[leaf-user] Bering on an IDE Hard drive
Can anyone help?? I have being trying to get a (fully working) Bering sytem from floppy to an IDE hard drive. I have based my efforts on Charles Steinkuehler's How-to for Dachstein. All goes well (Linux boots ok) until LINUXRC tries to load the packages. Although syslinux.cfg points to /dev/hda1 for both boot and packages, LINUXRC tries to open the floppy, fails and kills init (successfully, the PC is then completely dead). with a Bering floppy in the drive it still fails after not finding the modules. Last message before rigor-mortis is: LINUXRC: Bering - Initrd - V1.2 end_request; I/O error, dev 02:00 (floppy) sector 0 end_request; I/O error, dev 02:00 (floppy) sector 0 end_request; I/O error, dev 02:00 (floppy) sector 0 LINUXRC: Could not mount the boot device. Can't install packages. Kernel panic: Attempted to kill init! Would appreciate if anyone else has a similar experience, or even better - a fix. Robert von Knobloch - Black Forest, Germany --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering on an IDE Hard Drive
Many thanks to all for the help, it now works fine. Was a corrupt modules.lrp, now fixed. Charles Steinkuehler's How-to for IDE works fine for Bering (just a small syntax difference, but that's obvious). Now for loac syslogging :-) Robert von Knobloch --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Ezipudate with Bering
Hallo LEAF World! I'm running Bering (quite stable now) but am having trouble with ezipupdate. The package on Jacques Nilos Page just causes a crash in the terminal programs (both serial & local tty). The firewall itself is still running underneath but no control possible. Does anyone know of version or dependancy problems ?? Is the boot sequence (in lrpkg.cfg) important (I have it almost last in the list) ? Would appreciate any comments. Robert von Knobloch --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Static route
Hallo LEAF World ! Can someone tell me where I should put a static route so that it survives a reboot ? I have a subnet in the internal network - all works fine with Shorewall & masquerading but I am not familiar enough with this Linux to know the best place to put my "route add..." staement. Thanks, Robert von Knobloch --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] uClibc2 Bering
Hello LEAF World, I have just made the transition from Bering 1.2 to the new uClibc release. So far I have got it all working, using only the new uClibc packages except that when I try to use the bash shell (packages ncurses.lrp and bash.lrp), then ezipudate and dnscache don't work any more. errors at boot time are : /etc/rc2.d/S45dnscache: line 14: UID: readonly variable Starting /usr/bin/ez-ipupdate... ez-ipupdate Version 3.0.11b8 Copyright (C) 1998-2001 Angus Mackay gethostbyname: Unknown host error connecting to members.dyndns.org:80 Can anyone help? Robert von Knobloch --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re - Bash Shell in Bering uClibc
Thanks to Erich Titl & K.P. for their useful suggestions. Commenting out line 14 in /etc/init.d/dnscache (UID=1001) works fine, dnscache & ezipupdate are now working together with the bash shell. Robert von Knobloch. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Static DNS entry
Does anyone know a simple way to set a couple of static dns entries on my LEAF Bering (uClib) box? I'm running DNSCACHE for resolving Internet names and have an MS Win2000 Domain controller as internal DNS (it needs it's own dynamic DNS for active directory). All this works just fine until I power down the complete Windows network (which I do every evening). When I want a quick connection from my laptop or a visitor's laptop I don't have internal DNS and can't acces my LEAF box by name (unless I power my MS domain up). I don't want to put a host file on visitor's machines and adding a dns server to my LEAF box will disturb CACHEDNS. Any ideas ? Robert von Knobloch. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bash & Bering uClibc
Hello LEAF World! My earlier mail was too hasty, another problem has emerged when using bash. Backup of any or all package (backup... c... L...)results in each package reporting a line number and "terminated ticker". A reboot produces simply a kernel panic and everything is completely dead. Restoring my carefully saved ghost backup, removing ncurses and bash fixes this. Any ideas anyone? robert von Knobloch in the very snowy Black Forest --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Static DNS entry
