Re: [leaf-user] TCP Destination port DPT=2703 Blocked by Bering uClibc 2.3.1
Kwon wrote: Hi, Can someone please have a look at the following from shorewall.log and provide an opinion? Thanks! Dec 4 23:29:24 ns1 Shorewall:all2all:REJECT: IN=eth2 OUT=ppp0 MAC=00:0d:88:31:4b:f5:00:11:d8:36:96:70:08:00 SRC=192.168.73.76 DST=66.151.150.12 LEN=60 TOS=00 PREC=0x00 TTL=63 ID=37883 CE DF PROTO=TCP SPT=46121 DPT=2703 SEQ=3732997805 ACK=0 WINDOW=5840 SYN URGP=0 Dec 4 23:29:26 ns1 Shorewall:all2all:REJECT: IN=eth2 OUT=ppp0 MAC=00:0d:88:31:4b:f5:00:11:d8:36:96:70:08:00 SRC=192.168.73.76 DST=66.151.150.12 LEN=60 TOS=00 PREC=0x00 TTL=63 ID=7041 DF PROTO=TCP SPT=46122 DPT=2703 SEQ=3746991562 ACK=0 WINDOW=5840 SYN URGP=0 Looks like someone is trying to connect to a Systems Management Server 2003, using your internal ip 192.168.73.76. Look for the heading: Port requirements: SMS Remote Control System service: Wuser32 http://support.microsoft.com/default.aspx?scid=kb;en-us;826852 -- Patrick Benson Stockholm, Sweden --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Setting up DHCP internal and external. How hard can it be?
Patrick Andersson wrote: Hello. I'm migrating from Bering 1.0 to Bering uClibc 2.2.3. The reson for that is that ComHem (Swedish Cable modem ISP) is switching from NeMo modems to WebStar modems and the 1.0 doesn't work. Somwhere I read that pump is a problem, so I thought I change to something newer, Bering uClibC 2.2.3. Making such an upgrade can be cumbersome, if you're not ready for the time it takes. If that's the only reason for making an upgrade why not just switch your pump.lrp package to dhclient.lrp or the dhcpcd.lrp? That takes only a few minutes.. You will also need the DHCP server for your internal network, dhcpd.lrp. Configure dhcpd.conf to match your subnet(s).. http://leaf.sourceforge.net/packages/glibc-2.0/ http://sourceforge.net/project/showfiles.php?group_id=13751 I have a cable modem and want the eth0 to get its configuration via DHCP. I have an internal network, eth1, with WinXP computers which I want to receive their configuration via DHCP. I have read the manuals and setup everything so it should work, but the WinXp computers can not get any DHCP configuration. How shall I configure the firewall/gateway and internal LAN PCs if for example I want the gateway, internally, to be known as portellen.islay 192.168.1.1 or 192.168.1.254 and the internal computers as e.g. ardbeg.islay on network 192.168.1.X? You can asume I got the original setting from the disk image. The only changes are so that I only can connect through a serial line (COM1). Took a while before I realised I hade to boot on another computer to change the settings so I could boot on a computer without a graphical display. I know I should send printouts of my settings but I'm a bit frustrated after spending 20 hours and getting nowhere... It shouldn't be needed to read five different manuals to get nothing to work. /patrick It's much easier doing a minor upgrade than a major oneand saves lots of time. -- Patrick Benson Stockholm, Sweden --- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] stupid linux question
cpu memhd wrote: Thanks everyone for the help. I will certainly look into your suggestions. I wish I could elaborate more but I've been very busy. Basically, I find myself typing the same information (IP address, subnet, broadcast, etc) in many different places. I will be rolling out about 20 leaf boxes. About 15 of them will have near identical configurations. It is important to keep things as abstract as possible. So I plan to use environment variables wherever possible. Why not create a basic image which matches those 15, as close as possible, then install the image on them and polish it off with the little amount of editing which may be needed at the end? -- Patrick Benson Stockholm, Sweden --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] gcc for Bering 1.2
[EMAIL PROTECTED] wrote: Hello, is it possible to install a gcc compiler on a Bering 1.2 system? thanks If you're going to install it on an existing system wouldn't be wise, try using the guidelines on creating a virtual environment instead. Very nifty way to create binaries... http://leaf.sourceforge.net/devel/jnilo/uml.html -- Patrick Benson Stockholm, Sweden --- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ssh access from inside being rejected.
Glenn A. Thompson wrote: Hey, I installed the sshd module on my bering 2.2.1 test box and gernerated keys etc. I can't seem to connect to it from my local network. I'm running my local network on 192.168.10.0/24. That caused me some grief on a few other packges until I changed their configs. But from what I can tell I've got all that fixed up OK. I can connect to the fw weblet application no problem. When I try to connect to the sshd from the internet I see stuff in my logs as I would expect. When I do it from the loc network I see immediate rejects and I can't find anything in any logs. So I installed the ssh client on the firewall. If I try to connect to localhost I just hang there. If I try to connect to the loc interface I get reject UNKNOWN. I've looked through the rules and it seems like it should work. I even changed the interfaces file under shorewall to be more explicit about the loc and fw interfaces. Any clues? Any more information I should provide? Thanks, glenn What does your output look like when you turn on verbose mode: ssh -v host and how is your sshd_config configured? We'll need that to begin with.. If you have changed other configuration files, other than those connected with ssh, sshd you'll have to provide info with that as well. Is sshd actually running? Try netstat -an and ps ax and see what gives.. Regards, -- Patrick Benson Stockholm, Sweden --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ssh access from inside being rejected.
