Re: [Leaf-user] OT: how to get your PID from a shell script

[Matt Schalit]

Peter Nosko wrote:
> 
> > > pn] Is there a clever way to do this or just the unglamorous way via
> > > grep/awk?
> >
> > $$
> 
> pn] LOVE IT!  Thank, Tom.



Here's a few, if you're interested:


   $0   The command name used to start this process
   $#   The number of positional parameters
   $*   All positional parameters
   $@   All positional parameters
   $?   Exit status of last foreground command
   $$   PID of current shell
   $!   PID of last background process
   $-   Flags set in the current shell


Best,
Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] OT: KVM switches

[Matt Schalit]

Peter Nosko wrote:
> 
> pn] What I've noticed is more important than the specific resolution/refresh
> rate is that all devices attached should use as similar as possible a
> resolution/refresh rate.  But I still notice (most on the Win2K Server)
> several areas on the screen that "waver", similar to the way you see heat
> rising off a road surface.  I consider spending more, but I want to make
> sure that throwing money at the problem will actually solve it.


Check out Raritan and ask them why they are so expensive.

Check out www.warehouse.com for lots of good KVM's.
Find a place that offers satisfaction guaranteed and
pay with a credit card.

If you want these to work with Lrp, don't connect the
mouse cable to the Lrp box.

Best,
Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] OT: KVM switches

[Matt Schalit]

Jack Coates wrote:
> 

 
> I use 1280x1024 (Linux Voodoo 3) and 1024x768 (Win2K S3 Savage/IX)
> through a Belkin OmniCube 2-port. Video has always been okay. I've also
> used 4 and 8 port Belkins, they suck badly. All Belkins I've used have
> intermittent problems with PS/2 keyboards and laptops.


I'd agree on that.  The quality's inversely proportional
to the number of ports.

BTW, calling Belkin and trying to get help'll be the
most miserable support experience you'll ever have :-o

Best,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] 3c90X and Oxygen

[Matt Schalit]

John Rodley wrote:
> 
> Looking for a 3C90X NIC module for Oxygen-051401.


emailed...

 
> Do I actually need a specific 90X module, or will one of the 3c5XX modules
> do the trick?  


The 3c59x.o


> And finally, is there a central document mapping modules to
> actual physical NICs?


There was something on lrp in the modules section
I thought, and Ray refered to it a few times in
the past.  Maybe ask him if you can't find it.


> BTW: Many thanks to all LRP contributors.


Shucks.

 
> John Rodley


Cheers,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] And the winner is?

[Matt Schalit]

This is a bit OT, but it's an outstanding
map that you will certainly enjoy, if you
haven't seen it yet.

Best,
Matthew

http://www.atai.org/softwarewar.gif

___
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Oxygen + TFTP boot

[Matt Schalit]

"Brett J. Hoffman" wrote:
> 
> I don't want to transfer files back and forth from my router, apparently
> with the Oxygen release you can have it load files via tftp from a tftp
> server, so instead of requiring two floppy disks, I can just stick one
> in, and then load whatever else I need via tftp.
> 
> I could take this one step farther too, and see about booting the kernel
> via tftp as well. So you could essentially go floppy less and hard drive
> less on your lil' lrp router. Plus you really wouldn't have to really
> worry about fitting everything onto one little floppy either. :)
> 
> I've gotten everything I really need to fit onto one floppy, although
> the booting of .lrp packages sounded cool and wanted to know if anyone
> has done it. Basically I know you can do it, so I want to do it. :)
> 
> - Take Care
> - Brett



Brett,

  Grab the latest OX off of leaf and use the command 
netload.
 
  Read the netload script to get a quick idea of how it
works.  I use it to load my packages off the ftp server 
on my internal LAN.  It's neat.  

  The only issue is that wu-ftpd tries to do a DNS lookup 
on the firewall hostname, and so you need to run ipchains 
to add a masq entry for the LAN (if you're masq'ing it).  
Something like:
 
ipchains -A forward -j MASQ -s 10.11.12.0/24


  I have a directory   ftp://blah.blah/pub/Oxygen/
that has all my .lrp files and the control file called
lrp.conf.  In lrp.conf are the filenames of the packages 
to load.

  You can ftp to my server and look for yourself:
 
   ftp://63.194.213.179:710/pub/Oxygen/


Dave will be around after the weekend.  He'll update
you on this if necessary.

Regards,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Oxygen + TFTP boot

[Matt Schalit]

"Brett J. Hoffman" wrote:
> 
> Hi,
> 
> I was wondering if anyone has any information on getting Oxygen to boot
> with TFTP or has any documentation to point me in the right direction.
> 
> - Thanks
> - Brett Hoffman


Last I tried, loading packages via the
net worked well with Oxygen.  If I remember
correctly, you just have it boot up all the
way to a prompt, and as your last startup script,
create one that runs the netload program.
Netload is a script written by David that is
front end for snarf, which can get files via ftp,
tftp, and other ways.  I make it use ftp and load
all my packages that way.  It's easy to have only
one floppy that way.

The only hitch on my setup is that my Unix FTP
server won't function properly unless it has
net access.  So just before I load all my
packages via netload, I have to issue an 
ipchains -A accept -j MASQ -s 10.1.1.0/24
to let traffic flow.  (Probably a dns issue.)

Best, Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Oxygen + TFTP boot

[Matt Schalit]

David Douthitt wrote:
> 
 
> If you use tftp://somesite/lrp.conf or something like that for a source
> (after disk packages are loaded) then it should work.  lrp.conf needs to
> have a list of packages to load.
> 
> I forget the full details, but it should be in syslinux.cfg - or at
> least some details should be there.
> 
> Loading packages this way instead of using netload would also mean that
> when the FTP server starts the network is present and operational.


That's neat.  I think I should have tried the tftp route
when I was first finding a way to make it all work, because
the tftpd doesn't do the dns checking.   

Thanks for all your hard work and for making a boot time solution,
Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] multi-port cards + LRP

[Matt Schalit]

"Richard J. Lohman" wrote:
> 
> Greetings, all:
> I've been tasked with setting up a remote access solution for a
> number of remote offices. I was pondering setting up an LRP (either
> EigerStein or DachStein) box as a PPP dial-in box. I need to be
> able to provide 12 lines in, however. My first thought was a multi-
> port modem or multi-port serial adapter (with external modems).
> Anyone ever try such a thing? Does anyone know of any resources
> available for such a venture? TIA!
> 
> Regards,
> Rich Lohman


Well, I have an Equinox SST 64P, multiport
serial card that I'm not using.  If your
interested, look into those, and make me
an offer.  

I attached it to an Equinox 8-port external 
DB-25 box, but you can get whatever type 
of external box you want, 8, 16, 32 or more 
ports in DB-25, DB-9, or modular phone jacks
style.

It can handle 128 ports at full speed with
no more than a 5% load on your cpu.  You
could easily run a supermarket with it and
a good *ix box.

The only issue which I'm not sure about at
all is the driver support for a LEAF.  I'm sure
there's drivers for Linux, though, so it may
be just a matter of tweaking.

Best,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] Cacheing DNS question about 10.x.x.x zones

[Matt Schalit]

Hi Folks,

  I'm sort of confused, and maybe someones seen this.
If I run a cacheing dns server somewhere on my private
internal lan (10.x.x.x), then, by definition, it's not
authoriative for my zone and just cache's query responses
it gets back, correct?

  If you guys run a cacheing dns server, how do you
configure it to be able to reply for the masq'd internal
LAN?

Thanks,
Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Dynamic DNS

[Matt Schalit]

Ray Olszewski wrote:
> 
> I don't want to start a fight, Matthew, but I can't just let this go by,
> since I don't want to cause a misunderstanding either.

No worrys.  I don't often get all
the facts right the first time.


> At 10:15 AM 10/28/01 -0800, Matthew Schalit wrote:
> ...
> >I realize that most of you don't consider
> >Oxygen to be a useful, but in reality, it's
> >a very complete and modular package.
> >Both libssl and libcrypto are available at:
> >
> >   http://leaf.sourceforge.net/pub/oxygen/packages/
> 
> Please be sure (especially you, David) that I consider Oxygen a very useful
> part of the LEAF family. I simply didn't realize these libraries were
> included in the current Oxygen. Before my earlier message, I did check the
> list shown at the "Packages" link from the LEAF Home Page, and found neither
> library mentioned on the (presumably out-of-date) list posted there
> describing the Oxygen Packages tarball.

I learned long ago to go directly to

   http://leaf.sourceforge.net/pub/oxygen/

if I wanted to see any current information.  I can't expect
the web side of things to be stable when the rest of the
program is in flux.  One of the things I've tried to work
on with David off the list is deploying a stable version.
I thought we had Oxygen-051401 pretty well ship-shape,
but the winds of change brought libc-2.1.3 into play.
So Oxygen has been in flux since June.

When I don't see any posts about Oxygen but then try
to use it and find a lot of errors, I get the
impression that I'm the only one using it.



> >And finally, since when does openssh work without openssl?
> 
> Actually, it only needs libcrypto, not the full-blown openssl. See below.

Ok.  I wasn't specific using the term openssl.  More recent 
OpenSSH requires OpenSSL to compile.  Whether the final sshd 
depends on libssl or libcrypto is a function of the OpenSSL 
libraries being static or shared, among other things.

 
> >If a recent openssh is available from J. Nilo, it probably
> >includes libssl and libcryto.
> 
> Nope.
> 
> If I get Jacques' current sshd.lrp package and un'tgz it, I find neither
> library included. If I run ldd against this sshd, I don't see libssl or
> libssl09 mentioned in its dependencies. 

I ran ldd on the OpenSSH-2.9.9p2 sshd and it doens't depend
on libssl, libcrypto, or libcrypt.  That's most likely because
my OpenSSL was built static only.



> (Nor does the sshd on my Debian
> workstation list libssl or libssl09 among its dependencies.) I do see
> libcrypt mentioned (for both sshd apps), but not libcrypto for Jacques'
> version ... since the smaller Debian sshd does depend on libcrypto, I'd
> infer that Jacques linked in the libcrypto stuff statically.

I think I agree.


> So the Oxygen package looks like the only way to get the libraries. 

Ok, but I guess I should mention that the newer libc-2.1.3 based Oxygen 
can use RedHat files, though I don't know all the details.

> The executable remains a problem.

Roger that,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Simple scripting question

[Matt Schalit]

David Douthitt wrote:
[snip]

> $(cat input | sed '/pat/' | wc -l) -ne 0

Remember, only you can prevent 
a useless use of cat ... :-o

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] echoWall 1.32 [was: IPchains / Forwardingquestion]

[Matt Schalit]

Kory Krofft wrote:
> 
> Scott,
> As I promised I am updating the list on my progress at getting game servers to
> work with echowall and Dachstein. Your suggestions for the Quake section worked
> great for Quake 2 but Quake 1 and 3 do not connect. 

[snip]

> Thanks,
> 
> Kory


  With any set of packet filter rules, you simply add the logging
option to the appropriate ipchains or iptables or ipfwadm commands,
and then your connection will be completely logged.  Post the
relevant section of your logfile, and we'll see what's getting
in and what's getting denied.

  Be careful you don't create too much traffic during this test or you
will fill you ramdisk by filling your syslog.

  Btw, it not often necessary to cc the authors.  They don't
need to get multiple copies of the same post.
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] Re: [Leaf-devel] Openssh 3.0p1 available

[Matt Schalit]

Jacques Nilo wrote:
> 
> I hope those guys at http://www.openssh.org are not going to update
> their version every other day :-)
> But well this time, you got the latest one pretty quickly...
> As usual check:
> http://leaf.sourceforge.net/devel/jnilo
> 
> Older version still available at
> http://leaf.sourceforge.net/devel/jnilo/packages
> Jacques


Works on Oxygen.

And thanks for creating the makekey script.  
That was a nice touch.
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] searching the mailing lists

[Matt Schalit]

Mart Kempen wrote:
> 
> > Hi all,
> >
> > is there some secret trick about searching the leaf mailing lists
> > that I am
> > not aware off?? My searching on vpn didn't yield any results, and
> > I think it
> > is rather unlikely that there has not been any talk about vpn's
> > on the leaf-
> > list. If I brows the list I even found some mails in the last few days.
> >
> > What am I doing wrong? Oh yes I am logged at the leaf site so
> > that's not it.
> >
> 
> I had the same problem, trying to get some basic info before really asking
> it on the list. All the terms I use just don't give back any results or a
> very few
> 
> Something like floppy or harddisk, gave back 1 or 0 result. Think that's
> weird.
> 
> Not any help for you Kim, but just letting you know you're not the only one
> :)
> 
> Regards,
> 
> Joris


The search at Geocrawler doesn't work well for me, because I tried
to search for a thread that had the words "Sonic man pages" in it
many times, and it can't even find it by searching for Sonic or sonic.

The search at Sourceforge mailman works well for me.
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re:[Leaf-user] Dachstein Firewall status

[Matt Schalit]

Mart Kempen wrote:
> 
> > Follow the instructions:
> >
> > myrouter# more /var/log/messages
> >
> 
> Could you be a little bit more specific what you mean by this? Where can I
> find this instructions?
> 
> I checked my firewall rules, in the 'routerstatus' (web based)
> 
> and found this line:
> 
> pkts bytes target  prot opt ifname   source destination  ports
> 697  31396 DENYall  l-  eth0 0.0.0.0/0  0.0.0.0/0n/a


Yikes.  This rule says deny and log all traffic coming into eth0, your
external nic.


> This first number is exact the number of packets that are denied.

Understandable.

> Can anyone conclude something from this line?