Richard, first, thanks for replying. To explain: I have a system that I like to make completely heterogeneous. This system is just for fun, (which is why it's much more complicated than necessary), but also serves my wife's office requirements (Vet Practice). It is as follows: (All netmasks 24-Bit) 1 Win2K Domain controller office1.praxis 192.168.0.1 2 Win2k as router office2.praxis 192.168.10 + 10.1.1.0 network segment (2 NICs) 3 LEAF-Bering brandmauer.praxis 192.168.0.254 4 Several clients in both networks (movable clients, laptops etc.) Both Win2K machines have DHCP with small range of leases (the router serves DHCP in both networks), as does the LEAF box DNS is primarily on the Domain Controller as Win Active Directory needs it. For the Internet, dnscache is used on the LEAF box (all hosts receive both DNS servers per DHCP). It's just irritating that when only the LEAF box is running, I can't acces it by FQDN. I could put a hosts file on all clients but this is messy. A zone transfer from Win has been suggested, but dnscache doesn't support this either. I really want a proper DNS server on leaf, but it must work with dnscache together and on the same address, which seems not possible. Robert von Knobloch. Message: 1 Subject: Re: [leaf-user] Static DNS entry From: Richard Doyle <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Date: Mon, 22 Dec 2003 10:05:51 -0800 On Mon, 2003-12-22 at 05:05, Erich Titl wrote: > Hi > > At 09:52 22.12.2003 +0100, you wrote: > >Does anyone know a simple way to set a couple of static dns entries on my > >LEAF Bering (uClib) box? I don't see how these entries would solve the problem you describe below. They would help the LEAF box resolve host names, but wouldn't help other hosts resolve the name of your LEAF box. Part of the source of my confusion (and, I suspect, yours) is that you haven't told us how IPs are assigned on your network; I suspect the Win2000 domain server provides DHCP services. If so, how will laptops attached to the network obtain IPs and other network settings when the DHCP server is off-line? > >I'm running DNSCACHE for resolving Internet names and have an MS Win2000 > >Domain controller as internal DNS (it needs it's own dynamic DNS for active > >directory). > >All this works just fine until I power down the complete Windows network > >(which I do every evening). When I want a quick connection from my laptop or > >a visitor's laptop I don't have internal DNS and can't acces my LEAF box by > >name (unless I power my MS domain up). > >I don't want to put a host file on visitor's machines and adding a dns > >server to my LEAF box will disturb CACHEDNS. > >Any ideas ? > > I always thought DNSCache was part of tinydns, e,g, > the djbdns suite. Sort of. dnscache and tinydns are separate parts of the djbdns suite. > Will this really disturb? As Erich's question implies, you can run both tinydns and dnscache on a single host by binding each to a different ip. On a typical LEAF box, tinydns is bound to 127.0.0.1 and dnscache is bound to the IP of the box's internal interface (192.168.1.254 for example). > You could publish your LEAF box to be the nameserver > for your ad-hoc clients, if you want to rely on your > windoze set up to server DNS then do a zone transfer > to your LEAF box to take over once the windoze box is off. > HTH > Erich -Richard --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering uClibc
Hello LEAF World! I seem (hope not) to have found a problem with HTTP transfer in the uClibc release 2 of Bering. All has been working on Bering 1.2, so I decided to "upgrade" to uClibc. At first all seemed OK, then my wife wanted to access her on-line bank account. Although this starts with a completely normal, public HTTP (NOT HTTPS) web page(http://www.spk-vs.de), no browser can display it (MSIE, Opera, Mozilla tested) no message is displayed, the browser just sits for ever trying to get the page. OK, switch back to Bering 1.2 with he same firewall rules and it all works fine. I have then (to avoid misconfiguration) set up a uClibc floppy disk (the download) and just configured my interaces (no extras, as delivered shorewall etc). Same result - uClibc version doesn't let this page be displayed. Sooo.. TCPDUMP on the PPPoE interface, Ethereal on the network and let's analyse. uClibc: After the 3-way handshake, the Browser does a GET, the Web page answers with TCP ACK and that's it - no further action. With Bering 1.2 the next action is a HTTP OK and the dialogue continues. I have capture files for both interfaces on both versions of LEAF, but cannot see what is going wrong. All sequence numbers seem correct. The FW doesn't seem to dropping any packets but it just doesn't work on uClibc. Anyone got any ideas ? Robert von Knobloch. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
AW: [leaf-user] Bering uClibc
