RE: [leaf-user] multiple static ip address router/firewall
Andrew Nance wrote: | It is hard to estimate but somewhere around 750 Kbps to 1.5 Mbps total | bandwidth. Almost anything fairly modern (ie: Pentium-class PCI based system) should be able to handle this kind of bandwidth. Even 486 based systems with EISA cards (should you actually be able to find one) could probably move this much data around. Most of those 'black-box' routers from Linksys, D-Link, et-al. will typically handle 3-5 MBits/s or more fairly easily (remember, they're engineered to hook to cable modems, and would look bad if they were a bottleneck). A 486 can handle a T1 (1.5mbps) or E1 (2mbps) while encrypting with 3DES and IPSEC. A pentium-75mhz can encrypt ~10mpbs. Both of these rates assume decent NICs. Most statistics for bandwidth include packets per second (PPS) and the # of bits or bytes in those packets. I think a WRAP can handle your load easily unless you are running some huge amount of firewall rules and QOS. In fact, I know so :) even though I don't own one :(. TomsHardware has a nice review : http://www.tomsnetworking.com/Reviews-169-ProdID-WRAP1D2-3.php. As you can see 266mhz WRAP can do ~40mbps NAT, or ~3.5mpbs Ipsec/3DES. This means it is somewhere between a fast 486 and a pentium 75mhz in speed for encryption. If I remember correctly a Pentium 75mhz can only do 20-30mpbs NAT so apparently the WRAP is faster for this kind of thing. Regards, P --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
RE: [leaf-user] Image CF drive
Does anyone know of any windows tools that can do a disk image of a CF card? I have multiple identical CF cards I need to propagate a uClibc install to, bootable portion and all. The only tools I have found that work with CF cards so far have been for linux. Disk Dump (for Windows) is the tool you want. I guess ghost (commercial) or similar would work, too. http://uranus.it.swin.edu.au/~jn/linux/rawwrite/dd.htm PS - your webconf issue looks like it is because the old mini_httpd is still running. Regards, P --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
RE: [leaf-user] ide flash drive question
syslinux -s c: using syslinux.com (download from the net as this is the DOS program not syslinux.exe FYI I have never had much luck with syslinux and CF-IDE. It sometimes worked with windows boot disks, though. I recommend the Dos 6.22 from http://www.bootdisk.com/. It will most likely not work the first time you try it, but fiddle with the order and eventually you will get it. (FYI - my syslinux trial was a year+ ago, maybe it is better now..) Regards, P --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
RE: [leaf-user] Bering-uClibc packages in testing
as you probably know there some packages in testing for Bering-uClibc: Is ethtool supposed to be in testing? I think a lot of people use this.. Regards, P --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
RE: [leaf-user] RE: Some questions regarding LEAF on WRAP box
Ã.Ãs8690Ã?ÃS®-VO««Ã¢´%puÂ¥`F... Yes, funny, the same thing happened to me some time ago. For unknown reasons I had a line of garbage in leaf.cfg. It feels like IDE I/O is shaky with CF's. Maybe one should have a look at hdparams. Else it might be possible that I did not correctly unmount the CF before rebooting and so the system had no chance to flush the buffers correctly and this might be lethal when writing directly to the CF. It's easy to destroy CF cards this way. I went through two on my routers before understanding that you need to unmount the card ASAP. Regards, P --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
RE: [leaf-user] Also need driver for Intel Pro 1000 MT
Thanks, Erich. I did try the e1000 driver that came with bering 1.2 CD, but it did not work. Yes, I will have one of my lab techs do this to make sure it works... but could be a lab exercise for students as well. Both the intel and realtek are source tar gz's so we will compile on a 2.4.x system. This is because Bering 1.2 has an old driver and Intel changed the chipset enough to require a new version of the driver to come out. The latest kernel source or (better) Intel source will work fine. Bering uClibC will also work by default if you use later versions. Note that if you are wanting to use a lot of that gigabit capability be sure to use a 64-bit slot and the NAPI variant of the driver. It might be easiest to ask the uClibC 'krew' to do the NAPI part for you. Or of course the student route :). Regards, P --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
RE: [leaf-user] Firewall failover
We are investigating on firewall failover design. I have searched the net and found that projects like LVS have it mostly solved for their side but that netfilter lacks it. Of course, a simple failover of the firewall is available using things like VRRP (KeepAlive software) but without state syncronization, and that is preciselly the part we need to investigate. Is this issue solved in netfilter? How? Any ideas? Does it work with kernel 2.4? Bear in mind I'm not talking about ISP redundancy but the firewall itself, if possible set as an active/active failover solution. http://svn.netfilter.org/cgi-bin/viewcvs.cgi/trunk/netfilter-ha/ You want ct_sync, or connection tracking syncronization. I am not sure what it's status really is, but I think it is in 'testing' or 'works for me'. Regards, P --- SF.Net email is sponsored by: GoToMeeting - the easiest way to collaborate online with coworkers and clients while avoiding the high cost of travel and communications. There is no equipment to buy and you can meet as often as you want. Try it free.http://ads.osdn.com/?ad_idt02alloc_id135op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
RE: [leaf-user] Bering-uClibc Docs and IPSEC: FreeSwan or OpenSwan?
Given that Bering* only runs on the 2.4 kernel and to my knowledge does not include the backport of the Kernel 2.6 Native IPSEC code, you want the Kernel 2.4 docs (http://shorewall.net/IPSEC.htm) regardless of what color your Swans are. -Tom Thanks Tom. I've been referencing that page already. It's great for the configuration items. What about initial IPSEC setup, though (i.e. generating keys, etc.). That's supposed to be in the *Swan docs that are missing. What is everyone else using? Am I the only one trying to survive on pre-built packages? http://leaf.sourceforge.net/doc/guide/buipsec.html Jacques's documentation is still relevant and nice :). Bering-uClibC is basically bering that's more up to date with a smaller compiler. P --- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Best 4-port NICs?
I'd appreciate a recommendation from the list on which 4-port NICs work best with the Bering uClibc distro? Any known problems using them with single-port NICs on the same machine? The situation is the same as with a normal distro. uClibc uses modules; therefore, you can insert commands just like with a regular distro. Stay away from Tulip based 4-port cards. I have used Intel cards to good effect, especially with newer machines. Older servers sometimes have IRQ issues. On 4 servers here we are using 2 dual 64bit 66mhz+ Intel gigabit adapters to good effect. It is important to get 64bit 66mhz+ cards if you want to push a lot of bandwidth. Regards, P --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95alloc_id396op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Best 4-port NICs?
