAIL PROTECTED]
 
 https://lists.sourceforge.net/lists/listinfo/leaf-user
  SR FAQ:
 
 http://leaf-project.org/pub/doc/docmanager/docid_1891.html
 



 ---
 This SF.Net email is sponsored by BEA Weblogic Workshop
 FREE Java Enterprise J2EE developer tools!
 Get your free copy of BEA WebLogic Workshop 8.1 today.
 http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] LEAFCFG

[M Lu]

Hi,

I tried to build a CD from 2.2b5 and inside the syslinux.cfg of the
floppy-image I specify

..LEAFCFG=/dev/fd0:msdos,/dev/cdrom:iso9660

What I want is to use the file leaf.cfg from floppy if there is floppy
inserted, or leaf.cfg on CD if there is no floppy when booting.
However it works if there is a floppy but it failed if there is no floppy
and it complianed that there is no packages to install...

Does LEAFCFG above only take in the first parameter, i.e. /dev/fd0:msdos or
should I do something else?

Thank you.



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Portforwarding error

[M Lu]

Thank you Tom for your advice. When using '-n' with tcpdump, the IP has been 
printed and it also looks good. Well, I will try to ask him to replace the 
DMZ machine with another one for testing and see if the problem goes away.

Thanks again, Tom.
--
tcpdump -n -i eth2 host 24.61.157.240
20:24:25.944632 24.61.157.240.3453  10.0.18.201.80: S 
506447029:506447029(0) win 16384 mss 1460,nop,nop,sackOK (DF)
20:24:25.945120 10.0.18.201.80  24.61.157.240.3453: S 
2207623183:2207623183(0) ack 506447030 win 65535 mss 1460,nop,nop,sackOK 
(DF)
20:24:28.890543 10.0.18.201.80  24.61.157.240.3453: S 
2207623183:2207623183(0) ack 506447030 win 65535 mss 1460,nop,nop,sackOK 
(DF)
20:24:28.912287 24.61.157.240.3453  10.0.18.201.80: S 
506447029:506447029(0) win 16384 mss 1460,nop,nop,sackOK (DF)
20:24:28.912429 10.0.18.201.80  24.61.157.240.3453: . ack 1 win 65535 (DF)
20:24:34.898505 10.0.18.201.80  24.61.157.240.3453: S 
2207623183:2207623183(0) ack 506447030 win 65535 mss 1460,nop,nop,sackOK 
(DF)
20:24:34.920981 24.61.157.240.3453  10.0.18.201.80: S 
506447029:506447029(0) win 16384 mss 1460,nop,nop,sackOK (DF)
20:24:34.921121 10.0.18.201.80  24.61.157.240.3453: . ack 1 win 65535 (DF)

- Original Message - 
From: Tom Eastep [EMAIL PROTECTED]
To: M Lu [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Sunday, July 18, 2004 11:13 AM
Subject: Re: [leaf-user] Portforwarding error


Tom Eastep wrote:
After I sent this, I realized that it is probably nonsense since the SYN 
is reaching the server. I would still make sure that the SYN,ACK has the 
proper ethernet destination address though...
Another piece of advice -- *Always* use the -n option when using tcpdump; 
otherwise, DNS problems can totally mislead you as to what is going on.

-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA  \ [EMAIL PROTECTED]


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Portforwarding error

[M Lu]

Hi,
I helped a friend of mine to have his Web Server running on DMZ network. It 
used to work OK until now. I just know that he has changed his network card 
on the Web Server machine, but everything seems fine when he accesses his 
machine locally. I can also access that machine via OpenVPN.