Thanks Martin, that fixed it. I had overlooked adding this entry What is unusual is that the exteral & internal tcpdump traces don't show any problems. I had expected a checksum error or similar problem on one or more packets, but that did not occur. Robert -Ursprungliche Nachricht- Von: Martin Hejl [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 24. Dezember 2003 10:23 An: Robert & Sabine von Knobloch Cc: Leaf-User (E-Mail) Betreff: Re: [leaf-user] Bering uClibc Hi Robert, > Although this starts with a completely normal, public HTTP (NOT HTTPS) web > page(http://www.spk-vs.de), no browser can display it (MSIE, Opera, Mozilla > tested) no message is displayed, the browser just sits for ever trying to > get the page. > > OK, switch back to Bering 1.2 with he same firewall rules and it all works > fine. > I have then (to avoid misconfiguration) set up a uClibc floppy disk (the > download) and just configured my interaces (no extras, as delivered > shorewall etc). Same result - uClibc version doesn't let this page be > displayed. > > Sooo.. > TCPDUMP on the PPPoE interface, Ethereal on the network and let's analyse. > uClibc: > After the 3-way handshake, the Browser does a GET, the Web page answers with > TCP ACK and that's it - no further action. Since you mention pppoe - might it be that your Bering uClibc setup is missing the CLAMPMSS=Yes line in /etc/shorewall/shorewall.conf? Just an idea, since that's what happened to me when I set up my first 2.0 box from scratch - and it may just be "bad luck" that the online banking site is the first one to exhibit the problem. Martin P.S. I'll be out of town over Christmas - so I won't be able to respond to any followup questions for a few days. -- You think that's tough? Try herding cats! --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] IPSEC
Hope everyone had a happy Christmas, can anyone point me to documentation about the Bering uClib2.0 IPSEC package ? The links at Freeswan don't seem very relevant to the config in Bering. I'm trying to set the RSA keys up but not having any success so far. Best wishes for the new year, robert von Knobloch --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Weblet & Logs - Bering
Hallo Leaf World ! First a happy new year to all. Then: 1. Is some config in the Weblet needed to allow hosts on internal subnets to access the http daemon ? I have: firewall: 192.168.0.254 -> router - 192.168.0.10/24 <-> 10.1.1.10/24 <- 10.1.1.100 (Host1) All routing and firewalling is OK with my subnets entered as interfaces, routes and in Shorewall (can ping, ftp etc. all machines, also DNS is fine), but Host1 cannot access the firewall weblet (can ping the firewall, firewall can ping the host). In the weblet config file there is an entry (commented out) to restrict the hosts that can use weblet, I assume that when it's commented out all host should get access. Similarly, hosts on my WiFi network (also connected to the same router on Subnet 172.16.0.0/24 acn reach all other machines, but not the weblet. Can any one help ? 2. Has anyone tried moving logging (and, therefore weblet and other apps. access to the logs) to a hrd drive ?? 'm thinking about it to preserve logs under a reboot (happens often as I can't seem to stop configuring new features :-)) 3. Sorry KP, I did not reply to your help regarding IPSEC, but, thanks to your comments, I am now much farther (I believe my gateway is OK - all logs look good) and am working on a Windows XP road warrior client. Robert von Knobloch --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
AW: [leaf-user] Weblet & Logs - Bering
Thanks Kory, Both settings were OK , but you forced me to double-check and I noticed thre was no Carriage return on the subnet declaration in /etc/hosts.allow. I rthen remembered reading that this is a problem. No weblet problem now. The cron solution had also occurred to me, I wanted to see how others saw it, perhaps its the safest solution. Happy new year, Robert -Ursprüngliche Nachricht- Von: Kory Krofft [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 31. Dezember 2003 14:30 An: [EMAIL PROTECTED]; Leaf-User (E-Mail) Betreff: Re: [leaf-user] Weblet & Logs - Bering >1. > >Is some config in the Weblet needed to allow hosts on internal >subnets to >access the http daemon ? Yes. You must mane the proper adjustments to /etc/hosts.allow and edit the CLIENT_ADDRS="192.168.1." line in /etc/sh-httpd.conf. > >2. >Has anyone tried moving logging (and, therefore weblet and other >apps. >access to the logs) to a hrd drive ?? 'm thinking about it to >preserve logs >under a reboot (happens often as I can't seem to stop configuring new >features :-)) I have not tried it but from looking at the ulogd config options in lrcfg it appears that it would be configurable by editing /etc/ulogd.conf. Alternatively just run a cron job to copy or email them to a different location periodically. Kory --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] IKE - IPSEC VPN with XP Client