Somewhere in your router this rule is created
and run during boot time (my guess).  You probably
need to inspect your /etc/network.conf, and the
output of

   ip addr show
   netstat -rn

Good Luck,
Matthew
 
> Regards,
> 
> Joris

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Dachstein Firewall status

[Matt Schalit]

Kory Krofft wrote:
> 
> All this talk about the weblet message logs has me wondering. My firewall log
> states that since yesterday I have almost 3000 denied or rejected packets.  I
> included a sample of the log entries below. Can someone  please explain what
> these lines mean? Do I have a problem? Is there a way to reset the logs from the
> browser?
> 
> Thanks,
> Kory
> 
>   Nov 13 18:53:27 markii kernel: Packet log: input DENY eth0 PROTO=6
> 65.11.220.95:2905
>   65.28.237.42:80 L=48 S=0x00 I=30599 F=0x4000 T=110 SYN (#39)

This one was one of those code red scans, destined for
your web port (80).


>   Nov 13 18:55:25 markii kernel: Packet log: input DENY eth0 PROTO=17
> 65.28.237.196:427
>   224.0.1.22:427 L=675 S=0x00 I=5278 F=0x T=253 (#39)
>   Nov 13 18:57:23 markii kernel: Packet log: input DENY eth0 PROTO=17
> 65.28.234.99:427
>   224.0.1.22:427 L=81 S=0x00 I=60946 F=0x T=31 (#39)
>   Nov 13 19:07:17 markii kernel: Packet log: input DENY eth0 PROTO=17
> 65.28.234.99:427
>   224.0.1.22:427 L=81 S=0x00 I=47352 F=0x T=31 (#39)
>   Nov 13 19:07:59 markii kernel: Packet log: input DENY eth0 PROTO=17
> 65.28.236.136:42
>   224.0.1.24:42 L=47 S=0x00 I=21740 F=0x T=1 (#39)


These four were UDP packets that were sent to a multicast ip
address (224.any.thi.ng).  As 99% of us do no mutlticast client
or server activity, you can safely ignore those.  If you don't
want to see them (and if there's too many of them) then you can
change rule #39 so that the '-l' log command is no there.  Then
the packets will be denied, but not logged.


>   Nov 13 19:14:04 markii kernel: Packet log: input DENY eth0 PROTO=6
> 65.14.161.151:4929
>   65.28.237.42:80 L=48 S=0x00 I=34082 F=0x4000 T=112 SYN (#39)


Another code red to port 80 (or could be a valid request to port 80,
but my guess is you have no public web server, and it's code red).



>   Nov 13 19:17:11 markii kernel: Packet log: input DENY eth0 PROTO=17
> 65.28.234.99:427
>   224.0.1.22:427 L=81 S=0x00 I=33817 F=0x T=31 (#39)
>   Nov 13 19:27:06 markii kernel: Packet log: input DENY eth0 PROTO=17
> 65.28.234.99:427
>   224.0.1.22:427 L=81 S=0x00 I=20302 F=0x T=31 (#39)
>   Nov 13 19:37:00 markii kernel: Packet log: input DENY eth0 PROTO=17
> 65.28.234.99:427
>   224.0.1.22:427 L=81 S=0x00 I=6786 F=0x T=31 (#39)


More of the same multicast traffic destined for a 224.x.y.z address.
Also, on the sourceforge website, there's a ipchains log file howto 
decode faq.

Good Luck,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Basic router

[Matt Schalit]

Jeff Groetsema wrote:
> 
> All,
> 
> I need to set up a basic router (no NAT, DNS, filtering, etc.) with three ports to 
>three subnets and one port to our Internet gateway.  My path to this end, was to 
>start with LRP Eiger, a default configuration and incrementally convert it to what I 
>need.  The first step was to set it up with two ports, one to an external net with an 
>address of x.x.150.253, one internal port with an address of 192.168.1.254, and a 
>gateway address of x.x.150.254.  After I fixed DNS, all was well and I could browse 
>the internet.  My next step was to replace the internal address with x.x.153.254.  
>After this change was made I could ping x.x.153.254 and x.x.150.253 but nothing else. 
> I turned off NAT, DNS, and filtering incase they were causing problems.  Still no 
>luck.
> 
> Any insite would be greatly appreciated.
> 
> Thanks,
> Jeff


You probably want to grab the Dachstein version, rather
than to try to do this on Eiger, mostly because Dachstein
is newer and more mature.

Most likely, Eiger is still putting rules in place to 
block the traffic.  You might try:

  ipchains -L -n -v
  ip addr show
  ip route show

And post those if you don't get anywhere.  Like Ray mentioned,
please be more specific in listing what you do and what you see.
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] packages in the oxygen directory

[Matt Schalit]

[EMAIL PROTECTED] wrote:
> 
> Hi all and especially to David,
> 
> I have downloaded some of the packages from the oxygen packages list
> and tried them on my eigerstein beta2 but they all seem to segfault.
> 
> I am talking especially about ethereal and winscan, is this a library problem
> or a kernel version issue? And is it fixable without switching over to an
> oxygen distribution? Because I got quite accustomed to my eigerstein config?
> 
> Thanks in advance.
> 
> Kim

I think it's because ethereal was compiled against 
glibc-2.1.3, whereas your ES2B is a glibc-2.0.x.  I'm 
not positive how David compiled that one, though. I can 
tell you that the current Oxygen runs on kernel 2.2.19.

Here's the info I can give you from installing it and 
running it on Oxygen.

File list:
-
# cat /var/lib/lrpkg/ethereal.list
usr/sbin/editcap
usr/sbin/tethereal
usr/lib/libz.so
usr/lib/libz.so.1
usr/lib/libz.so.1.1.3
usr/lib/libglib-1.2.so.0.0.6
usr/lib/libglib-1.2.so
usr/lib/libglib.so.1
usr/lib/libglib-1.2.so.0
usr/lib/libglib.so.1.0.6
usr/lib/libm-2.1.3.so
usr/lib/libglib.so
usr/lib/libgmodule-1.2.so.0
usr/lib/libgmodule-1.2.so.0.0.6
usr/lib/libsnmp.so.0.4.1.1
usr/lib/libgmodule.so
usr/lib/libsnmp.so.0
usr/lib/libm.so.6
var/lib/lrpkg/ethereal.*

Ethereal brings a lot of libraries over.
-


# ldd /usr/sbin/tethereal
libsnmp.so.0 => /usr/lib/libsnmp.so.0 (0x00125000)
libgmodule-1.2.so.0 => /usr/lib/libgmodule-1.2.so.0 (0x00163000)
libglib-1.2.so.0 => /usr/lib/libglib-1.2.so.0 (0x00166000)
libdl.so.2 => /lib/libdl.so.2 (0x00189000)
libm.so.6 => /usr/lib/libm.so.6 (0x0018e000)
libz.so.1 => /usr/lib/libz.so.1 (0x001ab000)
libc.so.6 => /lib/libc.so.6 (0x001ba000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x0011)


# tethereal --help
Cannot find module (IP-MIB): At line 0 in (none)
Cannot find module (IF-MIB): At line 0 in (none)
Cannot find module (TCP-MIB): At line 0 in (none)
Cannot find module (UDP-MIB): At line 0 in (none)
Cannot find module (SNMPv2-MIB): At line 0 in (none)
Cannot find module (SNMPv2-SMI): At line 0 in (none)
Cannot find module (UCD-SNMP-MIB): At line 0 in (none)
Cannot find module (UCD-DEMO-MIB): At line 0 in (none)
Cannot find module (HOST-RESOURCES-MIB): At line 0 in (none)
Cannot find module (HOST-RESOURCES-TYPES): At line 0 in (none)
Cannot find module (SNMP-VIEW-BASED-ACM-MIB): At line 0 in (none)
Cannot find module (SNMP-COMMUNITY-MIB): At line 0 in (none)
Cannot find module (SNMP-FRAMEWORK-MIB): At line 0 in (none)
Cannot find module (SNMP-MPD-MIB): At line 0 in (none)
Cannot find module (SNMP-USER-BASED-SM-MIB): At line 0 in (none)
tethereal: invalid option -- -
This is GNU tethereal 0.8.15, compiled with GTK+ (version unknown), with libpcap 0.4, 
with libz 1.1.3, with UCD SNMP 4.0.1
tethereal [ -vVhlp ] [ -c count ] [ -f  ]
[ -F  ] [ -i interface ] [ -n ]
[ -o  ] ... [ -r infile ] [ -R  ]
[ -s snaplen ] [ -t  ] [ -w savefile ] [ -x ]
Valid file type arguments to the "-F" flag:
libpcap - libpcap (tcpdump, Ethereal, etc.)
rh6_1libpcap - Red Hat Linux 6.1 libpcap (tcpdump)
suse6_3libpcap - SuSE Linux 6.3 libpcap (tcpdump)
modlibpcap - modified libpcap (tcpdump)
nokialibpcap - Nokia libpcap (tcpdump)
ngsniffer - Network Associates Sniffer (DOS-based)
snoop - Sun snoop
netmon1 - Microsoft Network Monitor 1.x
ngwsniffer_1_1 - Network Associates Sniffer (Windows-based) 1.1
default is libpcap


Just a little info to help you diagnose your setup
and whether it's useful to persue this ethereal.  I'm
going to pass on the winscan analysis :)
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] DachsteinCD, need help getting started

[Matt Schalit]

Scott Ecker wrote:
> 
> I have been having loads of trouble getting up and running consistently with
> the dachstein CD.  I have been practicing making configurations on one
> machine in order to hone my knowledge of setting up different types of
> firewalls.  However, sometimes I just can't get ip masquerading to work in
> the simplest configuration.  I must be missing some tiny switch sometimes
> when I set up the box.  Basically I want to allow all machines behind the
> firewall to be able to browse,email,ssh,etc.  My hosts.allow is wide open
> "ALL: 192.168.212.0/255.255.255.0", and my hosts.deny has only "ALL:
> PARANOID" and "ALL:ALL".  

host.allow and host.deny are only used to filter traffic
destined for a service on the LEAF box.  Basically none
of your internal LAN traffic is destined for the LEAF box,
rather it goes to the internet (except maybe ssh).  So your 
host.allow and host.deny are not stopping traffic from being 
masq'd, making it out to the net, not making it back in 
through the firewall.



> I can ping internally and externally from the
> firewall, just can't masq anything.

Can you ping from an internal computer to the
two LEAF cards?  To the LEAF's default gateway?

You'd help us debug your problems by posting the details 
described in the LEAF "How do I request help" document:

 http://sourceforge.net/docman/display_doc.php?docid=1891&group_id=13751


> Also, I've noticed that the weblet page showing installed modules shows
> ip_masq_portfw and ip_masq_autofw and unused.  

These have no affect whatsoever on your ability to:

   Have a valid IP address on the propoer network on your internal lan computer
   Have a valid netmask on your internal lan computer
   Have a valid dns on your internal lan computer
   Have a valid default gateway on your internal lan computer

   Have all the same on the LEAF, twice.
   Have all computers on the same network.
   Fill out the network.conf right (that's not easy, you're not being scolded).

I think Charles usually have *very* good documentation, especially 
for the recent releases.

> Are these modules necessary
> only if I forward ports to a private ip, or are they necessary for
> masquerading?  Or does (unused) mean something else?

They are used when you have *incoming* traffic from the internet
into you LAN to a service like a web server you run.  They forward
a single port (like web port 80) on the LEAF into your LAN computer's 
port 80, in the case of portfw.  In the case of autofw, that forwards 
a range of ports like 65300-65500 from the LEAF to the LAN computers same
port range (like what you do when you run an ftp server).


[snip]

Usually, almost all of Dachstein is setup in the network.conf.
If you didn't distill that into the variables and post it, then
there was no significant chance of helping you correctly.

Good Luck,
Matthew

> -Scott

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] dnscache Dachstein 1.0.1 "LRP Box internal IP"

[Matt Schalit]

Jacques Nilo wrote:
> 
> Sandro Minola wrote:
> 
> > hi
> >
> > Under Package configuration - dnscache there is a menu entry called "LRP box
> > internal IP (default: 192.168.1.254).
> > But if I open menu entry 1) there is not "192.168.1.254", it's "0.0.0.0".
> >
> > What's correct now? Is the menu entry description wrong or the value itself?
> > One must be wrong. I entered 192.168.0.254 instead of 0.0.0.0 (my subnet is
> > 192.168.0. not 192.168.1.)
> 
> Well in my original LRP package IP is setup by default to 192.168.1.254 which
> is the default adress of the internal interface of the LRP box. Apparently
> Charles changed that in the Dachstein setup to 0.0.0.0. There must be some
> reason but honestly I do not see it at that point.
> Charles ?
> Jacques


I saw Charles recently made that change to 0.0.0.0, and it was 
almost the only thing in the Dachstein changelog.

Never having a perfect understanding of dnscache myself, I was 
hoping your docs might have mentioned something regarding this, 
but they didn't.

Regards,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] oxygen masquerading problem??

[Matt Schalit]

Kim Oppalfens wrote:
> 
> On Sat, 24 Nov 2001 17:39:02 -0800, Matt Schalit wrote:
> >Kim Oppalfens wrote:
> Ok I will try that out, thanks very much.
> Does the clients behind the firewall have to be in the hosts file??
> 
> Kim

Not mandatory.  If you put them there, then you'll be able
to access them easily from the oxygen console.  You may end
up doing this more than once:

  ping luke

But if luke is not in your /etc/hosts, then you'll have to type:

  ping luke.mylongassdomainname.net

Heh.  The minimum you want in your /etc/hosts is something
like what I do for my home setup:

127.0.0.1localhost
10.2.3.254   hub.schalit.net   hub
63.194.213.179   adsl-63-194-213-179.sfnc21.pacbell.net
10.2.3.1 luke.schalit.net  luke
10.2.3.2 yoda.schalit.net  yoda ftp web ntp1
10.2.3.3 xena.schalit.net  xena
10.2.3.4 leia.schalit.net  leia

But you'd only need the first three lines, adjusted for your setup.
Notice I left out the hostname alias for my external ip.  Aliases
are not mandatory.  It's debateable whether anything besides
the first line is mandatory, but three lines is the best minimum.
Good Luck,
Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Geocrawler search not working?

