Re: [leaf-user] SQUID - IIS issues patch inclusion
Eric, many thanks I believe it is this one http://devel.squid-cache.org/cgi-bin/diff2/pinning.patch?s2_5 Happy days, time to block all those nasty doubleclick advertisements, MSN during school weeks, runescape and a host of other things unless their marks pick up markedly!! I will have to get all other sites that allow you to use MSN via a webpage first before getting to excited, teenagers are far too cluey for my liking. Regards, Matt On Fri, 2007-02-09 at 08:52 +0100, Eric Spakman wrote: Hello Matt, I don't think it's patched into 2.5STABLE14 yet, but it should be no problem to do that. Can you give me a link to the patch? Eric I run squid on my Leaf box in a transaprent proxy config with shorewall trapping all port 80 outbound traffic. There exists an issue with IIS (surprisingly) in that it does not play properly with proxy servers like squid. It can return a NTLM authentication request and squid as of 2.5STABLE5 does not have the patch to handle it. I noticed that they will be putting it into 2.6 but I wonder if its been patched into the Bering 3 squid (2.5STABLE14) package? If not, would it be at all possible to have this incorporated into the next package release to assist all us parents trying to have some control over where and what the children see? This particular problem is on her school intranet site that my daughter needs. With thanks, Matt - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] SQUID - IIS issues patch inclusion
I run squid on my Leaf box in a transaprent proxy config with shorewall trapping all port 80 outbound traffic. There exists an issue with IIS (surprisingly) in that it does not play properly with proxy servers like squid. It can return a NTLM authentication request and squid as of 2.5STABLE5 does not have the patch to handle it. I noticed that they will be putting it into 2.6 but I wonder if its been patched into the Bering 3 squid (2.5STABLE14) package? If not, would it be at all possible to have this incorporated into the next package release to assist all us parents trying to have some control over where and what the children see? This particular problem is on her school intranet site that my daughter needs. With thanks, Matt - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
RE: [leaf-user] Bering-uClibc-2.4 mount problem
Try and mount them as mount -t msdos /dev/hda1 /mnt or something like that. Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of wing newton Sent: Tuesday, 4 April 2006 12:29 PM To: leaf-user@lists.sourceforge.net Subject: [leaf-user] Bering-uClibc-2.4 mount problem Greetings, I installed initrd_ide.lrp and dmesg showed that hda1 and hda2 were detected. However, when I tried to mount -t ext2 /dev/hda1 /mnt , it returns No such device. I also tried hdsupp.lrp. fdisk works fine but the mounting problem is still there. I can mount /dev/fd0 fine but not any harddisk partitions. Any hint ? Any problem with the busybox's mount ? Thanks. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
RE: [leaf-user] Madwifi drivers for Bering uClibc 2.3 rc1
Pardon my ignorance if it is shown but doesn't Hostap require a prism2 based card? Is your DWL card such a beast? If not I do not like your chances. I have an old WL200 doing just what you want to do and its working well with this setup, pcmcia and hostap on Bering Uclibc 2.0 (I think!) Best of luck, Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeremy Tourville Sent: Monday, September 19, 2005 11:48 AM To: leaf-user@lists.sourceforge.net Subject: [leaf-user] Madwifi drivers for Bering uClibc 2.3 rc1 I had posted previously regarding this problem to the leaf-user list. http://sourceforge.net/mailarchive/forum.php?thread_id=8210624 forum_id=5483 I also posted to the madwifi-user list. http://sourceforge.net/mailarchive/forum.php?thread_id=8191579 forum_id=33958 Now, I upgraded the router to the latest release and am still having problems. The drivers appear to load fine but do not find the pci card. Here is the partial output from dmsesg- 3c515.c:v0.99t 17-Nov-2001 [EMAIL PROTECTED] and others 3c515 Resource configuration register 0x0083, DCR 1485. eth0: 3Com 3c515 at 0x280, 00:60:08:92:76:5a, DMA 5, IRQ 3 64K word-wide RAM 1:1 Rx:Tx split, autoselect/10baseT interface. 3c515 Resource configuration register 0x00a5, DCR 0486. eth1: 3Com 3c515 at 0x2a0, 00:10:4b:6e:ef:9a, DMA 6, IRQ 5 64K word-wide RAM 1:1 Rx:Tx split, autoselect/10baseT interface. 3c515 Resource configuration register 0x00c7, DCR 0487. eth2: 3Com 3c515 at 0x2c0, 00:10:4b:6e:e9:40, DMA 7, IRQ 7 64K word-wide RAM 1:1 Rx:Tx split, autoselect/10baseT interface. 3 3c515 cards found. ip_conntrack version 2.1 (192 buckets, 1536 max) - 312 bytes per conntrack Software Watchdog Timer: 0.05, timer margin: 60 sec wlan: 0.8.6.0 (EXPERIMENTAL) ath_hal: 0.9.14.9 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413) ath_rate_sample: 1.2 ath_pci: 0.9.6.0 (EXPERIMENTAL) hostap_crypt: registered algorithm 'NULL' hostap_pci: 0.3.9 - 2005-06-10 (Jouni Malinen [EMAIL PROTECTED]) hostap_pci: No devices found, driver not installed. --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
RE: [leaf-user] lets talk about something--anything!
Well here is one to ask about! My uclibc router has been playing up of late, its loosing its networking. So much so that an svi networking restart comes up with no IP addresses. Ifdown then ifup of the individual interfaces will work. The DSL connection will come up but it will show the output that should be going to logs on /dev/console, same with mgetty, its coming up on the screen too. Its most frustrating, I think there is a logging issue and a networking issue. Time to back it allup and start again otherwise. Regards, Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of cpu memhd Sent: Tuesday, June 28, 2005 4:55 PM To: leaf-user@lists.sourceforge.net Subject: [leaf-user] lets talk about something--anything! Only 64 messages this month. Are less and less people using leaf, what is going on with everyone? I have been slowley rolling out leaf boxes to about 16 locations. I couldn't have asked for a better firewall/router. I'd like to very much thank the leaf developers for their continued efforts. -cpu --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
RE: [leaf-user] lets talk about something--anything!
