RE: [leaf-user] dyndns

[Robert K Coffman Jr - Info From Data Corporation]

 ETH0_IP=`find_first_interface_address eth0`

I'm on Shorewall 2.0.10 and this is unsupported.  What exactly is
find_first_interface_address?  A shell script?  Can it be added to older
versions of shorewall to support this?

Thanks -

Bob Coffman



---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

RE: [leaf-user] dyndns

[Robert K Coffman Jr - Info From Data Corporation]

Cancel the last message, I didn't read the docs accurately.

- Bob Coffman



---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

RE: [leaf-user] CF Card Issues

[Robert K Coffman Jr - Info From Data Corporation]

I get the sense that all the grief I see people have with CF cards just
isn't worth it.  I'm only using old junky IDE drives (500MB to 4GB in size)
to boot my shorewall systems.  If one were to fail (I know they will at some
point) I'll merely format a 100MB partition on another drive, syslinux it
and copy the the LRPs etc from the backup made by SCP, install it and I'm
back in business.  The drives spin down after boot so there is little wear
on them.

Is anyone running CF with absolutely no issues??

- Bob Coffman



---
SF.Net email is Sponsored by the Better Software Conference  EXPO September
19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile  Plan-Driven Development * Managing Projects  Teams * Testing  QA
Security * Process Improvement  Measurement * http://www.sqe.com/bsce5sf

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

RE: [leaf-user] Backing up LEAF disks over the network.

[Robert K Coffman Jr - Info From Data Corporation]

I don't think that the crypto stuff is _that_ hard on the CPU.

My slowest LEAF machine is P75 and I notice no difference when backing up
packages over SCP between that and other more capable machines.  Of course
that is over a broadband (cable) connection, I'm sure I could measure a
difference if I were on a LAN.

- Bob Coffman



---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

RE: [leaf-user] Possible backup script issue (Bering-uClibc_2.3-beta4)

[Robert K Coffman Jr - Info From Data Corporation]

Actually, you *DO* have it loaded twice.  Initrd is 'special', as it is the
initial ramdisk loaded along with the kernel by the boot-loader 

Has this always been the case?  I've had initrd in leaf.cfg from the get-go
and in Bering 1.2 it was specified (although differently from other
packages) in syslinux.cfg...

Off to try removing it...

- Bob Coffman 




---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

RE: [leaf-user] Possible backup script issue (Bering-uClibc_2.3-beta4)

[Robert K Coffman Jr - Info From Data Corporation]

AFAIK this has always been the case.

I tried to recall this email but I replied to myself.  You are, of course,
quite correct, and I was mistaken that initrd was in the list.

Thanks -

Bob Coffman



---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

RE: [leaf-user] 3C905CX Network Card

[Robert K Coffman Jr - Info From Data Corporation]

Did you allow ICMP traffic to originate from your firewall?



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of James F
Sent: Thursday, June 30, 2005 12:00 PM
To: leaf-user@lists.sourceforge.net
Subject: [leaf-user] 3C905CX Network Card


Using these cards with the 3c90 module, the cards are
being detected and come up with no errors. The problem
is that no traffic is coming back across these cards.
When I ping from the LEAF machine and  sniff the
traffic, I see arp request being sent by the leaf box
and answered by the other machine. But no icmp packets
are being sent. Any ideas

Thanks



 
Yahoo! Sports 
Rekindle the Rivalries. Sign up for Fantasy Football 
http://football.fantasysports.yahoo.com


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from
IBM. Find simple to follow Roadmaps, straightforward articles, informative
Webcasts and more! Get everything you need to get up to speed, fast.
http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/



---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] Network Configuration Ideas

[Robert K Coffman Jr - Info From Data Corporation]

Ok, since CPU asked.

I didn't want to put this on list, because it isn't a Leaf question per se,
however I'm struggling with what to do with this.

In the simplest terms possible, I have a 4 subnet network, with each subnet
at a different physical location.  Location 1 has the internet connection,
and the core server (read:Citrix) for all the other locations.

Internet connectivity is via a proxy server on the location 1 subnet.  I
would like to eliminate the proxy, and replace it with Leaf with no proxy.
The problem is, is that this would give anyone in Location 1 two routes off
their network.  The connections to the remote subnets are via T1 and they
all connect to location 1 via a Cisco router which has no free connections.

