[leaf-user] IPv6 Problem on Bering 5.0.4
I am trying to add IPv6 capability to my LAN. I have successfully installed a SixXS IPv4 to IPv6 tunnel (i.e. I can ping6 IPv6 hosts from the LEAF command line). My problem is when I try to ping6 an IPv6 host from one of the systems on the LAN I get Network unreachable. I followed the Bering-uClibc 5.x Users Guide when configuring Shorewall and dnsmasq; however, I suspect that is where I have made a mistake. The changes I made are shown below. I would appreciate any help in solving the problem. Phil Faris ## The only change to my working IP4 dnsmasq was adding: dhcp-range=2604:8800:100:2a2::, ra-only where the value is the subnet prefix assigned by SixSX. The following modifications were made to shorewall6.conf: **ZONES** #ZONETYPEOPTIONSIN fw firewall loc ipv6 net ipv6 **INTERFACES** #ZONEINTERFACEOPTIONS netsixxs- loc eth1- **POLICY** #SOURCEDESTPOLICYLOGLIMIT: fwlocACCEPT locnetACCEPT netallDROPNFLOG(4) allallREJECTNFLOG(4) **RULES** SECTION NEW # Accept DNS connections from the firewall to the network # and from the local network to the firewall (in case dnsmasq is running) DNS(ACCEPT) fw net DNS(ACCEPT) loc fw # Accept SSH connections from the local network for administration # SSH(ACCEPT) loc fw # Allow Ping to Firewall # Ping(ACCEPT) net fw Ping(ACCEPT) loc fw # # Allow all ICMP types (including ping) from firewall ACCEPTfw loc icmp ACCEPTfw net icmp # Allow local network to access weblet/webconf # HTTP(ACCEPT) locfw HTTPS(ACCEPT) locfw # timeserver (allow syncing with time servers (default: pool.ntp.org)) NTP(ACCEPT) fw net # timeserver (allow LAN clients to sync with the time service on the router) NTP(ACCEPT) locfw # IPv6 Tunnel SixXS(ACCEPT)fw net -- HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing Easy Data Exploration http://p.sf.net/sfu/hpccsystems leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] No Shorewall Logs
I just installed the Geode version of uClibc 5.0.2-rc2 on my Alix machine. Everything seems to work well EXCEPT I get no Shorewall logs (/var/log/shorewall.log is not created). The shorewall-init.log indicates everything compiles correctly and that Shorewall starts. I made only two modifications to the standard Shorewall configuration: 1. in Ifaces the dhcp OPTION for eth0 was deleted since i have a static IP. 2. In Rules the NTP(ACCEPT) loc fw was uncommented to allow local machines to time sync with LEAF. I would appreciate any suggestion(s) on how to solve this problem. Phil Faris -- Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Bering-uClibc 5.0.1 booting problem
When I try to boot Bering-uClibc 5.0.1 on an Alix machine, I only get a few lines of gibberish and then it hangs. The terminal I am using for viewing works fine on other leaf systems. I created the system on the the 2GB compact flash card using a linux system (fedora 17) by doing the following: 1. Used cfdisk to a) create a single 2GB partition b) set file type to 0C (FAT32 LBA) c) set the bootable flag to on 2. Created a filesystem using mkfs.vfat 3. Made it linux bootable by using syslinux -i 4. exploded the Geode version of the Bering-uClibc 5.0.1 tarball and copied the files to the compact flash Does anyone have an idea of what I might have done wrong? Phil Faris -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60134791iu=/4140/ostg.clktrk leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Shorewall log
Can anyone tell me what this Shorewall log entry means? I get about fifty to sixty hits like this every day. Mar 29 16:12:57 Gateway Shorewall:net2all:DROP: IN=eth0 OUT= MAC=00:20:af:38:31:c5:00:10:67:00:b5:6b:08:00 SRC=64.214.177.149 DST=209.233.16.123 LEN=48 TOS=00 PREC=0x00 TTL=111 ID=28282 DF PROTO=TCP SPT=3463 DPT=445 SEQ=3057110942 ACK=0 WINDOW=16384 SYN URGP=0 Phil Faris --- This SF.net email is sponsored by: The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] (no subject)
Have you tried pressing the Scroll Lock key to see if it unlocks the keyboard? At 10:22 AM 6/12/02 -0700, Richard Amerman wrote: This might or might not be a bit off topic, but the machine I have been working on with my Bering setup is connected to a Belkin KVM switch. Fairly often when I switch to another machine and then back to the Bering machine it looses the keyboard. I have tried many things to get it back but always have to reboot (and as you may have guessed, I have been caught a couple of times with some un-backed up work!) Any ideas? Iâm not sure if this has anything in particular to do with the LRP setup, Linux in general, or maybe just hardware. Thanks! Richard Amerman ©¢{(ç[É8bAzFÛiÿü0Á8bAzG(ù^iû¬z¹X§X¬¶W~ë®X¬¶Ë(º·~àzwÛi³ÿåËl² «qç讧zßåËlþX¬¶)ߣù^iû¬z´!¶ÚþW~èç-¢¸?¦æÿv?vjv z¿Ý¡È×ÏuÙ¥ ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[Leaf-user] Ipsec Troubles with Dachstein 1.0.2 CD