Arne, one thing I like best about Leaf is this userlist! Leaf is great too. Its uclibc 2.2 btw. Yes to syslog and kogd running they are there. Its is strange, I was going to do some raidn gon loggin to decipher these conf files and understand just what was happening in there. The networking has me perplexed, it ran for nearly 100 days with one IP address on a dynamic service, wonderful in truth. The it started playing up, nothing I can recall was done to make it do this. So much so that getting rp-pppoe to get a new address is a manual process now, and after that the console is useless as the output from rp-pppoe comes to the console. I will find out what is happening. It does sound like startup scripts, but why is doing this to me, its such a woderfully complicated little system and it does so much, Matt --- hmm. could be that klogd or syslog are not running. You should get rid of the messages with a dmesg -n 1 on your console... Sounds like Problems with your start scripts, but that's nothing new to you, i suppose. Which Version of bering-uclibc are you using ? if you make a ps on your router, do you see /sbin/syslogd and /sbin/klogd ? --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Adding a dial in ppp device
Could someone please advise me on how to add a dynamic ppp1 to my lovely uClibc bering firewall in the network section. I have tried it several times before but got ppp0 and ppp1 swapped over (because of me) which confused shorewall somewhat, me even more than ever. I would like it to be available for dial in support, its really the only thing I am having trouble getting to work. Keep up the good work guys, I have an uptime of 73 days and counting on a dynamic IP on my adsl service, not bad at all. I love the psuedo static IP. Regards to all, Matthew --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Cant connect to external https site
Tried it in Opera and it came back with an Order Status page asking for order Number! I use Bering uclibc 2.2 and Squid 2.5 stable ymmv, sorry I cannot be more helpful. Ask away of you like! Regards, Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lars Sent: Friday, March 11, 2005 8:34 PM To: leaf-user@lists.sourceforge.net Subject: [leaf-user] Cant connect to external https site Came to my mind that anyone can test: Browse to http://www.elfa.se/en/ and press the button Order status at the bottom of the page. For me nothing comes up and the browser times out after a while. (You dont need an account at Elfa to test this) /Lars --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click -- -- leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] aDSL and dial-in connections
I would dearly love to confirm my dial in setup which I will be trying to get to work again in the next week or so. To this end would it be possible to get a copy of your mgetty.lrp, ppp.lrp, network config and shorewall.lrp? These will tell me all I need to know please, pretty please? Regards, Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Lachanas Sent: Wednesday, February 02, 2005 9:26 PM To: leaf-user@lists.sourceforge.net Subject: [leaf-user] aDSL and dial-in connections Hi all I Have installed Bering LRP on Many sites and I am very pleased with the capabilites of it.. Howerver I came across a prob that I am unaware ot its solution. On one Site LRP box serves internet outgoing connections through ( static IP ) a DSL line AND an incoming dial-in PPP conection. My shorewall configuration Is based upon the fact that the aDSL will be ppp0, while the incoming connection could be any ie ppp1..2..3..4..n. When all are according to the plan there is no problem with the above configuration... But here is what happend a couple of times. ppp0 ( aDSL ) was up and running No incomming connection was active... Sudenly ppp0 ( aDSL ) line drops An Incomming connection is comming in and it gets the interface name ppp0. Now all shorewall rules are applied to ppp0 ( Incomming connection from a user ). Even Worse aDSL line comes back up and it gets the interface name ppp1. All the shorewall rules that where suposed to be applied to user incomming connections are applied now to net zone. Is there an Easy way way that shorewall can distinguish the two lines and be able to apply the specific rules of the zone without depending on the interface name http://www.freemail.gr - äùñåÜí õðçñåóßá çëåêôñïíéêïý ôá÷õäñïìåßïõ. http://www.freemail.gr - free email service for the Greek-speaking. --- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag--drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl -- -- leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag--drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Dialup PPP server for Bering uClibc
A good place to start is here http://leaf-project.org/doc/howto/pppserver.html I did this under Dachstein and it worked, also under Bering 1. I am about to do under 2.2 like you so maybe we ciould share experience. I know under Bering 1.x the major issue I had was with Shorewall, not so much trouble with it, but understanding it and being able to configure it properly to have a separate ppp zone. There is a secret here to find. I will try and look back in my mail archives, I have it there somewhere. I remember saying thanks to Tom Eastep at the time so that may be a good place to start. Regards, Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Terry Erickson Sent: Monday, January 03, 2005 8:17 PM To: leaf-user Subject: [leaf-user] Dialup PPP server for Bering uClibc I want to use Bering uclibc to make a dedicated PPPserver with one modem and one nic so I can use a local phone line to access the internet thru my home network. Has anyone created a HOWTO on this? I searched but did not find. If there is a need for one, I'll make it. Just a nudge in the right direction to look for an idiot like me (I'm human) would be appreciated though. I'm starting with it behind my Bering uClibc 2.2.2 firewall just at the moment, but soon I may as well make it a bridge or integrate it into the firewall - whichever is best. I am also toying w/the idea of building dialup routers and selling them for a profit hmm. .. maybe it's possible . .. ;-) Anyways, mainly asking about the HOWTo info for PPP server on Bering . . And thanks again to you developers. I gotta hand it to ya all. Terry --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt -- -- leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] CF DOM errors
Fairly common afaik, I have always had this with SANDISC CF's and it will
also be logged when writing to them as part of the backup, seems to do
notning. I suspeect it something to do with thr IDE implemantation in th CF
cards per se.
Matt
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Roger E McClurg
Sent: Tuesday, November 23, 2004 11:11 AM
To: [EMAIL PROTECTED]
Subject: [leaf-user] CF DOM errors
I have a test machine that has a CF. I can boot from the CF,
and access it normally, but it gets the following errors:
{DriveReady SeekComplete Error}
{DriveStatus Error}
I have tried a number of different CF brands, but all have
the same result.
Does anyone have an idea what the problem is?
Best Regards,
Roger McClurg
[EMAIL PROTECTED]
---
SF email is sponsored by - The IT Product Guide Read honest
candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
--
--
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
---
SF email is sponsored by - The IT Product Guide
Read honest candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Latest hostap
Please pardon my ignorance but I have Bering uclibc 2 running hostap but I do not have the wep or crypt modules to load. Where may I find the latest version of hostap in an lrp module with all of these features. I would like to do WEP or WPA, WDS and of course run it as an AP. With thanks, Matt --- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] WiFi Adapters - AP ready?