Glenn A. Thompson wrote: I set the log level to debug in the sshd_config file. It forks a child and seems to negotiate a protocol level and then no more log entries. It may just be dying. Again any clues would be helpful There are two FAQ's that may be helpful: http://www.snailbook.com/faq/ http://www.openssh.com/faq.html Regards, -- Patrick Benson Stockholm, Sweden --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Shorewall rfc1918 list
Erich Titl wrote: Hi everybody Networks 83.0.0.0 and 84.0.0.0 have been assigned to RIPE last year. In my version (1.4.8) of shorewall these networks are still blocked by the rfc1918 rules. It it probably worthwhile to remove these two networks from /etc/shorewall/rfc1918 if they should still be there. Erich, Shorewall 2.0.1 and later uses a file called bogons that lists the IP ranges reserved by the IANA while the rfc1918 file will only apply to those three ranges that are reserved by RFC1918 so any up-to-date modifications that apply to IANA range listings will be found in the bogons file. http://shorewall.net/pub/shorewall/errata/2.0.8/bogons http://www.completewhois.com/bogons/ Regards, Patrick -- Patrick Benson Stockholm, Sweden --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Problems with telnet (Bering 1.0)
Henning Jebsen wrote: I tried a different approach: I simply copied in.telnetd and libncurses.so.5 from another maschine (same kernelversion) to the leafbox. Modifications to inetd.conf and that stuff. Now telnetd is running, port 23 TCP is open for local access. I can connect to the firewall, but it closes the session before login. Right after telnet IP-ADRESS the connection is closed by foreign host. /var/log/[messages|syslog|auth] is complaining nothing, just realizes correctly the attempt of login via telnet. Trying 192.168.1.1... Connected to fw. Escape character is '^]'. Connection closed by foreign host. What am I missing ? hosts.allow is set correctly because I can connect to weblet, which is also run by inetd. Any hints ? Any more libraries needed ? Telnet did only comlain about libncurses.so.5 which I did provide. You may want to check your syntax in hosts.allow,deny more thoroughly, sounds like the same symptoms with ssh connection failures: http://www.snailbook.com/faq/libwrap-oops.auto.html Have you tried connecting with netcat (nc)? -- Patrick Benson Stockholm, Sweden --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] DHCPCD and private IP
M Lu wrote: Hi, I use Comcast and their modem seems to be a DHCP server giving out private address. Normally my LEAF would get public IP but if I had power down and then the power comes back, I get private IP on my external interface. I need to reboot the LEAF machine to get the public IP, because renewing would get me the same private IP. I do not understand why sometimes I get private and sometimes I get public? Is there anyway to keep renewing until I get public IP? Your cable modem should be configured to use an internal ip itself so try and access the modem's software by pointing a web browser to its address. The ip 192.168.100.1 is a common one. Most cable modems these days have a configuration manager where you can manually configure certain items, like Frequency Plan, Upstream channel and also a DHCP Server. Just untick the DHCP Server box (if you have one) and restart the modem. Leave the modem on permanently if you feel upstart times are a nuisance...then you shouldn't have any ip issues with the LEAF box. It's better to use the dhcpd package instead if the need arises... -- Patrick Benson Stockholm, Sweden --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering 1.2 doesn't renew dhcp leases to internal hosts
Dr. Richard W. Tibbs wrote: OK, -- I have searched the mail archives, the FAQs, the user and installation guides, and this was automagically done with Dachstein -- How do I configure dhcpd to serve on eth1? (How do specify the dhcp option on eth1)? R. In the Packages configuration menu choose *shorwall*. Then, when you're in the shorwall configuration files section choose: 3) IfacesShorewall Networking Interfaces and then look at the bottom of the file, add dhcp under OPTIONS: #ZONE INTERFACE BROADCAST OPTIONS loc eth1detect dhcp Just like Tom said. All of the documentation that you were looking for is actually inside that single file... Regards, -- Patrick Benson Stockholm, Sweden --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] udp masq entry and dns abuse
greg gede wrote: Lately i'm having problem with udp masq entry in my internet leaf-router with a lot of messages like this: IP_MASQ:ip_masq_new(proto=UDP): could not get free masq entry (free=36864) Just like Luis and Ray I will also be doing some guessing, it seems that you have had this problem earlier, according to the mail archive - http://sourceforge.net/mailarchive/forum.php?thread_id=3802081forum_id=5483 - which assumes you are still using the Dachstein CD. It's mentioned in the docs that you should increase the cache more than its default size of 1 Meg if you are running a large network. http://leaf.sourceforge.net/devel/cstein/Packages/dnscache.htm (Nr.6) here's my network looks like : - --- |leaf-router| |RH9 squid dnscachex| to -|eth0 eth1|---|HUB|--|eth0 eth1| internet| | | | - --- | | |switch| | | | subnet A - | | | subnet B --- | | subnet C --| everytime i stop dnscachex, the messages also stop. am i having dns abuse from my internal network? or is it because there are too many clients in my internal network? how do i deal with it? As Luis and Ray have already mentioned, dnscachex should not be running on the RH9 box but only on the LEAF router since it is designed as an external cache service. It can be done, yes, but it can get to be quite tricky to administer for a large network. If you have dnscache already running on the LEAF box just disable the dnscachex service on RH9 - http://cr.yp.to/daemontools/faq/create.html#remove The documentation at Mr. Bernstein's site is quite straight forward and easy to grasp if DNS issues seem to be confusing at times... http://cr.yp.to/djbdns.html -- Patrick Benson Stockholm, Sweden --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Re: [leaf-user] What do DNS0 and DNS1 A0do [Bering]?
j d wrote: Thanks for the links; I had no idea, although I probably should have known, that DNScache was that smart. Now, if only I could get myself to that point. -joe Shouldn't be any problem. Bering doc for dnscache is at: http://leaf.sourceforge.net/devel/jnilo/dnscache.html and you can find the the uClibc version of tinydns here: http://leaf.sourceforge.net/mod.php?mod=userpagemenu=91004page_id=40 since you're using 0.9.15. Just set dnscache to listen on your internal card's ip and tinydns on the local loopback, 127.0.0.1, then you're off! Regards, -- Patrick Benson Stockholm, Sweden --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering lost it's NICs
Jacques Nilo wrote: Le Lundi 1 Septembre 2003 22:34, Francois BERGERET a écrit : Hi all Not much time for the list right now :-( The following pb sounds strange to me. The main common point between 1.1 and 1.2 is the 2.4.20 kernel so it would be interesting to see if the pb occurs with 1.0-stable. Can any of you test that ? Also this seems to be PPPoE related since my connection here (cable modem through an Intel ethernet interface) has been running without any pb for weeks (which has also been the case for most Bering user's I suppose otherwise I would have heard about it earlier I guess ...) Any PPPoE users around with that kind of problem ? Eric ? Difficult for me to think about a problem I cannot reproduce. So I am open to any suggestion Jacques Hi Jacques, They both seem to have the same common denominator: The NIC's make and model are the same on all of their machines.maybe problems with the ip hitting the *correct* external NIC? Just wondering -- Patrick Benson Stockholm, Sweden --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] What do DNS0 and DNS1 do [Bering]?
j d wrote: Okay, this might be a total newb question, but I've been looking around for a tip and can't seem to find it. I've got a Bering V1.2 uClibc-0.9.15 box up and running, pretty much as a defualt firewall. Connectivity is good, now I'm just trying to make sure it's actually WORKING as a firewall, which is a different post altogether. My question concerns dnscache and the correct way to resolve nameservers on the internal network. I'm running dnscache to refer to my ISP's pri/sec upstream nameservers with FORWARDONLY set, of course. I'm not running BIND or tinyDNS on the local net, as I simply haven't figured out how yet. ANYway...those 2 nameservers I've put into the dnscache config (via the lrcfg menu) show up in etc/resolv.conf file - along with another address in the same range, which I'm assuming for the moment is all right. My question is this: if the file /etc/dnscache/env/DNS1 contains the identities of the nameservers that I entered, what the heck are all the address in DNS0 doing? this file reads: * # cat /etc/dnscache/env/DNS0 |more 198.41.0.4 128.9.0.107 192.33.4.12 128.8.10.90 192.203.230.10 192.5.5.241 192.112.36.4 128.63.2.53 192.36.148.17 198.41.0.10 193.0.14.129 198.32.64.12 202.12.27.33 * ...I can genuinely say I haven't put ANY of those in there. Can anyone suggest what's going on? If I've failed to provide enough info for this particular question, please berate me. Thanks for your help. -joe They are root name servers, even your ISP is dependent on them. There's lots of documentation at D. J. Bernstein's site: http://cr.yp.to/djbdns/dnscache.html Look under Resolution and caching policies and it will answer your question. And how does DNS work, in a simplified manner: http://cr.yp.to/djbdns/intro-dns.html -- Patrick Benson Stockholm, Sweden --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering kernel panic 1.2