[Matt Schalit]

Peter Nosko wrote:
> 
> --- Matt Schalit <[EMAIL PROTECTED]> wrote:
> > Peter, I don't know about you, but I've been getting nowhere
> > with geocrawler searches.

> pn] Can we/how do we get this fixed?  I tried Geocrawler for the LRP (linux-router) 
> list, and it works just fine.

Are you sure it works fine?  Search the linux-router for
the word sonic and you won't find my thread from Feb 2001.

Geocrawler can't handle quotation marks in the search.
So even though it serves a decent purpose, it's wack.

Anybody know who set up the Geocrawler account for LEAF?
They may have a contact person at Geocrawler, or a special
login for administration.  

Myself, I just use the sourceforge search engine these days.
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Announce keyboard.lrp

[Matt Schalit]

KP Kirchdörfer wrote:


> I know Etienne Charlier did something similar - but this one is based on
> busybox loadkmap, which is part of Dachstein (and maybe Oxygen) 

It's part of the oxygen-090601 development version.
Not sure about earlier ones, like the May-2001 release.


hub:/root # busybox
BusyBox v0.60.1 (2001.09.05-18:34+) multi-call binary

Usage: busybox [function] [arguments]...
   or: [function] [arguments]...

Currently defined functions:
[, ash, busybox, cat, chgrp, chmod, chown, clear, cp, cpio, cut,
date, dd, df, dmesg, du, dutmp, echo, env, false, fdflush, find,
grep, gunzip, gzip, halt, head, hostname, id, insmod, kill, killall,
ln, loadkmap, logger, ls, makedevs, md5sum, mkdir, mkfs.minix,
mknod, mkswap, mktemp, more, mount, mv, nslookup, ping, printf,
rdate, renice, reset, rm, rmdir, rmmod, sh, sort, stty, swapoff,
swapon, sync, tail, tar, tee, test, tftp, touch, tr, true, umount,
uname, uniq, update, uptime, usleep, watchdog, wc, which, whoami,
xargs, yes, zcat



> Thanks for your attention.
> kp

No, thank *you*.  You're making us all proud
with your contribution, which is very cool.
Matthew


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] [n00b] Mad packet loss on Dachstein Firewall

[Matt Schalit]

Christopher Fowler wrote:
> 
> OK, so I've got my dachstein firewall up and running (hooray!), no DHCP
> since I already have a Windows 2000 Domain controller handling such duties,
> and the DSL is business DSL so the external IP is assigned. NOW, my problem
> is that when I try to ping the firewall itself or anything beyond it, I
> suffer at least 50% packet loss. When I used DHCP on my home set up, I
> didn't have this kind of problem, so I'm assuming I messed a setting up
> somewhere, but I have no clue where to start. Any suggestions would be
> helpful. Thanks!


cableing, connectors, transients, reseat the cards/ram/cpu/
power connectors, etc.  Do a sender responder test with the
nic setup program (use identicle nics for that) on both
comps.

Good Luck,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] dachstein rooted

[Matt Schalit]

guitarlynn wrote:
> 
> I put a dachsrein beta firewall up last week at the house, it works
> great.  My wife got into an apparent ongoing battle in which
> several people in a yahoo chat room were hit with a buffer over-
> flow (affecting windows client) in the chat program. The room
> was actually being monitored by a level 2 government employee
> that was assigned to the room to monitor for script-kiddies, and
> she got one of them. Unfortunately, the kiddie got my ip addy and
> DDoS'ed it (from what I dug out of the logs before they filled). This
> was fine (lol), except I cannot find any info in auth.log and
> user.log. 

Do you mean that they are empty?  Do you have sshd running?
It leaves a message in auth.log when sshd is started.

> I am assuming the box has been cracked, 

Why?  Because two log files are empty?
Do you have a strong password for root?
Are you using DF's standard ipchains rules?
If the answers are yes, I'm not convinced.
It's not called Dachstein "Firewall" for
nothing. 


> probably
> root kitted and they erased the two log files. The box is still up
> and the gov official (and maybe Charles or someone else) would
> like an image of the Ram disk to analyzeparticularly for a foot-
> print of the attacker.
> 
> My question, how do I make an image of the RAM disk???
> Can I simply back up the entire disk and send it, or is there another
>  way???

Copy the whole ramdisk?  Probably run mount to see what the
devices are called and then backup /dev/ram0 and the like,
the way David mentioned.

Good Luck,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] dachstein rooted

[Matt Schalit]

guitarlynn wrote:
> 
> On Wednesday 28 November 2001 04:05, you wrote:
> 
> > > I am assuming the box has been cracked,
> >
> > Why?  Because two log files are empty?
> > Do you have a strong password for root?
> > Are you using DF's standard ipchains rules?
> > If the answers are yes, I'm not convinced.
> > It's not called Dachstein "Firewall" for
> > nothing.
> 
> Many thanks to all, out of late night laziness (brought on by a 400
> mile trip that ended up with this circumstance), I should have
> compared the ram disk with my exact backup.  Nothing has been
> accessed, nothing has been changed, nothing has been compromised,
> nothing has been rootkitted here.  ~~Sorry for wasting brainpower~~!!!
> 
> The "hacker/cracker" has been using a prog that exploits im's/pm's in
> yahoo chat that leaves M$ 9x/ME boxes wide open on the tcp channel.
> It's the same thing that has plagued AOL for years now. I guess it's
> just proof that closed-source software doesn't help a thing once
> again.
> 
> I just need to remember how _not_ to log certain DENY'ed packets.
> I start another thread since I can't seem to find anything on the
> sites or in the archives (though I remember this being discussed
> a year or two ago.)


My first thought when reading that you had nothing in your
logs and your ramdisk was full just meant that it had been
zero'ed or rotated and archived and that sysklogd had stoppped
logging because the ramdisk was full.  It happens to me every
once in a while when I'm being port scanned.  Try this:

   svi sysklogd restart

It should get your logs working again.

As far as stopping something from being logged, the ipchains
rule(s) is(are) being created with the -l switch.  If you issue
the same ipchains command(s) without -l then you won't log them.
I think with DF, you have to modify a shell variable rather than
hack the rules themselves.  Make a new post about disabliing
logging of certain packets in DF and you should get your answer.

Good Luck,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Announce keyboard.lrp

[Matt Schalit]

Jacques Nilo wrote:

> The file is definitely there!!1 So as a sanity check, I edited
> /var/lib/lrpkg/keyaboard.conf and replaced the spaces for a TAB
> in the first line that says:
> /etc/init.d/keyboard change language keyboard maps
> 
> >JN:
> The bug your noticed has been fixed and the keyboard.lrp package should
> now be OK.
> Thks
> Jacques


Is this is the infamous 'cut' problem arising again 
where it thought the "change language keyboard maps" was
field 6 or something, rather than field 2?

Just a guess.  Oxygen cut works btw.
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Re: [LRP] Making the lrp box quieter

[Matt Schalit]

Robert Chambers wrote:
> 
> Yes:
> Open up the power supply and either cut the wires to the fan or unplug
> the fan.
> Robert Chambers


I disconnected my PS fan and my PS started to overheat.
Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] LEAF/LRP rules

[Matt Schalit]

Aniceto Pérez wrote:
> 
> I couldn't access the HOWTO to search this question.
> Is ir possible to set rules to filter packets or
> protocols with LRP software?
> 
> Thanks


  Yes, Sir, it is possible.  A LEAF distro provides
you with a linux kernel and shell + a number of usual
commands.  To that you can add applications and utilities,
like dhcpd, iptables, ftpd, dnscache, snort, psentry, tarpit,
whatever.

  Those additional apps and utils come in seperate packages
whose file extension is .lrp.  Those files may end in .lrp,
but they are really just .tgz files.  People often put those
packages on a second floppy or a cdrom (both physically write-
protectable).

  It's possible your leaf has ipchains on it already.
If not, download it from   http://leaf.sourceforge.net/


Matt


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Passive FTP Working fine with Dachstein 1.0.1

[Matt Schalit]

Charles Steinkuehler wrote:
> 
> > This solution works perfectly and people are able to connect into my
> server. My one issue with network.conf is that when I was using the
> following lines, the port forwarding did not work. (I know the lines are
> commented right now, that is not the problem :-)  )
> > #FTP Server
> > #INTERN_SERVER2="-a -P tcp -L $EXTERN_IP 21 -R 192.168.1.2 21"
> > #INTERN_SERVER3="-a -P tcp -L $EXTERN_IP 21000 -R 192.168.1.2 21000"


Charles isn't there a way for this user to autoforward his
range of ports rather than have 1 entry for each of the 20 ports?

Bob, when you get around to it, you might consider opening
up 100 ports or so.   If you or anyone else downloads 20
files and does a few directory searches, you can soon run
out of passive ports.  I can't verify that it will occur
on your setup, as your kernel may handle releasing/reusing
ports better than mine.  But I've seen it happen.  Something
just to note.

Good Luck,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] SYN packets

[Matt Schalit]

> Mike Branco wrote:
> 
> Do SYN packets have any particular use?  

Yes, a packet that has the SYN flag set in it
is the first packet of a connection.  When you
see a packet with SYN set, it is coming from someone 
who's attempting to make a new connection to your computer.

> Is there a way to deny any and all SYN packets altogether?

ipchains -A input -j DENY -i eth0 -p tcp ! -y -l

Meaning:
-

   -A input   = add this rule to the input chain
   -j DENY= deny all packets which are
   -i eth0= coming in on eth0, the external nic
   -p tcp = and the packet is tcp
   ! -y   = and the packet has the SYN flag set,
   -l = then log these denies to the syslog.


But you probably wouldn't want to do that, unless you
never expect inbound new tcp connections (You get those doing
outbound active ftp).

Regards,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] SYN packets

[Matt Schalit]

Matt Schalit wrote:

> > Is there a way to deny any and all SYN packets altogether?
> 
> ipchains -A input -j DENY -i eth0 -p tcp ! -y -l

Very bad.  Very bad.  Very, very bad. ^^^You wanted to deny 
packets with SYN, and I posted how to deny packets *without* SYN.  
The following does what you asked and is what I should have posted.

ipchains -A input -j DENY -i eth0 -p tcp -y -l

 
 Meaning:
 -
 
-A input   = add this rule to the input chain
-j DENY= deny all packets which are
-i eth0= coming in on eth0, the external nic
-p tcp = and the packet is tcp
-y = and the packet has the SYN flag set,
-l = then log these denies to the syslog.

Ok then :-o
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] What is This

[Matt Schalit]

Victor McAllisteer wrote:
> 
> Matthew Schalit wrote:
> 
> > Victor McAllisteer wrote:
> > >
> >
> > > This is some crazy method of geographic load balancing.  A whole lot of
> > > boxes use TCP port 53 simultaneously to find out what part of the world.
> >
> > Victor, wouldn't the load balancing we've seen over the
> > last months that hits port 53 be SYN traffic?  Why
> > are all his log entries refering to non-SYN traffic,
> > i.e. responses?
> >
> > Matthew
> 
> There was a lot of list traffic back in May on the LRP list concerning these
> port 53 weirdness.  

I remember it and read it, but the point of my question remains,
the user is certainly not starting tcp connections to all 600 of
those computers, so why would they all be *replying*.

If the perpetrators of the load balancing we've discussed
are now crafting reply traffic to do this balancing, that's
what I'd like to know, because that would be mildly unethical
and something for which I'd have to tailor my firewall I wrote.

Thanks,
Matthew


> My understanding is that tcp port 53 to port 53 is usually
> a zone transfer.  Leaf boxes running tiny DNS will not respond to tcp queries.

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] uninstall option for lrpkg

[Matt Schalit]

> Mike Branco wrote:
> 
> Running dachstein RC2 floppy version:
> I'm try to add an uninstall option into lrpkg.


Here's what David does with Oxygen.  It has
the -r option for removing a package that's
been installed.


remove () {
cd $PKGD
[ ! -f $1.list ] && err "no package! ($1)"

grep -v "$1" packages > packages.new
mv packages.new packages

cd - ; cd /
rm -f `cat $PKGD/$1.list`
cd -
}


Basically it does what you asked.
Matthew


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] eepro100.o module troubles...(HD install)

[Matt Schalit]

Adrian Stovall wrote:

> I can still boot, but now when the network moduled try to load, I get
> 
> eepro100 - /lib/modules/eepro100.o: unresolved symbol acpi_set_pwr_state
> /lib/modules/eepro100.o: unresolved symbol pci_drv_unregister
> /lib/modules/eepro100.o: unresolved symbol pci_drv_register
> 
> Anybody have any pointers on eepro100 modules and IDE-enabled kernels?


Most frequently asked question these days.
As Charles said, uncomment pci-scan and be sure it
is loaded before eepro100 in /etc/modules.conf.

Cheers,
Matthew



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Still unable to run Dachstein

[Matt Schalit]

Etienne Charlier wrote:
> 
> Hi,
> 
> Did you make sure the module pci-scan was loaded BEFORE the tulip driver ?
> 
> Regards
> Etienne

I agree here with the pci-scan loading before the nic module(s)
and that Dachstein is the simplest and most surefire release to get
you up an running with little effort.  There are two major things to setup:

  1)   # echo 'export EDITOR=e3vi' >> /etc/profile
   # exit
   and login again so that you can use vi.

  2)  use lrcfg to edit your Packages, then Modules
  so that it edits your  /etc/modules.conf .
  You are trying to uncomment the pci-scan
  line and the line for your nic module.  Others
  say that's tulip.  I don't know.  The one I needed
  for my friends SMC PCI card wasn't even on
  Dachstein, so I had to grab a copy off the kernel
  gzip archive and put epic100.o in  /lib/modules/ 
  and epic100 in my modules.conf.

  3)  I guess there's a third thing, you have to set root's
  password, backup etc and modules, and reboot.


I think that this corrects the "No Subnet Declaration" error
because eth0 and eth1 will be found.  

Dachstein worked flawlessly for my friends @Home^H^H^H^H^H attbi.net 
dhcp account.