Must have goals:  eliminate proxy server, provide one route off of the
Location 1 subnet.
Would like goals:  Avoid having Leaf as failure point between subnet 1 and
the remote subnets.  Avoid purchasing a new Cisco router.

Unfortunately, it seems that my best option would be to put another adapter
in the Leaf router, and renumber subnet 1, so that everything converges at
leaf on the old subnet 1 address.  However, since I'm using old commodity
hardware for that task, and internet connectivity is less important to the
business than the connectivity between the locations, I would love to keep
this from becoming a point of failure.

Any ideas on what to do here?  Or have I exhausted my options and I need to
violate one of my would like goals?  I don't know Cisco, but I suspect if
I did I could make short work of this problem.

- Bob Coffman



---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

RE: [leaf-user] Network Configuration Ideas

[Robert K Coffman Jr - Info From Data Corporation]

Route 1:  Via Leaf (or currently a Routefinder acting as a proxy) 10.0.0.250
- Internet
Route 2:  Via Cisco to the remote subnets - 10.0.0.1 - Remote subnets

When you say you don't want LEAF as a single failure point, do you mean you
don't want LEAF to be a NAT'ing firewall for you internet connection as well
as performing the routing and/or tunnelling between your subnets?

Exactly.  As much as I know that Leaf is completely capable of performing
this function, it just introduces another failure point to their network
that I don't want.

Thanks -

Bob Coffman

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of James Neave
Sent: Tuesday, June 28, 2005 9:06 AM
To: Robert K Coffman Jr - Info From Data Corporation;
leaf-user@lists.sourceforge.net
Subject: RE: [leaf-user] Network Configuration Ideas


Hi,

When you say two routes, do you mean:

1: NATed behind the LEAF box.
2: Through a Citrix session.

When you say you don't want LEAF as a single failure point, do you mean you
don't want LEAF to be a NAT'ing firewall for you internet connection as well
as performing the routing and/or tunnelling between your subnets?

Regards,

James.

-Original Message-
From: Robert K Coffman Jr - Info From Data Corporation
[mailto:[EMAIL PROTECTED] 
Sent: 28 June 2005 13:57
To: leaf-user@lists.sourceforge.net
Subject: [leaf-user] Network Configuration Ideas

Ok, since CPU asked.

I didn't want to put this on list, because it isn't a Leaf question per se,
however I'm struggling with what to do with this.

In the simplest terms possible, I have a 4 subnet network, with each subnet
at a different physical location.  Location 1 has the internet connection,
and the core server (read:Citrix) for all the other locations.

Internet connectivity is via a proxy server on the location 1 subnet.  I
would like to eliminate the proxy, and replace it with Leaf with no proxy.
The problem is, is that this would give anyone in Location 1 two routes off
their network.  The connections to the remote subnets are via T1 and they
all connect to location 1 via a Cisco router which has no free connections.

Must have goals:  eliminate proxy server, provide one route off of the
Location 1 subnet. Would like goals:  Avoid having Leaf as failure point
between subnet 1 and the remote subnets.  Avoid purchasing a new Cisco
router.

Unfortunately, it seems that my best option would be to put another adapter
in the Leaf router, and renumber subnet 1, so that everything converges at
leaf on the old subnet 1 address.  However, since I'm using old commodity
hardware for that task, and internet connectivity is less important to the
business than the connectivity between the locations, I would love to keep
this from becoming a point of failure.

Any ideas on what to do here?  Or have I exhausted my options and I need to
violate one of my would like goals?  I don't know Cisco, but I suspect if
I did I could make short work of this problem.

- Bob Coffman


The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee.  Access to this email by anyone
else is unauthorised.

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it is prohibited
and may be unlawful.

The contents of an attachment to this email may contain software viruses
that could damage your own computer systems.  Whilst The Spur Group of
Companies has taken every precaution to minimise the risk, we cannot accept
liability for any damage that you sustain as a result of software viruses.



---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from
IBM. Find simple to follow Roadmaps, straightforward articles, informative
Webcasts and more! Get everything you need to get up to speed, fast.
http://ads.osdn.com/?ad_idt77alloc_id492op=ick

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/



---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

RE: [leaf-user] Network Configuration Ideas

[Robert K Coffman Jr - Info From Data Corporation]

Right on!  