zamri wrote: Jeff, I had experiences the same problem with bering 1.2 as you did a couple of week ago and after a couple of 'try and error' I had guess that it was a hardware problem ( mine was probably a NIC problem ). What I encountered is, the system works fine if I unplug the network cable but will pop-up the kernel panic messages if I plug the cable on NIC. Maybe anyone on the list could explain this :) I still don't know the exact problem why this was happen ( since using all this NIC on M$ machine works just fine ) My system was IBM 300PL with pentium II 350Mhz and 128MB RAM. Problem NIC was D-Link 538TX with rtl8139 chipset. Hi Zamri, You will probably have to go into details with your trial and error bit. :) If you take a look at your local D-Link web page you will see that there is no available Linux support for your specific NIC: http://www.dlink-intl.com/technical/drivers.nsf/LAN+Adapters+on+web?OpenViewStart=1Count=30Expand=14#14 although Windows support abounds everywhere. It's usually better to just buy one of the common cards which has lots of driver support. If someone asks me if their network card has support with Linux there is usually two places to look at as references, the documentation that is shipped with the kernel that the person will be using and Donald Becker's site http://www.scyld.com/network/ - if it's not listed there then it's a good time to try writing one's own driver! :) There are so many ways in getting kernel panics but Jeff's own problems remind me of a time when I was installing Slackware with the 2 floppy disk setup, before the bootable CD iso's started coming out. The first disk was the bootdisk with the kernel loading then when that was finished one was prompted with the second disk, the rootdisk. It happened at times that I got a kernel panic because the root filesystem was corrupted when its loading was finished, the problem being that the floppy had physical errors. Switching from the standard 1440 to 1680 and vice versa, formatting them back and forth, made them go berserk! :) The line where he is starting to have problems is where virtual space is addressed. Since I didn't gather if Jeff was using one floppy drive on one machine and two drives on the other I would suspect that the problem could be having to do with the line: PKGPATH=/dev/fd0u1680,/dev/fd1u1680 where he may have needed the diskwait=yes option instead, used for the single floppy drive setup. http://leaf.sourceforge.net/doc/guide/bubooting.html which sort of reminded me of my own previous problems...that's just guessing, though. Regards, -- Patrick Benson Stockholm, Sweden --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Problem installing Via Network card
Simon Chalk wrote: Hi Julian, I tried your suggested driver but it failed when using insmod with the following error unresolved symbol request_region Funnily enough if I try the pci-scan and via-rhine combination it installs without errors using insmod, but I don't see the the ethernet interface appear when I view using ip addr. So maybe the via-rhine is the correct driver, but there is smoe further setting required. Regards, Simon. Have you tried inserting the mii.o module as well? http://www.scyld.com/diag/index.html -- Patrick Benson Stockholm, Sweden --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Interesting Issue?
David Pitts wrote: Just a bit more. The connection is made from a client provided by the Tax Office. However, on their website they say that to use the software you must have a browser capable of 128 bit SSL installed, so its possible they're using the browser protocol (HTTP?) and port. Just curious, David, what's the relationship of the client provided by the Tax Office with the browser? Is it some sort of plug-in or is it a standalone? Most of the major browsers of today support 128 bit, I'm still using Netscape 4.8, which uses 128-bit, to reach my own bank I don't even know for sure that the thing will work through a NATted firewall at all. If you initiate the connection from your own side of the firewall surely you must have it configured to accept reply packets. I use IE 5.5 and/or Netscape 4.8 to do tax returns here in Stockholm, with either Dachstein-ipchains or Slackware-Shorewall, no problems. It's only a https connection. Maybe your client needs authentication via certificates, popular with the banks. Does the lack of any relevant entries in my log (shorewall.log) mean that there is no relevant traffic being blocked? I do have some shorewall.log entries showing rejected connections. Should every rejected attempt to access any port be logged, unless there is a statement that specifically stops the logging? What I need to know is whether the lack of logs means there is no blocking or I'm not logging the right thing. It's difficult to say without seeing an excerpt from your logs. Regards, -- Patrick Benson Stockholm, Sweden --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Problem installing Via Network card
Simon Chalk wrote: Hi All, I am trying to get the following network card installed with Bering 1.2 Via VT6103 (Via Tahoe) This is an embedded card on the PC motherboard. I have tried using the via-rhine module, but it does not get detected. If I use insmod via-rhine, I get the following error insmod: unresolved symbol pci_drv_unregister insmod: unresolved symbol pci_drv_register Please can anyone help, or suggest the correct module I should be using. Sounds like you need to insert the pci-scan.o module first, Simon. -- Patrick Benson Stockholm, Sweden --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] UDP Port 1191
Jim Hubbard wrote: Is this the script kiddie port du jour just for me or has anyone else been getting a whole buttload of hits on udp1191? Starting to look like a virus there's so much traffic from so many hosts. Sincerely, Jim Hubbard You might want to consider visiting Dshield http://www.dshield.org/ and try popping in various ports you may find irritating in their database http://www.dshield.org/port_report.php and there's The Internet Storm Center http://isc.incidents.org/ Like Jeff pointed out why not run ethereal, you may even be able to start submitting your own findings... -- Patrick Benson Stockholm, Sweden --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] MicroPC
bino-psn wrote: Hi .. http://www.norhtec.com/products/gp/index.html Stefaan Dead link. I could not open it. Sincerely -bino- Well, bino, Stefaan's link works just fine from over here. It might be a DNS resolving issue at your end... -- Patrick Benson Stockholm, Sweden --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Trouble getting started
On Tuesday 24 June 2003 15.09, Somerlot, Chris wrote: I'm using a P75 w/ 32mb ram and 2 3Com509 cards to try and setup a Bering 1.2 router box. I have one computer (a laptop w/ PCMCIA ethernet card) attached to eth1 via a crossover cable, and I can't ping back and forth to the router, or connect to the weblet, the ethernet card lights come on but don't blink. How do I know the connection is good, router setup correctly, etc before I connect my cable modem to the router? The only thing I changed on the router was to uncomment the 3C509 line in the module conf file, backup and reboot. Thanks Chris That's difficult to diagnose if you leave out the specifics: http://leaf.sourceforge.net/mod.php?mod=userpagemenu=11page_id=4 One of them being: Below is the messages log: Jun 23 19:40:40 firewall syslogd 1.3-3#31.slink1: restart. Jun 23 19:40:40 firewall kernel: klogd 1.3-3#31.slink1, log source = /proc/kmsg started. Jun 23 19:40:40 firewall kernel: No module symbols loaded. Jun 23 19:40:40 firewall kernel: BIOS-provided physical RAM map: Jun 23 19:40:40 firewall kernel: 32MB LOWMEM available. Jun 23 19:40:40 firewall kernel: Initializing CPU#0 Jun 23 19:40:40 firewall kernel: Memory: 30128k/32768k available (948k kernel code, 2252k reserved, -1176k data, 64k init, 0k highmem) Jun 23 19:40:40 firewall kernel: Dentry cache hash table entries: 4096 (order: 3, 32768 bytes) Jun 23 19:40:40 firewall kernel: Inode cache hash table entries: 2048 (order: 