Regards,
Matthew



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] AT&T transition woes

[Matt Schalit]

gc wrote:
> 
> I've got a standard configuration: home network behind a cable modem.
> I've been running an old Eiger distribution for the past year without
> issue. Then I got caught up in the big AT&T migration last week and it
> screwed things up.
> 
> Rather than troubleshoot such an old distribution, I figured I'd start over
> with the Dachstein v1.0.2 distribution. 

That's what I did for a friend.  We had Oxygen
running on his @Home rigged as a static IP setup
even though it's dhcp.

Then when they choked and became attbi (they never
should have merged with the white elephant Excite),
their dhcp is so touchy that I couldn't rely on the
static rig, and I went for dhcp.

Oxygen locked up during boot, after enabling
the correct nic modules and rebooting.

Doing the same on Dachstein rc2 gave him a perfectly
working system.  It was pretty spectacular, I must say.


> I followed the basic setup instructions,  but it didn't fix 
> my problem. Specifically, I can only ping a couple of hosts.


Describe exactly what you did and what you saw, if it's
still happeing and the DNS advice you got doesn't fix it.


> If I hook my win2k box directly to the cable modem, everything works fine.

Yea yea.  And if I suck Bill's cock, he might let me drink
from the river of wealth.

> The suspipcious thing is that my win2k box uses different IP and gateway
> addresses than the LEAF router (even though both use DHCP). So, I'm thinkin
> it's some sort of DHCP configuration problem.

Just so you know, it's common to get a new IP address and whatnot
when you switch systems (and thus mac addresses) and get a new lease.
I didn't have to touch a single dhcp setting to get my friend's
attbi.com system in Petaluma, CA to work.
 

> I messed around with the dhcpclient settings with no success. One thing I
> wondered was if I needed to update the domain name somewhere (since it
> changed from home.com to attbi.com), but I couldn't find anything that 
> looked relevant.

I thought I was going to have to labor through something like
that, but instead it was butter. 

Good Luck,
Matthew

> Any other former excite@home users go through this?
> Anybody else have any thoughts?
> 
> Thanks in advance.

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] fsck.ext2: erro in loading shared libraries

[Matt Schalit]

Pete Dubler wrote:
> 
> So... I finally got nice clean download and got the hard disk going on
> my Dachstein system.
> (pick the right mirror and stomp on the shift key...)
> 
> So, being faithful to Charles' HOWTO, I installed the hdsupp_s.lrp
> package.  Fsck cannot find a shared library and neither can I...  when
> the system boots or when I try to run fsck.ext2, I get the following
> message:
> 
> Parallelizing fsck version 1.12 (9-Jul-98)
> fsck.ext2: error in loading shared libraries
> libuuid.so.1: cannot open shared object file: no such file or
> directory
> 
> I am running Dachstein and loaded the Materhorn hdsupp_s, which is the
> latest version I have found.  The disk is set-up precisely per Charles'
> HOWTO, except for the partition sizes (the names were not even changed
> to protect the innocent.)
> 
> Any ideas... I am running out of them myself...
> 
> Thanks to all,
> 
> Pete Dubler
> Fort Collins, CO


When you try to run an application that uses system
files, you want to be sure that all the right files are
available for it work.

To do that, to find the dependencies, you can use another
program called ldd.

   ldd /usr/local/bin/fsck

would tell you what shared libraries fsck depends
on, and which ones were found.  Doing that on the
fsck you're interested in would tell you how libuuio.so.1
is not found on your system (in /lib or /usr/lib).
It may tell you others are not found.

Either way, make note of which libraries it still needs and
then go find them on Charles's site in his files.  Hopefully,
you'll find a libuuid.lrp package.  If you install that first, 
then that library would be available for fsck to use.



If you're using an older fsck.lrp package, it may
have been compiled so long ago that it won't run
properly on your newer dachstein kernel.  It will
give you an error if that's the case, which you
can post about if it occurs.

Good Luck,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] HELP HELP!!......grrrrrr

[Matt Schalit]

Jim Van Eeckhoutte wrote:
> 
> No now its not that its not getting a address... its just losing link
> led when driver is loaded ... therefore no connection.
> This is nuts... hehehehe


Swap out the rtl8139 and see what happens.
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Where can I find smb.lrp for Dachstein?

[Matt Schalit]

Pete Dubler wrote:
> 
> Wow, my wireless Dachstein is running great.

What's a wireless Dachstein?
Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Network Card Problem

[Matt Schalit]

Patrick Nixon wrote:
> 
> Hello All,
> I briefly mentioned a few weeks ago a problem I'm having with a
> specific network card, however, no one had any solid advice and I wasn't
> sure what the exact problem was so I'm reposting with a bit more
> information I hope.
> 
> NIC: 3Com 3C920 Integrated network Card (lists as a 3c905C-TX in some
> systems)
> 
> System: Dell Optiplex GX150
> 
> Problem: Despite a successful loading of the module 3c59x.o I am unable to
> receive any data over the network interface.  from netstat -i I can see
> that it's transmitting, just not receiving properly.
> 
> I have RedHat 7.2 with Kernel 2.4.3-7 running on an identical system,
> with a 'different' 3c59x.o module and that system is happyhappy.
> 
> Ideas/suggestions/whathaveyous?
> 
> --Pat


Because you have two system with idenitcal nics builtin,
boot them using a dos floppy and run the 3com cfg utility
to execute the sender responder test and prove to yourself
that it's not hardware/cableing/dulex/speed/irq/addy.

Then look at the date on the driver module and compare
it to others you can find on the LEAF site or on the
developer's site.

Good Luck,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Linux kernel IP masquerading vulnerability possibleinDachstein CD V1.0.2?

[Matt Schalit]

Steve Jeppesen wrote:


> BTW, does anybody know where there might be a link to 
> search leaf-user mail


http://www.mail-archive.com/

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] dachstein cd 1.0.2: keyboard and cdrom errors

[Matt Schalit]

Peter Jay Salzman wrote:

> question -- i'm thinking of going back to seawall.  when using a
> different firewall package, i assume dachstein has no way of knowing
> a priori you're using another firewalling package?

Basically, yes.  I should have included seawall.
 
> i assume the firewall packages simply wipe all ipchains, all port
> forwards and start fresh?

That's what I do.  
 

> > > on the upside, boot time is now cut by a third.
> >
> > People rarely reboot the firewall.  So boot speed
> > is not that significant, though using a cdrom
> > to load all your packages is what's fast.
> 
> i rebooted between eigerstein and dachstein like crazy, since i needed
> to access the internet to get help and read tutorials.

Me too when I was getting into it.


> remember -- i'm new at this, and it took me an awful long time and alot
> of trial and error to get dachstein working.

I think someone might have helped you by pointing you
toward the best documentation.  I thought someone had
a walkthrough up already.


> well, actually that was a joke that you apparently didn't get.

My bad.

 
> but now that you mention it, yes.  i'm completely convinced that my net
> connectivity is faster.   i know what conventional wisdom says; you
> share in that view point.

Faster is better.  Thanks for posting any repeatable
oberservations that you can quantify.  We always like
the facts.

 
> however, i spend alot of time at the computer, and the difference IS
> noticeable.  my girlfriend noticed it too.

Well, then it was worth it :)
Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] ping check not working bug resolution

[Matt Schalit]

Paul Rimmer wrote:
> 
> Whoops, added missing /bin to path and now email comes through but $HOSTNAME
> still returns nothing.

You can try to figure it out or just code the
thing to work, like this:

LEAFHOSTNAME=`cat /etc/hostname`

and just use that.  If you want to figure
it out, write a few test scripts for cron
to run that determine as much info as possible,
using things like

   set >/tmp/evars 2>&1
   whoami
   etc...

Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] 2 minor corrections to the LRP boot disk howto

[Matt Schalit]

Peter Jay Salzman wrote:
> 
> to whomever is maintaining the LRP bootdisk howto:
> 
> 1. under "rolling your own",
> 
>   # syslinux -s /dev/fd1680
> 
> should be
> 
>   # syslinux -s /dev/fd0u1680
> 
> 2. the maintainer's email address [EMAIL PROTECTED] is no longer
> valid.
> 
> pete


Pete, the closest document I could find at leaf.sourceforge.net was

http://sourceforge.net/docman/display_doc.php?docid=1416&group_id=13751

and it doesn't have that syntax.  What url were you refering to?
Thanks.   Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] slow sysklogd startup with Oxygen

[Matt Schalit]

[EMAIL PROTECTED] wrote:
> 
> Hi,
> 
> I use an Oxygen (latest release) boot floppy with sysklogd.lrp package.
> Everything is okay but the syslogd daemon startup is very slow : more than 2 minutes 
>! My PC is a Pentium 150 with 32MB RAM.
> Is this normal ?
> Is there a way to get a faster syslogd startup ?
> TIA.
> 
> Laurent Derrien

You can try setting up you /etc/resolv.conf correctly
with valid nameservers, and take a stab at /etc/hosts,
also.  Need more detail?

Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Newbie: Help choosing correct package

[Matt Schalit]

guitarlynn wrote:
 
> I've roughly got one, if somewhat opinionated from my experience.
> 
> http://www.geocities.com/guitarlynn/lrp.html
> 
> ~Lynn Avants
> Guitarlynn


Thanks for putting that up.  Any reason why
the first couple of paragraphs have strange
word
wrap so that a lot of lines look like the above?

Also, you can add to your explanation of the original
LRP variant, Dave Cinege's baby, that none of us use it 
because he's a jerk and thinks Tim McVeigh was a hero.

Best,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Newbie: Help choosing correct package

[Matt Schalit]

[EMAIL PROTECTED] wrote:
> 
> Hello.

Nice to have you aboard.  Try Dachstein 1.0.2.  Cd is
fun if you got a burner.

 
[snip]
 
> Hardware wise, I will be using a P90 with 16MB RAM.

ouch.  Use 24 or 32 MB if you can for good whatnot program
headroom and space for your logfiles.

Best,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] chatscript for pacbell.net

[Matt Schalit]

Phil Faris wrote:
> 
> My ISP (Verio) is dropping dial-up service.  I am trying to create a new
> back-up for my DSL service.  I am using Dachstein-CD-1.0.2.  I changed the
> telephone number, user name and password in the old script, however, after
> it dials and I receive the "CONNECT" from pacbell.net the script fails.  I
> tried sending "carriage return ("") then tried "\c\d" and it still
> failed.  Any ideas would be appreciated.
> 
> Phil Faris


I agree with Ray, though I'd say use cu, but I'm old
and withered.  Don't forget x9, :-)

Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] 2 minor corrections to the LRP boot disk howto

[Matt Schalit]

Peter Jay Salzman wrote:
> 
> matt, this was on:
> 
> http://c0wz.steinkuehler.net/dox/mirrors/LRP_Disc_HowTo.html
> 
> truly, one of the most well written documents i've come across.  the
> author did a _fantastic_ job outlining how to use high capacity floppy
> disks.
> 
> the errors don't detract from it (one is a typo, the other is a broken
> email address).  perhaps it should be assimilated into the LEAF docs?
> 
> pete



That's a mirror of http://lrp.c0wz.com/ and you might
be able to find Rick's email on that page, which is his
original one-stop-shop for lrp documentation.  He's been
awol for a few months now, I think because he's busy at
work.  I don't know that anyone's maintaining it, but
Ray might know.

Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] DCD, ipsec & windows networking ???

[Matt Schalit]

"Michael D. Schleif" wrote:
> 
> Brock Nanson wrote:
> >
> > The catch to all this is browse lists.  Unless you are running Samba
> > boxes on *both* ends of the VPN doing browse list synchronization, you
> > won't see the machines in both LAN's in Network Neighborhood.

[snip]

> > But the local browse broadcasts aren't
> > routable and hence, won't find their way onto the other subnet.


You might do well to reread the part I left in, because
he's telling you what to expect.  Your broadcasts aren't
routable, that's why you can't browse unless you run two 
wins servers and have them communicate.  Or Samba.  I don't
know all the garbage that ms has nowadays for 2k that might
crowbar in browsing.

 
> What do you mean, ``able to cut/paste at will''?
> 
> What about shares?  If we cannot browse to the other side with explorer,
> how do we map shares?  Manually, by knowing the name/address and share
> name?

Yes, you map using the name/address and share name, even though
you can't browse, assuming you're not blocking those 13x ports.
That's what all those script kiddies do when they try to connect
to your shares.  They run the "net use" command on Windows.

Try this:  net /?

Good Luck,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Stop logging

[Matt Schalit]

> You can either drop the "-j" part of the rule or use the SILENT_DENY
  
   /
  /
  Um, I think you mean the -l part, but they probably
get the idea :-o

Take it easy,
Matt





> option (if it is in Eigerstein ... I forget).
> 
> Something along the lines of:
> 
> SILENT_DENY="all_10.229.46.1_68"
> 
> --
> 
> ~Lynn Avants
> aka Guitarlynn

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Dach Floppy

[Matt Schalit]

[EMAIL PROTECTED] wrote:
> 
> BTW, that is a literal "0.0.0.0" in the debug output,
> not just me hiding my ip.
> 
> Sean
> > Ok, sshd -d  (debug!) returns:
> >
> > 
> > Stuff
> > More Stuff
> > Bind to port 22 on 0.0.0.0 failed:  Address already in
> > use.
> > Cannot bind any address.
> > -
> >
> > This was Dach Floppy modified to be a static address.
> > How can I tell what is using port 22 already?
> >


The 0.0.0.0 is fine, and it is telling the sshd to
listen on port 22 on all ip addresses configured
into the Os. (ie eth0 and eth1).  As long as you
have port 22 on eth0 blocked, you're not going to
have anyone connecting from the external side.  Thus
running the sshd on 0.0.0.0 is safe enough.

To find out if a server is running on a particular
port, you use the netstat command:

netstat -an
or  netstat -a   if you have an interest in human readable names.

What does ps tell you?