Thanks for taking time to understand this

- Bob

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of James Neave
Sent: Tuesday, June 28, 2005 10:10 AM
To: Robert K Coffman Jr - Info From Data Corporation;
leaf-user@lists.sourceforge.net
Subject: RE: [leaf-user] Network Configuration Ideas


Er,

Wait, is this what you mean?

If there were two routers in subnet1, one to the internet (LEAF) and one to
the other subnets (Cisco), then two routes would have to be added to the
client machines and you don't want that (sounds nasty)?

Whereas if you made the LEAF box route the traffic from subnet1 to subnet2
via the Cisco you would have 2 points of failure for traffic between the
LEAF box and the Cisco. But this would give you one default route on the
client boxes which is really what Windows likes.

Now do I get you?

Regards,

James.

-Original Message-
From: Robert K Coffman Jr - Info From Data Corporation
[mailto:[EMAIL PROTECTED] 
Sent: 28 June 2005 14:50
To: leaf-user@lists.sourceforge.net
Subject: RE: [leaf-user] Network Configuration Ideas

Route 1:  Via Leaf (or currently a Routefinder acting as a proxy) 10.0.0.250
- Internet
Route 2:  Via Cisco to the remote subnets - 10.0.0.1 - Remote subnets

When you say you don't want LEAF as a single failure point, do you mean
you
don't want LEAF to be a NAT'ing firewall for you internet connection as well
as performing the routing and/or tunnelling between your subnets?

Exactly.  As much as I know that Leaf is completely capable of performing
this function, it just introduces another failure point to their network
that I don't want.

Thanks -

Bob Coffman

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of James Neave
Sent: Tuesday, June 28, 2005 9:06 AM
To: Robert K Coffman Jr - Info From Data Corporation;
leaf-user@lists.sourceforge.net
Subject: RE: [leaf-user] Network Configuration Ideas


Hi,

When you say two routes, do you mean:

1: NATed behind the LEAF box.
2: Through a Citrix session.

When you say you don't want LEAF as a single failure point, do you mean you
don't want LEAF to be a NAT'ing firewall for you internet connection as well
as performing the routing and/or tunnelling between your subnets?

Regards,

James.

-Original Message-
From: Robert K Coffman Jr - Info From Data Corporation
[mailto:[EMAIL PROTECTED] 
Sent: 28 June 2005 13:57
To: leaf-user@lists.sourceforge.net
Subject: [leaf-user] Network Configuration Ideas

Ok, since CPU asked.

I didn't want to put this on list, because it isn't a Leaf question per se,
however I'm struggling with what to do with this.

In the simplest terms possible, I have a 4 subnet network, with each subnet
at a different physical location.  Location 1 has the internet connection,
and the core server (read:Citrix) for all the other locations.

Internet connectivity is via a proxy server on the location 1 subnet.  I
would like to eliminate the proxy, and replace it with Leaf with no proxy.
The problem is, is that this would give anyone in Location 1 two routes off
their network.  The connections to the remote subnets are via T1 and they
all connect to location 1 via a Cisco router which has no free connections.

Must have goals:  eliminate proxy server, provide one route off of the
Location 1 subnet. Would like goals:  Avoid having Leaf as failure point
between subnet 1 and the remote subnets.  Avoid purchasing a new Cisco
router.

Unfortunately, it seems that my best option would be to put another adapter
in the Leaf router, and renumber subnet 1, so that everything converges at
leaf on the old subnet 1 address.  However, since I'm using old commodity
hardware for that task, and internet connectivity is less important to the
business than the connectivity between the locations, I would love to keep
this from becoming a point of failure.

Any ideas on what to do here?  Or have I exhausted my options and I need to
violate one of my would like goals?  I don't know Cisco, but I suspect if
I did I could make short work of this problem.

- Bob Coffman


The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee.  Access to this email by anyone
else is unauthorised.

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it is prohibited
and may be unlawful.

The contents of an attachment to this email may contain software viruses
that could damage your own computer systems.  Whilst The Spur Group of
Companies has taken every precaution to minimise the risk, we cannot accept
liability for any damage that you sustain as a result of software viruses.


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from
IBM. Find simple to follow Roadmaps, straightforward articles, informative
Webcasts and more! Get

RE: [leaf-user] [Slightly OT] ICMP et al

[Robert K Coffman Jr - Info From Data Corporation]

What version of Windows?

