[leaf-user] IPv6 Problem on Bering 5.0.4

2014-06-16 Thread Phil Faris 
I am trying to add IPv6 capability to my LAN.  I have successfully 
installed a SixXS IPv4 to IPv6 tunnel (i.e. I can ping6 IPv6 hosts from 
the LEAF command line).  My problem is when I try to ping6 an IPv6 host 
from one of the systems on the LAN I get Network unreachable.  I 
followed the Bering-uClibc 5.x Users Guide when configuring Shorewall 
and dnsmasq; however, I suspect that is where I have made a mistake. The 
changes I made are shown below. I would appreciate any help in solving 
the problem.

Phil Faris

##

The only change to my working IP4 dnsmasq was adding:

dhcp-range=2604:8800:100:2a2::, ra-only

where the value is the subnet prefix assigned by SixSX.



The following modifications were made to shorewall6.conf:

**ZONES**
#ZONETYPEOPTIONSIN
fw firewall
loc ipv6
net ipv6

**INTERFACES**
#ZONEINTERFACEOPTIONS
 netsixxs-
 loc eth1-

**POLICY**
#SOURCEDESTPOLICYLOGLIMIT:
 fwlocACCEPT
 locnetACCEPT
 netallDROPNFLOG(4)
 allallREJECTNFLOG(4)

**RULES**
SECTION NEW
#  Accept DNS connections from the firewall to the network
#  and from the local network to the firewall (in case dnsmasq is 
running)
DNS(ACCEPT)   fw  net
DNS(ACCEPT)   loc fw

#  Accept SSH connections from the local network for administration
#
SSH(ACCEPT)   loc fw

#  Allow Ping to Firewall
#
Ping(ACCEPT)  net fw
Ping(ACCEPT)  loc fw
#
#  Allow all ICMP types (including ping) from firewall
ACCEPTfw   loc icmp
ACCEPTfw   net icmp
#  Allow local network to access weblet/webconf
#
HTTP(ACCEPT)   locfw
HTTPS(ACCEPT)   locfw
# timeserver (allow syncing with time servers (default: pool.ntp.org))
NTP(ACCEPT) fw   net
# timeserver (allow LAN clients to sync with the time service on the router)
NTP(ACCEPT) locfw
# IPv6 Tunnel
SixXS(ACCEPT)fw net






--
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing  Easy Data Exploration
http://p.sf.net/sfu/hpccsystems

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] No Shorewall Logs

2013-12-06 Thread Phil Faris 
I just installed the Geode version of uClibc 5.0.2-rc2 on my Alix 
machine.  Everything seems to work well EXCEPT I get no Shorewall logs 
(/var/log/shorewall.log is not created).  The shorewall-init.log 
indicates everything compiles correctly and that Shorewall starts. I 
made only two modifications to the standard Shorewall configuration:
   1. in Ifaces the dhcp OPTION for eth0 was deleted since i have a 
  static IP.
   2. In Rules the NTP(ACCEPT)  loc   fw was uncommented to allow 
local machines to time sync with LEAF.

I would appreciate any suggestion(s) on how to solve this problem.

Phil Faris

--
Sponsored by Intel(R) XDK 
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631iu=/4140/ostg.clktrk

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] Bering-uClibc 5.0.1 booting problem

2013-10-05 Thread Phil Faris 
When I try to boot Bering-uClibc 5.0.1 on an Alix machine, I only get a 
few lines of gibberish and then it hangs.  The terminal I am using for 
viewing works fine on other leaf systems.

I created the system on the the 2GB compact flash card using a linux 
system (fedora 17) by doing the following:

1. Used cfdisk to
   a) create a single 2GB partition
   b) set file type to 0C (FAT32 LBA)
   c) set the bootable flag to on

2. Created a filesystem using mkfs.vfat

3. Made it linux bootable by using syslinux -i

4. exploded the Geode version of the Bering-uClibc 5.0.1 tarball and 
copied the files to the compact flash

Does anyone have an idea of what I might have done wrong?

Phil Faris

--
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register 
http://pubads.g.doubleclick.net/gampad/clk?id=60134791iu=/4140/ostg.clktrk

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] Shorewall log

2003-03-29 Thread Phil Faris 
Can anyone tell me what this Shorewall log entry means?  I get about fifty 
to sixty hits like this every day.

Mar 29 16:12:57 Gateway Shorewall:net2all:DROP: IN=eth0 OUT= 
MAC=00:20:af:38:31:c5:00:10:67:00:b5:6b:08:00  SRC=64.214.177.149 
DST=209.233.16.123 LEN=48 TOS=00 PREC=0x00 TTL=111 ID=28282 DF PROTO=TCP 
SPT=3463 DPT=445 SEQ=3057110942 ACK=0 WINDOW=16384 SYN URGP=0

Phil Faris

---
This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There!
NetWorld+Interop Las Vegas 2003 -- Register today!
http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] (no subject)

2002-06-12 Thread Phil Faris 

Have you tried pressing the Scroll Lock key to see if it unlocks the 
keyboard?

At 10:22 AM 6/12/02 -0700, Richard Amerman wrote:
This might or might not be a bit off topic, but the machine I have been 
working on with my Bering setup is connected to a Belkin KVM 
switch.  Fairly often when I switch to another machine and then back to 
the Bering machine it looses the keyboard.  I have tried many things to 
get it back but always have to reboot (and as you may have guessed, I have 
been caught a couple of times with some un-backed up work!)



Any ideas?  I’m not sure if this has anything in particular to do with 
the LRP setup, Linux in general, or maybe just hardware.



Thanks!