Good Luck,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Dach Floppy

[Matt Schalit]

"Sean E. Covel" wrote:

> Thanks to all of you who offered info.  I know just enough Unix (and
> that's useland not admin) to get myself into trouble.
> 
> Sean


The motto in my favorite unix newsgroup,
is "Learn by destruction."

Best,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Linux 2.4 based Firewalls made in Switzerland

[Matt Schalit]

Sandro Minola wrote:
> 
[snip]

> -graphical config interface (java based, runs on Win/Mac/Linux)

Screenshot please.

> -They don't "hide" features because they think you are stupid and won't be
> able to configure a firewall properly

Hiding stuff is bunk, but it's also nice when a router
works out of the box, or with three pieces of info, like 
ipaddress, username, and password, the way theirs does.

[snip]


> The products are called "Ethernet II" and "Ethernet III".

It looks like the Ethernet III comes with an "integrated 4-port 
Ethernet switching hub 10/100 Mbits/s."  

That's neat, but I don't know of any micro sized 10/100 switches 
that people can put into a pc.  Do you?

Thanks for posting this.
Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Dach Floppy

[Matt Schalit]

Jack Coates wrote:
> 

> > The motto in my favorite unix newsgroup,
> > is "Learn by destruction."
> >
> > Best,
> > Matthew
> >
> 
> I got started by installing Slackware 2.1 on a *tiny* 386 with a 160MB
> hard drive; in the first six months, I must have whacked and reinstalled
> that box about fifty times. It took six weeks to figure out reasonable
> partition sizes on such a small hard drive, and startx took about ten
> minutes to produce FVWM :-)
> 
> --
> Jack Coates
> Monkeynoodle: A Scientific Venture...


I got a good laugh out of this one, first thing
in the morning, sipping a cup of coffe, listening
to Van Morrison - Into the Mystic.

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Dachstein-CD v1.0.2 as a router only (no firewall)

[Matt Schalit]

Nicolas Riendeau wrote:

[snip]

> Good luck!
> 
> Nicolas Riendeau
> 
> PS: Please forgive my English as it's not my mother tongue. Thanks!
> 
> PPS: Don't worry, I've rebooted my firewall after these tests (-;
> (-; (-;


Ok, so are you from somewhere interesting where
they write from right to left so that the smileys
go right to left, ie (-: as versus left to right :-) ??

Just curious.  Me ignorant american. :-o
Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] winscp plug

[Matt Schalit]

Paul Rimmer wrote:
> 
> I'd just like to put in a plug for a really nice piece of freeware, winscp2.
 [snip]
> For more info you can take a look at:
> http://winscp.vse.cz/eng/
> 
> Cheers,
> Paul


Heh.  Check out the screen shot closely.  This is like
those Sunday comix where you have to see if you can find
what's wrong about the picture.

  http://winscp.vse.cz/eng/screenshots/large/commander.gif

Anybody see it?  Anyone?  Ok.  If you want the anwer, you'll
have to scroll down the page, but you're bunk if you don't 
even look at the screenshot first





















































































Answer:
  It's funny that the function keys listed along the 
  bottom of the winscp window are out of numerical order.
  It is.  It's funny. Go and look at it... go.  Go on.  
  There's no more to this.  Go already .  Go.  GO.



  arggghh.

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] winscp plug

[Matt Schalit]

Paul Rimmer wrote:
> 
> I'd just like to put in a plug for a really nice piece of freeware, winscp2.


Couldn't get it to work with Oxygen.  It would
log in, but it couldn't negotiate the shell.  It
looks like the directions call for bash.

Thx Paul,
Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] winscp plug

[Matt Schalit]

Simon Bolduc wrote:
> 
> You may need to specify /bin/sh in the shell parameter.I was having the
> same problem - and doing this fixed it in Dachstein.
> 
> S


Ahh.  Thanks, that fixed it.  I guess I shouldn't
have read the documentation that said it needs
bash and then believed it :)

Works on Oxygen w/JN's OpenSSH3.0p1 package.
Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] winscp plug

[Matt Schalit]

Paul Rimmer wrote:
> 
> > Couldn't get it to work with Oxygen.  It would
> > log in, but it couldn't negotiate the shell.  It
> > looks like the directions call for bash.
> 
> That's too bad.  It works out of the box with Eigerstein and Dachstein with
> the mods I mentioned.  Bash isn't necessary with those.

Hey Simon figured it out for me, so it
works now.

 
> Paul
> 
> P.S. Are you feeling better after your "function key ordering" episode?
> 
> :-)

Yes and no.  When I got winscp running, I wanted
to see the function keys all out of whack in the
window, but apparently somebody noticed that and 
fixed 'em.  :-o

Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Firewall Setup

[Matt Schalit]

[EMAIL PROTECTED] wrote:
> 
> While sifting through docs I found this error which I have been receiving, while 
>trying to
> ping any internet IP from the LRP box:
> sendto(): operation not permitted

It's either your network or your firewall rules or some permissions
on some files got messed up.  Quick fix is download LEAF version
called Dachstein 1.0.2.  It's well written, and is a complete
firewall, once you get your nic modules and your network.conf straight.
For a home setup, that goes quickly when you read the readme.


I.)  Your network isn't functioning.
   Network nic modules may not be on diskette.
   Network nic modules may be on diskette but are commented in modules.conf.
   Network nic modules may be on disk and uncommented but helper modules
  may be commented and aren't being loaded before nic modules.
   Syntax errors may be in /etc/network.conf.

Ways to check:
  ifconfig -a
  netstat -rn

orip addr show
  ip route show

and   more /var/log/syslog
and   dmesg | more

stuff like that, ok.



> It says that this is the result of incorrect setup of the Firewall rules.  Where can 
>I find some
> documentation on setting up a set of Firewall rules that will give me at least 
>minimal access
> to the net (www & email for now).  At least if I can get that working I can slowly 
>work
> through the rest.


II)  It's your firewall rules.  Strange.  I've written a firewall or
 two, and I don't remember this error.  But then again, I don't go looking
 to stop ping.  From my memory, when ping can't get out, it simply sits
 there, waiting, as versus giving you a lower level driver error.

You don't have any rules.
The ones you have are wrong.
You made your own.
You are using an old LEAF version.
You are using the newest and best LEAF, but you have syntax
 errors in network.conf or you deleted some other files.
You are cobbleing a LEAF together out of parts and pieces
   you've found on the net, due to rational exuberance, but
   you lack the hindsight to know what you really wanted.

something like that.

Ways to fix:
Well, you asked for some rules, so what you do is this:
   1)  List you rules with
 /sbin/ipchains -L -v -n > /tmp/rules
 /usr/sbin/ipmasqamd portfw -ln >> /tmp/rules
 cat /proc/net/ip_masq/autofw >> /tmp/rules
 more /tmp/rules

   something like that gets you all the rules that maybe
   in effect.

2)  To get rid of all the current rules is to flush
them out, using:
 /sbin/ipchains -F
 /usr/sbin/ipmasqadm portfw -f
 /usr/sbin/ipmasqadm autofw -F

3)  To set the global policy to ACCEPT for the input
and output chains on all nics, you would do:
 /sbin/ipchains -P input ACCEPT
 /sbin/ipchains -P output ACCEPT
 /sbin/ipchains -P forward ACCEPT

4)  Some rules for a system that uses one IP addresses
from an ISP on eth0 as the external nic, and one
private LAN that uses NAT to hide it that is called
the 192.168.1.0 network connected to eth1, could use 
the following after flushing and setting the policies:


/sbin/ipchains -A foward -j MASQ -p all -s 192.168.1.0/24


It doesn't take much, does it :-o

What this does is allow all traffic in and out of both
nics, and masq's the internal network.  It leaves you
open to connection attempts to services like telnet 
running on the LEAF.  Even though the LEAF is open to 
the connection attempts, the internal network is unreachable
because it is masq'd and there is no route to it.
It leaves you open to spoofed and stuffed attacks, which
are very rare.  So do use this forever.  You're fine with
it while you configure your system if you don't have any
services running, like telnet or ssh on the LEAF.


This mini ruleset will work if your default gateway and
the rest of your routing table is correct.

However, like I said, the simple answer is Dachstein on floppy only.
If you want to doink around with the CD version, that different.

Good Luck,
Matthew

 
> My main problem is right now, to test out the router I have to switch my cable modem 
>to it.
> Once that is done, it makes it difficult (currently impossible) to do any research on
> problems as they come up.
> 
> Again, your help is greatly appreciated.
> Sincerely,
> 
> Justin Pease
> N u a n c e   N i n e
> Web Usability, Development and Design
> www.nuance9.com

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Filtering Web content

[Matt Schalit]

Pär Johansson wrote:
> 
> Hello
> My 8 year old boy is getting verry interested in the internet, but i
> have some considerations (porn etc.) connecting his computer to the
> net.
> Is it possible to add some web filtering to dachstein, can squid or
> some other package do this?
> 
> Regards
> 
> Pär Johansson


The fundamental nature of the Web is to provide unlimited
access to the entire world's knowledge.  Even Senators have
difficulty with that concept.  

Matthew


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Suspicious 'last'

[Matt Schalit]

Jon Clausen wrote:
> 
> Hi list
> 
> I've been monitoring the list for a while now. Seems there are some very
> knowledgeable people here. Originally I was going to ask about some
> vpn-stuff, but then this happened:
> 
> Running Dachstein on a three-way box with LAN (192.*.*.*) and DMZ (10.*.*.*),
> at a remote location. Everything seems to work (well pretty much anyway). I
> have web, mail, ftp and ssh forwarded through to dmz-host. As I logged in on
> the dach-box (ssh to dmz-host, and ssh from there to dach-box) last night it
> started the whole 'host unknown, somebody might be eavesdropping, do you want
> to continue?'-thing.
> 
> Now this was because I was using a host (on my home lan) that I don't usually
> use for this. So I went to the machine that I *do* use for this, logged in
> (no problem) first to the dmz-box, and then to the dach-box.
> 
> I then looked at 'last', and then I got worried:
> 
> # last
> USER TTY PID TIMEON  FROM
> reboot   ~   0   22545   2.2.19
> root ttyp0   845 22491   192.*.*.*
> root ttyp0   153221794   UNKNOWN
> root ttyp0   154021791   10.*.*.*
> root ttyp0   155421785   10.*.*.*
> root ttyp0   538512592   10.*.*.*
> root ttyp0   550512518   10.*.*.*
> root ttyp0   682410156   10.*.*.*
> root ttyp0   90465075192.*.*.*
> root ttyp0   10667   157610.*.*.*
> root ttyp0   11313   114010.*.*.*
> root ttyp0   11804   176 10.*.*.*
> root ttyp0   12220   135 10.*.*.*
> root ttyp0   12235   119 10.*.*.*
> root ttyp0   12263   78  10.*.*.*
> root ttyp0   12597   70  10.*.*.*
> root ttyp0   13135   56  10.*.*.*
> root ttyp0   13744   26  10.*.*.*
> root ttyp0   13758   23  10.*.*.*
> root ttyp0   13769   18  10.*.*.*
> root ttyp0   13829   0   10.*.*.*
> 
> Looking at the logs, I can see that this UNKNOWN corresponds to a root-login
> yesterday *morning*.
> 
> The only other person who has access to these systems, tells me it wasn't
> him...
> 
> Now I'm pretty new at this stuff, so I really would appreciate some opinions
> on this... Should I *be* worried, is there a way to check whether stuff has
> been tampered-with?
> 
> I'll post further info, as requested/required.
> 
> TIA
> 
> Sincerely
> 
> Jon Clausen



Hey Jon,
  I can't say for sure, but these three look too
similar to be co-inkydinks:

> USER TTY PID TIMEON  FROM
> root ttyp0   153221794   UNKNOWN
> root ttyp0   154021791   10.*.*.*
> root ttyp0   155421785   10.*.*.*


Don't you think there's some similarity?  It difficult
to get those so sequential, wouldn't you think?  Could the
unknown be from a login that didn't finish for some 
innocent reason?

Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Speed Survey

[Matt Schalit]

Paul Rimmer wrote:
 
> ** Speed 2325(down)/1034(up) kbps **
> ** Speed 2925(down)/947(up) kbps **

> P133 64MB RAM DCDv1.01 with brand new Motorola cable modem (old one was
> definitely slower).

> I'd be curious to see what other cable modem users are getting and what
> their  config is.
 

@home in Petaluma, CA, near the wine country.  

   2400 kbps(down)/128(up) kbps.

The LEAF is a PII 400, 2U Gateway thing, so there's not
going to be any bottleneck there.  He's capped for sure,
because he see's that speed a lot of the time.

--

As far as raw speed goes, I really gave the DSL installers, who
took care of me near San Francisco, the real once over when they
finally got around to my house.  I'm out there by the pole, 
telling them how I'm going to get another three phone lines in a 
two months, so they better run an entirely new trunk from the pole 
to my house (they did, 6 lines, heh).

Then I made them test the heck out of it, and they found they
could get 9000(down)/8000(up) kbps using their testers.
Heck, I could host the LEAF site with that speed :)  But 
unfortunately, I was only paying for 1500/128, so I was
going to be capped by the system.  

I'd never really see that 9000/8000, though, because I doubt 
they'd supply me with a 100 BaseTx dsl modem.  So I figure 
I'd be good for a solid 5000/5000 if I had the $$ to pay for
the service.  I'm 10017 ft ( 3070 meters ) from the central
office.  

Best,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] oxygen + snort + kernel panic

[Matt Schalit]

dyp wrote:
> 
> Hi!
> 
> I am using Oxygen May 2000 and snort1.8. The router routes the packets
> when snort is not installed. But when snort is up, I get the following
> message and the system hangs. None of the special keys work.
> 
> error message :
> $ kernel panic: skput: over c014e7cb : 1006 put : 1006 dev : eth0
>  In swapper task - not syncing.
> 
> I get the same error message when I have ipchains turned on.
> 
> It would be great if anyone could suggest a solution.
> 
> Thanks,
> Dharmin.