One remote possibility:  http://support.microsoft.com/kb/q244539/

- Bob Coffman

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Erich Titl
Sent: Tuesday, June 28, 2005 2:25 PM
To: leaf-user-lists.sourceforge.net
Subject: [leaf-user] [Slightly OT] ICMP et al


Hi folks

As the subject suggests, this is a bit off topic, but as a LEAF system 
is involved please excuse me.
I am baffled by the behaviour of a M$ application (IIS) on a customer 
network.
This network is a hub and spoke structure built with Bering glibc 
routers. Some of the locations use DSL, others cable modem. The spokes 
are IPSEc connections to the hub network. In The hub network there is a 
IIS server with a WEB application.
A client system on one of the client networks requests a page (or rather 
a web based application) on the server. I can observe the normal packet 
flow between client and server untilthe server tries to send a 
packet of size 1452 bytes to the client (with DF bit set). I _believe_ 
IPSEC decides that this packet is too large to be passed to the other 
side so the Bering system sends an ICMP fragmentation needed package to 
the server with a size proposal of 1319 bytes.

I would expect the server to reduce the packet size accordingly but 
helas it does not. Am I just naive to expect M$ to follow or is it 
compulsory only to respect ICMP?

Thanks

Erich



---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from
IBM. Find simple to follow Roadmaps, straightforward articles, informative
Webcasts and more! Get everything you need to get up to speed, fast.
http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/



---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

RE: [leaf-user] Network Configuration Ideas

[Robert K Coffman Jr - Info From Data Corporation]

Thanks James and Charles for your excellent emails on this topic.

You have solidified my feeling that the Cisco is the key to the whole
scenario.  I guess I'll have to approach it from that perspective.  Its
probably a good thing, since a) I know no Cisco and b) nobody knows the
password to the Cisco.  But I have a method to reset it.  If I screw it up,
hello new Leaf router!

Thanks!

- Bob Coffman



---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

RE: [leaf-user] Beringuclibc 2.2.3 on Hard disk

[Robert K Coffman Jr - Info From Data Corporation]

A compact flash uses a lot less energy than a hard drive - especially 
since it is only needed for loading and backup.  I write protect mine 
with software after boot up.

Very true.  No router should have a running HD in it. However with hdsupp
you can spin the HD down after boot.  I use the following script to
accomplish this which I believe has been posted here before:

#! /bin/sh
# Script to spin down hard drive
# /etc/init.d/spindown
RCDLINKS=2,S98
# Spin it down then.
/usr/sbin/hdparm -y /dev/hda
exit 0

As far as securing this, I don't know that you can disable a HD until the
next boot, so the flash drive has an advantage there.  (Although if someone
has gotten that far, couldn't they circumvent your write protection?)  When
running backups, or mounting /dev/hda1, it spins back up on its own.
Remember to run this script when you are done backing up etc...

- Bob Coffman

 




---
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7393alloc_id=16281op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] RE: Privoxy Build

[Robert K Coffman Jr - Info From Data Corporation]

Ok, I setup the Bering uClibc build environment and attempted a compile on
my own.  It failed.  The tail from the log follows:

pcre/pcre.o pcre/pcreposix.o -lnsl
cgi.o(.text+0x2c8): In function `dispatch_known_cgi':
: undefined reference to `cgi_error_disabled'
collect2: ld returned 1 exit status
make[1]: *** [privoxy] Error 1
make[1]: Leaving directory
`/home/bcoffman/src/bering-uclibc/buildtool/source/privoxy/privoxy-3.0.3-sta
ble'
make: *** [privoxy-3.0.3-stable/.build] Error 2
make: Leaving directory
`/home/bcoffman/src/bering-uclibc/buildtool/source/privoxy'

Anyone have any suggestions for this error?

- Bob Coffman

-Original Message-
From: Robert K Coffman Jr - Info From Data Corporation
[mailto:[EMAIL PROTECTED]
Sent: Monday, April 25, 2005 9:40 AM
To: Leaf-User
Subject: Privoxy Build


Hello.

I'm taking a look at Privoxy on a uClibc 2.2.2 machine, as it appears as
though it may solve a problem for me.

However, in order to use it, I need it compiled with the following options:

 --disable-force, --disable-toggle and --disable-editor

as per the configuration file.  Unless there is another way to prevent these
things from the Privoxy error page (toggle can be disabled from the config,
but I don't see how force or the editor can be.)