Intel: Intel(r) PRO/1000 MT Quad Port Server Adapter $337 Osicom: FE-2404-TX - 10/100BTX PCI FAST ENET NIC $329 D-Link: DFE-570TX 4 port 21143 card (avail only on eBay) $80 I'm thinking the Intel NIC would be best, but after looking at it on intel.com I'm not sure it'll fit in a PCI slot. It looks like a PCI/X card. My next choice would be the Osicom card for price/performance, but I've never heard of them before. They say it's based on the Intel 82559 and list Linux as a supported OS so it should work. Our firewall hardware platform uses a passive backplane chassis with Cyber Research PIII-based single board computers. I can't find the SBC documentation so I'm not sure if it'll handle 64-bit PCI transfers. Even so, it shouldn't be worse than 4 single port NICs. Which would you favor? You didn't mention your bandwidth requirements. I have heard the DLINK-DFE570TX card works, but if I were you I'd prefer the Intel-base cards that are new. If price is an issue look at the DLINK. Especially if you have extra time. Regards, P --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95alloc_id396op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] RE: [leaf-devel] Bering-uClibc: qmail ???
I am very surprised that I cannot find qmail for Bering-uClibc. What am I missing? Can somebody, please, make a Bering-uClibc qmail.lrp ??? Try Bering package http://leaf.sourceforge.net/packages/glibc-2.0/qmail.lrp. You will need to use at least http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/bin/bering-uclibc/package s/libc207.lrp?rev=HEADcontent-type=application/octet-stream (libc207) or http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/bin/bering-uclibc/package s/libc225.lrp?rev=HEADcontent-type=application/octet-stream (libc225) with qmail to make it work. Sorry, I don't know if it needs more libraries and don't have time to test it. Regards, P --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95alloc_id396op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Write error on CF
Mar 3 10:26:46 phuoc kernel: hda: read_intr: status=0x59 { DriveReady SeekComplete DataRequest Error } Mar 3 10:26:46 phuoc kernel: hda: read_intr: error=0x40 { UncorrectableError }, LBAsect=13453, sector=13536 Mar 3 10:26:46 phuoc kernel: end_request: I/O error, dev 03:01 (hda), sector 13536 Mar 3 10:26:46 phuoc kernel: hda: read_intr: status=0x59 { DriveReady SeekComplete DataRequest Error } Mar 3 10:26:46 phuoc kernel: hda: read_intr: error=0x40 { UncorrectableError }, LBAsect=13569, sector=13537 Sometimes these errors stop me from booting because of DMA. You can try turning it off in syslinux.cfg. Add these to the end of your syslinux.cfg. (In my case I am using serial console, so I already have something. If you don't want serial console you can use the second example). append console=ttyS0,19200 nodma=hda ide=nodma append nodma=had ide=nodma You will have to reboot after making these changes. Regards, P --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95alloc_id396op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Write error on CF
append console=ttyS0,19200 nodma=hda ide=nodma append nodma=had ide=nodma Oops, append nodma=had ide=nodma Sorry for the extra mail. --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95alloc_id396op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Cheap NICs or Expensive NICs?
Quick question. What is this impact of cheap NICs (8139too, smc900, etc) instead of expensive NICs (3c905)? For instance, when building a NAT/firewall device to share xDSL or cable. Cheaper NICs have a performance penalty, usually in interrupts. Interrupts limit the capability of your network and increase CPU load. If you have a Pentium 75mhz or faster then you should be OK for 20 megabits with cheaper NICs. The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. unauthorized? ^ If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. The contents of an attachment to this email may contain software viruses that could damage your own computer systems. Whilst The Spur Group of Companies has taken every precaution to minimise the risk, we cannot accept liability minimize? ^ for any damage that you sustain as a result of software viruses. Lovely. I'll be sure to be careful :) Regards, P --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95alloc_id396op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Cheap NICs or Expensive NICs?
BTW, a single PC has IIRC =400Kbps of throughput due to poor memory mgmt between all the layers. This is without customized reprogramming of the stack. One link is http://www.ifip.or.at/con2000/icct2000/icct452.pdf that estimates 360Kbps on Linux. So cheap NICs might still be a solution if you have a small number of PCs. This paper is for really old kernels, stating the results don't apply for new 2.2.0 kernel, only for 2.0.34. You can still saturate a 100mbps network with very small packets at ~8kpps. But your packets would have to be ~120 bytes. Anything approaching normal packet size should be ok. Regards, P --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95alloc_id396op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Compact Flash Boot Failure
Hi Brock, Has anyone had a problem like this? I'd like to know if the box could be the problem before I take the time to replace this CF yet again. The unit is in a remote location and is fairly mission-critical. I can't have this happen so regularly. This has happened to me. I am using LEAF Bering-uClibC with bgpd for 4 solid-state routers. Unfortunately one of my routers seems to regularly chew up its CF card. I've switched the types of cards around in the system to no effect. My solution so far has been to back up the drive regularly and not reboot, not exactly a nice solution. I have not had the time to look into this matter properly, but a few ideas that have come to mind are: - Measure the voltage being given to the CF/IDE card. - Measure the voltage the CF/IDE card is giving the CF. - Check the cylinder count etc. on your IDE card, if possible. Rumor has it incorrect IDE setup can lead to this problem. - Replace the CF/IDE and CF card. I have used netcat and disk dump to good effect in backing up / restoring my images. Try: (on destination) : nc -l -p port | dd of=/dev/hda (on original server) : dd if=/dev/hda | nc addr of other machine port as above Regards, P --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] VPN Tunnel up but *no* traffic across connection?
left=68.208.33.25 leftsubnet=10.154.16.0/22 rightsubnet=10.154.16.0/255.255.252.0 (If I'm reading this correctly..) In left's view, 10.154.16.0/.252 is owned by left. Ipsec routes get a lower route priority than local interface routes. Therefore, traffic won't bother to traverse over IPSec. Try changing the subnet range to something different. If this isn't the case, please post a simplified ascii map. Regards, P --- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_idU88alloc_id065op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] What is latest Freeswan for Bering 1.2?
Dear List, I am wondering if there is any newer version such as Freeswan 2.06 in a .lrp that is available. I am running Bering 1.2 (kernel 2.4.20). The current version of freeswan is 1.99.6.2. FreeSWAN is now OpenSWAN. There are no updates for Bering. For Bering-uclibc though, you can get the latest openswan. http://leaf.sourceforge.net/mod.php?mod=userpagemenu=91017page_id=51 Is there a feature you want that's available in 2.06 that isn't in 1.99? Regards, P --- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_idU88alloc_id065op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] LRP router failing? - the Last Chapter (STH)DSL line-quality info
The replacement for the suspect FlowPoint 2200 DSL router arrived today from the ISP (an Efficient Networks 5851). I plugged it into the network sans the crutch switch between the two routers, and it worked like a charm. Hypothesis becomes history. Glad its working!! But let's go back to your ifconfig: eth0 Link encap:Ethernet HWaddr 00:10:4B:2C:90:9C inet addr:64.113.213.14 Bcast:64.113.213.15 Mask:255.255.255.252 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1800 errors:0 dropped:0 overruns:0 frame:0 TX packets:2184 errors:0 dropped:0 overruns:0 carrier:341 Collisions:0 Interrupt:9 Base address:0xff00 See the carrier errors (15.6%)? For future use, carrier errors indicate cable fault or low-layer problem related to that interface.FYI the dumpfile looks normal. Regards, P --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] LRP router failing? - Alcatel SpeedTouchHome (STH)DSL line-quality info
The bottom line to all of the above is that I'm more stumped than ever and don't know what to do next. I suppose I'll try to replace the eth0 NIC in the DachBox2 to try to eliminate the double fault possibility. I actually tried to do that earlier today as well, but neither of the NICS worked after that. When I restored the NIC I'd removed, they worked again. How are you doing the test with the Linux router? Are you using a server behind it? Are you connecting the private interface at all? Please make sure the private end is disconnected and try again if it was connected. If the private end was disconnected, run tcpdump on the public interface and post the results here. You can email me directly if the results are a file too large to post on a mailing list. I don't know how to get the ISP to seriously consider the possibility that their connection could be at fault. They simply don't see any problem from their end. That's not surprising. It's hard enough to get most ISPs to do anything when you can tell them exactly what's wrong. If Apple is supported, call again and open a new ticket. Tell them you have tried two Macintoshes (make the LEAF results Apple results). If possible, I'm more open than ever to any suggestion. Can you post the results of ifconfig after some packet loss? Also, if you could post an ASCII map of your network that might tell us something. IPs are not necessary but it wouldn't hurt to double-check all these settings on your own. (This has bit me a few times with all sorts of strange results). E.g., -- | DSL router | - IP x.y.z.a -- | -- - eth0 x.y.z.b |LEAF| -- - eth1 a.b.c.z | -- |xSWITCHx| - 16 port linksys (or whatever) -- | -- | Clients | -- Regards, P --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] LRP router failing?