1. Yes, Linksys WPC11 if you can still get it, not sure of the other manufacturers. 2. No to 11G, OK only to 11B with hostap 3. Not sure, ask the uClibC gang about the hostap.o module from bering 1.2, if it works, as I said in my earlier post, I have not yet tried. I have to get openvpn working first, sorry. Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sergio D. Morilla Sent: Tuesday, May 25, 2004 1:59 AM To: [EMAIL PROTECTED] Subject: [leaf-user] WiFi Adapters - AP ready? Hi, I'm currently using bering Bering-uClibc 2.1 I would like to add a third card to the router in order to enable WiFi users to connect to the network. 1) From the following brands, which has a PCI card that can be used as an AP. Which model? LinkSYS Encore Surecom 2) Should I go to 802.11 G?? 3) Is there any how to on how to set up an access point in Bering-uClibc?? Thanks Sergio D. Morilla FiberTel, el nombre de la banda ancha http://www.fibertel.com.ar --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id149alloc_id66op=ick leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id149alloc_id66op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] WiFi Adapters - AP ready?
You are quite correct that anything prism 2/2.5 and maybe 3 based will work, and I have quite easily got a WL200 Prism 2 card to work as an access point in my leaf machine. Look at the Hostap archives, there is specifcally information on the DWL 520-Rev E card, I have seen it there. Partial success I believe but it was made to work. You will only get an 11b (11MB/s) network with hostap which for most of us is fine. Good luck here is the current mail list url http://lists.shmoo.com/pipermail/hostap/ Take a look, I think that there should be nothing to compile, just adjust as required and script up necessary changes, like parameters and settings etc. This is on Bering 1.2 not the uclibc version but as long as the modules load there should be no hassle, I saw some of the required packages when I browsed the ucLibC sourceforge page the other day. I will be upgrading to this version soon but not quite yet, sorry. Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 7:10 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [leaf-user] WiFi Adapters - AP ready? I'm afraid that I can't provide any info concerning those card manufacturers. I have learned, though, that most any card with a Prism2/3 chipset (anything Intersil, for example) can be made to work. My knowledge is strictly 802.11b, though. Right now, I'm interested in the AP problem, and I'm trying to get Dlink's DWL-520revE.1 to work for this purpose. It should work with the HostAP drivers, which are explained pretty well here: http://home.columbus.rr.com/andrewbarr/dwl520e1.html ...even though the page is not really totally supported anymore. There is a HostAP mailing list at: http://sisyphus.iocaine.com/pipermail/hostap/ which is also useful. This HostAP driver, together with the wireless-tools package, seems to be the answer for Prism2 PCI cards. However, I'm a little stymied, since nothing seems to work out-of-the-box, and I'm a beginner at compilation/building binaries. I currently have a question over at the leaf-devel list for that purpose. Hope I've given you something to start with. - Hopefully someone else, then, can answer this question: is there a PCI 802.11b solution that seems to work with Bering-uClibc2.x as packaged? Perhaps with wlan-ng? Because I'm about at my wits' end on this one. Thanks. -joe. - Original Message - From: Sergio D. Morilla [EMAIL PROTECTED] Date: Mon, 24 May 2004 12:58:36 -0300 To: [EMAIL PROTECTED] Subject: [leaf-user] WiFi Adapters - AP ready? Hi, I'm currently using bering Bering-uClibc 2.1 I would like to add a third card to the router in order to enable WiFi users to connect to the network. 1) From the following brands, which has a PCI card that can be used as an AP. Which model? LinkSYS Encore Surecom 2) Should I go to 802.11 G?? 3) Is there any how to on how to set up an access point in Bering-uClibc?? Thanks Sergio D. Morilla FiberTel, el nombre de la banda ancha http://www.fibertel.com.ar --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id149alloc_id66op=click -- -- leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html -- ___ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id149alloc_id66op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] IPSEC help needed....
There is no ipsec.o module in Dachstein for IPSEC. I have a pair of boxes with an IPSEC VPN between them on static ip's and its all in the configuration of IPSEC, that is the secret. Read the howto's and look at the freeswan site if its still around. We need a bit more than just to get the work VPN software to work correctly. Are you setting up a subnet to subnet or single client to subnet? The howto's are out there, just look. Email the list again if you need more help. Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Sent: Tuesday, April 20, 2004 10:27 AM To: [EMAIL PROTECTED] Subject: [leaf-user] IPSEC help needed I am using Dachstein 1.02 and need IPSEC enabled to get the work VPN software to work correctly. I do not see a module IPSEC that is loaded, should I have one to make this work correctly? Here are the modules loaded: Linux version 2.2.19-3-LEAF ([EMAIL PROTECTED]) (gcc version 2.7.2.3) #1 Sat Dec 1 12:15:05 CST 2001 Installed Modules: ip_masq_vdolive 1180 0 (unused) ip_masq_user3708 0 (unused) ip_masq_raudio 2980 0 (unused) ip_masq_quake 1220 0 (unused) ip_masq_portfw 2416 0 (unused) ip_masq_mfw 3196 0 (unused) ip_masq_irc 1924 0 ip_masq_ftp 3576 0 ip_masq_cuseeme 964 0 (unused) ip_masq_autofw 2476 0 (unused) ne 6292 2 83906236 0 [ne] bsd_comp3708 0 (unused) ppp_deflate40672 0 (unused) ppp20828 2 [bsd_comp ppp_deflate] slhc4436 0 [ppp] Here are the packages: NameVersionDescription ===-==-= = root4.0.6Linux Router Project etc 4.0.1 /etc/ of the main root, minus any other packag ramlog 1.1Creates additinal ramdisks on boot local 4.0.6 Local package. This package does not contain a modules 4.0.6 Modules package. Contains kernel modules and u ppp 2.3.11 PPPd Deamon for Dial-Up dhcpd 2.0pl5 dhcpd - Autoconfigure client machines dnscache1.05a dnscache from djbdns (V1.05a) package creates ifconfig1.45 ifconfig and route commnads pppoe 2.6Roaring Penguin PPPoE Client LRP Package weblet 1.2.0 weblet - LRP status via a small web server sshd3.0p1 OpenSSH sshd daemon. oidentd 1.6.0 There shouldn't be any configuration needed un libzso.1 used for SSHD only psentry 1.0If this package failed to load, please create This is the block that needs to pass through: Apr 19 07:10:48 amberton kernel: Packet log: input DENY ppp0 PROTO=50 207.11.4.7:65535 68.19.16.103:65535 L=168 S=0x00 I=8699 F=0x T=243 (#70) I am not sure if I need a rule set or a package loaded, any help would be beneficial. --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Knockd for Leaf
On slashdot http://slashdot.org/articles/04/04/14/183.shtml?tid=126tid=172tid=185; tid=95 is a utility (knock) that would prove very handy for Leaf users to obsfucate their firewall even a bit more than usual. By careful sequencing of a series of prts and protocols a hole can be made to open/close on the firewall to specific settings that you can control, much better than leaving it open all the time. May I ask if anyone os capable and willing to compile this for the current Bering and uclib Bering platforms? It would be a great utility to have! http://www.zeroflux.org/knock/ is the site. A link to the .tar.gz is there on the top right. Then we cab run knock -d and have it as a daemon. Many thanks, Matt --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Shorewall and a peculiar DMZ - issues.