2, 16384 bytes) Jun 23 19:40:40 firewall kernel: Intel Pentium with F0 0F bug - workaround enabled. Jun 23 19:40:40 firewall kernel: Checking 'hlt' instruction... OK. Jun 23 19:40:40 firewall kernel: PCI: PCI BIOS revision 2.10 entry at 0xfd9a1, last bus=0 Jun 23 19:40:40 firewall kernel: PCI: Using configuration type 1 Jun 23 19:40:40 firewall kernel: PCI: Probing PCI hardware Jun 23 19:40:40 firewall kernel: Limiting direct PCI/PCI transfers. Jun 23 19:40:40 firewall kernel: Linux NET4.0 for Linux 2.4 Jun 23 19:40:40 firewall kernel: Based upon Swansea University Computer Society NET3.039 Jun 23 19:40:40 firewall kernel: Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ DETECT_IRQ SERIAL_PCI enabled Jun 23 19:40:40 firewall kernel: ttyS00 at 0x03f8 (irq = 4) is a 16550A Jun 23 19:40:40 firewall kernel: ttyS01 at 0x02f8 (irq = 3) is a 16550A Jun 23 19:40:40 firewall kernel: Real Time Clock Driver v1.10e Jun 23 19:40:40 firewall kernel: Software Watchdog Timer: 0.05, timer margin: 60 sec Jun 23 19:40:40 firewall kernel: Floppy drive(s): fd0 is 1.44M Jun 23 19:40:40 firewall kernel: FDC 0 is a National Semiconductor PC87306 Jun 23 19:40:40 firewall kernel: NET4: Linux TCP/IP 1.0 for NET4.0 Jun 23 19:40:40 firewall kernel: IP Protocols: ICMP, UDP, TCP, IGMP Jun 23 19:40:40 firewall kernel: IP: routing cache hash table of 512 buckets, 4Kbytes Jun 23 19:40:40 firewall kernel: TCP: Hash tables configured (established 2048 bind 2048) Jun 23 19:40:40 firewall kernel: NET4: Unix domain sockets 1.0/SMP for Linux NET4.0. Jun 23 19:40:40 firewall kernel: RAMDISK: Compressed image found at block 0 Jun 23 19:40:40 firewall kernel: Freeing initrd memory: 401k freed Jun 23 19:40:40 firewall kernel: Freeing unused kernel memory: 64k freed No listing of your 3c509 modules, if they're even being loaded... it's just guess work... Regards, -- Patrick Benson Stockholm, Sweden --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] vnc + ssh (was Re: leaf-user digest, Vol 1 #1825 - 4 msgs)
Darcy Parker wrote: Good day Patrick and Lars, As I am fairly new to this, I would appreciate a bit more help. I did read the article above and a few others but I am not 100% sure that I am doing everything correct. Hi Darcy, Trust me, you're not the only one who has encountered this.. :) It's quite a simple solution but can be difficult to grasp at first. I have sshd 3.4p1 OpenSSH sshd daemon installed and I have created the keys. I can access the fw using putty from both loc and from net Something that bothered me was the fact that when I connected from the net all I had to do was trust the connection to be accepted then I logged on as root provided my password and I was at the lrcfg screen. There are several ways in order to do this, since we all have our own solutions, depending on what type of internal network, operating systems we are using, you might, in the end, prefer to do it in a way other than the way I may be doing it. Personally, I prefer to portforward ssh to an internal FreeBSD box, using a normal user account and su to my Dachstein router. I avoid root + password directly to the router from the outside because of various flaws that were detected 1-2 yrs. ago, it's just a precaution that I prefer. I looked at the sshd server system wide configuration file but did not know what to change to prevent just anyone from logging on. Since you have an identity, dsa key that no one else should have access to it would be preferable to disable passwords altogether and only use RSAauthentication. Some of my sshd_config file looks like this: PermitRootLogin no StrictModes yes RSAAuthentication yes PubkeyAuthentication yes PasswordAuthentication no So when I log on I have to give my pass phrase and no passwords will do if that should fail, not even root login is allowed. Also for rules in shorewall I have ACCEPTlocfwtcp22 ACCEPTnetfwtcp22 do I add ACCEPTnetloctcp22 I want to use the web based TightVNC client on the net to connect to the TightVNC server on loc. Can this be accomplished using port forwarding ? If you want to portforward ssh to your internal server it would look like this, I believe, (I still use Seawall on Dachstein): DNATnet loc:internal server tcp ssh I would normally type http://xxx.xxx.xxx.xxx:5800 in a web browser to connect to the TightVNC server. Would I specify port 22 here instead of port 5800? The ssh connection is transparent so don't have to do anything with ssh ports once you have forwarded the vnc ports with the ssh connection. When you start the vncserver on the remote machine you will see a message which would look like this: $ vncserver New 'X' desktop is my.network.domain:1 The number 1 is your first screen that will be listening on ports 5801, 5901. Do netstat -an and you will see that this will be confirmed. The next vncserver will be my.network.domain:2, listening on ports 5802, 5902 and so on. This depends on how your local machine is connecting to the remote machine acting as the vncserver. You will have to read the tutorial, once again, to realize what you are really trying to do, it takes some time getting used to it. What you are actually doing is using the remote server as a local screen, using the ssh tunnel to act as a secure route for the vnc connection. Take a look, once more, at the subtitle More advanced use - http://www.uk.research.att.com/vnc/sshvnc.html - since that example is closest to your solution. Good Luck! -- Patrick Benson Stockholm, Sweden --- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Shorewall Rules and TightVNC
Darcy Parker wrote: Good day all, I am using Leaf Bering (latest ver) and currently have my shorewall rules to allow a TightVNC connection only from a fixed IP address at work. # DNAT to allow TightVNC from Work Only # DNATnet:xxx.xxx.xxx.xxx192.168.1.100:5800tcphttp DNATnet:xxx.xxx.xxx.xxx192.168.1.100:5800tcp5800 DNATnet:xxx.xxx.xxx.xxx192.168.1.100:5900tcphttp DNATnet.xxx.xxx.xxx.xxx192.168.1.100:5900tcp5900 As I am going to be travelling with my laptop, I am woundering if there is a way to configure the rules to allow a TightVNC connection from a spefic MAC address as I will not know what my net IP address will be while I am away. If not from a specific MAC address, then is there another way? Best Regards, Darcy Darcy, I would also suggest the same option Lars proposed, use ssh and portforwarding with ssh acting as the tunnel. Some of the advantages are disabling passwords and using RSAauthentication which can be configured in your sshd_config file, averting the password cracking problem. A properly configured sshd_config file is a powerful complement for your security setup. Another advantage is that you will only be using the ssh port for the connection, instead of opening the standard vnc 5800,5900 ports..and you can use the compression option as well. There's a pretty good tutorial at the realvnc site on how to go about it: http://www.uk.research.att.com/vnc/sshvnc.html Regards, -- Patrick Benson Stockholm, Sweden --- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] What's this guy trying?
Jon Clausen wrote: ... Right. Gotta look up an icmp code 'translation' guide... any good links anyone? http://www.robertgraham.com/pubs/firewall-seen.html#2 Cheers, -- Patrick Benson Stockholm, Sweden --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Testing IPsec pass-through
Tom Eastep wrote: On Tue, 30 Apr 2002, Tom Eastep wrote: Theww things: Great proofreading Tom :) Now, Tom, when are you going to take that break??:-) -- Patrick Benson Stockholm, Sweden
Re: [Leaf-user] Unbelievable
Michael Leone wrote: China has adopted linux because the price of windows products eat too much of their GNP. I thought they created their own distribution of Linux, because they didn't trust that MS would not include NSA backdoors, other phone home/spy on user habits features, etc. Yep, it's called Red Flag Linux: http://www.redflag-linux.com/eindex.html ..and a small article about it: http://www.linuxjournal.com/article.php?sid=5116 -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] sshd and putty loggin with keyfile
Sergio Morilla wrote: My fault I´m usin sshd version OpenSSH_3.0p1 running on DCD 1.02, putty 0.52 I generated the public key using PuTTYgen, SSH1RSA. Then I copied (from puttygen) the public key and pasted it into /etc/ssh/authorized_keys. Saved sshd.lrp and rebooted. When I try to log in again I got: login as: root Sent username root Trying public key authentication. Passphrase for key rsa-key-20020215: Server refused our public key. Any hints?? Some other settings in sshd.config??? Did you check the permissions of the file after copying and pasting the key? OpenSSH is picky when dealing with permissions. If you have a Linux box try ssh -v LEAF-IP and see what the messages say. I usually copy the public key by floppy to /mnt, set the permissions: chmod 644 public.key, then copy that to authorized_keys(2). -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Beep on logged packet?