I looked and I saw the corresponding rule in /etc/shorewall/rules
DNATnet dmz:$WIN2K   tcp   www - $ETH0_IP
'tcpdump' reports the following when I do a web request to his Web Server:
request-in:
20:53:58.122175 h0004ac37ca95.ne.client2.attbi.com.2776  10.0.18.201.www: S 
431139811:431139811(0) win 16384 mss 1460,nop,nop,sackOK (DF)

replies-out:
20:53:58.122402 10.0.18.201.www  h0004ac37ca95.ne.client2.attbi.com.2776: S 
2205133957:2205133957(0) ack 431139812 win 65535 mss 1460,nop,nop,sackOK 
(DF)
20:54:01.045846 h0004ac37ca95.ne.client2.attbi.com.2776  10.0.18.201.www: S 
431139811:431139811(0) win 16384 mss 1460,nop,nop,sackOK (DF)
20:54:01.046012 10.0.18.201.www  h0004ac37ca95.ne.client2.attbi.com.2776: . 
ack 1 win 65535 (DF)
20:54:01.088418 10.0.18.201.www  h0004ac37ca95.ne.client2.attbi.com.2776: S 
2205133957:2205133957(0) ack 431139812 win 65535 mss 1460,nop,nop,sackOK 
(DF)
20:54:07.054606 h0004ac37ca95.ne.client2.attbi.com.2776  10.0.18.201.www: S 
431139811:431139811(0) win 16384 mss 1460,nop,nop,sackOK (DF)
20:54:07.054771 10.0.18.201.www  h0004ac37ca95.ne.client2.attbi.com.2776: . 
ack 1 win 65535 (DF)
20:54:07.096386 10.0.18.201.www  h0004ac37ca95.ne.client2.attbi.com.2776: S 
2205133957:2205133957(0) ack 431139812 win 65535 mss 1460,nop,nop,sackOK 
(DF)

where '10.0.18.201' is his DMZ Web Server address, and 
'h0004ac37ca95.ne.client2.attbi.com' is my public IP. So it indicates that I 
can send request to him, then his server sent replies, however I got nothing 
and eventually I got error in my browser.

What could be a problem?
Thank you.
M Lu.

---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bind multiple IP addresses?

[M Lu]

I think you can have aliases in DCD 1.02 but cannot remember how. Try to 
search for ALIAS in the scripts. In Bering you will specify additional IPs 
in /etc/network/interfaces, e.g. (numbers are just for sample)

auto eth0
iface eth0 inet static
   address 1.2.3.4
   netmask 255.255.255.0
   broadcast 1.2.3.255
   gateway 1.2.3.1
   # secondary IP is defined here
   up ip addr add 5.6.7.8/24 dev eth0
and simply portforwarding port 80 on each IP to different internal server of 
your choice.

- Original Message - 
From: Doug Sampson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, July 07, 2004 7:41 PM
Subject: [leaf-user] Bind multiple IP addresses?


Can I bind more than one public IP address to an external interface in
Dachstein 1.02CD? If so, how? I've googled around to no avail. If not, is
there another app that does this? Bering?
The reason for this is I wish to port-forward packets to another web 
server
that is behind the firewall. Port 80 is already used by this one web 
server.
I do not wish to force users to add the port designation at the end of the
URL in order to reach the second web server. So I got around to thinking
that if I could bind a different public IP address to the external
interface, then add a rule to the firewall stating that if someone comes
knocking at this IP address at port 80 to please forward the packets to 
the
second web server.

I'm fully aware that I could establish port-forwarding at the ISP's name
server redirecting http packets to a different port- say 8000- which could
be redirected to port 80 of the second web server. I just would like to 
see
if I can avoid paying extra bucks for the port-forwarding feature. I 
happen
to have a few unused public IP addresses left.

Is that possible?
~Doug
---
This SF.Net email sponsored by Black Hat Briefings  Training.
Attend Black Hat Briefings  Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

---
This SF.Net email sponsored by Black Hat Briefings  Training.
Attend Black Hat Briefings  Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Re: Bering-uClibc 2.1.3 Question (2. PS1)

[M Lu]

With bering shell, you can set PS1 but then you cannot use 'cd' and see the
new directory. So the way I do is that I have to define a new command, e.g.
'nd' inside /etc/profile like that

export PS1=`pwd` 
nd(){ cd $* ; PS1=`pwd` ; }

now you can use 'nd' instead of 'cd' and it will show the current directory.

It is not very convenient but if you need to know where you are, you can
always type 'nd .'

If anybody knows of something more elegant, please share with us.

Thanks.