I think something's wrong with David's SF email account,
or something, because he's not been around in a bit.

Anyway, I'd suggest you upgrade Oxygen to 1.8.0, which
is a supposedly stable release.  Pair that with the latest
snort in his package directory and see what happens.

If it doens't work, try out Dacshstein.

Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] What's a good MTU for eth0?

[Matt Schalit]

I just thought of a question that I haven't considered
in a while.  Tuning your MTU to reduce fragemented
packets.  What's the best MTU for the external nic
on your LEAF?

I admit I haven't done my homework on this yet, but the 
last time I looked, trying to get win95 and 56k modems 
to work better, the best MTU was 512 or something like 
that, because "many of the main internet routers have an
MTU of 512" was the mantra.

Any comments, urls?

Thanks,
Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Keeping system date upto date

[Matt Schalit]

[EMAIL PROTECTED] wrote:
> 
> sadly, my eigerBeta2 based router must operate under some Draconian
> operating perameters (due to it being in the same room as where my wife
> studies for exams) .. hence it must be ultra quiet. I have implemented
> this by using a friends old (5+ years old!) laptop with the Hard disk
> removed. It does operate without any noise whatsoever, but lately I had
> received complaints about the rather loud fan that would go on
> intermittently (usually I wasn't even using the connection when this
> happened)... I found a setting in the BIOS to drop the laptop into
> a low power state when no activity was detected. ( Yes, I know that a
> router that enters sleep mode after a few minutes is indeed a sad
> beast, but such is my predicament!)
> 
> This works great, no more fan going on, and the power light turns
> yellow from green. No problems with using the network connection, the
> pcmcia cards seem to stay powered on, and as soon as I connect to a
> website on the outside or externally to the router via ssh, it works
> (without any noticeable lag in response time as it 'wakes up').
> 
> The trouble is that the routers time gets screwed up, as it doesnt seem
> to get updated when it is 'sleeping'. hence the uptime command is way,
> way off, and worse yet, timestamps on the logs are not accurate either!
> Looking through /etc/lrp.conf, I have seen a setting there for a date
> server that would be connected to in order to get the correct time. Has
> anyone used this? More importantly, can anyone list for me the date
> servers that they use? I have not ever used one of these before, and am
> in the Pacific Timezone. Also, what changes (if any) are required in
> the firewall rules (i.e. are there ports that need to be opened for the
> server(s) )
> 
> Thanks for any replies!


The definitive source for time servers has always been:

http://www.eecis.udel.edu/~mills/ntp/servers.html

May I suggest a nice variety of Stratum 2 servers?  

I would search around, like the other fellow mentioned, and 
try to hash out the problems of updating your clock. 

Once you get the scripts to work, you have to figure out
a way to run a script when the laptop comes out of hibernation,
but not the rest of the time.  So a cron script that runs
every five minutes would work, but would be too often if you're
not using it and would put too much load on the public ntp servers 
for such a minor problem.  Plus, wouldn't a script bring
the laptop out of hibernation?

Can you just update the OS clock from the BIOS hwclock,
as long as the BIOS clock keeps the correct time during
suspend mode?

If so, you could do that with a cron script that checks
the two to see if they are different once every few minutes
or so.  If they are, it updates the OS clock with the hwclock.
(As long as this doesn't wake the computer out of suspend).

Does that seem to make sense?
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] weblet howto, Updated

[Matt Schalit]

Jon Clausen wrote:
> 
> > I put the draft at: http://bund.dk/~jon/weblethowto-pub.html so you guys
> > can get a preview. (Also it was a good opportunity to make some more html
> > and myself a homepage -my first...) I'll update it later today with the
> > above...
> 
> O.k. done.
> 
> Feedback welcome :)
> 
> Jon

N1 Jon,

The answer to the remote thing would be to have a script
loaded on your remote laptop that, when run, determines the
laptop ip and writes a one line file containing:

sh-httpd: ip.add.re.ss/255.255.255.255 

to the laptop temp directory, and then uses scp or ssh or rsync 
to append that one line temp file to the LEAF box /etc/host.allow.

If the laptop is on a private network, then the script uses
the NAT gateway ip.  Determinig the NAT ip could get tricky, 
but can be done easily enough with a script that when called
makes traffic to somewhere that responds with the NAT ip.

I don't think it's necessary to use dyndns.
Best,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Re: Weblet from the outside

[Matt Schalit]

[EMAIL PROTECTED] wrote:
> 
> I achieve this by tunnelling the http stream through an SSH session.
> My command line is as follows:
> ssh -l root -L 81:localhost:80 hostname
> 
> Once I am logged in, using the URL http://localhost:81 opens weblet.
> I did need to edit /etc/hosts.allow and /etc/sh-httpd.conf to add 127.0.0.1
> for this to work. I also needed to
> killall -HUP inetd
> for the changes to take effect.
> 
> Gareth



That's was interesting Gareth.  Thanks for posting
that.  But what's all this crap below it?  Are you
telling me that your "information from ITF" is
"intended for the use of the adressee only," meaning
that some friend of mine who's not on the list can't 
read this?  What a bunch of bullshit.  
"use of the contents of this message is prohibited" ???
Well, fuck you too, you elitest asshole.  I'll certainly
shitcan everything of yours from now on, like the message 
says.

Regards,
Matthew


 
> 
> 
> 
> This electronic message contains
> information from ITF that may be privileged and confidential. The
> information is intended to be for the use of the addressee only. If you are
> not the addressee, note that any disclosure, copy, distribution, or use of
> the contents of this message is prohibited and you must destroy this
> message and all copies of this message in your possession. As e-mail can be
> changed electronically, ITF assumes no responsibility for this message or
> any attachments. Nor will ITF be responsible for any alteration to this
> e-mail or its attachments. 
>  
> 
> 
> 
> 
> 
> 
> This electronic message contains information 
>from ITF that may be privileged and confidential. The information is intended to be 
>for the use of the addressee only. If you are not the addressee, note that any 
>disclosure, copy, distribution, or use of the contents of this message is prohibited 
>and you must destroy this message and all copies of this message in your possession. 
>As e-mail can be changed electronically, ITF assumes no responsibility for this 
>message or any attachments. Nor will ITF be responsible for any alteration to this 
>e-mail or its attachments. 
>  
> 
> 

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] OT: Easter egg at leaf.sourceforge.net

[Matt Schalit]

I got out of line this morning in an email because
my life ain't so great, but to lighten the mood a bit,
here's an easter egg you can look at that's hidden in our
php website.

To do so, surf over to http://leaf.sourceforge.net/

Once the page loads, tack this onto the end of the
the url and hit enter

 ?=PHPE9568F36-D428-11d2-A769-00AA001ACF42

Take care,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] OT: Easter egg at leaf.sourceforge.net

[Matt Schalit]

Mike Noyes wrote:
> 
> At 2002-01-25 01:28 -0800, Matt Schalit wrote:
> 
> >I got out of line this morning in an email because
> >my life ain't so great, but to lighten the mood a bit,
> >here's an easter egg you can look at that's hidden in our
> >php website.
> >
> >To do so, surf over to http://leaf.sourceforge.net/
> >
> >Once the page loads, tack this onto the end of the
> >the url and hit enter
> >
> >  ?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
> 
> Matt,
> I figured something was bothering you. I hope things improve for you.

Hey, thanks a lot.  That's a nice way to start my morning.

 
> How did you find the Easter egg? I think I'll bring this up on the phpWS
> devel list. I wonder if they even know it's there.


Ha.  You're going to ask the developers why the author's
picture has a pair of chopsticks in his nose.  Hah!

Yes, you figured it out, it's a real easter egg, and it's
the only php one I know of.

How I figured it out is classified.





Well, ok, I tell *only* you.  I was really bored last
night and decided to blindly surf around, which I haven't
done since 1995, about the time that NCSA stopped putting
up the "What's New" page and when Yahoo was starting up.
I ended up clicking a link to http://www.eeggs.com/
which made for a few hours of intersting reading about
things like hidden Freecell games on Win98 and Tetris
on an HP Oscilloscope.

Best,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] cpu utilization measurement

[Matt Schalit]

dyp wrote:
> 
> I am looking for a cpu utilization measurement tool for lrp oxygen.
> Any pointers !!!
> 
> -Dharmin.


Like top or something?

I looked, and top's not in pub/oxygen/packages,
which leads me to believe that top may not be able
to interface with Oxygen's busybox ps and kernel.
Either that or David didn't get around to it.
I see that he has ntop, but the last time I tried
it, I got a segfault.  Your mileage will vary.

My next guess is uptime, though the good lord
only knows how accurate that is  :-o  Did you 
realize you already have that command?

Take care,
Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] setting up tinydns.lrp

[Matt Schalit]

Martin Hejl wrote:
> 
> Hi everybody,
> 
> today, I successfully set up a Dachstein box. On the router, I'm running
> tinydns and dnscache to replace our (private) DNS server (which was Bind - I
> guess I don't need to tell anybody why I wanted to switch).
> 
> Thanks to Jacques' excellent documentation, setting tinydns up was pretty
> simple (except for the part below).
> 
> One thing that took us quite a while was to figure out why reverse lookups
> didn't work on the internal net. The way we finally got it to work was to
> declare all entries in  /etc/tinydns-private/root/data as PTRs.
> 
> For example
> =example1.private.network:192.168.1.1
> instead of
> +example1.private.network:192.168.1.1
> 
> Now, my question is, is that actually correct? If so, I guess it would be a
> good idea to add a reference to that to the docs (I know there's a PTR in
> the sample, but since that referred to the router name, we assumed that
> there was something special about that - remember, I'm surely a "DNS
> newbie").
> 
> And if I'm wrong with my guess, I'd appreciate any ideas or suggestions on
> how to make reverse lookups work "properly".
> 
> Martin



Martin, you figured it out correctly, but you may not understand
what you did fully.  So here's the section from cr.yp.to that 
describes the entry you made:


> =fqdn:ip:ttl:timestamp:lo
> 
> Host fqdn with IP address ip. tinydns-data creates 
> 
>  an A record showing ip as the IP address of fqdn and 
>  a PTR record showing fqdn as the name of d.c.b.a.in-addr.arpa if ip is a.b.c.d. 
> 
> Remember to specify name servers for some suffix of fqdn; 
> otherwise tinydns will not respond to queries about fqdn. 
> The same comment applies to other records described below. 
> Similarly, remember to specify name servers for some suffix 
> of d.c.b.a.in-addr.arpa, if that domain has been delegated to you. 
> 
> Example: 
> 
>  =button.panic.mil:1.8.7.108
> 
> creates an A record showing 1.8.7.108 as the IP address of 
> button.panic.mil, and a PTR record showing button.panic.mil as 
> the name of 108.7.8.1.in-addr.arpa. 


As you analyzed, the + style data line doesn't create the PTR
record for reverse lookups.  It only creates the A record.

With the = you get both.

n1,
Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Two instances of weblet (internal & external)

[Matt Schalit]

Sergio Morilla wrote:
> 
> I would like to provide a very small web page on my external
> interface and weblet on the internal interace.
> I thought on modifying weblet pages and repackage everything
> in a www.lrp package to serve a very small web page.
> 
> Is there a way to do this? How?
> I should be able to identify where the request comes from (eth0 or eth1)
> and provide the http server (sh-httpd)
> 
> Am I right???

Take a look at routerst.lrp that was recently discussed on
this list or the devel list.  It's less than 1k and will 
show you exactly how this can be done.

The trick is that inetd listens on a port for connections
and starts whatever shell script you want, sending the
incoming data from the port to stdin.   The script never
has to know anything about the network, only what to
expect to be appearing on stdin.

Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] [OT] graphics processing progs ???

[Matt Schalit]

"Michael D. Schleif" wrote:
> 
> We have a customer that generates hundreds of images everyday, each of


netpbm was the original.  Imagemagik can use it to add to
it's vast array of file types that it handles.  Try out both.
The netpbm maintainer is a nice guy.

You're not going to do the conversion on the fileserver are you?

Regards,
Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] root user startup file.

[Matt Schalit]

[EMAIL PROTECTED] wrote:
> 
> So, forgive for being a perpetual newbie.
> 
> 1) I know there are startup files for each user, a generic startup file for
> any user (and probably more) but what are the file names and where are they
> located.  Is there a "howto" for these?

The user startup scripts are called .profile, and they
are in the user's home directory, ie  /root/.profile

The system-wide login script is /etc/profile

 
> 2) I would also like to make some of my own little script files.  I get
> tired of:
> 
> mkdir /mnt/floppy
> mount -t msdos /dev/fd0 /mnt/floppy
> mkdir /mnt/flash
> mount -t msdos /dev/fla1 /mnt/flash
> 
> Because ultimately, I will reboot to try some changes and then have to
> enter them again.  Normally, I run without the floppy attached unless I
> need to experiment.  So when I attach a floppy, I would like to issue a
> command to perform the mounting.
> 
> Thanks all.


Ok, here's how it's done in /etc/profile, to make a few
aliases that help a lot!