Robert Sprockeels wrote: . . . _ _ _ . . . ;-) Looks like we're going back to the 1800's and beginning to investigate Morse code. :-) -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] 1680K Dachstein-IPSec floppy
Charles Steinkuehler wrote: Anyone want to compile, package, and test udhcp? A dhcp client server that can fint in about 1/2 the size of just *ONE* of the existing ISC utilities: http://udhcp.busybox.net/ I can compile, but don't have time at the moment to package test... Count me in, Charles, I don't have a slink setup but I could package it and give it a try-out... -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] HELP - UNSUBSCRIBE
Kenny Ton wrote: UNSUBSCRIBE -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Sunday, February 03, 2002 4:52 PM To: [EMAIL PROTECTED] Subject: Leaf-user digest, Vol 1 #607 - 15 msgs Send Leaf-user mailing list submissions to [EMAIL PROTECTED] Please read below: To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/leaf-user or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] Instead of sending a huge 24kb file with one word to a global mailing list community, it would be highly preferable to read the instructions on how to unsubscribe before doing it. Info can be found in your e-mail headers, as well. There are people on other continents other than Europe and North America who have to actually pay for their downloads... Thank you. -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] man page for IP command
Tim Dieterman wrote: Where can I find it? I am using dachstein floppy v 2-19. The help I get from ip --help is incomplete. -Tim Use iproute2 with Googlelots of info there, among them being: http://www.linuxgrill.com/iproute2-toc.html -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Keeping system date upto date
[EMAIL PROTECTED] wrote: The trouble is that the routers time gets screwed up, as it doesnt seem to get updated when it is 'sleeping'. hence the uptime command is way, way off, and worse yet, timestamps on the logs are not accurate either! Looking through /etc/lrp.conf, I have seen a setting there for a date server that would be connected to in order to get the correct time. Has anyone used this? More importantly, can anyone list for me the date servers that they use? I have not ever used one of these before, and am in the Pacific Timezone. Also, what changes (if any) are required in the firewall rules (i.e. are there ports that need to be opened for the server(s) ) Thanks for any replies! Make a visit to Charles site: http://lrp.steinkuehler.net/files/kernels/zoneinfo/ and grab the zone that is closest to your own location. Maybe PST8PDT? Copy it over the /etc/localtime file on your E2B disk, don't forget to back it up. Two servers that haven't failed me yet are 132.163.4.101, 132.163.4.102 - they're the first and second time servers in Boulder, Colorado. Try issuing rdate -s 132.163.4.101 in the console. If it worked your in business. Look in your /etc/crontab and just insert something like this: # m h dom mon dow user command 00 0,6,12,18* * * rootrdate -s 132.163.4.101 and it will sync your comp-clock every 6 hrs., round the clock. :) Now, Matt had a point about hibernation there... ;-) -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Confusing packet in firewall logs
Julian Church wrote: Yeah, it's got one of those pages, but I don't access it using the address 192.168.254.254. But I just now found that browsing to 192.168.254.254 makes the firewall produce packets very similar to the ones I was confused by yesterday in my logs... Jan 16 08:17:44 firewall kernel: Packet log: input DENY eth0 PROTO=6 192.168.254.254:80 217.149.96.2:62984 L=44 S=0x00 I=91 F=0x T=60 (#42) The router then just goes on producing them, and on and on and on - it's still doing it, so mystery solved! Many thanks for the pointers! Can anyone give me advice what to do with these things? I tried adding tcp_192.168.254.254_80 to SILENT_DENY but it doesn't seem to have done the trick for some reason. Also, I think it would be helpful to block requests from my LAN from reaching 192.168.254.254 port 80, so it's harder for anyone to accidentally set the router off doing this. Can anyone help? Is that your model that is shown here? http://www.adslguide.org.uk/hardware/pictures.asp http://www.efficientnetworks.com/products/routbus.html Go into the configuration manager and disable as many items as you can without interfering with the upstream part to your ISP. You probably have DHCP settings installed for a LAN which you don't need, ie. This explains why you get traffic on your external LEAF interface from 192.168.254.254, because it's coming from the ADSL router itself. You seem to have 2 routers trying to do similar tasks which causes odd entries in your log. If you disable those unecessary items on the ADSL router then the LEAF router should handle those tasks instead, with firewalling, etc., and you let the ADSL router act as a pure router, funneling the traffic to LEAF which should be the traffic policeman. I don't use ADSL, myself, so I have to avoid getting into deep water!.. ;-) Hope you resolve the issue!.. -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Confusing packet in firewall logs
Julian Church wrote: Sorry for replying to myself, but although I don't fully understand what was going on I seem to have made the problem stop. At 11:44 15/01/02 +, Julian Church wrote: I'm getting a few of these in /var/log/messages per minute. Jan 15 10:40:14 firewall kernel: Packet log: input DENY eth0 PROTO=6 192.168.254 .254:80 217.149.96.2:61797 L=44 S=0x00 I=23250 F=0x T=60 (#42) I switched the ADSL router's power off then on about an hour ago, and haven't had any of these packets since. I was getting several of these packets per minute so I think it's fair to conclude that the problem has been solved. So it seems pretty certain that the fault was with the router somehow. My guess is that the router started sporadically NAT-ing packets again, giving them it's old/default NAT'd internal IP address 192.168.254.254. Have you tried typing 192.168.254.254 in a web browser? Since it's using the http port you just may have some sort of configuration manager installed that comes along with the router, sort of like weblet on Eigerstein and Dachstein. I have a Motorola Surfboard SB4100 which has 192.168.100.1 configured for the browser -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] echoWall broken on Dachstein 1.*
Scott C. Best wrote: Also, the answer is 27 months. :) I first started with LRP back in Sept'99, and just *this* week I lost my first working LRP disk due to a bad sector. Just stopped working. Scott, give that floppy a decent burial! :-) -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Help understand unusual packets
Scott wrote: I've been getting tons of these mysterious packets. Eth0 is my external interface so it's unusual that these two private IPs are hitting it. I checked it against that ipchains log decoder (forgot the website) which mostly brushed it off as non-threatening. However, 216.231.46.238 was the result of a big nasty DOS attack last weekend so I'm suspicious of everything. Any insight is most helpfull. The offending packets (they are constantly coming in): Dec 19 09:30:19 mail kernel: Packet log: input DENY eth0 PROTO=6 192.168.27.31:80 216.231.46.238:14641 L=41 S=0x00 I=35612 F=0x4000 T=51 (#10) Dec 19 09:30:26 mail kernel: Packet log: input DENY eth0 PROTO=6 172.16.0.110:80 216.231.46.238:32992 L=40 S=0x00 I=34533 F=0x4000 T=238 (#9) -Scott Scott, Is there a chance that your ISP uses those private nrs. on their internal network? My ISP uses 192.168.x.x and 172.17.x.x. That could be a hint to why you're getting packets on your eth0...Do you know if your ISP uses any sort of proxies with http? -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] What is This
Sean E. Covel wrote: Is this what they call FireWalking? This is my welcome to the new ATTBI network. Got more of these than Nimda or Code Red hits. Goes on for pages. 1888 today. Any thoughts? Firewalk uses a traceroute method with UDP and ICMP pings, gathering information of the network and hosts(s) with the TTL fields, very interesting, indeed...: http://www.packetfactory.net/Projects/Firewalk/firewalk-final.html -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] What is This
-8150 Email: [EMAIL PROTECTED] Jack Coates mentioned earlier, as well, that Cisco and others have been using this load balancing technique for quite some time, this is just another attempt, only more clumsier -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] What is This
David Douthitt wrote: Been a package for quite a while: http://leaf.sourceforge.net/pub/oxygen/packages/firewalk.lrp ...have at it... Hey, thanks for the reminder! :-) Do you need an extra lib* package for that if one is running Dachstein? -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Getting Dachsein to work
Vince Schiller wrote: I abandoned Eiger and now have attempted Dachstein. I am a little confused by the error message I am getting. No subnet declaration for 'eth1' (0.0.0.0). Please write a subnet declaration in your dhcpd.conf file for the network segment to which eht1 is attached. I've reviewed the file and am uncertain how to write this subnet declaration. The help file suggests that I may need to edit /etc/init.d/dhcpcd as well. I've tried various changes to be sure that all the hardware is working. I am at a loss for how to edit the files. I would appreciate any help I can get on this. Thank you. vince Do you really need dhcpd for your system/systems? If you already have manually assigned ip addresses for your internal machines then having this package would be unecessary. Just edit the syslinux.cfg file and remove dhcpd. On the other hand, it's asking you to submit a subnet segment, like 192.168.0.0, 10.0.0.0, etc. so that it can configure itself and hand out addresses to your machines...Charles has a page for dhcpd, too. http://lrp.steinkuehler.net/Packages/dhcpd.htm -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: Is this typical of what fills everybody's logs? -was- Re: [Leaf-user] Hits on port 53.