Chris Lee [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 Hi,

 Some Newbie questions:


 2. PS1
 It is possible to set PS1, so that it show current folder? (e.g. [firewall
 /etc] #)


---
This SF.Net email sponsored by Black Hat Briefings  Training.
Attend Black Hat Briefings  Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Re: Bering-uClibc 2.1.3 Question (2. PS1)

[M Lu]

Tom,

I think 'nd' is defined as function of cd, so maybe the recursion will not
work.

M Lu.



- Original Message - 
From: Tom Eastep [EMAIL PROTECTED]
To: M Lu [EMAIL PROTECTED]
Cc: Chris Lee [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Tuesday, July 06, 2004 5:11 PM
Subject: Re: [leaf-user] Re: Bering-uClibc 2.1.3 Question (2. PS1)


 M Lu wrote:
  With bering shell, you can set PS1 but then you cannot use 'cd' and see
the
  new directory. So the way I do is that I have to define a new command,
e.g.
  'nd' inside /etc/profile like that
 
  export PS1=`pwd` 
  nd(){ cd $* ; PS1=`pwd` ; }
 
  now you can use 'nd' instead of 'cd' and it will show the current
directory.
 
  It is not very convenient but if you need to know where you are, you can
  always type 'nd .'

 alias cd='nd'

 -Tom
 -- 
 Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
 Shoreline, \ http://shorewall.net
 Washington USA  \ [EMAIL PROTECTED]



 ---
 This SF.Net email sponsored by Black Hat Briefings  Training.
 Attend Black Hat Briefings  Training, Las Vegas July 24-29 -
 digital self defense, top technical experts, no vendor pitches,
 unmatched networking opportunities. Visit www.blackhat.com
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.Net email sponsored by Black Hat Briefings  Training.
Attend Black Hat Briefings  Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Re: Bering-uClibc 2.1.3 Question (2. PS1)

[M Lu]

Thank you, Tom.

Indeed it is fine.




- Original Message - 
From: Tom Eastep [EMAIL PROTECTED]
To: M Lu [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, July 06, 2004 5:54 PM
Subject: Re: [leaf-user] Re: Bering-uClibc 2.1.3 Question (2. PS1)


 M Lu wrote:
  Tom,
 
  I think 'nd' is defined as function of cd, so maybe the recursion will
not
  work.
 

 The shell 'alias' implementation avoids recursion -- it works fine.

 \h:\w$ export PS1=`pwd` 
 nd(){ cd $* ; PS1=`pwd` ; }/root
 /root alias cd='nd'
 /root cd /etc/shorewall
 /etc/shorewall
 /etc/shorewall
 -Tom
 -- 
 Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
 Shoreline, \ http://shorewall.net
 Washington USA  \ [EMAIL PROTECTED]



 ---
 This SF.Net email sponsored by Black Hat Briefings  Training.
 Attend Black Hat Briefings  Training, Las Vegas July 24-29 -
 digital self defense, top technical experts, no vendor pitches,
 unmatched networking opportunities. Visit www.blackhat.com
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.Net email sponsored by Black Hat Briefings  Training.
Attend Black Hat Briefings  Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] mail in Bering-uClibc 2.2. beta 2

[M Lu]

Thanks kp,

Sorry, I should have printed the commands I used.

I realized that the Posixness file has been modified between 2.1 and 2.2
beta 2 and I also traced the output but I was involved in something else so
did not have a chance to look at it once more.




- Original Message - 
From: K.-P. Kirchdörfer [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, June 03, 2004 12:53 PM
Subject: Re: [leaf-user] mail in Bering-uClibc 2.2. beta 2


 Am Dienstag, 1. Juni 2004 05:05 schrieb M Lu:
  seems to me that mail script is broken. I always got 'broken pipe' or
  'connection error' and the commands I use used to work fine on 2.1
 
  Anyone has the same problem?
 

 Hi;

 you are right - I can reproduce your problem.

 We try to solve for next release.

 kp


 ---
 This SF.Net email is sponsored by the new InstallShield X.
 From Windows to Linux, servers to mobile, InstallShield X is the one
 installation-authoring solution that does it all. Learn more and
 evaluate today! http://www.installshield.com/Dev2Dev/0504
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html