Has anyone built Privoxy with these options disabled?

Thanks -

Bob Coffman



---
This SF.Net email is sponsored by: NEC IT Guy Games.
Get your fingers limbered up and give it your best shot. 4 great events, 4
opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Extremely poor throughput

[Robert K Coffman Jr - Info From Data Corporation]

 Can you be a bit more specific about the setup details? Are you trying
to describe a setup like this

eth0 - 10 (or 100) Mbps NIC connecting to the Internet
eth1 - 10 (or 100) Mbps NIC connecting to LAN A (eth1, 192.168.1.0 
network)
eth2 - 10 (or 100) Mbps NIC connecting to LAN B (eth2, 192.168.3.0 
network)

ftp client on LAN A or B (from either net, same issue)
ftp server is on the internet (for testing, my local office network,
which is private network 192.168.2.0, ftp server is 192.168.2.3)  I've
removed norfc1918 from eth0 in the interfaces file for testing.  Both local
nets are MASQ'ed through eth0.

LANs A and B have routes to each other (i.e., the router
does NOT NAT this traffic, however I block traffic between them 
- see
rules below.)

ftp throughput is between 50 Kbps and 100 Kbps,
depending on NICs tested? - range is actually around 40-120).

ftp server actually does (not can easily) deliver 80 Mbps
to an ftp client on local lan - correct. ftp: 131170400 bytes 
received in
11.69Seconds 11222.66Kbytes/sec


I tested SCP from the firewall to my local network (ie connecting to eth0)
and it was not fast, approximately 23Kbs (that's bits and forgive me for
changing terms if i do it.)  The total data transferred was 2.67 megabytes.

After a slow transfer, what does ip -s link show report? Are there
significant numbers of bad packets?

Possibly, output follows from the post SCP transfer described above.  Eth0
is plugged into a Netgear switch:

1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes  packets  errors  dropped overrun mcast
2152   16   0   0   0   0
TX: bytes  packets  errors  dropped carrier collsns
2152   16   0   0   0   0
2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
RX: bytes  packets  errors  dropped overrun mcast
0  00   0   0   0
TX: bytes  packets  errors  dropped carrier collsns
0  00   0   0   0
3: eth0: BROADCAST,MULTICAST,NOTRAILERS,UP mtu 1500 qdisc htb qlen 1000
link/ether 00:00:c0:98:d9:8f brd ff:ff:ff:ff:ff:ff
RX: bytes  packets  errors  dropped overrun mcast
223554 2573 0   0   0   58
TX: bytes  packets  errors  dropped carrier collsns
31428344217 3   0   0   56
4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:00:c0:ab:f5:9d brd ff:ff:ff:ff:ff:ff
RX: bytes  packets  errors  dropped overrun mcast
4228   46   0   0   0   2
TX: bytes  packets  errors  dropped carrier collsns
60 10   0   0   0
5: eth2: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:00:c0:79:f4:9d brd ff:ff:ff:ff:ff:ff
RX: bytes  packets  errors  dropped overrun mcast
0  00   0   0   0
TX: bytes  packets  errors  dropped carrier collsns
6480   054  0   0   0

During a slow transfer, what does top report about CPU load? If this
is high ... is the router running unusually complex iptables (Shorewall)
rulesets? (If yes, please report the details.) - No, CPU usage is very low.
I think the rulesets are very simple, however I've posted them below just in
case.  Please note I've trimmed all comments except one, and I've removed an
ACCEPT line that allows me to SSH from an internet .

# /etc/shorewall/policy
loc net ACCEPT
loc3net ACCEPT
loc loc3REJECT
loc3loc REJECT
net all DROPULOG
all all REJECT  ULOG

# /etc/shorewall/rules
ACCEPT  fw  net tcp 53
ACCEPT  fw  net udp 53
ACCEPT  loc fw  tcp 22
ACCEPT  loc fw  icmp8
ACCEPT  loc3fw  icmp8
ACCEPT  net fw  icmp8
ACCEPT  fw  loc icmp8
ACCEPT  fw  loc3icmp8
ACCEPT  fw  net icmp8
ACCEPT  loc fw  udp 53
ACCEPT  loc3fw  udp 53
ACCEPT  loc   fwtcp 80
ACCEPT  loc   fwtcp stat
ACCEPT  fwnet   udp ntp
ACCEPT  loc   fwudp ntp
ACCEPT  loc3  fwudp ntp
ACCEPT  fwnet:63.208.196.94 tcp www
# Testing only, remove before installation!
ACCEPT  net   fw   

RE: [leaf-user] Extremely poor throughput

[Robert K Coffman Jr - Info From Data Corporation]

You did not tell us what is your Internet side.  Do you happen to be on 
a pppoe connection?  If so - did you setup CLAMPMSS=YES in Shorewall 
config?  That will really slow things down if you didn't.