Leaf Leaf wrote: No, but In a very cursory look through my recent logs I have noticed one instance of about 100 packets from one address denied in a 30 sec period. I'm guessing it's a scan through my /27 block for some service on port 27374, sample: Nov 28 18:19:43 firewall kernel: Packet log: forward DENY eth2 PROTO=6 216.1.84.76:2017 216.136.89.98:27374 L=48 S=0x00 I=41493 F=0x4000 T=111 SYN (#25) Nov 28 18:19:43 firewall kernel: Packet log: forward DENY eth2 PROTO=6 216.1.84.76:2018 216.136.89.99:27374 L=48 S=0x00 I=42517 F=0x4000 T=111 SYN (#25) Nov 28 18:19:44 firewall kernel: Packet log: forward DENY eth2 PROTO=6 216.1.84.76:2019 216.136.89.100:27374 L=48 S=0x00 I=43285 F=0x4000 T=111 SYN (#25) Nov 28 18:19:45 firewall kernel: Packet log: forward DENY eth2 PROTO=6 216.1.84.76:2022 216.136.89.103:27374 L=48 S=0x00 I=45077 F=0x4000 T=111 SYN (#25) Nov 28 18:19:46 firewall kernel: Packet log: forward DENY eth2 PROTO=6 216.1.84.76:2023 216.136.89.104:27374 L=48 S=0x00 I=45589 F=0x4000 T=109 SYN (#25) Nov 28 18:19:46 firewall kernel: Packet log: forward DENY eth2 PROTO=6 216.1.84.76:2024 216.136.89.105:27374 L=48 S=0x00 I=46869 F=0x4000 T=111 SYN (#25) Most of the time however, my logs show a stream of denials occurring at a round-the-clock average rate of roughly 3 per minute (occasionally a period of a few minutes with nothing) of packets from various ip addresses denied mostly by the 'forward' rule to primarily ports 80 and 21, and occasionally ports 111 113 137 and others I'm sure, directed to various ip's of my /27 block defined in my DMZ, but on which most have no services running. Would someone care to tell me what some of these are? And is this fairly typical of what goes on out there? Take a look at: http://www.dshield.org/topports.html and it all makes some sense. Look at the sequence of the ports originating from the one who is probing, 2017, 2018, 2019, etc. No use in trying to locate who, what is doing this, they're usually cracked boxes, anyway I know I should be concerned enough to learn how to identify whether any of this is any form of attack, or whether it is port scanning that may be hampering our network useage. In the mean time, does anyone care to look through the following and let me know if you see anything of concern? My network is 216.136.89.96/27, isp router, my networks gateway: .97, Dachstein eth0: .101, eth2 DMZ: .102 Thanks. Samples from today: Dec 2 10:09:00 firewall kernel: Packet log: forward DENY eth2 PROTO=6 216.136.86.206:1412 216.136.89.107:80 L=48 S=0x00 I=24134 F=0x4000 T=116 SYN (#25) Nimda is a real pain... -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Re: [LRP] Firewall is hindering ftp.
[EMAIL PROTECTED] wrote: Now that I think about it and review notes, my problem, similar to Troy's, that is a very long connect time, was with SSH and not FTP. Someone on the LRP list told me this was a reverse dns problem. I passed the info, about nsswitch on to two other newbies like me, for whom this solved the problem. Neither I nor the others introduced any new problems. Does the fact that it was SSH change the analysis in any way? I hate solving problems mysteriously. Is there anywhere an in depth discussion of reverse dns and ident specific to Linux other than RFC's? Have you tried ssh -v host and seen what it's trying to do, in verbal mode? -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] [Leaf-user]Dachstein Firewall status
Mart Kempen wrote: :: Firewall Status :: Tue Nov 13 20:26:18 UTC 2001 firewall Firewall Status: error You have 609 denied or rejected packets in your recent packet logs. See the messages log files for details I have it running only for 10 minutes or so, at the number keeps growing, is there something wrong with my settings, and will it make my logfiles really big? Don't want to reset it everytime... Any suggestion if this could cause any troubles? Regards, Joris You can change the settings in /etc/weblet by going to 3) Packages - weblet - 2) LRP web page configuration. Look for: # Warning/Error thresholds for the weblet utility # Disable checking of any value by setting it to -1 # Firewall thresholds: deny/reject messages WRN_FW=5 ERR_FW=50 The yellow sign comes up with 5 - 49 and the red sign 50 -. If you receive a lot of denied packets just increase the ERR_FW= with whatever you want. No harm in doing that, very customable. Check what sort of packets are getting denied, probably non-SYN packets destined to your IP address at port 53... -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] IPchains / Forwarding question
Scott C. Best wrote: Kory: Well, how 'bout that. These lines are causing the trouble in Dachstein: $IPCHAINS -A input -i !lo -s 127.0.0.0/8 -j DENY $IPCHAINS -A input -i !lo -d 127.0.0.0/8 -j DENY Turns out it needs a space between the ! and the lo. ES2B (what Dachstein is replacing) didn't. Kooky. Yeah, that's strange. I ran echowall on E2B without any problems, tried it with 2.2.16 and 2.2.18 without that message appearing. Am rebuilding the echowall package, will post it ASAP and notify. cheers, Scott One will find better support on this list than any PC company, anywhere, during a weekend! :-) -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] IPchains / Forwarding question
Kory Krofft wrote: Hi, I am slightly above a novice at linux. I am using Chuck's Dachstein lrp for my home network. I am a Road Runner subscriber in a small town so I have lots of bandwidth compared to friends in other locations. I have been chosen to to host several online games for semiprivate tournaments and want to be able to use a machine behind the lrp box to do it. I have read the IPchains how to and am lost in the syntax. none of the How -To's are clear to me what commands to place in which files to be able to provide access to a game server on my internal network. Please tell me how to do this and explain the commands and syntax so I will have some understanding of what they do. Thank you, Kory Krofft Scott Best has a very good solution for your situation, take a look at his echowall.lrp package, makes port forwarding look real easy. Make a copy of the package and change the name to echowall.tgz and untar the contents. Take a look at the documentation. Instead of detecting IP addresses, which can change from time to time, the script uses the MAC addresses on the network cards. If you want to avoid complex syntax by editing rules on your own this is the way to go, if you want to run a variety of servers inside your network. But it can be healthy to understand how the syntax works, on the way, otherwise it will be difficult to detect and recognize potential intruders!... :) http://freshmeat.net/projects/echowall/ http://leaf.sourceforge.net/devel/sbest/echowall/ A snippit from the documentation on what echowall supports: Supported services == Version 1.30 of echowall supports all the normal stuff, like DHCP, DNS, pings, identd, traceroute, etc. In addition, the collection of user-selectable services that require special port-forwarding rules includes: # -- AIM (only needed for file-transfer in AIM) # -- ASHERON (Microsoft's _Asheron's Call_ game) # -- BATTLENET (head-to-head games like Starcraft) # -- CIPE(lightweight VPN application) # -- CUSEEME (CUSeeMe's videoconferencing software) # -- DIRECTX (most every Microsoft game; versions 7 8) # -- DNS (Domain Name Server) # -- EF (EchoFree personal-VPN application) # -- FTP (File Transfer Protocol, active-mode) # -- FW1 (a VPN protocol for Checkpoint's SecureRemote) # -- HLIFE (Half-Life and descendant games, eg CounterStrike) # -- HTTP, HTTPS (Webserver) # -- ICQ (Internet chatting, instant messaging) # -- IPSEC (ESP okay. AH works only if firewall is endpoint.) # -- IRC (Internet Relay Chat for Unix, a-la RFC-1459) # -- NAPSTER (you know, Napster) # -- NET2PHONE (Net2Phone VoIP service) # -- NETMEET (Microsoft Netmeeting, outgoing only) # -- NEWS(NNTP News Server) # -- PASVFTP (File Transfer Protocol, passive-mode) # -- PCANYWHERE (remote control software for Windows) # -- POP3(Post-Office Protocol email server) # -- PPTP(Windows-VPN, needs ipfwd to handle IP encapsulation) # -- QUAKE (head-to-head 1st person shooting) # -- SMB (Samba: Windows-based file and printer sharing) # -- SMTP(Email Server) # -- SSH_DEFAULT (secure shell to standard port) # -- SSH_CUSTOM (secure shell to a user-custom port) # -- TELNET (non-secure shell) # -- UNREAL (UnReal Tournament) # -- VNC (Virtual Network Computer) -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Re: Dachstein-CD-rc3 available