Hallo LEAF World! Season's greeting to all LEAF users & developers. I'm trying to get a Roadwarrior VPN system running with my lEAF uClibc2.0 Box. I'm following the Freeswan document from Nate Carlson, which uses the IPSEC.EXE utility from Marcus Müller (e.bootis VPN). All daemons well-fed, reporting no errors. (IPSEC, PLUTO, WHACK, KLIPS etc.). So far I have all certificates generated (from openssl CA on the LEAF box) and installed. I make a dial-up modem connection from XP and ping my firewall dyndns address firewall is on flat-rate ADSL). Using TCPDUMP on the LEAF Box ppp0 interface (MS boxes can't capture WAN connections under Ethereal sadly), I see 7 ISAKMP packets exchanged. 1. Proposal from XP 2. Proposal from LEAF 3. Key & nonce exchange from XP 4. Key & nonce excahnge + certificate request from LEAF 5. Informational packet (56 Byres encrypted) from XP 6. Repeat of 4 7. Repeat of 4 The LEAF auth.log shows the problem, but I can't see a solution. it seems clearly to lie with the XP box configuration. LEAF auth.log (brandmauer is the name of the LEAF box): === Jan 2 11:24:53 brandmauer pluto[16478]: packet from 213.6.55.126:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 0003] Jan 2 11:24:53 brandmauer pluto[16478]: "roadwarrior-net"[2] 213.6.55.126 #2: responding to Main Mode from unknown peer 213.6.55.126 Jan 2 11:24:54 brandmauer pluto[16478]: "roadwarrior-net"[2] 213.6.55.126 #2: encrypted Informational Exchange message is invalid because it is for incomplete ISAKMP SA === I have the feeling it lies with the ipsec.conf information for the e.bootis VPN (ipsec.exe) system. Has anyone experienced similar problems ? Robert von Knobloch --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Xircom pcmcia
Hallo LEAF World ! Has anyone experience with Xircom pcmcia NICs ? I'm trying to convert a friend to LEAF, he has an old Compaq laptop he wants to use (because it makes no noise). This is equipped with a double pcmcia card slot for network support. At present, there is a single Xircom Credit Card Ethernet adapter type CE-10B2/A. I'm having no success with Bering uClibc2.1 in getting this card to talk. As we must buy a second card anyway for (ADSL-pppoe), does anyone know which cards are reliably supported ? Robert von Knobloch --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] TFTP & Leaf Bering Uclib2.0
Hello LEAF World, I'm setting up a log recording system to hard disk that also exports the logs to another machine when needed. Trying to use TFPT (because there is a client as a LEAF package available) gives problems with the firewall. "Normal" protocols use a well-known port to the server and a client-chosen return port. This allows Shorwall`s stateful packet filter to open the return port and all is OK. TFTP chooses it's ports according to some hash values at each end so that the returning UDP packets do not have the same ports numbers as the requests. The Firewall then drops these return packets as not being allowed (my rulebase only allows defined port access from the local net). As I have several hosts in the internal net, it seems impossible to predict all the possible ports to allow (and, anyway, it's lousy security). Is there a way to configure Shorewall to recognise the 'statefulness' (grammatically bad, but it describes the problem) of TFTP ? OR is there a "proper" FTP client anywhere ? Many thanks, Robert von knobloch Blach Forest - Germany --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
WG: [leaf-user] TFTP & Leaf Bering Uclib2.0
Thanks Eric, just what I was looking for. Robert von Knobloch -Ursprungliche Nachricht- Von: Eric de Thouars [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 18. Februar 2004 23:40 An: Robert & Sabine von Knobloch Betreff: Re: [leaf-user] TFTP & Leaf Bering Uclib2.0 At 16:29 18-2-2004, you wrote: >"Normal" protocols use a well-known port to the server and a client-chosen >return port. This allows Shorwall`s stateful packet filter to open the >return port and all is OK. TFTP chooses it's ports according to some hash >values at each end so that the returning UDP packets do not have the same >ports numbers as the requests. Use the ip-conntrack-tftp netfilter module. This will take care of your problems - Eric de Thouars --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] LEAF and H323
Hall LEAF World, i'm trying (I know it's not very secure, but some friends want desperately to do it) to set up a MS Netmeeting 3 connection between 2 private networks 8mine with a LEAF Bering Uclibc 2 Firewall has anyone experience of how to set this up in the Shorewall rules? I have loaded the ip_conntrack_h323.0 & ip_nat_h323.o and have rules to allow ports 1720 & 1503 out (and Port forward incoming to a Windoze PC). So far I can get some signalling (remote end asys there is a connection, but I can't complete the call. I know there are many UDP ports involved, what must I tell Shorewall to allow the traffic flow ? p.s. ust for info - not directly LEAF. Here in Germany we have now got URL's (since 1st. March) with the special german "Umlaut" characters in them (those with 2 dots above them). I have a web site with such a domain name, it became active today when I found that MSIE §$%&! won't acces such addresses. Mozilla works fine but, sadly, most others tend to have MSIE :-( I don't know if MS are going to fix this, but it seems pretty stupid. Greetings from the Black Forest, Robert von Knobloch --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