I can do that on the one in Seattle, and on the remote router when I get to Boise, Erich. I'll read up on tcpdump (never used it before) and give it a go. Thanks for the idea; I'm getting lots of input on tools I've never had to think about before, and that is why I came to this forum for help. E.g., tcpdump -i eth0 (or eth1) not port ssh tcpdump -i eth0 net 192.168.0/24 and not proto \\icmp tcpdump -i eth0 host 1.2.3.4 or host 5.6.7.8 and not port ssh Protocols require double-escaping, for example ICMP above. Windump is the windows equivelant. I think Ray is on the right track with spyware. Be sure to check ifconfig for transmission errors, too. eth0 Link encap:Ethernet HWaddr 00:C0:9F:3F:44:42 inet addr:1.2.3.21 Bcast:1.2.3.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 ** This is what you are looking for ** RX packets:54447768 errors:2 dropped:0 overruns:0 frame:1 ^^ TX packets:52184055 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 ** RX bytes:854678430 (815.0 Mb) TX bytes:2033727102 (1939.5 Mb) Base address:0xece0 Memory:fe1e-fe20 A few errors - 1 every million or so is usually fine. P --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [offtopic] How to use QOS traffic shaping in Being U 2.2
#tc class add dev $DEV parent 1:1 classid 1:20 htb rate $[9*$UPLINK/10]kbit \ tc class add dev $DEV parent 1:1 classid 1:20 htb rate `expr 9 \* $UPLINK / 10`kbit \ burst 6k prio 2 possibly the same thing. I did not have any performance degradation Does anyone have a script that will work on a T1 and/or a large ADSL line? (Will this one)? I need to get going on QoS at a few locations. Any scheduler is fine so long as it works. Thanks much, P --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering-uClibc_2.2-beta5 HDD Version Question
However, I found some log (e.g. cron.log ) is missing. # df Filesystem 1k-blocks Used Available Use% Mounted on /dev/root 8192 4284 3908 52% / tmpfs23392 0 23392 0% /tmp tmpfs 528000 9440518560 2% /var/log /dev/hda1 528000 9440518560 2% /var/log I think the cron.log was written to /var/log at tmpfs first, then erased? after mount the hard disk. Question: How can I remove /var/log at tmpfs? I don't see an entry for /var/log/ in /etc/fstab. Perhaps this is configured by leaf.cfg/syslinux.cfg; try entering log_size=0M. I would test it but all my routers are now in production.. KP, Erich: is this how one should use a real HD for logging instead of tmpfs? P --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering-uClibc_2.2-beta5 HDD Version Question
Question: How can I remove /var/log at tmpfs? I don't see an entry for /var/log/ in /etc/fstab. Perhaps this is configured by leaf.cfg/syslinux.cfg; try entering log_size=0M. I would test it but all my routers are now in production.. Hmm.. Actually a simpler solution would be using /var2 instead of /var for your hard drive. Why not leave /var alone since it is tmpfs? If you don't like the logistics you can symlink everything in /var2 to /var/log. P --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] syst_size not working in leaf.cfg
I'm using the Bering-uClibc_2.2-rc1 http://prdownloads.sourceforge.net/leaf/Bering-uClibc_2.2-rc1 _img_bering-uclibc-1680.exe?download floppy image. When I attempt to change the root file system size ( syst_size=12M ) in leaf.cfg I get an error ( for mount option 'size' ) and the root file system gets sized at 4M, which causes problems. I need more than the 6M default root file system size. I'm sure there's a better way, but I ran into something of the same problem. I put the parameters into syslinux.cfg and that worked for me. E.g.: serial 0 19200 display syslinux.dpy timeout 0 default bzimage initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0 syst_size=20M log_size=20M tmpfs_size=256M LEAFCFG=/dev/hda1:msdos --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Connecting to Exchange Server using VPN through Bering 2.0
Our network at work has MS Remote Access Server (RAS) running and I connect to the network using MS VPN connection from my WinXP box at Home. I am going through a Bering uClibC 2.0 LRP box and this works no problem. However, I can only make a single connection to the VPN. A connection attempt from a second machine also behind the FW fails. Is this because of masquerading? Is there anyway to establish a connection from a second machine behind the same firewall? No, this is a problem with the PPTP protocol. I have solved it with poptop previously by using multiple external IPs. P --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idG21alloc_id040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Harddisk: Device... deceased :P
Hmmm... Maybe I should just go with CF/DOM or something else, solid state, and set up a server to move the logs to $whenever, accepting the fact that chips get worn out aftesr so-and-so-many rewrites... Yes, this is what I would (have) done. CF is badass, it boots so fast. I find it sort of ironic, having spent much time in order to put the logs on disk (so they would survive powercuts etc), that those same logs are now lost because the disk died... :P Well why don't you set up a remote syslog server instead? /etc/syslog.conf: *.* @10.0.0.1 Then /etc/init.d/sysklogd restart. On the remote server, you will need to allow firewall rules (if necessary) and configure syslogd to accept remote logs. This is done on redhat via /etc/sysconfig/syslog: SYSLOGD_OPTIONS=-m 0 -r On other distributions you can probably modify the Sys-V script directly. P --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idG21alloc_id040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering-uClibc_2.2-beta5 HDD Version Question
1. How to enable NumLock at startup Check your BIOS. AFAICT the LEAF distros won't have any tools like setleds to do this. Maybe you can ask nicely and KP or Eric will make you a package. It seems to be 10k. Heck maybe busybox can do it.. 2. It is possible to put and keep all the log (/var/log) to HDD? /etc/syslog.conf. You will probably also want to add an entry to /etc/fstab. However, maybe what you really want is to turn on remote syslogging to another server? Regards, P --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idG21alloc_id040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering and shorewall 2.0.x
To upgrade to shorewall 2.0.x from version 1.4.2 on Bering, is it possible to install the new LRP on top of the existing one? Will it keep my current configurations? Not sure about shorewall, but local.lrp backs up anything in /usr/local. You can put copies of your configurations there, upgrade, then restore when in doubt. P --- This SF.Net email is sponsored by the new InstallShield X. From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Using both OpenVPN and IPSec