Greg Morgan wrote: I ran nmap against the firewall. It was from the internal net against the external interface so I don't know if this counts? I saw these ports open. Shouldn't these be closed or am I being fooled by the firewall and these are really on the inside?: (The 1520 ports scanned but not shown below are in state: closed) Port State Service 53/tcp opendomain 80/tcp openhttp 1023/tcp openunknown The main structure of the firewall is designed to prevent packets from entering on to your external interface from ip's on the outside, trying to initialize connections from their end and to penetrate your system without your consent. What you're trying to do with nmap is to peek from the inside and you will usually get ports that are listed as open but only from the inside part of your network. If you scan them from outside then they will be listed as closed, since the firewall is shielding them from that end. Rick Onanian has a security list with sites that use nmap, nessus, etc., try Secure Design or Vulnerabilities.org: http://leaf.sourceforge.net/devel/thc/#Security dnscache - 53/tcp open domain weblet - 80/tcp open http bandwidth monitor (weblet) - 1023/tcp openunknown Closed on the outside but open on the inside (but weblet can be configured to be seen on the outside but it's not, by default)... -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Is anybody using radmin behind lrp?
Hilton Travis wrote: Hi Patrick, The advantage of RAdmin over vnc is that it is much lighter on traffic. Using vnc over a modem is much slower than using RAdmin over a modem. RAdmin has zero cross-platform functionality, however, and vnc is needed for cross-platform users. I have used RAdmin for a coupla years now, and have found it to be an excellent product if used on a Wintel-only platform. It also has 128-bit encryption, or so the docs say, but I am not sure how secure this is as I do not use it across the 'Net. As for port-forwarding thru LEAF, I have not set this up yet, so unfortunately cannot help you here, Kim. vnc = good, RAdmin = good. :-) Regards, Hilton Points well taken, Hilton! :-) Do you have any idea why RAdmin is lighter on traffic over a modem? Sounds pretty interesting... -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Strange DHCP request message
Jeff Newmiller wrote: Not sure, but a google search found this, indicating a problem with the rtl8139 driver: http://www.geocrawler.com/archives/3/303/2000/10/0/4434670/ If you are using this driver, maybe you should download the dachstein kernel and replace the kernel and modules on your LEAF disk. Funny thing, I was receiving those ip length messages, too. Thought that it had to do with the traffic shaping features that I'm running. The TXQLEN was different on eth1 from eth0. What I noticed was that the message appeared when the ISP had their router configured as an internal ip, but when the ISP router is congfigured with an external ip address the message goes away. Go figure ;) -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Strange DHCP request message
David McBride wrote: Sorry to keep nagging, but I downloaded the dachstein-pr4-1680.bin file, now what do I do with it? Thanks again, David What you should be looking for is at: (if you want one for a 486) http://leaf.sourceforge.net/devel/ewaldw/Eigerstein2BETA/20010527/kernel/486/ Pick one of these kernels that suits your needs. Then look at modules: http://leaf.sourceforge.net/devel/ewaldw/Eigerstein2BETA/20010527/kernel/486/modules/net/ ..and you'll find the rt18139.o module in there. Copy the new kernel onto your Leaf disk (are you using Windows?) and overwrite it. Make sure that it's named linux. Boot the Leaf disk and disregard the errors with modules. Put the modules for the new kernel on a floppy, mount it in the Leaf machine - mount -t msdos /dev/fd0u1680 /mnt - remove the modules in /lib/modules and copy the new ones in there from the floppy. Do lrcfg - 3) Package settings - 2) Modules - 1) modules and check that the modules you are going to load are uncommented. Then back to the menu, backup the modules and reboot. Should work just fine... :) (Charles has his own Dachstein kernels if you need IPSec but that could get confusing for the moment if you don't need it..) -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dachstein-pr4 available
Patrick Benson wrote: Never had any problems with: superformat /dev/fd01680 Had a bad day ;) should be: superformat /dev/fd0u1680 then you would do: dd if=dachstein-pr4-1680.bin of=/dev/fd01680 and: dd if=dachstein-pr4-1680.bin of=/dev/fd0u1680 You dd'ed the other way round and the syntax for the floppy usually demands specifics if it's not the standard 1440 format, like /dev/fd01680, /dev/fd01720, etc. and lastly: /dev/fd0u1680, /dev/fd0u1760 time for some sleep. -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Portsentry on ESBeta2 questions
[EMAIL PROTECTED] wrote: Patrick, I did both and both had the same effect. Even the nmap test makes my syslog, messages and kern.log logfiles almost 1MB in size which toasts weblet viewing of them. The email I get from vulnerabilities.org after the nmap scan is complete says it checks ~1500 ports. It appears that much scanning kills my weblet interface. It seems weird that a 16MB system can get screwy with only a few megs of logs. I have 32 RAM with the ramdisk set to 16 so I'm a bit spoiled with disk space. But I've noticed that if the logs are filled, to a certain level, they will be difficult to see through weblet. If you use ssh to the LRP machine and look at things the manual way there is no unusual behavior. Maybe Charles can point out why that happens, I don't really know why. Try using the ae editor or whichever you're using and look at the logs on the LRP machine, itself. You shouldn't have any problems. It's probably something that can be adjusted in weblet.lrp. After the scan is complete every local link on weblet takes the browser to a blank page. The only way I am able to get the weblet interface working again is to reboot. The firewall still routes traffic OK, which is the main thing. Here's the log section of my lrp.conf. I read it as saying if space available is = 2% logfiles will be wiped, starting with the oldest and working to the newest until 2% space is available. When is this algorithm executed? Is it every time a log operation is performed or is it on some periodic basis? Ideally I'd like the firewall to keep weblet operational and dump logging info rather than allowing intruder attacks to kill weblet. lrp_SPACECHECK=NO # YES or NO That's probably it, you have to enable it with YES...try it out. Back it up and try a new port scan and see if it works. lrp_SC_MINKB=-1 # = -1 to disable. lrp_SC_MINPER=2 # = 101 to disable. Default 2%. lrp_SC_MAIL_LEVEL=2 # = 6 to disable. lrp_SC_DEL_L1=/var/log/*[4-9].gz lrp_SC_DEL_L2=/var/log/*[1-3].gz lrp_SC_DEL_L3=/var/log/*.gz lrp_SC_DEL_L4=/var/log/*.0 lrp_SC_DEL_L5=/var/log/wtmp -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LRP vs. Commercial Firewalls ??