I have setup a new bering box where I have connected eth2 to a DMZ which is in fact a real DMZ accessed from another leaf box with real public addresses. This new leaf machine has ADSL on it with a single external public address, the older one is on 128kbit ISDN and has a public subnet allocated to it. The issue is this, these machines have a public sub C address range they can be accessed on by using the ISDN route but for tasks these machines undertake they pull data from external sites, and I would like to go out a second gateway, namely the ADSL service, for these particular needs. This in fact the main task of these machines, they do little else externally. As stated the main traffic to and from these machines is initiated from the machines themselves and to save some money and get faster traffic throughput I reasoned that they could be connected to the ADSL service using a third DMZ interface on the ADSL service to the existing DMZ on thre ISDN service, but apart from bringing up an interface to this subnet and accessing the DMZ from the firewall I cannot seem to talk to it from the internal network (a 192.168 subnet) nor successfully configure it to be accessed via DNAT from the single public address on the ADSL service externally. I have a DNAT connection using a M$ PPTP server coming in from the ADSL external interface so its mainly an issue of understanding and configuring shorewall correctly to this eth2 connection. The subnet is a 26 bit mask address network, it is connected to eth2 and is just like the three interface example in the shorewall documentation. eth0 is external using ppp0 on an ADSL service, eth1 is the internal network on 192.168.0.0/24 and eth2 is to be connected to the sub class C subnet. Do we masq to this eth2 network from the internal eth1 subnet? I would think not as the leaf machine has a route to the subnet and traffic will get there although shorewall must know of it for security. Should the DMZ be masqueraded to the external interface, yes as we only have one ip externally, bearing in mind the DMZ addresses are effectively a private DMZ as ther addresses belong to another ISP and cannot be routed through this ADSL service. I hope this is clear enough, I seek assitance on this as I have got no further in connecting this up apart from getting it connected via eth2. I continue to be amazed at how much there is to lear, regards Matthew --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Hostap 0.3
Has anyone had an luck in running the updated version of hostap on Bering? I have it runnign here at version 0.2 and its great apart from it cacking out with large sustained local tranfers at full ethernet speed. Anything like 20MB or more, but I strongly suspect the WL200 firmware more than hostap, but it would be nice all the same to upgrade to the latest. I am trying to get firmware 1.5. Regards to all who make this possible, great work everyone. Matt --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering Dial in, problems with ppp - long
Dear list listeners, I am tearing my hair out trying to get this to work, so I am humbly seeking advice on how to get Bering 1.2, with pppoe on the internet side, to accept a dial in using ppp again on the internal side of this connection. The good news is that the dial in will receive and accept the call via mgetty, and will start pppd as its gets the password and lcp connection and discissions, ip-up is reached and executed although nothing exists in it as seen below: Nov 25 08:45:01 firewall /USR/SBIN/CRON[31332]: (root) CMD (/etc/multicron-p) Nov 25 08:53:01 firewall pppd[8591]: pppd 2.4.1 started by LOGIN, uid 0 Nov 25 08:53:01 firewall pppd[8591]: using channel 25 Nov 25 08:53:01 firewall pppd[8591]: Using interface ppp1 Nov 25 08:53:01 firewall pppd[8591]: Connect: ppp1 -- /dev/ttyS0 Nov 25 08:53:01 firewall pppd[8591]: sent [LCP ConfReq id=0x1 asyncmap 0x0 auth pap magic 0x7a06aae5 pcomp accomp] Nov 25 08:53:04 firewall pppd[8591]: rcvd [LCP ConfReq id=0x3 asyncmap 0xa magic 0x1c6a6 pcomp accomp callback CBCP] Nov 25 08:53:04 firewall pppd[8591]: sent [LCP ConfRej id=0x3 callback CBCP] Nov 25 08:53:04 firewall pppd[8591]: sent [LCP ConfReq id=0x1 asyncmap 0x0 auth pap magic 0x7a06aae5 pcomp accomp] Nov 25 08:53:04 firewall pppd[8591]: rcvd [LCP ConfReq id=0x4 asyncmap 0xa magic 0x1c6a6 pcomp accomp] Nov 25 08:53:04 firewall pppd[8591]: sent [LCP ConfAck id=0x4 asyncmap 0xa magic 0x1c6a6 pcomp accomp] Nov 25 08:53:04 firewall pppd[8591]: rcvd [LCP ConfAck id=0x1 asyncmap 0x0 auth pap magic 0x7a06aae5 pcomp accomp] Nov 25 08:53:04 firewall pppd[8591]: sent [LCP EchoReq id=0x0 magic=0x7a06aae5] Nov 25 08:53:04 firewall pppd[8591]: rcvd [PAP AuthReq id=0x1 user=a_user password=hidden] Nov 25 08:53:04 firewall pppd[8591]: sent [PAP AuthAck id=0x1 Login ok] Nov 25 08:53:04 firewall pppd[8591]: sent [IPCP ConfReq id=0x1 addr 192.168.5.254 compress VJ 0f 01] Nov 25 08:53:04 firewall pppd[8591]: rcvd [LCP EchoRep id=0x0 magic=0x1c6a6] Nov 25 08:53:04 firewall pppd[8591]: rcvd [IPCP ConfReq id=0x1 compress VJ 0f 01 addr 0.0.0.0 ms-dns1 0.0.0.0 ms-wins 0.0.0.0 ms-wins 0.0.0.0] Nov 25 08:53:04 firewall pppd[8591]: sent [IPCP ConfRej id=0x1 ms-wins 0.0.0.0 ms-wins 0.0.0.0] Nov 25 08:53:04 firewall pppd[8591]: rcvd [CCP ConfReq id=0x1 12 06 00 00 00 01 11 05 00 01 04] Nov 25 08:53:04 firewall pppd[8591]: Unsupported protocol 'Compression Control Protocol' (0x80fd) received Nov 25 08:53:04 firewall pppd[8591]: sent [LCP ProtRej id=0x2 80 fd 01 01 00 0f 12 06 00 00 00 01 11 05 00 01 04] Nov 25 08:53:04 firewall pppd[8591]: rcvd [IPCP ConfAck id=0x1 addr 192.168.5.254 compress VJ 0f 01] Nov 25 08:53:04 firewall pppd[8591]: rcvd [IPCP ConfReq id=0x2 compress VJ 0f 01 addr 0.0.0.0 ms-dns1 0.0.0.0] Nov 25 08:53:04 firewall pppd[8591]: sent [IPCP ConfNak id=0x2 addr 192.168.5.99 ms-dns1 192.168.5.254] Nov 25 08:53:04 firewall pppd[8591]: rcvd [IPCP ConfReq id=0x3 compress VJ 0f 01 addr 192.168.5.99 ms-dns1 192.168.5.254] Nov 25 08:53:04 firewall pppd[8591]: sent [IPCP ConfAck id=0x3 compress VJ 0f 01 addr 192.168.5.99 ms-dns1 192.168.5.254] Nov 25 08:53:04 firewall pppd[8591]: found interface eth1 for proxy arp Nov 25 08:53:04 firewall pppd[8591]: local IP address 192.168.5.254 Nov 25 08:53:04 firewall pppd[8591]: remote IP address 192.168.5.99 Nov 25 08:53:04 firewall pppd[8591]: Script /etc/ppp/ip-up started (pid 4309) Nov 25 08:53:04 firewall pppd[8591]: Script /etc/ppp/ip-up finished (pid 4309), status = 0x100 Nov 25 08:53:37 firewall pppd[7359]: No response to 3 echo-requests Nov 25 08:53:37 firewall pppd[7359]: Serial link appears to be disconnected. Nov 25 08:53:37 firewall pppd[7359]: Couldn't increase MTU to 1500. Nov 25 08:53:37 firewall pppd[7359]: Couldn't increase MRU to 1500 Nov 25 08:53:43 firewall pppd[7359]: Connection terminated. Nov 25 08:53:43 firewall pppd[7359]: Connect time 561.8 minutes. Nov 25 08:53:43 firewall pppd[7359]: Sent 383329 bytes, received 1140685 bytes. Nov 25 08:53:43 firewall pppd[7359]: Doing disconnect Nov 25 08:54:04 firewall pppd[8591]: Hangup (SIGHUP) Nov 25 08:54:04 firewall pppd[8591]: Modem hangup Nov 25 08:54:04 firewall pppd[8591]: Script /etc/ppp/ip-down started (pid 1933) Nov 25 08:54:04 firewall pppd[8591]: Connection terminated. Nov 25 08:54:04 firewall pppd[8591]: Connect time 1.1 minutes. Nov 25 08:54:04 firewall pppd[8591]: Sent 446 bytes, received 842 bytes. Nov 25 08:54:04 firewall pppd[8591]: Waiting for 1 child processes... Nov 25 08:54:04 firewall pppd[8591]: script /etc/ppp/ip-down, pid 1933 Nov 25 08:54:04 firewall pppd[8591]: Script /etc/ppp/ip-down finished (pid 1933), status = 0x100 Nov 25 08:54:04 firewall pppd[8591]: Exit. Nov 25 08:54:13 firewall pppd[7359]: Sending PADI Nov 25 08:54:32 firewall pppd[7359]: HOST_UNIQ successful match Nov 25 08:54:32 firewall pppd[7359]: HOST_UNIQ successful match Nov 25 08:54:32 firewall pppd[7359]: Got connection: a63 Nov 25 08:54:32 firewall pppd[7359]: Connecting PPPoE socket:
[leaf-user] PPPD in Bering for pppoe and dialin pppd?
I am in the final stages of getting my firewall to answer a dial in pppd connection using a 33K modem. I have found that the pppd supplied with Bering will not answer the call as far as I can tell. I replaced the pppd that was working under a pppoa setup on a USB alcatel modem with another, that would support pppoe with a pass-through modem (DLINK DSL300). Now the part of the dial up that used to work (albeit causing usbdevfs erros all the time and droppng the whole pppd setup, both dialin and pppoa into the can and stop working) no longer does. It comes down to an incorrect options config, or the fact that this version of pppd (patched?) and will not do this job. Can anyone shed any light on the pppd that comes in Bering and its ability to do both the pppoe and dialin jobs, although I am not sure that this is the case at all, very confusing. Regards, Matt --- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Compaq WL200 with Bering.