Can we use both OpenVPN and IPSec on one LEAF (Bearing uClib) firewall? Yes, assuming you have the space and horsepower. IPSec works on protocols 50 and 51, OpenVPN uses SSL. --- This SF.Net email is sponsored by the new InstallShield X. From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] About BeringUclib 2.1.2
OK the readme show LEAF Bering-uClibc Firewall - V2.1.1 so I got the wrong version. Where can I download the correct version? http://sourceforge.net/project/showfiles.php?group_id=13751package_id=6 7534 --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id149alloc_id66op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Leaf bering-uclibc 2.2beta2 CF-IDE update
For modules pls look here: http://sourceforge.net/project/showfiles.php?group_id=13751package_id=6 7534release_id=220334 Is there modules for the latest beta? I need what I believe is ATP865 - a SIIG PCI IDE card. The Maxtor cards I wanted to use with the Promise chipset turned out to suck. My CF-IDE corruption did turn out to be the 64mb sandisk compact flash cards - both of them. I recommend that all CF-IDE users avoid this size. I am using the 256mb ultra II 256mb sandisk instead. So far no corruption.. (crossing fingers). P --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id149alloc_id66op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] CF-IDE help
Hello, Does anyone know why my new both my new 64mb CF-IDE solutions don't seem to want to work properly? I can format the devices properly, syslinux properly, but when I try to copy data over there is corruption and very strange things happen. For example, it looks like I copy all my LRPs over properly but they don't actually copy. I've tried this process from both Linux and windows, with two completely different sets of hardware. I didn't run into this problem with my 256mb CF-IDE cards a year ago. Thanks much, Peter Mueller Operations Engineer (408)235-1700 x125 [EMAIL PROTECTED] Find travel deals from dozens of sites - with one search Try SideStep - The traveler's search engine www.sidestep.com --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id%62alloc_ida84op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] CF-IDE help
The only time I came across something like that was when I pulled the CF out of the USB adapter before I had selected 'Eject' in windows. Any possibility of something like that? Regards, Dave. Unfortunately no. I have my CF-IDE adapters configured on secondary or primary IDE on both systems. Thanks, P --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id%62alloc_ida84op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Re: LEAF article
Applied to all Linux servers, 20 Mbps is not even a plausible rule of thumb. I routinely see 60 Mbps on big (multi-gigabyte) LAN-to-LAN transfers (ftp, scp, and samba) between pairs of Linux servers (equipment varies, but typically either a 1 GHz P3 or a 1.7 GHz Celeron, usually cheap, flavor-of-the-week tulip NICs). The 'rule of thumb' algorithm I was using is 5 megahertz = 1 megabit/sec. Of course, once you top ~60-80mbps you start talking about interrupts and 64-bit slots and such. Let's not really get into firewall rules. Or what happens to iptables when there are too many rules :) a T-1 has a top speed of 1.544 Mbps, making it hard for me to understand how a connection over it could test the throughput limit of a 10 Mbps NIC, let alone a 100 Mbps NIC. I was testing if a 100mhz machine could handle a T1 with 3DES encryption. It could, even with compress=yes set :). Unencrypted it got around 20mbps over the LAN. Sorry for not being more specific. Cheers, P --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Re: LEAF article
Hello Michelle, Am 2004-05-03 14:51:10, schrieb Peter Mueller: With good NICs (eepro100 etc.) and not too many iptables rules you will max around 20mbit/sec. A good rule of thumb is 5 cycles per megabit. This limit actually applies to all Linux servers, not just leaf. P Are you sure ? I run a HP Vectra XA 5/200mmx with 32 MB and have 4 x 3Com 3C905B and 2 x 3c509B. I have one USB-Modem connected to the USB-Port and two other Ethernet-Modem-Router to the two 3c509B. The 10MBit Nics are for my publicnet, privatenet, securenet and wavenet (Proxim Tsunami MP.11a). I can transfer without any problem around 5 MByte/Second between the publicnet (ftp/web-server) and the privatenet (workstation) My old Router (LRP 2.9.4) had done around 30 MBits on a 486dx4/100 with 5 nics 3c509B So I think, you can have realy more on a P1/100 It's a rule of thumb, not a book of law :-). I did some testing for a T1 IPSEC gateway and had my results confirmed by the FreeSWAN performance guide (http://www.freeswan.org/freeswan_trees/freeswan-2.06/doc/performance.html). It is only my result from one machine, but it was confirmed by a fairly popular project so I still feel confident that it is reasonable. The bottom line is it depends on your PCI bus, network drivers, and especially your network cards. Also, firewall rules can play a part here. I must admit I'm surprised to hear a 486 - admittedly one of the faster ones - was able to get above 20mbit/s with ISA (3c509b) cards! Maybe there is some truth to 3com cards using less CPU. I have always preferred eepro100's but maybe that was premature.. Cheers, P --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] LEAF article
1. What sort of throughput, for instance, could LEAF-Bering theoretically provide on a Pentium 100 system with edo ram and with 10/100 nics, cables, and switch, assuming that all other systems connected have unlimited speed? With good NICs (eepro100 etc.) and not too many iptables rules you will max around 20mbit/sec. A good rule of thumb is 5 cycles per megabit. This limit actually applies to all Linux servers, not just leaf. P --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] pptpd VPN Settings
on a Win2000 machine. If I telnet to my router on port 1723 from work it connects briefly which seems indicate neither my work network or my home ISP is blocking port 1723?? Does that sound right? I have been told that my ISP doesn't block protocol 47 (GRE) but I'm not absolutely Put this in your syslog, touch /var/log/debug, then restart syslog. # PPTP debug logging #*.debug;mail.none /var/log/debug Put debug in your /etc/pptpd.conf. Put debug in /etc/ppp/options.pptpd. Restart pptpd. Now try to connect and mail the logs back here. You might want to try [EMAIL PROTECTED] as well. Cheers, P --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] TCP DOS Vulnerability - Relevent to LEAF?