Lance Peterson wrote: I have on of those fancy-shmancy firewall/routers that does all sorts of cool things like web administration, user login, content filtering by user, keyword lists, trusted and forbidden domains, automatic dhcp, etc I've been trying to setup an LRP box to do all that fancy stuff just to see if it was possible. Then I started wondering...hmmm...what OS were those commercial firewall/routers using like Sonicwall, Linksys, SMC Barracade. The more I looked at them, the more I started to think it was some implementation of IP_Tables from the 2.4 Kernel to allow stateful inspection. Anyone know what is in those things? From what I heard they usually are modified versions of the *BSD family, mainly FreeBSD. Ipfilter and Ipfw are usually used for implementing stateful inspection rules for these systems. Then they are modified in some manner, depending on what the vendor wants to do with them.. Also, will I be able to do web administration, content filtering or keyword filtering, stateful inspection, as well as setup trusted and/or forbidden domains under LRP? I like the idea of being able to out-do my fancy-shmancy commercial firewall with an open source OS. Especially if I can eventually dump it to an SBC and replace the comercial firewall/router all together! That's my goal anyway. I perceive a long, hard road ahead - any help would be appreciated. I'm already going blind from reading HOWTO's. If it gets too hard to do on LRP, there are many features that already exist on Eigerstein2B which just need additional tweaking with some extra packages, why not try it out on a minimal OpenBSD installation? http://www.embsd.org/ - they want to get that working on Compact Flash cards! :) -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Serial Console HOWTO problems - now sshd issues
Kevin wrote: added both ttyp1 and ttyp2 to the /etc/securetty file, saved and rebooted putty still will not connect - get Remote Session Closed by Host any other suggestions to get this sshd going?? I agree with Victor, you don't have to add ttyp1 or ttyp2 and you must have the file /etc/hosts.allow configured correctly. Do you have the private key, identity, generated when sshd was installed, stored away somewhere for executing sessions with putty on your Winbox? You may also need to take a look in the /etc/ssh/sshd_config file: #This is ssh server systemwide configuration file. Port 22 #ListenAddress 0.0.0.0 ListenAddress My.internal.nic.ip HostKey /etc/ssh/ssh_host_key RandomSeed /etc/ssh/ssh_random_seed ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 #For root access via authorized keys only! #PermitRootLogin nopwd PermitRootLogin yes IgnoreRhosts no StrictModes yes QuietMode no X11Forwarding no X11DisplayOffset 10 FascistLogging no PrintMotd yes KeepAlive yes SyslogFacility DAEMON RhostsAuthentication no RhostsRSAAuthentication no RSAAuthentication yes PasswordAuthentication no PermitEmptyPasswords no UseLogin no # PidFile /u/zappa/.ssh/pid AllowHosts My.internal.lan.ips # DenyHosts lowsecurity.theirs.com *.evil.org evil.org # Umask 022 # SilentDeny on RSAAuthentication option set to yes and PasswordAuthentication set to no allows only the machines on the LAN with a valid identity key without the password login option enabled to have access to the LRP machine. -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] dealing with tech support?
Derek Di Matteo wrote: Hi all, I have set up an eigerstein lrp firewall. When I call ATT/MediaOne/RR tech support they always give me a hassle when I answer the question of what operating system do I use with Linux. I can nicely avoid this if I knew the equivalent unix commands to duplicate the info one gets from winipcfg, such as ip address, mac address, etc. Does anyone have suggestions on how to obtain the same info as in winipcfg? Derek, Eigerstein uses iproute, from the iproute2 package: http://www.linuxgrill.com/iproute2-toc.html If you use the command, ip addr show, (short for ip address show) you'll get the equivalent for winipcfg: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:c0:26:ca:d3:3e brd ff:ff:ff:ff:ff:ff inet 192.168.0.1/24 brd 192.168.0.255 scope global eth1 http://www.linuxgrill.com/iproute2.doc.html#ss9.2.3 Lots of reading! :) -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] mailing logs from LRP
Kelly D. Wason wrote: I am using Eigerstein as a firewall. I want to mail a copy of the log LRP produces periodically to myself. Is there a way to schedule a cron job to send a copy of the log and then flush the log? For that matter, does cron even run on LRP? No one has responded to my query. Is this somehow a dumb question? No, it's just the vacation season... ;) (Many are away so no quick answers here) I have looked at a lot of how tos and support docs listed at various places, and cannot find the answer to my question. I tried a geocrawler search and it didn't work. I did notice a message that said an upgrade was being done. anyway, if any body can put me on the right track I would appreciate the help If you are not using a fully qualified domain name you may have problems using the mail command. So I use a little script called /etc/sendlogs: #!/bin/sh echo mail from: [EMAIL PROTECTED] /tmp/tmplogs echo rcpt to: [EMAIL PROTECTED] /tmp/tmplogs echo data /tmp/tmplogs cat /var/log/messages /tmp/tmplogs echo . /tmp/tmplogs echo quit /tmp/tmplogs cat /tmp/tmplogs | mnc smtp.server.name 25 rm -f /tmp/tmplogs EOF and edit crontab with: ae /etc/crontab # /etc/crontab: system-wide crontab # Unlike any other crontab you don't have to run the `crontab' # command to install the new version when you edit this file. # This file also has a username field, that none of the other crontabs do. SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # m h dom mon dow user command 05 1,3,6,9,12,15,18,21,23 * * * root/etc/sendlogs EOF Backup with lrcfg : b) Back-up ramdisk : 2) etc That's one solution, the others will give other alternatives. That depends on your ISP's SMTP server -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user