Victor thanks for the reply.

CLAMPMSS=No.

Not using PPPOE.

- Bob Coffman




---
SF.Net email is sponsored by: Tell us your software development plans!
Take this survey and enter to win a one-year sub to SourceForge.net
Plus IDC's 2005 look-ahead and a copy of this survey
Click here to start!  http://www.idcswdc.com/cgi-bin/survey?id=105hix

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Extremely poor throughput

[Robert K Coffman Jr - Info From Data Corporation]

Forgot to add details of FTP server and test client:

FTP server is W2003/IIS.  Test client is WinXP.

I did reload the original Bering 1.2 config (which used 2 3c509 NICs in a
straight 2 interface configuration) and got 2 Megabytes/sec using the FTP
test.  Hardware appears to be fine after all.

- Bob Coffman



---
SF.Net email is sponsored by: Tell us your software development plans!
Take this survey and enter to win a one-year sub to SourceForge.net
Plus IDC's 2005 look-ahead and a copy of this survey
Click here to start!  http://www.idcswdc.com/cgi-bin/survey?id=105hix

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Extremely poor throughput - RESOLVED

[Robert K Coffman Jr - Info From Data Corporation]

Ray,

I disabled the serial ports.  If there was a winmodem in this box, I would
remove it (or as my brother says, gank it outta there) since it is a
router.  I'll disable everything I can when I set one up.  I happened to
choose IRQ 3 for this card because I could set that by jumper, and therefore
avoid finding the configuration software, booting to DOS and setting it that
way.  The other two cards (smc-ultra.o is the module) I did take the time to
software configure.

I was reviewing the configuration closely (ie verifying correct modules,
etc) and realized that I was loading some packages this router did not
require.  The reason for that was I built it from my own router and modified
through lrcfg to the specifications I needed for this application.

I removed some packages that I had for OpenVPNz dependencies - no effect on
throughput.

Then I removed qos-htb and tc.  Voila, the router, through 2 ancient ISA
10MB nics, was moving 597Kbs, more than enough for this application.  I saw
a line in the qos-htb config (prior to its removal) setting a cap at
120K -exactly what I got in my best case scenario yesterday.  Its probably
the default, since I haven't taken the time to learn exactly how traffic
shaping works and as a result I ran into this problem.

Thanks everyone for your help and I hope someone else benefits from this
exercise.  I've learned a few things along the way.

- Bob Coffman



---
SF.Net email is sponsored by: Tell us your software development plans!
Take this survey and enter to win a one-year sub to SourceForge.net
Plus IDC's 2005 look-ahead and a copy of this survey
Click here to start!  http://www.idcswdc.com/cgi-bin/survey?id=105hix

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Extremely poor throughput

[Robert K Coffman Jr - Info From Data Corporation]

Just throwing this out there and see if anyone has any ideas.

I have an old P75 with 2 PCI slots and 4 ISA slots.  I've been using this as
a Bering 1.2 router at a customer location.  They asked me to add an
additional NIC to it to support another office's internet connection.  While
I was at it, I upgraded them to Bering uclibc 2.2.2.

I tested this router after it was completed, and got extremely bad
throughput (around 50kbs from a local FTP server that can easily deliver
10MBs (that should be megabytes) per second.

I moved some things around, eliminated a 10MB hub, tried various nics
(3c59x/tulip in the PCI, smc-ultra/wd in the ISA slots) and found the best
throughput I could get was around 100kbs, and that was using all ISA cards!

My theory is that their is some sort of hardware problem with this machine
which is limiting this.  The slots are all on a riser card, and perhaps that
thing is bad.

I'm going to install as is, and inform the customer that we need to replace
the hardware.

Anyone have any alternative ideas why this thing is so slow?