Any way you could expand on this, Peter? (Or anyone else?) Here is the thread on Quagga: http://lists.quagga.net/pipermail/quagga-users/2004-April/001748.html P --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] BGP
I am also using bering-uclibc+quagga packeages for ospfd and bgp. works great Where is the Quagga package? BTW if you want VRRP there is a keepalived package available. I am using one I made a long time ago, but I thought someone else made a newer one with ipvs support, too.. do bering/bering-uclibs support napi stright out of the box. it's a looong time since i last looked at napi. If you use the right kernel driver it is 'out of the box' with any kernel = 2.4.20. For example, Intel gigabit cards with e1000 driver. I have heard that tg3 (bcm5700) is also not bad, so long as your kernel is very recent (= 2.4.25?). Caveats: -Don't use SMP. (I think hyperthreading probably falls into this category). -Use 64-bit cards. -Use PCI-X. -Get a nice big fast processor ( 2ghz ). References: http://datatag.web.cern.ch/datatag/howto/tcp.html ftp://robur.slu.se/pub/Linux/net-development/NAPI/README ftp://robur.slu.se/pub/Linux/net-development/NAPI/NAPI_HOWTO.txt Cheers, P --- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] TCP DOS Vulnerability - Relevent to LEAF?
In the news, there's mention of a TCP vulnerability that may impact LEAF. Apologies if this is not relevant to us. This vulnerability is 3 years old. Linux was patched even then, so LEAF is ok :). details: http://www.us-cert.gov/cas/techalerts/TA04-111A.html I checked with Zebra/Quagga folks about BGP; they said it is O/S dependant. So LEAF and even Bering's bgpd.lrp are ok :) Cheers, P --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] BGP
Is LEAF capable of BGP route propagation? I hear that there are packages that support BGP called: Zebra http://www.zebra.org/ Quagga http://www.quagga.net/ and BIRD http://bird.network.cz/ Is one of these supported by LEAF? Are any of them recommended by anyone? I am using the Bering bgpd.lrp package here. It's been working fine for 1+ years. Quagga is the less bug-ridden software but for BGP it doesn't really matter. I don't know what BIRD is. If I was comparing a LEAF, or other Linux based solution to either a $2500, or a $10,000 cisco router based solution, would the LEAF/Linux solution be comparable (in uptime+performance) to a cisco? Yes. I use CF-IDE flash dual power. Price/performance is much better. A p4 server with intel gigabit NICs and NAPI enabled will kick serious ass. P --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Is my NIC the bottleneck?
Hello Peter, Nice name ;-) Subject: [leaf-user] Is my NIC the bottleneck? pn] I'm still running E2B on a P166. I have 768K SDSL, and my leaf box is connected to the DSL modem I know it's already resolved, but I recommend using DSLReports's speed test for this kind of thing. Test a desktop from behind the LEAF server network, then connect it directly to the DSL line and test again. Using this method you can see if there is a bottleneck in the router. I usually run the test 3 times to get a nice average. URL : http://www.dslreports.com/stest P --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering 1.2 Throughput Test Results
I did the test with the converted Bering-Contivity yesterday. I ran the VPN as AES then changed to 3DES and ran it again. AES was 6% slower. Any ideas why this would be the case? AES should be faster. I remember seeing a few posts about this. For example, http://lists.freeswan.org/pipermail/users/2002-February/007771.html indicates 89mbps with AES as opposed to 44mpbs with 3DES.Alternatively, the creater of the patch for FreeSWAN indicated 'expect 3 to 2 performance'. Are you sure you're not using double the keysize with your setup? There has to be some explanation. AES _IS_ faster, at least on the 15 or so tunnels I have created. P --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering still active?
Having installed, configured and put in place a Bering firewall, I read more and more about the Bering derivative called Bering uClibc. The latest release was in January 2004 (unless I'm missing something :-). Maybe I should have used this version instead? If you are using Flash through CF-IDE then you should definitely use uclibc. The reason is space is not an issue, so you can use the libc* plugins and use ALL packages. It is also much easier to create your own packages; you can take your pick of compiler (uClibc, libc207, libc225) instead of being forced to use libc207 and have a LEAF development box lying around and all that jazz. If you're not using flash, then make sure you can get the packages (http://leaf.sourceforge.net/mod.php?mod=userpagemenu=10page_id=3) you want. I would make your decision based on the packages. Having said that.. uClibc is definitely more active but Bering has a larger install base. Cheers, P --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Looking for a VPN Solution
It has PPTP server built in and boots from a CD-ROM while the configuration is saved to a floppy. There are some known problems with some XP clients. Are they using ppp-2.4.2x and poptop-1.1.4x? The XP problems can be solved via iptables clamps (clamp-mss-to-pmtu I believe), or using an ip-up hack. P --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Which Distro for This Firewall/Router?
I was going to model the entire project on VMware, but I found that VMware limits number of NICs to 3, too few for most of my routers. I I don't think user-mode-linux has that built-in restriction. http://user-mode-linux.sourceforge.net/ --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] which VPN to use ?
I have been using Bering (regular) very successfully for awhile here, and I will need to be setting up a VPN to connect our office in Texas with a newly opening office in Florida. I will have full control over both endpoints, and having interoperability between my VPN endpoints, and other companies is not an issue, nor do I foresee it being an issue anytime soon. Question: What would be the best VPN package to use ? CIPE, IPSEC, something else ??? IPSec. Bridging separate networks together is IMO IPSec's strong point. IPSec is also the most secure and uhm.. theoretically the most compatible. Also - We are considering using IP Telephony to tie together the phone systems. The phone vendor recommends getting a managed VPN from some provider to ensure quality phone conversations, I guess by maintaining and managing the bandwidth between the endpoints ... but I am not sure. If we opt for this option, I think QOS and overcapable POPs on the same ISP would likely do the trick. Get some latency and bandwidth specifications from the phone vendor. Important question - it'd be spiffy to actually do this, but is your job on the line if things go wrong? Cheers, P --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] LEAF HA using keepalived
Funny you should ask. I have keepalived 1.1.3 built out using the libc225 and it seems to be working. All I did was compile the binary and move it into your kpalived.lrp package. I did compile it with ipvs enabled, and am getting ready to get back into testing it. There was Sweet! Load-balancing VRRP on CF-IDE disks, remote logging through syslogd. 8-D. I was not able to get it to compile against uclibc due to my lack of technical knowledge, but the only reason to do so would be to remove a couple lrps from boot, however using a 32mb CF disk made that a moot point. Yes, I ran into the same problem. The Keepalived developer, Alexandre, told me this around the end of January: The problem is the OpenSSL, libpopt, that use dynamic libs... We must find a way to compile statically OpenSSL libssl libmd5 into Keepalived binary. So -- Keepalived uses libbsl, libmd5, and libpopt. Any uClibc guys want to have some fun? There are a couple other things I have done with keepalived. One of them was go in and change the /etc/init.d/keepalived script to look at If I remember correctly there is another bug with the init script that doesn't allow a restart to work properly. Unfortunately it's been too long since I've had to actually do any maintenance, so I can't say for sure if this is still the case. Does /etc/init.d/keepalived work ok for you? I am working on a doc on my personal time from notes to help out in actually compiling the kernel with to enable ipvs. It is yet another project on my plate a little lower than some other things. Ah, doh. Well I'd be interested in helping out, if you're still looking for help, (If you can pry me away from my latest game craze Diablo II ;-). People have made comments about LVS in a LEAF system, so there is definite interest. BTW does anyone know of a daemontools-like package for LEAF? Cheers, Peter --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Gigibit Nic driver
Thanks. Does Bering-uClibc support this NIC? The closest module I could find was this: (See link) http://leaf.sourceforge.net/devel/jnilo/bering/latest/modules/2.4.20/kernel/ drivers/net/e1000/e1000.o Yes, that is the one; this driver is from Intel and is supposed to be NAPI by default. I haven't tested NAPI in the kernel driver yet, you should check that it is included. You'll definitely want NAPI on a quad-gigabit card. (The driver should look like the e1000 driver from ftp://robur.slu.se/pub/Linux/net-development/NAPI/ ). BTW don't use 2.4.22; if you have to go 2.4.20 then use 2.4.23-pre kernel. P --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] route external networks
ip route add 192.168.0.0/16 dev eth0 scope link ip route add 172.16..0.0/16 dev eth1 scope link ip route add default via 192.168.202.2 dev eth0 where should i put these commands so they can be executed automatically? /etc/init.d/networking in the start section might be easiest and most appropriate, or you can make your own .lrp consisting of an rc.local-like script run in your favorite modes (3 etc). Cheers Peter --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] pptp server
I've seen that exists a pptpd.lrp package (in the Jaques Nilo's page) por Bering (not uClibc). I want to know if exists the same package for Bering uClibc (compiled against uClibc 0.9.20). Yes I've tried to compile myself poptop-1.1.4 with uClibc 0.9.20 but I couldn't. (problems with gettext) It might be more economical to use libc225.lrp Bering packages. If you have the time please do try to get uClibc versions running :D --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] ipsec.lrp - does it do plain old DES?