-
#!/bin/sh

# there's more stuff here I left out. 
# the aliases and the one shell function are the
# only intersting parts for this post

alias l='ls -l'
alias ll='ls -al | more'
alias cls='clear'
alias msl='more /var/log/syslog'
alias tsl='tail -f /var/log/syslog'
alias m2='mount -t msdos /dev/fd1u1680 /mnt'
alias mboot='mount -t msdos /dev/fd0u1680 /mnt'
alias uboot='umount /mnt'
alias vpf='vi /usr/local/bin/pfw'
alias vpo='vi /usr/local/etc/popts'
alias vpfu='vi /usr/local/etc/pfuncs'
alias vpv='vi /usr/local/etc/pvars'

help () { more /var/lib/lrpkg/${1}.help ;}




In the above example, the aliases allow you to just type
commands simply, ie.

mboot 

and the system will mount the floppy.  The last example is the
help() shell function I wrote.  What that does is gives me a help
command the same way I have an mboot command, but this one does
more in that it handles command line arguments.  ie. At the command
prompt, I need to read the quick help on ssh.  So I would type

  help ssh


in order to launch the shell function help() with "ssh" as the 
first argument, $1.  The shell function, help(), runs and executes 
the following command:

  more /var/lib/lrpkg/ssh.help

Good Luck,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Re: NFS mounting through Firewall

[Matt Schalit]

Lonnie Cumberland wrote:
> 
> Hello Again
> 
> After making some changes to the firewall and setting up the port-
> forwarding for sunrpc and nfs on udp packets, I am no longer getting
> an RPC time out but now just:
> 
> mount: RPC: Unable to receive; errno = Connection refused
> 
> on the client machine when I try to mount the directory.
> 
> The client can been seen on the DNS as well as the server has the
> client IP in its hosts file.
> 
> Any ideas from here?
> 
> Cheers,
> Lonnie


Connection refused can arise because a daemon isn't
running, something isn't listening on the port, or
the permissions are wrong somewhere.  It's an indication
that the connection to the authentication mechanism never
occurred, iirc.

Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] re: root user startup file

[Matt Schalit]

[EMAIL PROTECTED] wrote:
> 
> Thanks Matthew.  Just one other question though.  Can I string multiple
> commands together inside one alias?
> 
> John


Sure, here's what I do on a different system:

--
cddev() { cd /home/matthew/Uber/Dev; pwd ;}

mcd1() { mount -F cdfs -r /dev/cdrom/cdrom1 /mnt && echo "Cd mounted.\n" ;}

uboot() { umount /mnt ;}

fwho() { cls; ftpwho ;}

xpcp() { cd /usr/lib/powerchute; /usr/lib/powerchute/xpowerchute ;}
--

Now the last command is useful because the program
xpowerchute require the user be in the directory for
it to execute properly.  But the downside of that
shell function is that, once you exit xpowerchute,
you'll be left in /usr/lib/powerchute, not where
you originally called xpcp from.  That can be frustrating
to have your aliases bounce you around the filesystems.

So in case you want to return to the original directory
you called xpcp from, you could write the shell function
like this:

xpcp() { ( cd /usr/lib/powerchute; /usr/lib/powerchute/xpowerchute ) ;}


or like this, which is more often seen:

xpcp() { 
  ( cd /usr/lib/powerchute
   /usr/lib/powerchute/xpowerchute ) 
  echo "Program completed"
  pwd
}


> What directory would the scripts be put into?  Is there a DOS 
> equivilent of a PATH that is searched?


These aliases and shell functions come from my /etc/profile.
They are written in that file, which gets executed for every
user, when the user logs in.

If you want the aliases and shell functions to be executed
only for user root, then put them into /root/.profile, which
is often written in shorthand notation as ~/.profile, where the
~ means "the user's home directory" or as $HOME/.profile.

Are you with me so far?

These aliases and shell functions that are in one of those
files get executed as I mentioned at login time.  Once
those get executed, they are stored in the shells memory
and are accessible no matter what your $PATH is set as.
They become "built-in," 

To list your built in variables, like PATH, use

 set



To list your built in aliases, use

alias




To list your built in shell functions your
are supposed to be able to use set, but that
doesn't work on Oxygen, so, if you know the
name of a command that's a shell function and
you want to see how it's defined, you use

type help


and that would look like this:

  # type help
  help is a function
  help() {
 more /var/lib/lrpkg/${1}.help
  }



It took me a bit to learn all those tricks.  
I hope you like them.
Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] hn.org and domain names

[Matt Schalit]

Paul Rimmer wrote:
> 
[snip]
> Does anyone have an idea as to what is happening here?  I think its
> something to do with the ANSWER SECTION showing hn's park server.  I've no
> idea how that is supposed to change.  I've been looking for an email address
> at hn.org to ask them but cannot find any contact info.


It's looks pretty clear that the new zone data you're
trying to submit to hn.org is not getting placed onto
ns1.hn.org, and when ns1.hn.org does zone updates to aux1,
the updates also aren't any different.

How are you going about submitting a new zone info
file to hn.org?

Matthew

 
> Any help would be greatly appreciated.
> 
> Cheers,
> Paul

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question

[Matt Schalit]

malik menzong wrote:
> 
> Lynn:
> That is what I was saying. I open the resolv.conf file and wrote something
> like this:
> XXX.XXX.XXX # DNS0
> XXX.XXX.XX # DNS1


If you put valid statements into Oxygen's resolv.conf, then
you can sit down at the Oxygen terminal and type

   nslookup www.google.com

and it will return the correct address, assuming the network
is up and the default gateway is set correctly on Oxygen.
A valid resolv.conf looks like this:


nameserver 206.13.28.12
nameserver 206.13.31.12
search schalit.net


The search line says that, if I type at the Oxygen prompt:
nslookup ftp
it will automatically append the .schalit.net part of the
search statement and then try to look that up as in
nslookup ftp.schalit.net
So that's the story with /etc/resolv.conf.

Now onto your internal network.  To get your LAN computer
functioning correctly, you need to assign them ip addresses
which are on the same subnet as the internal nic.  Thus the
whole internal network is on the same subnet.  I think you
did this already, something like:

10.1.2.3/24  Internal comp
10.1.2.4/24  Internal comp
10.1.2.5/24  Internal comp
  ... ...
10.1.2.254/24Oxygen fireall

or something like

192.168.1.1/24 Internal comp
192.168.1.2/24 Internal comp
192.168.1.3/24 Internal comp
192.168.1.4/24 Internal comp
   ...   ...
192.168.1.254/24   Oxygen


Next you have to set the Default Gateway on the
LAN computers.  You would set that to 10.1.2.254
if you were following my first example.

Next you have to set the primary and secondary DNS
on the LAN computers.  You set those to be the
same ip addresses as the ones you put in resolv.conf.

So now all your computers have the same dns addresses
listed in their network configs.

Once you do that, you should be able to sit down at
the LAN computers and

ping 10.1.2.254
ping 63.194.213.179<--- that's me :)
ping 216.239.35.100<--- that's www.google.com
ping www.google.com<--- and finally by name.


Does it all work now?


 
> That is the only thing in that file. From behind the firewall I can ping to
> both network card address. from the router I can ping to the gateway fine.
> But if I type:
> ping cnn.com or ping XXX.XXX.XXX (actually ip address for cnn) it wont
> resolve it. all packets are lost.


It that doesn't work on Oxygen, if you can't ping 63.194.213.179, which
is my ipaddress, then Oxygen still needs work to get the default route
setup, I think.  Check that with

 ip addr show
 ip route show
 grep GATEWAY /etc/network.conf

and paste the output into your reply for us to see.


> > > also does ipsec comes in the 1668 self contained floppy image or do I
> > > need to copy it there? (oxygen 1.8.0 with openwall floppy)
> >
> >No, I don't believe it does, but I'm not sure ot this...


Ipsec does not come as part of the 1.8.0 floppy.  It's an add in package,
as Lynn mentioned.

Good Luck,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] How to search for LRP packages ???

[Matt Schalit]

"Michael D. Schleif" wrote:
> 
> What am I missing?
> 
> 
> 
> Let's say, I want to find zebra.lrp -- how do I do that?


Start here:

  http://leaf.sourceforge.net/pub/

Then poke around till you find it.  If it's not there,
then go back to the main LEAF page, and start click on
each Developer in the lower LHS of the screen.  It may
be in their directories somewhere.

I like Mike's idea of using   site:leaf.sourceforge.net
in Google.

Best,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question

[Matt Schalit]

malik menzong wrote:
> 
> The good news is that I can ping the world now from the router. Every time I
> think I saved my config. and I reboot it was not actually saved.
> The only hurdle I have now is to see the internet from my machine behind the
> firewall. that machine do ping to the etho network card but cant ping after
> that. at boot time I loaded 2 modules: ip_masq_portfw.o and ip_masq_autofw.o
> I thought that will do it but I still can get to internet from behind the
> Fw.


I forgot about one more thing you need.  Find the ipchains.lrp package
and make sure it's on one of your diskettes so that it gets loaded.
Then you can type in the rule that gets you internal networked and
masq'd and gets the packets forwarded back and forth:

   ipchains -A forward -j MASQ -i eth1 -s 

for me would look like

   ipchains -A forward -j MASQ -i eth1 -s 10.2.3.0/24

or maybe on yours it would be

   ipchains -A forward -j MASQ -i eth1 -s 192.168.1.0/24

you get the idea.

Then, everything else being in order, you should be on your way.
The portfw and autofw modules are used with the ipmasqadm command.
That is used to forward port from the external interface to a server
on the internal network somwhere.  Not an issue for you at this time.

Best,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] DCD & java ???

[Matt Schalit]

Jack Coates wrote:


> Is there interest in massive applications in general? 

Massive but not rediculous.  Perl and java are useful but
large.  A LEAF box with them gets closer and closer to
being a full distro, minus the x-windows.  Certainly
the user would need a cdrom based LEAF.  I'd like to
see java2, but only the jre.  God only knows how well
that'll work on a crippled Linux box :)


> The appliance-friendly nature of LEAF makes one think yes, 
> but then the limitations of RAM disk, glibc, etc...


Yes, reinventing the wheel is bogus, and that's what happens
when we try to pack everything from a full distro into a LEAF.


> At any rate, I've just uploaded my 3.2 MB postfix.lrp to
> the www.monkeynoodle.org packages repository. If I get a chance today
> I'll see if a JRE will compile too :-)


Well that's 3.2MB of _something_, I don't know what :)

You might be interested in j2me.  That's the Java2 Micro Edition 
targeted at embedded systems like color pda's and cell phones with
limited memory and space.

   http://java.sun.com/j2me/

It's like Java2 minus the swing and awt stuff.  Might work
well for people.  I'm busy writing full blown java2 apps,
but once I learn those, I may poke around with j2me also.

Regards,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] DCD & java ???

[Matt Schalit]

Jack Coates wrote:
> 
> On Sun, 3 Feb 2002, Michael D. Schleif wrote:
> 
> >
> > Jack Coates wrote:

> > > Just for kicks, I took a look at kaffe 1.0.5 -- 1.75 MB .lrp for the
> > > whole environment. I don't know enough about java to say what can get
> > > taken out of that.
> >
> > Where'd you get the source?  I'd like to try my hand at it and prune it
> > to its bare minimum and our application still works ;>

 
> www.kaffe.org, lots to play with.


Nice find there.  That sounds interesting.  The following
link is part of their faq and brings up the directory structure.

http://www.kaffe.org/develop.html#directory


To strip it for leaf, I'm thinking that the 

   libraries/clib/awt/*
   libraries/javalib/java/awt/*


stuff contributes the most useless parts, simply because it's all
X and gui applets or standalone gui application classes.  Also
the appletviewer is not needed, and that's part of a jre.

Having at it, Michael?  What classes does your app import?
Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Hardware router Linux look-alike

[Matt Schalit]

Stewart Adey wrote:
> 
> Does anyone know how _HARD_ it would be to create an interface like so many
> commerically available hardware routers on the market?  

Hard because there's a tremendous amount of conditional queries
and text handling you want to do.  In addition, your Linux commands 
won't always behave the same from one LEAF version to the next as 
people use different ps, sed, cat, etc.  People like perl for
intensive text handling, and though it's available, most people 
won't run it on their router.  You can see that Charles has made
quite a few scripts to handle his own files (walking a list, etc)


> p.s.  Get back to me quick! I'm in the mood to start to learn cgi
> programming! HURRY


Start small.  There's nothing wrong with learning how
to shell script.  Btw, David has mentioned a few times 
that his menu configuration system is almost done.
You can use his dialog.lrp to make menus.  And
there's Xdialog I think to for remote usage.

Best,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Need help getting LEAF running

[Matt Schalit]

> hallm wrote:
[snip]

> When I reboot two of the last messages to appear on the console are:
> No subnet declaration for eth1 (0.0.0.0).
> Please write a subnet declaration in your dhcpd.conf file for the network segment to 
>which eth1 is attached.


I apologize for not taking a stab at the problem, but the
symptom you're seeing (0.0.0.0) means that your network
modules didn't load the way you thought, thus causing a
lack of eth0 and/or eth1, thus causing an inability to
set the network variables like subnet, netmask, ip address.

Check lsmod and dmesg and syslog to see what happened to 
your nics modules.

Nite,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] crontab vs /etc/cron.d/multicron

[Matt Schalit]

Jack Coates wrote:
> 
> On Mon, 4 Feb 2002, David Douthitt wrote:
> 
> 
> > Another note: rdate uses an old obsolete form of network time
> > synchronization; I suspect more and more time servers may stop
> > providing the service rdate uses (wuarchive.wustl.edu seems to have
> > stopped...)
> >
> > If anyone's bundled it, ntpdate would be better to use...
> > --
> 
> And how; there's a xntpd package out there, but I haven't seen ntpdate.
> xntpd's binary is 175,832 bytes; the whole package is 88,007
> bytes compressed.


First of all, tock.usno.navy.mil still offers the "time" service
that rdate connects to.  I prefer xntpd and run a master time
server on my Unix box, which LEAF sets it's time to.

Secondly this whole discussion about setting the date
is a waste of time until David replaces the broken busybox
date with a working date binary.  What good is it to set
the clock with atomic precision when date doesn't even know
the difference between GMT and EST?  Most programs get the
date and time wrong, while the other half log with a shifted 
timestamp?  The syslog goes kablooie.  You have no idea when 
anything happened.  But it's atomically accurate
that's a relief :)

Additionally, Serge is talking about creating a baseline
of packages for LEAF that includes busybox.  I hope he's
actually tried each busybox command, like date.

Regards,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] LEAF REMOTE SETUP

[Matt Schalit]

malik menzong wrote:
> 
> Hi everyone.
> I dont know if this is along the same line as the last question that Lynn
> answered. I am actually looking into a tool like routerst or weblet that
> allows me to remotely view and also modify some configuration function. Is
> there one in developement or out there? Also if there are pointers to
> resources that teach how to make those I would appreciate.
> -M


The easiest thing is to ssh in and run lrcfg (or acfg).
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] IPSec automatic setup.