I am trying to get a working version of an ipsec tunnel between two Dachstein CD 1.0.2 Gateways (Test1 and Test2) and their subnets. I have created a test system as suggested in the FreeSWAN documentation (see diagram below). A Security Association appears to be established between Test1 and Test2, however, no data will pass through the tunnel (i.e. the Windows browser cannot connect to the BOA httpd). Included below are the contents of /etc/ipsec.conf (Test1 and Test2 are identical except for the values of eth0 and eth1). I have also included are the outputs of ipsec look, ipsec auto --status, netstat -nr, ifconfig, and ipchains -L -n for each system after the SA was established. Can anyone help me find my problem? Thanks in advance, Phil Faris - DATA - | Windows PC w/ Browser | 192.168.1.0/24 subnet | 192.168.1.230 || -| || | - | eth1 --192.168.1.250 | | Dachstein CD 1.0.2| (Test1) | eth0---10.0.1.1 | - | | - | eth0---10.0.1.254| | Dachstein CD 1.0.2| (Router) | eth1---10.0.2.254| - | | - | eth0---10.0.2.1 | | Dachstein CD 1.0.2| (Test2) | eth1---192.168.2.250 | - | || -| | eth1---192.168.2.10 || | Eigerstein w/BOA | 192.168.2.0/24 subnet - (working BOA httpd) *** /etc/ipsec.conf (identical for Test1 and Test2) *** # /etc/ipsec.conf - FreeS/WAN IPsec configuration file # More elaborate and more varied sample configurations can be found # in FreeS/WAN's doc/examples file, and in the HTML documentation. # basic configuration config setup # THIS SETTING MUST BE CORRECT or almost nothing will work; # %defaultroute is okay for most simple cases. interfaces=%defaultroute # Debug-logging controls: none for (almost) none, all for lots. klipsdebug=none plutodebug=none # Use auto= parameters in conn descriptions to control startup actions. plutoload=%search plutostart=%search # Close down old connection when new one using same ID shows up. #uniqueids=yes # defaults for subsequent connection descriptions conn %default # How persistent to be in (re)keying negotiations (0 means very). keyingtries=0 # RSA authentication with keys from DNS. #authby=rsasig #leftrsasigkey=%dns #rightrsasigkey=%dns # connection description for (experimental!) opportunistic encryption # (requires KEY record in your DNS reverse map; see doc/opportunism.howto) #conn me-to-anyone #left=%defaultroute #right=%opportunistic # uncomment to enable incoming; change to auto=route for outgoing #auto=add # sample VPN connection conn vpntest type=tunnel # Left security gateway, subnet behind it, next hop toward right. left=10.0.1.1 leftsubnet=192.168.1.0/24 leftnexthop=10.0.1.254 leftfirewall=yes # Right security gateway, subnet behind it, next hop toward left. right=10.0.2.1 rightsubnet=192.168.2.0/24 rightnexthop=10.0.2.254 rightfirewall=yes # To authorize this connection, but not actually start it, at startup, auto=start authby=secret ** ipsec look (Test1) ** Test1 Mon Jan 28 12:00:05 UTC 2002 192.168.1.0/24 - 192.168.2.0/24 = [EMAIL PROTECTED] [EMAIL PROTECTED] (0) ipsec0-eth0 mtu=16260(1500)-1500 [EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=in src=10.0.2.1 iv_bits=64bits iv=0x8e28acf0eb8ca96c ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=add(1977,0,0) [EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=in src=10.0.2.1 iv_bits=64bits iv=0xfaed8c6c0453e7db ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=add(1964,0,0) [EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=out src=10.0.1.1 iv_bits=64bits iv=0x18fe4c10d44f02c9 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=add(1977,0,0) [EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=out src=10.0.1.1 iv_bits=64bits iv=0x6bbfd723ad45c6b9 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=add(1964,0,0) [EMAIL PROTECTED] IPIP: dir=in src=10.0.2.1 life(c,s,h)=add(1977,0,0) [EMAIL PROTECTED] IPIP: dir=out src=10.0.1.1 life(c,s,h)=add(1977,0,0) [EMAIL PROTECTED] IPIP: dir=in src=10.0.2.1 life(c,s,h)=add(1964,0,0) [EMAIL PROTECTED] IPIP: dir=out src=10.0.1.1 life(c,s,h)=add(1964,0,0) Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 10.0.1.254 0.0.0.0 UG
[Leaf-user] chatscript for pacbell.net
My ISP (Verio) is dropping dial-up service. I am trying to create a new back-up for my DSL service. I am using Dachstein-CD-1.0.2. I changed the telephone number, user name and password in the old script, however, after it dials and I receive the CONNECT from pacbell.net the script fails. I tried sending carriage return () then tried \c\d and it still failed. Any ideas would be appreciated. Phil Faris ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user