Dmitri, I have exactly the same as you and my WL200 is working fine. Hostap is included as I remember with bering or at least is available for it. I have only ever managed to talk to it once when I hade the other WL200 running in W2K (wash my mouth out) but when I destroyed this motherboard and installed a new system I cannot get the card to install under W2K again. As I said it did work once, but I know the card is running, as I have seen association in the /var/log/syslog file, once only mind you. Although I have not yet got Bering to bring it up automatically in the boot sequence (broad hint to anyone reading this, please help I ma getting sick of doing this manually!) I manually run after system bootup ip addr add 192.168.6.254/24 dev wlan0 ip link set dev wlan0 upo shorewall restart and hey presto here is what I get firewall: -root- # ip a 1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:a0:24:5c:87:25 brd ff:ff:ff:ff:ff:ff inet 192.168.5.254/24 brd 192.168.5.255 scope global eth0 4: [EMAIL PROTECTED]: NOARP mtu 1476 qdisc noop link/gre 0.0.0.0 brd 0.0.0.0 5: ppp0: POINTOPOINT,MULTICAST,NOARP,UP mtu 1372 qdisc pfifo_fast qlen 3 link/ppp inet 20x.yyy.zzz.aaa peer 20x.abc.def.ghi/32 scope global ppp0 6: wlan0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:50:8b:46:b7:4f brd ff:ff:ff:ff:ff:ff inet 192.168.6.254/24 scope global wlan0 # iwconfig wlan0 wlan0 IEEE 802.11b ESSID:myap Mode:Master Frequency:2.412GHz Access Point: 00:50:8B:46:B7:4F Bit Rate:11Mb/s Tx-Power:7 dBm Sensitivity=1/3 Retry min limit:8 RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality:0 Signal level:0 Noise level:0 Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:0 Missed beacon:0 Its all in the /etc/pcmcia/config # # PCMCIA Card Configuration Database for hostap_cs driver # # config.opts is now included at the very end. In general, it is a # good idea to add things to that file rather than to this one. device hostap_cs class network module hostap_crypt, hostap, hostap_cs card Compaq WL200 version Compaq, WL200_11Mbps_Wireless_PCI_Card bind hostap_cs # Optional configuration parameters for hostap_cs.o module hostap_cs opts channel=1 iw_mode=3 essid=ozpoz ignore_cis_vcc=0 source ./config.opts and /etc/default/pcmcia files PCMCIA=yes PCIC=i82365 PCIC_OPTS=irq_mode=1 CORE_OPTS= CARDMGR_OPTS= Not too hard, I am happy to help you if you want more info (Note to self, get that Wl200 card running in that other OS!) Regards, Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dmitri Gofmekler Sent: Thursday, 6 November 2003 4:55 PM To: Leaf User List Subject: [leaf-user] Compaq WL200 with Bering. Hi, Also small question, is there anyone, who had a success with Bering (my verison is 1.2) and any Prism II wireless card (in my case is a Compaq WL200 PCI version). I'm trying to use hostap driver in managed mode, but card does not seems to see nothing in air, assotiation does not happened. Under Windows same card works well. If someone had a success with it, please write a small overview of your case. Thanks in advance, Dmitri. --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Public Key SSH access
Alex can you please share how you get public key acess to your LEAF firewall, I am interested in doing this to expand my knowledge of ssh and shared key management plus making my access to it easier I am getting sick of password acess. Regards, Matt -Original Message- Alex Rhomberg wrote I provide SSH root access to different persons through public key authentication, where each person has his own keypair Regards Alex --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Public Key SSH access
Thanks Alex will try it out tomorrow. Off to bed, very tired. Qudos to all who make this possible and yourself for sharing it with others! Regards, Matthew Australia -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Alex Rhomberg Sent: Wednesday, 8 October 2003 9:18 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [leaf-user] Public Key SSH access Alex can you please share how you get public key acess to your LEAF firewall, I am interested in doing this to expand my knowledge of ssh and shared key management plus making my access to it easier I am getting sick of password acess. Sure The main benefits of public key access are - improved security (need private key and passphrase) - different passphrases for different users - same password on different firewalls for each user, but - different users get root access to different firewalls. - No root passwords - ssh-agent What we did: 1. Change /etc/ssh/sshd_config: Protocol 2 #Protocol 1 is not secure AuthorizedKeysFile /etc/ssh/pubkeys/%u.pub #Root Pubkeys are in /etc/ssh/pubkeys/root.pub HostbasedAuthentication no #We don't do this PasswordAuthentication no #no passwords 2. Create keypairs on your workstation. Do not share keypairs between persons. See ssh-keygen http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen You can also create a key in PuTTy 3. Append the publickey(s) to /etc/ssh/pubkeys/root.pub on your firewall. With OpenSSH, the pubkey usually is in ~/.ssh/id_rsa.pub Our root.pub looks like ssh-rsa B3NzaC1yc2asnip hans ssh-rsa B3NzaC1yc2bsnip peter ssh-rsa B3NzaC1yc2csnip fritz 4. Profit!! HTH Alex --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] pppd version 2.4.1 problems dial in server
I have a Bering 1.2 firewall with pppoa on a alcatel speedtouch USB modem. Now I am trying to set this up as a dial in ppp server as well, problem is I suspect pppd is no good for this. My reasoning is this, if I try to invoke it from mgetty all I get is this: Oct 5 21:53:20 firewall pppd[21234]: Exit. Oct 5 21:53:29 firewall pppd[17884]: pppd 2.4.1 started by root, uid 0 Oct 5 21:53:29 firewall pppd[17884]: Couldn't set tty to PPP discipline: Invalid argument Also if I try to invoke it form the command line I just get a CR, no ppp data is seen as I might expect. I have pppd version 2.4.1, can anyone suggest a fix for this, ie an older version of pppd or even a newer one that might what I require of it! Regards, Matt --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] VT100 problems
A dumb question as the topic suggests, why am I getting this when using vi or even when trying to start minicom. It is clearly a terminal emulation issue, but where is it fixed? Am I missing a file somewhere? Terminal entry not found in terminfo 'vt100' not known. Available builtin terminals are: builtin_ansi builtin_xterm builtin_iris-ansi builtin_dumb defaulting to 'ansi' Many thanks, Matt --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] A second ppp device
I have a Bering 1.2 setup using pppoa which uses ppp0 as its external device. I would dearly like to have a ppp1 and ppp2 device for dialin and other tasks, can someone (Jacques?) please help. I have declared interfaces like this auto ppp0 iface ppp0 inet ppp pre-up mount none /proc/bus/usb -t usbdevfs pre-up sleep 2 pre-up modem_run -f /lib/modules/mgmt.o -m pre-up sleep 1 provider adsl auto ppp1 iface ppp1 inet ppp provider dialin auto eth0 iface eth0 inet static address 192.168.5.254 masklen 24 broadcast 192.168.5.255 where /etc/ppp/peers/dialin is a set of options for pppd to use. If I run ifup ppp1 I get ifup: interface ppp1 already configured but I cannot see ppp1 at all. This may be an issue with mgetty not properly calling pppd but I suspect not. I suspoect my lack of knowledge here with Bering. Many thanks, Matthew --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Adding a second ppp device to Bering 1.2