You have the right attitude, single-DES is crap. However, ipsec.lrp does support single-DES. Superfreeswan includes additional encyrption algorithm patches which Jacques includes. RTM ;-) - http://leaf-project.org/devel/jnilo/bipack2.html 12.8. ipsec.lrp This is the super-freeswan ipsec package. Refer to the Bering user's guide for explanations. Superfreeswan 1.99.6.2 is patched with the following patches: NAT-Traversal, X509, ipsec_algs and port protocols selector. Current Bering version: 1.99.6.2 http://www.freeswan.ca/patches/ Hope that helps, Yes, I thought this would be the case. I'll have to look into this, but either way, a DES VPN is not secure, and I think I'll just tell the guys at the remote end that they have to supply a Linux box with DES support as I don't want to be held responsible for implementing such an insecure VPN solution. :) Regards, HiltonT On Sun, 2003-07-06 at 15:19, M Lu wrote: Hi Hilton, Bering ipsec.lrp is actually Superfreeswan 1.99.6.2, and I believe that FreeSWAN does not support single DES. M Lu. From: Hilton Travis [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [leaf-user] ipsec.lrp - does it do plain old DES? Date: 06 Jul 2003 12:54:07 +1000 Hi All, Does the behring ipsec.lrp module handle the insecure DES protocol? I have a need for a DES-based Linux router for a short while, and if this works, then I'll use it. Unfortunately, the remote end cannot accept any secure IPSEC encryption protocols. :( -- Regards, HiltonT --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_06 1203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] ipsec.lrp - does it do plain old DES?
On Tue, 2003-07-08 at 06:38, Peter Mueller wrote: You have the right attitude, single-DES is crap. You bet it is. I cracked a 1DES key with a banana smoothie in a whisker over 30 minutes last week. :) I used 5000 monkeys to crack it in 5 minutes, guess I got lucky.. However, ipsec.lrp does support single-DES. Are you sure about this? There's no mention of it anywhere, and the FreeS/WAN docs say that by default 1DES support is included for 3DES encryption, but unable to be used as a protocol in its own right - for obvious reasons. Oops - http://leaf.sourceforge.net/devel/jnilo/manpages/README.ipsec_alg.txt This link clearly states nothing at all about 1DES. I guess you are right. Sorry, Peter --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] RealTek nic problem
In /etc/modules it appears to depend only on mii.o that I loaded. Download the bering .config and try compiling the 8139 driver into the kernel. You could also try downloading Donald Becker's driver's from scyld and patching that into your kernel. (Like Lynn says, don't forget pci-scan!) --- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] tcpdump for Bear-Uclibc-1.1
Hi, tcpdump running with multicasts only coming in the active-filter idle time out works! with multicast and pings and ping replies coming in active-filter never idle timeout occurs. ping = icmp: echo request ping reply = icmp: echo reply I have tried expressions on tcpdump to show only the ping and ping reply, and have had multicast only work. tcpdump -i ppp0 'icmp[0] = 8 or icmp[0] = 0 ' does show icmp: echo request and icmp: echo reply packets. tcpdump -i ppp0 'ether[0] 1 != 0' This shows the multicast packets. tcpdump -i ppp0 'ether[0] 1 != 0 or icmp[0] =8 or icmp[0] = 0 ' only shows the ping request and ping reply packets so what happened to the multicast packets? I need what ever expression used in tcpdump to see the multicast packets and ping request and reply to place on an active-filter statement! http://www.tcpdump.org/#lists is probably the place you want to go. P --- This SF.net email is sponsored by: Does your code think in ink? You could win a Tablet PC. Get a free Tablet PC hat just for playing. What are you waiting for? http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] debian question, /etc/network/interfaces
Hi all, How do you force the duplex setting speed on LRP? It seems /etc/network/interfaces is the key file, but the Debian man page (http://www.fifi.org/cgi-bin/man2html/usr/share/man/man5/interfaces.5.gz#lbA D) and LEAF user guide don't provide the answer. Thanks for your help P --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Squid
Someone said me, that using a RAM as cache of a proxy reduces the life of the RAM to two years. Is it true? I don't see how this can be true. When I run squid en a Bering Box, it opens 18 squid and 5 dnsserver processes. Is it normal? 23686 root 6352 S(squid) 9198 root 6352 S(squid) . 29810 nobody 1632 S(dnsserver) 22106 nobody 1476 S(dnsserver) I think these are configurable in your .conf files. Guys : I haven't used Squid on LRP before, but I know on my home box I set it to run as user : squid. Squid should definitely not be run as root... P --- This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering Kernel Source?
Hi Nick, I've downloaded the source for kernel 2.4.20 from kernel.org. great I'm assuming that using the config file that you pointed me to, adjusted so that the Math-Emulation flag is on, I should be able to build the kernel that I need? mod it however you'd like, but be a little careful with the modules like iptables (leave them the way they are unless you want to create a custom modules.lrp). The patches that were in the 1.1 directory: bridge-nf-0.0.7-against-2.4.19.diff.gz grsecurity-1.9.9c-2.4.20.patch.gz helpers-2.4.20.patch.gz linux-2.4.19-openssl-0.9.6b-mppe.patch.gz I didn't apply these to mine, but you might want them. I know the openssl-mppe patch is for PPTP functionality and the bridge-nf is some kind of unusual bridging patch. By looking at the source or using google you can probably find out what the other two are fairly quickly. I assume that I apply all of these to the 2.4.20 source that I've obtained? Is that correct? I guess I'm a little confused as some of these patches appear to be for 2.4.19... Usually when you see older versions in a CURRENT directory it means the patches will apply cleanly to the current. So in this case I would assume the 2.4.19's will apply against 2.4.20. Once I've done all that, I'm also assuming that I can use the precompiled modules for 2.4.20 without having to worry about recompiling them too. yes, AFAIK. if you have problems you can always make modules and replace the problem modules with ones from your specific build. Could someone let me know if I'm way off track here? AFAIK you're ok.. you're pretty much doing what I did and it worked for me. Hopefully we're not both off track. ;) P --- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Disabling all logging
I want disable all logging on my LRP box I have searched the archives and found no reference for this. I am using the Bering 1.0 stable image. Bering uses syslog. I think you can just edit /etc/syslog.conf, save the /etc/ .lrp image, then /etc/init.d/syslogd restart... P --- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering Kernel Source?