- Bob Coffman



---
SF.Net email is sponsored by: Tell us your software development plans!
Take this survey and enter to win a one-year sub to SourceForge.net
Plus IDC's 2005 look-ahead and a copy of this survey
Click here to start!  http://www.idcswdc.com/cgi-bin/survey?id=105hix

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Privoxy Build

[Robert K Coffman Jr - Info From Data Corporation]

Hello.

I'm taking a look at Privoxy on a uClibc 2.2.2 machine, as it appears as
though it may solve a problem for me.

However, in order to use it, I need it compiled with the following options:

 --disable-force, --disable-toggle and --disable-editor

as per the configuration file.  Unless there is another way to prevent these
things from the Privoxy error page (toggle can be disabled from the config,
but I don't see how force or the editor can be.)

Has anyone built Privoxy with these options disabled?

Thanks -

Bob Coffman



---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] DNSMASQ Exiting?

[Robert K Coffman Jr - Info From Data Corporation]

Bering uClibc ver. 2.2.2 on VMWare.
dnsmasq 2.16 Rev 1

I've noticed on a couple of occasions that DNSMASQ had stopped.  The latest
was this morning.  I had restarted the host machine yesterday at 4:00PM and
I can see in the logs DNSMASQ starting.  This morning, I noticed Google
taking a long time to come up, so I checked DNS and discovered it wasn't
running on the firewall.  I could not find anything in the logs indicating
why it stopped.

I use DNSMASQ for DNS resolution on my internal network, and it uses the DNS
servers supplied by my ISP's DHCP server.  I also have DNSMASQ set up to
provide DHCP to one subnet.

How do I debug this?

- Bob Coffman



---
This SF.net email is sponsored by Microsoft Mobile  Embedded DevCon 2005
Attend MEDC 2005 May 9-12 in Vegas. Learn more about the latest Windows
Embedded(r)  Windows Mobile(tm) platforms, applications  content.  Register
by 3/29  save $300 http://ads.osdn.com/?ad_id=6883alloc_id=15149op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] DNSMASQ Exiting?

[Robert K Coffman Jr - Info From Data Corporation]

The DNSMASQ maintainer contacted me regarding this.

I'm using version 2.16 which he indicated had a crash bug in it and was no
longer available.  I see there is an updated package available (2.20).  I'm
switching now.

Thanks!

- Bob Coffman

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Robert K
Coffman Jr - Info From Data Corporation
Sent: Thursday, March 24, 2005 9:04 AM
To: leaf-user@lists.sourceforge.net
Subject: [leaf-user] DNSMASQ Exiting?


Bering uClibc ver. 2.2.2 on VMWare.
dnsmasq 2.16 Rev 1

I've noticed on a couple of occasions that DNSMASQ had stopped.  The latest
was this morning.  I had restarted the host machine yesterday at 4:00PM and
I can see in the logs DNSMASQ starting.  This morning, I noticed Google
taking a long time to come up, so I checked DNS and discovered it wasn't
running on the firewall.  I could not find anything in the logs indicating
why it stopped.

I use DNSMASQ for DNS resolution on my internal network, and it uses the DNS
servers supplied by my ISP's DHCP server.  I also have DNSMASQ set up to
provide DHCP to one subnet.

How do I debug this?

- Bob Coffman



---
This SF.net email is sponsored by Microsoft Mobile  Embedded DevCon 2005
Attend MEDC 2005 May 9-12 in Vegas. Learn more about the latest Windows
Embedded(r)  Windows Mobile(tm) platforms, applications  content.
Register
by 3/29  save $300 http://ads.osdn.com/?ad_id=6883alloc_id=15149op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.net email is sponsored by Microsoft Mobile  Embedded DevCon 2005
Attend MEDC 2005 May 9-12 in Vegas. Learn more about the latest Windows
Embedded(r)  Windows Mobile(tm) platforms, applications  content.  Register
by 3/29  save $300 http://ads.osdn.com/?ad_id=6883alloc_id=15149op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Rack Mounted PCs for leaf

[Robert K Coffman Jr - Info From Data Corporation]

I've got an application where I'd like to use a rack mounted PC for a Bering
uClibc firewall.  Doesn't need to be fancy, I only need two NICS although a
third would be nice (or a PCI slot.)

I'd also like to get it shipped ASAP.

Any recommendations?

- Bob Coffman



---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Cant connect to external https site

[Robert K Coffman Jr - Info From Data Corporation]

Tried IE 6.0.29 and Firefox 1.0.  Both came up with an order status screen.