In an attempt to setup a dial in server with my Bering 1.2 box I need to add a dynamic ppp1 for the dial in modem. ppp0 is used by the PPPOA connection on my USB speedtouch modem and it gets a bit upset when the machine trys to use ppp without a second ppp device defined properly. I have mgetty and most other config options set but cannot get a second ppp device to appear drynamically when the modem answers with AutoPPP This is a follow up to my posting two days ago, can anyone advise on this please? With thanks, Matthew --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Speedtouch USB modem and Bering 1.2 - progress
Jacques, so far so good. I have followed the instructions on http://leaf.sourceforge.net/devel/jnilo/manpages/SpeedTouch-HOWTO-en.html and so far I have got to the stage of the ADSL line synching up and telling me I have 512Kb down and 128 Kb upstream. Now it tries to start pppd but as I do not have a ppp0 or even ppp device in my list of network devices it is not getting anywhere. Please pardon my ignorance, but how do I set a ppp device in Bering with it being assigning any parameters, or even automatically dialling, which would be the ideal situation? I gather this whole setup can be put into the network config to do just this? Regards, Matt --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Speedtouch USB modem and Bering 1.2
Thanks heaps Jacques I will test this, but can you check that the speedtch.lrp you have made available is the right one? I have downloaded it and there is no /etc/ppp/peers/adsl script in the package and there is a /etc/speedtouch.conf file. Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jacques Nilo Sent: Wednesday, 28 May 2003 6:51 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [leaf-user] Speedtouch USB modem and Bering 1.2 Le Mardi 27 Mai 2003 13:07, vous avez écrit : Thank you Jacques, I am looking into this as its the only way forward for me. I will keep you posted on progress and perhaps help someone else out in the process. Yes I am using those packages, thanks for the tips, mixing the two pages of instructions will be a learning experience! You and I are about 17 hours apart so there will be significant delays of a day or two or three between responses so bear with me. Merci, Matt Matt: Your E-Mail address is bounced back. I have simplified the speedtouch script which should now run on Bering. There may remain some bugs but you will tell me. 1/ All USB modules must be loaded through /etc/modules 2/ Likewise for n_hdlc 3/ the microcode must be stored in /lib/modules as well under the name mgmt.o (can be redefined in /etc/init.d/speedtouch) 4/ There is no more /etc/speedtouch.conf file 5/ The /etc/ppp/peers/adsl script is provided in the package 6/ ifconfig replaced by ip in the speedtouch script. I think you have to test for the presence of the peer string to be sure the ppp connection is established. The new package is here: http://leaf.sf.net/devel/jnilo/testing/speedtch.lrp Well let me know how it goes. Cheers Jacques --- This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] vpn with dynamic ip (long)
KP and Brock, I too have been looking at this, now my suggestion is to look firstly at a ping check of a single packet to the dynamic dns name of the far end, if it is different to what you either thought it was last time, or different to what ipsec eroute thinks the far end is, tear it down and rebuild. This may require long retries at both ends, unless you time synchronise both ends, (easy) and crontab the jobs to do all this. Only thing holding me back from this is time and a near complete lack of shell scripting knowledge and experience. How does this sound? Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of K.-P. Kirchdörfer Sent: Tuesday, 25 February 2003 11:15 PM To: [EMAIL PROTECTED]; Lynn Avants; [EMAIL PROTECTED] Subject: Re: [leaf-user] vpn with dynamic ip (long) Am Montag, 24. Februar 2003 20:15 schrieb Lynn Avants: On Monday 24 February 2003 11:23 am, K.-P. Kirchdörfer wrote: snip e) tunnels add the tunnels for net-net and gate-gate ipsec net 0.0.0.0/0 vpn,vgw snip Is this setup esp. shorewall changes secure or did I opened pandoras box? Thanks for the thorough description! The tunnel description with 0.0.0.0/0 would really be the only security consideration is see. Although this _is_ the suggested method and still forces authentication (RSA in your case), IIRC Shorewall will support a DNS name in leui of ip address. Tom does not suggest using DNS names, but it may be safer IMHO if you feel it is necessary. Otherwise what you have is the typical suggestion and will work as you have noted. I like to hear that :) Yes I know Tom's suggestion about DNS names, but I have to use them, as there is no public available fixed ip anywhere in this setup... thanks kp --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Need help w/ 3c509 NICs
As was recently said by someone else (Jeff?)you do NOT need to use either an IRQ or a memory address. The cards should be set to have PNP turned off, define an IRQ and memory range using the 3c5x9cfg.com file found on disk 2 of the 3COM utilities floppies. Then just specify 3c509 in your modules.conf once and the cards will load in increasing MAC address order. Insert them in the ISA slots in this MAC order for more sensible management. I have this config running in my P75 firewall, and have had it running in Eigerstein on a 486/66 as well. There is no magic to it, just uniquely define the cards in terms of IRQ and port address, disable PNP and use them happily. Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeremy A Tourville Sent: Wednesday, 15 January 2003 1:32 PM To: [EMAIL PROTECTED] Subject: [leaf-user] Need help w/ 3c509 NICs Many thanks to all those who posted to me about my problems with my 3c509 NICs! I finally got the right module and it works great only about half the time. I'm guessing I need to specify my IO for both of them. (Both are 3c509). My BIOS doesn't support reserving an IRQ for ISA as someone suggested. It is an old Phoenix 486 BIOS. A couple people suggested specifying the IRQ. Does it make a difference if I use IO or IRQ to get the drivers to load right? When the NICs don't come up I get the message- insmod init_module: 3c509: operation not supported by device. The module I am using now is from the 2.4.18 site of Jacque, I made sure the versions were the same this time just in case there was a difference. While I could just reboot enough times to get both to come up I would think there must be a simpler solution. What is the syntax for specifying two NICs IRQ or IO. Presently my config file only lists the needed module with no reference to IO or IRQ. Many thanks in advance for your help. --- This SF.NET email is sponsored by: Take your first step towards giving your online business a competitive advantage. Test-drive a Thawte SSL certificate - our easy online guide will show you how. Click here to get started: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.NET email is sponsored by: Take your first step towards giving your online business a competitive advantage. Test-drive a Thawte SSL certificate - our easy online guide will show you how. Click here to get started: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] kernel mode pppd problems
Could someone please help me here, I have upgraded to Dachstein v1.02 and would like to run pppd for a dialin service. However I have the following message coming back at me when I try to run # /usr/sbin/pppd ioctl(TIOCSETD(PPP)): Invalid argument(22) /usr/sbin/pppd: This system lacks kernel support for PPP. This could be because the PPP kernel module could not be loaded, or because PPP was not included in the kernel configuration. If PPP was included as a module, try `/sbin/modprobe -v ppp'. If that fails, check t I have the ppp.lrp module that came with Dachstein, so just what is happening here? I must admit to being a bit tired of recent and hence a bit muddled. Many thanks, Matt My apology for posting to the list admin, slip of the finger! --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] leaf-bering with isdn an mppp