Hi Nick, I'd like to try Bering, but only have a 486SX to try it out on, so I believe that I'll need to recompile the kernel. I think this is correct, Bering is compiled for 486DX by default.. The only sources that I can find are for 2.4.18, which was for Bering 1.0-RC1. Will this work with 1.1, or will I need to get the source for 2.4.20? http://leaf.sourceforge.net/devel/jnilo/bering/latest/ specifically, http://leaf.sourceforge.net/devel/jnilo/bering/latest/development/kernel/Ber ing-2.4.20.config and the packages from the image file are what you'll need. Not having tried it, can a 2.4 kernel be recompiled to work on a 486SX, or am I going to slam into a brick-wall straight away on that front? I think you should be O.K. as long as you recompile your kernel. Hope that helps, Peter --- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering+uClibc and keepalived
Hi Charles, I am currently trying to get keepalived to run correctly but running into a small problem. I keep getting the error: Starting Keepalived v1.0.0 (06/01/2003) Configuration is using : 22095 Registering Kernel Netlink Reflector. VRRP_Instance(VI_1) provide at least one ip for the virtual server stopping keepalived v1.0.0 (06/01/2003) Did you configure /etc/keepalived/keepalived.conf through the package configuration subsystem or directly? What kind of kernel add on packages are you running? I modified my Bering kernel config with 686, SMP, IDE, eepro, and tulip compiled into the kernel. I didn't change anything else and it worked. If this doesn't help you might want to try temporarily removing shorwall.lrp just to make certain it isn't it. If it starts working after you remove it I'm sure Tom or a shorewall expert can help you get it going. FYI, I think I have almost the same config as the LRP package. My logs are attached below. Notice the ip addr only show up with iproute2 commands.. Feb 7 15:21:08 firewall Keepalived: Terminating on signal Feb 7 15:21:08 firewall Keepalived: Stopping Keepalived v1.0.0 (06/01, 2003) Feb 7 15:21:08 firewall Keepalived: VRRP_Instance(VI_1) removing protocol VIPs. Feb 7 15:21:08 firewall Keepalived: VRRP_Instance(VI_2) removing protocol VIPs. Feb 7 15:21:08 firewall Keepalived: Starting Keepalived v1.0.0 (06/01, 2003) Feb 7 15:21:08 firewall Keepalived: Configuration is using : 174779 Bytes Feb 7 15:21:08 firewall Keepalived: Registering Kernel netlink reflector Feb 7 15:21:08 firewall Keepalived: VRRP_Instance(VI_2) Entering BACKUP STATE Feb 7 15:21:08 firewall Keepalived: VRRP sockpool: [ifindex(3), proto(112), fd(5)] Feb 7 15:21:09 firewall Keepalived: VRRP_Instance(VI_1) Transition to MASTER STATE Feb 7 15:21:10 firewall Keepalived: VRRP_Instance(VI_1) Entering MASTER STATE Feb 7 15:21:10 firewall Keepalived: VRRP_Instance(VI_1) setting protocol VIPs. Feb 7 15:21:10 firewall Keepalived: VRRP_Instance(VI_1) Sending gratuitous ARP on eth1 Feb 7 15:21:12 firewall Keepalived: VRRP_Instance(VI_2) Transition to MASTER STATE Feb 7 15:21:13 firewall Keepalived: VRRP_Instance(VI_2) Entering MASTER STATE Feb 7 15:21:13 firewall Keepalived: VRRP_Instance(VI_2) setting protocol VIPs. Feb 7 15:21:13 firewall Keepalived: VRRP_Instance(VI_2) Sending gratuitous ARP on eth1 # ip addr show 1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:c0:95:c5:d0:38 brd ff:ff:ff:ff:ff:ff inet 10.0.0.254/24 brd 10.0.0.255 scope global eth0 3: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:c0:95:c5:d0:39 brd ff:ff:ff:ff:ff:ff inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1 inet 192.168.1.6/32 scope global eth1 inet 192.168.1.7/32 scope global eth1 4: eth2: BROADCAST,MULTICAST mtu 1500 qdisc noop qlen 100 link/ether 00:c0:95:c5:d0:3a brd ff:ff:ff:ff:ff:ff 5: eth3: BROADCAST,MULTICAST mtu 1500 qdisc noop qlen 100 link/ether 00:c0:95:c5:d0:3b brd ff:ff:ff:ff:ff:ff 6: eth4: BROADCAST,MULTICAST mtu 1500 qdisc noop qlen 100 link/ether 00:d0:b7:a7:95:09 brd ff:ff:ff:ff:ff:ff 7: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff Hope that helps. P --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] modules aren't loading at boot
Hi all, What could be the reason why two modules might not load at boot? When I mount the media manually and lrpkg -i the .lrp's everything seems fine. If nobody has any ideas, how do I turn up logging so that I can at least have a starting point of where I'm going wrong? Thanks P # cat /mnt/syslinux.cfg display syslinux.dpy timeout 0 default linux initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0 boot=/dev/hda1:msdos PKGPATH=/dev/hda1 LRP=root,etc,local,modules,iptables,iptutil,ncurses,bash,netstatn,nettools,n tpdate,snarf,libc225,libm,libz,libpopt,libcrpto,libssl2,ssh,sshd,kpalived,ze bra,bgpd --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
FW: [leaf-user] modules aren't loading at boot
Brad Mohan, I think you mean packages. Modules usually refers to the blah.o kernel modules that go in /lib/modules . Yes, of course. Sorry, it was a very late for me. http://leaf.sourceforge.net/devel/jnilo/bubooting.html#AEN1155 and read about using a lrpkg.cfg file instead of PKGPATH. (Even though lrpkg.cfg is described in the CD-ROM booting docs, it's not boot-media specific.) Sweet! fixed, it works!! Thanks for the quick comments. Might I suggest that this 255-character limit section be put into the IDE-hd and other media sections? Thanks again Peter --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] kpalived.lrp now available, [minor] update to bgpd.lrp and zebra.lrp
I have completed my high-availability package for .lrp systems, kpalived.lrp, based on Alexandre Cassen's excellent open-source software. Due to limitations in keepalived's code AFAIK it wouldn't compile on glibc 2.0.x. This version was compiled on gcc 2.2.x system. My LRP system is Bering uClibc + libc225 and it works fine for me, YMMV. FYI, It is very possible that keepalive might compile on a gcc 2.1.x or uClibc system. I'm unfortunately not a programmer nor did I have a 2.1.x or 2.0.x system lying around. I didn't think tinkering with makefiles destroying existing machines was such was a good idea. If you get it to compile on one of those platforms (especially 2.0.x) please let me know! I created a few packages to provide libraries that Keepalived needs. You need to download these and add them to your syslinux.cfg file in order for kpalived.lrp to work. Here's the list of files: (Sorry for the size. I did strip what I could, it's unfortunate that all these lib files are so damned big and required) http://download.sidestep.com/lrp/kpalived.lrp 33244 http://download.sidestep.com/lrp/libcrpto.lrp 342800 http://download.sidestep.com/lrp/libpopt.lrp 26598 http://download.sidestep.com/lrp/libssl2.lrp 81400 http://download.sidestep.com/lrp/libz.lrp 26766 I have also modified zebra bgpd (by Eric Kiser - www.eric.kiser.com/glacier.htm) to