Richard Amerman
©¢{(­ç[É8bžAžzF­†Ûiÿü0Á8bžAžzG(›ù^iû¬z¹šŠX§‚X¬¶Wš~ë®X¬¶Ë(º·~Šàzw­†Ûi³ÿåŠËl² 
‹«qç讧zßåŠËlþX¬¶)ߣù^iû¬z´‘!¶ÚþWš~šèç-¢¸?¦æÿv‡?v‡jv z¿Ý¡È×Ïu†Ù¥


___

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[Leaf-user] Ipsec Troubles with Dachstein 1.0.2 CD

2002-01-28 Thread Phil Faris 

I am trying to get a working version of an ipsec tunnel between two 
Dachstein CD 1.0.2 Gateways (Test1 and Test2) and their subnets.  I have 
created a test system as suggested in the FreeSWAN documentation (see 
diagram below).  A Security Association appears to be established between 
Test1 and Test2, however, no data will pass through the tunnel (i.e. the 
Windows browser cannot connect to the BOA httpd).

Included below are the contents of /etc/ipsec.conf (Test1 and Test2 are 
identical except for the values of eth0 and eth1).  I have also included 
are the outputs of ipsec look, ipsec auto --status, netstat  -nr, 
ifconfig, and ipchains -L -n for each system after the SA was established.

Can anyone help me find my problem?

Thanks in advance,

Phil Faris

- DATA 

-
| Windows PC w/ Browser |  192.168.1.0/24 subnet
| 192.168.1.230 ||
-|
 ||
 |
-
| eth1 --192.168.1.250 |
| Dachstein CD 1.0.2| (Test1)
| eth0---10.0.1.1  |
-
 |
 |
-
| eth0---10.0.1.254|
| Dachstein CD 1.0.2| (Router)
| eth1---10.0.2.254|
-
 |
 |
-
| eth0---10.0.2.1  |
| Dachstein CD 1.0.2| (Test2)
| eth1---192.168.2.250 |
-
 |
 ||
-|
| eth1---192.168.2.10  ||
| Eigerstein w/BOA  |   192.168.2.0/24 subnet
-
(working BOA httpd)



***
/etc/ipsec.conf (identical for Test1 and Test2)
***
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file

# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.



# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces=%defaultroute
# Debug-logging controls:  none for (almost) none, all for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
#uniqueids=yes



# defaults for subsequent connection descriptions
conn %default
# How persistent to be in (re)keying negotiations (0 means very).
keyingtries=0
# RSA authentication with keys from DNS.
#authby=rsasig
#leftrsasigkey=%dns
#rightrsasigkey=%dns



# connection description for (experimental!) opportunistic encryption
# (requires KEY record in your DNS reverse map; see doc/opportunism.howto)
#conn me-to-anyone
#left=%defaultroute
#right=%opportunistic
# uncomment to enable incoming; change to auto=route for outgoing
#auto=add



# sample VPN connection
conn vpntest
type=tunnel
# Left security gateway, subnet behind it, next hop toward right.
left=10.0.1.1
leftsubnet=192.168.1.0/24
leftnexthop=10.0.1.254
leftfirewall=yes
# Right security gateway, subnet behind it, next hop toward left.
right=10.0.2.1
rightsubnet=192.168.2.0/24
rightnexthop=10.0.2.254
rightfirewall=yes
# To authorize this connection, but not actually start it, at startup,
auto=start
authby=secret


**
ipsec look (Test1)
**
Test1 Mon Jan 28 12:00:05 UTC 2002
192.168.1.0/24 - 192.168.2.0/24 = [EMAIL PROTECTED] 
[EMAIL PROTECTED]  (0)
ipsec0-eth0 mtu=16260(1500)-1500
[EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=in  src=10.0.2.1 
iv_bits=64bits iv=0x8e28acf0eb8ca96c ooowin=64 alen=128 aklen=128 eklen=192 
life(c,s,h)=add(1977,0,0)
[EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=in  src=10.0.2.1 
iv_bits=64bits iv=0xfaed8c6c0453e7db ooowin=64 alen=128 aklen=128 eklen=192 
life(c,s,h)=add(1964,0,0)
[EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=out src=10.0.1.1 
iv_bits=64bits iv=0x18fe4c10d44f02c9 ooowin=64 alen=128 aklen=128 eklen=192 
life(c,s,h)=add(1977,0,0)
[EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=out src=10.0.1.1 
iv_bits=64bits iv=0x6bbfd723ad45c6b9 ooowin=64 alen=128 aklen=128 eklen=192 
life(c,s,h)=add(1964,0,0)
[EMAIL PROTECTED] IPIP: dir=in  src=10.0.2.1 life(c,s,h)=add(1977,0,0)
[EMAIL PROTECTED] IPIP: dir=out src=10.0.1.1 life(c,s,h)=add(1977,0,0)
[EMAIL PROTECTED] IPIP: dir=in  src=10.0.2.1 life(c,s,h)=add(1964,0,0)
[EMAIL PROTECTED] IPIP: dir=out src=10.0.1.1 life(c,s,h)=add(1964,0,0)
Destination Gateway Genmask Flags   MSS Window  irtt Iface
0.0.0.0 10.0.1.254  0.0.0.0 UG

[Leaf-user] chatscript for pacbell.net

2002-01-04 Thread Phil Faris 

My ISP (Verio) is dropping dial-up service.  I am trying to create a new 
back-up for my DSL service.  I am using Dachstein-CD-1.0.2.  I changed the 
telephone number, user name and password in the old script, however, after 
it dials and I receive the CONNECT from pacbell.net the script fails.  I 
tried sending carriage return () then tried \c\d and it still 
failed.  Any ideas would be appreciated.

Phil Faris

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user