Markus, did you get an answer on this one? I have done this, but have not got recent experience with it. I can let one of my friends know about this, he managed to box after I changed it, and he can answer it very well. It is not a very hard thing to do from memory, even I did it! We ran a netjet 128kb ISDN card with two 64 kbit channels using mppp. Works well, although dialling of ippp1 must be paused while ippp0 is negotiated before mppp is initiated. Needs some scripting to fix. btw I am in Australia. Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Markus Koelle Sent: Tuesday, 17 September 2002 1:52 AM To: [EMAIL PROTECTED] Subject: [leaf-user] leaf-bering with isdn an mppp Hello, my leaf-bering box 1.0rc3 with E. Wolzaks isdn.lrp works very well as isdn-router. In order to increase the bandwidth, MPPP (channel-bundeling of the 2 B-channels) would be nice. Has anybody succeeded with leaf-bering and isdn-mppp (=channel bundling) ? Is there an ibod.lrp working with bering? Sincerely M. Koelle --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Dachstein /Bering and Speedtouch USB ADSL
Well the only thing that looks like stopping both Dachstein and Bering is the compilation of CONFIG_USB_DEVICEFS into the kernel. This allows usbdevfs support. Jacques pointed this out on Aug 23 and I learnt this the hard way. He points this out in his email but I found this after the fact while looking for Jeff Newmillers' mail some weeks ago. Thank you Jacques. Now has any kind soul compiled 2.2.19-3 for this? If not is there someone out there prepared to do this? The kernel config files are available from Charles' site and may I would suggest a full blown IPSEC IDE kernel be made. That way all can benefit in some way, lets face it if they are doing USB they're going to have more than one floppy. I look forward to hearing from someone, please? Matt --- In remembrance www.osdn.com/911/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Alcatel USB Speedtouch on Dachstein
As the subject says, I am attempting to get a USB Speedtouch DSL modem on Dachstein, and ignorance is getting in the way. I have usbcore and usb-uhci loading from the speedtch.lrp module that Jacques has on his Bering pages. Having loaded speedtch.lrp I cannot find any binary for the modem, or a module to load for it. USB is working (as always thanks to Charles and the other developers) the modem has its USB lights on. Can anyone shed light on this situation / config? Always something new to learn isn't there! Matt --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] IPSEC Howto for LRP
This is it, thanks to all who answered! Wonderful work guys and girls. Lynn's howto with Chad's windows setup info makes a great combo. IPSEC Its working!! Thanks heaps, Matt I think the doc you are talking about is this ipsec howto, courtesy of Lynn Avants, which describes four different scenarios for ipsec setup. I cannot, however, find it anywhere on the site. Lynn? Have a link for us to the current version? Also, perhaps we should consider merging the documents, since mine is a little light on actual ipsec configuration, but has some pretty good stuff on certificates and Windows 2000 configuration. Or we can just steal each other's good parts and have two docs in different places! Thanks, Chad # start of HowTo ### # Basic IPSec VPN HowTo ## By Lynn Avants Virtual Private Networking (aka VPN) is very popular for low-cost connections between remote offices, employees that need a connection to the company LAN from home, --- This sf.net email is sponsored by:ThinkGeek Two, two, TWO treats in one. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] IPSEC Howto for LRP
A while ago I saw a HOWTO on implementing IPSEC on LRP with 4 different scenario's, may have been on Jacques' web site on sourceforge. Now I cannot find it for the life of me, there is plenty of other documentation around but it was the easiest read. I have IPSEC up and going sort of, but I want to add road warrior support (as it is called) as well. Any help here gratefully received. Matt --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering rc2 + ppp server : anyone done this?
Matt, Have done this on Eigerstein, the mgetty.lrp was a bit tricky to find, but ppp was suitable as it was on the version of Eiger I had, it works wonderfully. Email me offline for mgetty if you want it, I would see no reason why it will not work on most distributions. Matthew Actually, the instructions for 2.9.4 aren't too far off - I used what I had set up 2.9.4/2.9.8, and copied the ppp.lrp and mgetty.lrp directly to Dachstein. The only real change was using the larger Dachstein kernel that had serial support compiled in. You will probably need to find new modules (ppp.o, slhc.o). I'd try the old pppd and mgetty to see if they work, and if not use the same scripts but replace the compiled parts (pppd and mgetty) with Bering versions.. Or, they might work - don't know. Good Luck, Jon French Matt Russell wrote: Just as the subject says, wondering if anyone has successfully setup a PPP server (single line) with bering rc2. Anyone know of a how-to URL? The only thing I could find was instructions for LRP 2.9.4, whose packages obviously won't work with bering. thanks, matt ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [Leaf-user] PPP(oE) standards
Works like a treat, have been doing it for some time, running DNS2GO and svi network ipfilter reload as well in ip-up, my address is dynamic and changes often and it works very well, reboots as well. Give it a try. Matt example follows # Main Script starts here run-parts /etc/ppp/ip-up.d svi network ipfilter reload dns2go # last line -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ewald Wasscher Sent: Tuesday, 22 January 2002 9:42 PM To: David B. Cook Cc: Tom Atwater; Eric Wolzak; [EMAIL PROTECTED] Subject: Re: [Leaf-user] PPP(oE) standards David B. Cook wrote: Killing the pppd appears to restart a new version and re-run the filters. Also, a reboot appears to be no worse for the wear with this change. I will keep you informed the first time the ISP drops the connection such that it renegotiates the address without my intervention. Yes please do so! Thank you for the patience testing this all. Ewald Wasscher ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Compaq NIC driver
Definitely the pcnet32 for the AMD chipset, have done several of these and its working well. Only that I got 400MB HDD's, bugger, too far away from the action. Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Etienne Charlier Sent: Saturday, 10 November 2001 7:19 PM To: jason idleman; [EMAIL PROTECTED] Subject: Re: [Leaf-user] Compaq NIC driver Did you tried pcnet32.o it worked for me on an deskpro p133 ??? Regard Etienne - Original Message - From: jason idleman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, November 10, 2001 9:19 AM Subject: [Leaf-user] Compaq NIC driver I am trying to turn an old Compaq DeskPro 575 in to a router. I am using the EigerStein2BETA disk. The computer is a Pent. 75 with 16 Meg Ram and a 600 Meg HD. It has a built in 10 megabit NIC I need to activate to make this whole thing work. I have already added a 3Com and it lights up fine. I need to know where to get the module for this NIC. I think it is tlan.o, but I can't find it. On a second note, I also want to make this puter the print server. using either an HP Deckjet 682C, or the Epson Sylus Color 440. Any advice on this? -- Get your free email from www.uymail.com Powered by Outblaze ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