[Matt Schalit]

malik menzong wrote:
> 
> Hi-
> I currently have a working system. But I keep on stubbling on a small issue
> with my file rc.firewall
> this files contains all the ipchains rules. When I boot my system and it
> runs, I can see that the new rules have been applied from the browser(I am
> using routerst from Ed). However I still dont have connection to the outside
> world. But when I manually key in the rules from the prompt and try to
> access the web afterward it always works.
> 
> I did put a refence to 'rc.firewall' in one of my init.d file and I know it
> runs but why wont it works from there?
> Thanks
> -M


Let your system come up and let init run rc.firewall.
Then post the output of

ifconfig -a
netstat -nr
ipchains -n -L -v
ipmasqadm -l -n

And tell us which command you issued at the prompt that
got it to work.

Regards,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Rebuilding the Dachstein CD

[Matt Schalit]

Charles Steinkuehler wrote:

[snip]

> NOTE:  I've had problems with some windows software not recognizing the
> linux boot floppy as a bootable disk (particularly with EZ-CD Creator)...


You're not using WinImage 6 for both diskettes and cd iso's ?
I thought it worked fine.  Heck, you paid for it :)

Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Re: Leaf Mail Command

[Matt Schalit]

Simon Bolduc wrote:
> 
> Seems that Rogers is using ESMTP as the protocol - which isn't really POP
> before SMTP (as far as I can tell at least) - using a program called postie
> I am able to mail via a command line - without telling it what my pop
> server's address is.  So I guess I'll just scp the necessary log files over
> to my server - and have it do the mailing - oh well  not as efficient as
> it was - but at least it'll work.
> 
> S


Can't you securely rsync the log from the LEAF to
the remote machine you wanted it emailed to?

As far as I know, you could even do it in such a way
that the syslog shows up in /var/spool/mail/root
on the remote system.  You'd never know it wasn't
emailed, and you'd have one less intermediate system
to go through.

Best,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] RE: Mail logs on Oxygen

[Matt Schalit]

> "Munday, Merrick" wrote:

> This seems to work -- is this some awful kludge that I should have done in another 
>way?

No, that's not a kludge, it's a space station.  And you get
extra bonus points for building one.
Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] LEAF routing private IP space

[Matt Schalit]

Ray Olszewski wrote:
> 
>  We need a FAQ answer for this one too (or do we have one?).
> 
> LEAF basic firewalls by default block ALL private-address traffic on the
> external interface. (At least Dachstein and Eigerstein do, and I think
> Oxygen is the same in that regard.)

Nope.  Oxygen has zero ipchains rules by default.
In fact, you'd be hard pressed to even find ipchains
on the boot diskette :)

But then again, it's meant to load from more than
one diskette, network, cdrom, ftp, tftp, whatever.
You can squeeze ipchains.lrp on the first diskette
though.  But that's another thread.

As far as Greg's question goes, he's done a good
job so far and made a good post.  But he left
out a few things like the output of

   [ which ipchains ] && ipchains -L -v -n || echo "Doh!"
lsmod 
which ipmasqadm

I realize that's along the lines of your post, though :)
We just don't know if he's even has ipchains yet.

(And the arp cache listing from the 192.168.1.50 would help
along with the exact failed ping output.)

Best,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] crontab vs /etc/cron.d/multicron

[Matt Schalit]

David Douthitt wrote:
> 
> On 2/5/02 at 10:56 AM, Matt Schalit <[EMAIL PROTECTED]> wrote:
> 
> > Secondly this whole discussion about setting the date
> > is a waste of time until David replaces the broken busybox
> > date with a working date binary.  What good is it to set
> > the clock with atomic precision when date doesn't even know
> > the difference between GMT and EST?
> 
> I don't program busybox.  I don't control busybox.  I didn't write
> busybox or the busybox date command.

I know.  And I remember seeing the post you cc'd to this list
from the busybox maintainer who told us of the broken date.
I was suggestion you make available a working date.lrp as a 
package to replace the busybox one.


> The "broken date" is only in the reporting of the timezone, as I
> remember.  If the system is set correctly, it doesn't matter.  rdate,
> ntpdate, hwclock - they all work just fine - and two of them are in
> busybox.  As a matter of fact - hwclock is not.


I disagree.  Hwclock does not function just fine because it's
functionality is affected by the broken date it uses as described 
in the man page I quoted in my other post.  I guess you could
say that's not hwclock's fault and that it's doing what it's
been told to do by a broken date, but it's late and I may be
drifting.


 
> > Most programs get the
> > date and time wrong, while the other half log with a shifted
> > timestamp?  The syslog goes kablooie.  You have no idea when
> > anything happened.
> 
> The programs that get the time wrong are their own problems (not
> problems with date) - syslogd, for example, is the full version.

Syslogd respects the system clock, and when it can't be set properly
via a call to a remote date server, then the problems have started.
The system clock and hardware clock and rdate refuse to all agree.  
Yet I can set this up perfectly in Dachstein or in Lrp 2.9.8.  
I thought I used to be able to get Oxygen to work perfectly, I think 
in May2001.  That's part of why this has been frustrating.  Don't
you remeber all the work we did getting the hwclock.sh script hashed
out and it was all perfect ( I think in a devel img ).  But then you and
I drifted away from working on Oxygen when I went on vacation and
when the next release of Oxygen came out a couple of months later,
the hwclock.sh fixes had reverted back to the old buggy ones and
then 2.1.3 and busybox updates and it was never the same again :-/



> ssmtp is ssmtp - if it gets the date wrong, it is its own fault as
> long as the timezones are set correctly.  Make sure TZ is set and
> /etc/localtime points to a file that exists and is correct.

Lord knows I've done that a gazillion times.  Remember when I pointed
out to CS that his web server was transferring the 1000 byte PST8PDT
file as ascii and it was ending up as 1005 bytes because he had left
his web server defaulting to ascii (messes up .lrp transfers).
Plus I can make this work without incident on other distros.


 
> In my mind, the TZ environment variable should be all that is required
> - but it would appear things are not that way any more.  It used to be
> simple... someone had to muck it up.

Well maybe the hwclock man page sheds some light in that is says
we must call hwclock --hctosys in order to initialize TZ into
the kernel.


 
> At worst - things are either in GMT or in localtime.  Period.

Not entirely.  When all my clocks are set for localtime, rdate
reports a shifted value when I'm sure the rdate servers isn't.
Plus syslog get's it wrong.  So the kludge "things are in localtime"
doesn't work completely.  The value could shift either way.  The
time subsystems do not behave sanely (as you other post mentions :-)

 
> If it's really bad - forget timezones and set the system hardware time
> to local time, not GMT.

That's what I always do (though I've tried every other combination
I can think of to be thorough).

Regards,
Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] LEAF routing private IP space

[Matt Schalit]

Greg R wrote:
> 
> Yes, the DSL router responds to ping on it's internal interface. Yes ICMP
> is enabled and yes forwarding is enabled.
> 
> Maybe something very fundamental I am missing here - does the Oxygen
> release 1.8 not set up the router to perform NAT between interfaces eth0 &
> eth1 by default? I am working on the assumption that it is, but if all it
> is doing is routing, then of course - i am missing a route on the DSL
> router.
> 
> Greg R
> 


> > Thank you Matt & David for you replies.
> >
> > Let me see if I can provide some more information for you.
> >
> > I do not have any firewall enabled, nor is ipchains installed - the
> > router
> > is wide open. eth0 is the outside interface - I am sure. From the router
> > I
> > can ping anything anywhere, by IP and by FQDN.


You need ipchains to masq you internal net.  

Put the ipchains.lrp package onto one of your disks and have it 
load with the others.Then get to a command prompt and type:

  ipchains -A forwared -j MASQ -s 192.168.1.0/24


Then consider installing rcf, pfw, Seawall, Shorewall, or Echowall
for you firewall needs (or do it yourself using those as examples).

Regards,
Matthew




> > I have enabled both interfaces to respond to ICMP, and like I said in my
> > first post I can ping both of the interfaces (eth0 & eth1) from the
> > router
> > itself, I can ping the external interface (eth0) from the DSL router in
> > front of it, and I can ping the internal interface (eth1) from the
> > workstation behind it.
> >
> > When I say that ping "fails" when I attempt to ping the internal
> > interface
> > of the DSL router from the workstation behind the LEAF router I mean that
> > there is 100% packet loss - in other words ping just sits there until I
> > issue an interrupt at which point is shows the following message:
> >
> > workstation:/root # ping 192.168.68.1
> > PING 192.168.68.1 (192.168.68.1): 56 data bytes
> >
> > --- 192.168.68.1 ping statistics ---
> > 3 packets transmitted, 0 packets received, 100% packet loss
> >
> >
> > Here is the output of the commands you requested:
> >
> > # lsmod
> > Module  Size  Used by
> > ip_masq_autofw  2432   0 (unused)
> > ip_masq_portfw  2416   0 (unused)
> > smc-ultra   4168   2
> > 83906340   0 [smc-ultra]
> >
> > #which ipmasqadm
> > /usr/sbin/ipmasqadm


That's all as it should be.  You were just missing ipchains,
and the command I gave you should have output,  "Doh!"

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] FTP Timeout Problems with Oxygen

[Matt Schalit]

"Ryan P. Matijcio" wrote:
> 
> Well changing the masq timeout values doesn't to have done anything.

When having ftp problems, it's time to dust off telnet and
brush up on your ftp commands.  You can simulate the ftp client
and get some feedback and see what's working and what's not.

You may need to determine if the command connection is timing out
and if it still works when you have the problem.  It'd help if
you had some cut and paste output of the exact problem and a
repeatable test case.  I have an oxygen distro I can test from.


> Unfortunately I can't seem to find a status screen that will tell me the
> current timeout values so I can verify they have been changed. 

I couldn't find how to get it to tell you the values.
If you set it, you might try a brute force grep through
the proc directory, with care :), and seach for those
values.

I found somewhere that the  -M -S tcp tcpfin udp  style
command defaults to  15min, 2min, 5min.

Are your transferring many small files in rapid succession
or many big files?  How big?




> But as
> far as the seawall configuration goes, they are set and the firewall
> script has been restarted.  From the testing I've been doing the same
> problem is apparent.

Again please post a repeatable test case and description if at
all possible.



 
> One strange thing I've noticed is that doing a netstat -M doesn't make
> any output at all when I know it should.  Weird.

Not even after getting on a masq'd internal computer and surfing the net?
Really?


 
> Anyways, if anyone has any suggestions I'd love to hear 'em.
> 

> I've started to notice FTP problems with an Oxygen firewall I have
> running.  The problem occurs on both unix and NT systems located
> behind the firewall.  I have found that all ftp transfers be they 
> incoming or outgoing eventually freeze.  Although it appears that 
> NT -> NT transfers are more stable, they too freeze after about 
> 800-1500 files have been transferred.


After a certain number of files?  Repeatable?
Are you doing PORT or PASV transfers?

Check that you're not running out of masq ports.
I think there's 4096 ports available on a LEAF
box for masqing outgoing connections.

The ftpd, if serving incoming PASV request from
behind a masq'ing firewall, will only have a certain
number of ports dedicated to the data transfer connection.
If you use too many of them in rapid succession, then some
of them may not be completely "unESTABLISHED", iirc they
may go into some time-out wait state.  I had this exact
problem when I allowed less than 100 ports for incoming
ftpd data connections to my masqd ftpd.   I also recall
that the newer oxygen handled the reuse of ports much
better and that the problem may have gone away.  I think
it was part of the kernel upgrade in the new distro.

So maybe lowering your tcpfin or examining what's
going on in netstat -an.



> One thing I've noticed that I think is interesting to note is that this
> problem does not occur when using LeechFTP.   


Force leech ftp into debugging mode and check what's it's doing
against the ftpd server's syslog to determine what commands,
if any, it's sending on the command channel during a download.
Or do you mean it's sending NOOPs when it's idle?

Also a tcpdump of the LeechFTP commands might be interesting 
if you can't get the info from the syslog.



>I believe this because
> LeechFTP tends to keep sending commands to keep the connection active.
> That's why I was wondering if it could have something to do with the
> masq timeouts.

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Seawall scripts.

[Matt Schalit]

Tim Wegner wrote:
> 

> The only downside I can see of using Seawall with Dachstein is it
> isn't always obvious which settings in the Dachstein setup can be
> ignored because Seawall overwrites them.

Does Seawall clobber the QoS stuff, leave it alone,
or create it's own?  Any lack of QoS would be a downer
and would be noticable in some setups, not all.  It was
nifty that CS put the QoS stuff in there.

Regards,
Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Seawall scripts.

[Matt Schalit]

Tom Eastep wrote:
> 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]] On Behalf Of
> > Matt Schalit
> > Sent: Thursday, February 07, 2002 5:24 PM
> > To: [EMAIL PROTECTED]
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: [Leaf-user] Seawall scripts.
> >
> > Does Seawall clobber the QoS stuff, leave it alone,
> > or create it's own?  Any lack of QoS would be a downer
> > and would be noticable in some setups, not all.  It was
> > nifty that CS put the QoS stuff in there.
> 
> Seawall doesn't run the 'tc' utility so any queuing disciplines and
> classes you have established will survive seawall starting and
> restarting. If you are using an fwmark classifier, you should
> reestablish your marking rules in /etc/seawall/start.
> 
> -Tom


  Ok, I've had so little experience with DF and QoS that I'm 
a bit confused, but not much :)

  Thanks for the reply, btw.  I'm sure you're busy with two
applications and their broad appeal.

  CS made ipchains rules that are part of his QoS approach, 
as evidenced by the output of ipchains -L -v -n having a "fairq" 
chain.  I guess what you mean is that you don't flush the "fairq" 
chain when you flush the other chains (input output forward)?

Thanks,
Matt

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user