include /etc/init.d files. The binaries are still gcc 2.0.x. Note : I needed to install an additional library in order to make these function with Bering-uClibc. I've listed it below. http://download.sidestep.com/lrp/zebra.lrp 164145 http://download.sidestep.com/lrp/bgpd.lrp 57368 http://download.sidestep.com/lrp/libm.lrp 142068 Could someone please put these on the sourceforge or mirror page somewhere? This is not my website and I'm able to provide these files only for a little while, especially if there's too much usage. FYI this is my first LRP so please be gentle in your flames ;) Thanks much, Peter Mueller kpalived.help # cat /var/lib/lrpkg/kpalived.help ### Keepalived 1.0.0 *.lrp This file was compiled and packaged for the LEAF Project. This package is designed to simulate HSRP on Linux routers through the use of the program Keepalived. Please visit Keepalived.org for more information on this software. kpalived.lrp For compile, package, and dependency information: [EMAIL PROTECTED] ### # Keepalived 1.0.0 *.lrp information # Last Update: 2003-01-?? Peter Mueller ### Keepalived 1.0.0 Mailing List Information: http://www.keepalived.org/mailinglist.html Documentation: http://www.keepalived.org/documentation.html Summary:Keepalived VRRPv2 Name: Keepalived Version:1.0.0 Source: keepalived.1.0.0.tar.gz URL:http://www.keepalived.org Copyright: GPL Description: Keepalived is an excellent implementation of VRRP, the same protocol that Cisco bases HSRP on. This configuration of Keepalived is setup for use with the Zebra routing package for HA-linux routers running bgp v4. It's easy to modify for vanilla-HA or other routing packages. I compiled Keepalived on a RH 7.2 x86-SMP-based system for use with Bering-uClibc + libc225. AFAIK Keepalived does not compile on gcc 2.0.x, but it might compile on uClibc. Please write me an email if you can get it to work. Please modify the keepalived.conf file with your own settings. I'd rather not get email from your routers :). Best of luck, Peter Mueller [EMAIL PROTECTED] ### # keepalived 1.0.0 Information # Last Update: 2003-02-04 Peter Mueller ### -Original Message- From: Peter Mueller [mailto:[EMAIL PROTECTED]] Sent: Friday, January 31, 2003 5:29 PM To: 'Charles Holbrook'; [EMAIL PROTECTED] Subject: RE: [leaf-user] shorewall and keepalived Hi Charles, I am just curious if anyone has used the shorewall package as well as keepalived on the same system. And how did you overcome the issue of both shorewall and keepalived wanting to do VRRP for the ip addresses? Just got this dropped in my lap and not really sure how to proceed with this. I am getting close to getting something working with LRP keepalived. I was planning on posting both a keepalived LRP (using, as it turns out, bering-uclibc + libc225 compat) and an image of my LRP when it's done, but you're welcome to what I have in the meantime. Just drop me a mail off-list. Peter --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http
RE: [leaf-user] distribution for flash + 2.4.20 + iptables (no shorewall)
Hi Tom list, If you understand enough to create your own secure firewall using iptables, then I'm amazed that you feel the need to post on a mailing list to learn how to omit one small package (Shorewall) from a simple floppy-based Linux distribution (Bering). Nevertheless, I offer my (tongue in cheek) help: I read somewhere that Shorewall was not capable of being removed from Bering. Unfortunately I couldn't locate this post in a quick few minutes. I checked the Bering documentation and didn't find a reference, therefore I'm pretty sure this was found through Google (archive of this mailing list?). I hope knowing what was on my mind re:shorewall package you understand where I was coming from a little more. a) Remove the shorewall package from syslinux.cfg b) Remove shorwall.lrp from your floppy/CF/IDE image. c) Develop your own .lrp package that is secure and easy to configure in the face of changing firewalling/gateway requirements. I am thinking of using an lrp located at http://leaf.sourceforge.net/devel/jnilo/bering/latest/contrib/; the iptables save restore functionality. Does anyone know if this lrp provides an init.d startup of old iptables rules? If it doesn't I would imagine I'll have to create a seperate iptstart.lrp or something similar. If you think that the above two steps are trivial, browse the LEAF and Shorewall list archives. I am in process of creating/submitting a package that provides VRRP functionality for LRP called Keepalived (http://www.keepalived.org/), so yes I know lrp's aren't easy. I'm sure Shorewall is great for most people, but I'm looking for something to use in BGP linux routers booting off of CF-IDE/flash media. h) Submit your package to 1000s of people on the internet over a period of 12 to 18 months to validate its flexibility, usability and security. i) Use what you learn in that 12 to 18 month period to improve your package to make it more flexible, easier to use and more secure. I'll submit what I have when I have completed it. If people find it useful and have suggestions I'll try to help in whatever way I can. It would be nice to have such fame that 1000's of people would download it but I bet the only one that downloads it is me and a few other linux flash router people. ;) You're right -- it is so simple that I can't understand why anyone struggles with learning shorewall on these systems... :-) Lol. Well it is very important for my company to use existing setups concepts where possible. I looked at Shorewall and it doesn't seem to offer any significant advantage for my company other than being pre-integrated into LRP. Why should I learn a new firewall system if we already have iptables working and under the belt? More importantly why should I create documentation for the rest of the people here and then force them to learn this system? It seems that in my case Shorewall is a program that introduces a very good potential for human error and adds complexity to a project that doesn't need more complexity. In this project KISS is my motto. Again, we're talking about in my case only. I'm sure 99.% of the people are different and Shorewall is good for them. Thank you very much for your response time! Peter --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] distribution for flash + 2.4.20 + iptables (no shorewall)
Hi gang, What would be the best distribution to use on a flash + 2.4.x system? I like Bering, but I am going to be setting up linux routers with BGP so I don't want to experiment with learning shorewall on these systems. Space is not an issue as I have 256-mb flash cards. Thanks much for your time, Peter PS - is there a way to turn off Shorewall or run my own iptables rules in Bering? That would be fine. --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html