Bering 2.2.2

- Bob Coffman

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Lars
Sent: Friday, March 11, 2005 5:34 AM
To: leaf-user@lists.sourceforge.net
Subject: [leaf-user] Cant connect to external https site


Came to my mind that anyone can test:

Browse to http://www.elfa.se/en/ and press the button
Order status at the bottom of the page. For me
nothing comes up and the browser times out after a
while. (You dont need an account at Elfa to test this)

/Lars




---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] VMWare VMXNET Driver

[Robert K Coffman Jr - Info From Data Corporation]

Has anyone compiled this for Bering?

In my case I'm looking for one for uclibc 2.2.2 (and soon 2.2.3)

Low priority, as the other NIC that VMWare emulates works fine, just
wondering.

- Bob Coffman



---
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag--drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] OPenvpn.lrp newbie

[Robert K Coffman Jr - Info From Data Corporation]

I'm not securing a wireless net, but I did use the following statement in
the OpenVPN configuration file to set up the route between two private nets:

route 192.168.12.0 255.255.255.0 10.1.0.1

route remotenet subnetmask gateway.

HTH.

- Bob Coffman

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Tibbs,
Richard
Sent: Tuesday, November 30, 2004 8:55 AM
To: Livio R.
Cc: [EMAIL PROTECTED]
Subject: RE: [leaf-user] OPenvpn.lrp newbie


Oops, Didn't know I had to supply the script...!
Downloaded a couple of how-tos (openvpn howto, as well as a guide on
shorewall's site.
I also found a web page for something that I definitely want to do:
secure my wireless network with openvpn.  This page was
http://slackerbit.ch/archives/2002/12/11/securing_wifi_with_openvpn.html
.

Only question I have is what the parameters are:
The openvpn howto says
route add -net 10.0.1.0 netmask 255.255.255.0 gw $5

The wifi howto (link above) says
route add default  $1

Can anyone tell me what the parameters are and how many?
Which of these is going to work ... ?
TIA
Rick.

-Original Message-
From: Livio R. [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 30, 2004 6:01 AM
To: Tibbs, Richard
Subject: Re: [leaf-user] OPenvpn.lrp newbie

replace up ./route-a.up with up /path/route-a.up

if openvpn can't find the script, it will not be happy.

also make sure you chmod +x the file.

Livio AT Ravetto . Org



Tibbs, Richard wrote:

Dear list.
I am experimenting with openvpn.lrp.
I have loaded the following packages in addition to J. Nilos tun.o
module.
   openvpn
   libssl
   libcrypt

The firewall is otherwise functioning normally, I have web access, etc.
In daemon.log, openvpn does fine until the ifconfig command fails
Then openvpn exits. The relevant log lines are shown below and my
openvpn.conf is included.

Any help is appreciated.
Rick


Nov 29 17:30:48 firewall openvpn[16040]: Static Encrypt: HMAC KEY:
xxx (RWT
deleted
it)
Nov 29 17:30:48 firewall openvpn[16040]: Static Encrypt: HMAC size=20
block_size=64
Nov 29 17:30:48 firewall openvpn[16040]: Static Decrypt: Cipher
'BF-CBC'
initialized with 128 bit key
Nov 29 17:30:48 firewall openvpn[16040]: Static Decrypt: CIPHER KEY:
b267482e 60b9dc38 8a4d4c18 6f8fb390
Nov 29 17:30:48 firewall openvpn[16040]: Static Decrypt: CIPHER
block_size=8 iv_size=8
Nov 29 17:30:48 firewall openvpn[16040]: Static Decrypt: Using 160 bit
message digest 'SHA1' for HMAC authentication
Nov 29 17:30:48 firewall openvpn[16040]: Static Decrypt: HMAC KEY:
xx (RWT deleted
it)
Nov 29 17:30:48 firewall openvpn[16040]: Static Decrypt: HMAC size=20
block_size=64
Nov 29 17:30:48 firewall openvpn[16040]: MTU dynamic=1300
Nov 29 17:30:48 firewall openvpn[16040]: Data Channel MTU parms [
udp_mtu=1300 extra_frame=44 extra_buffer=0 extra_tun=0 dynamic = [
mtu_min_initial=MTU_INITIAL_UNDEF mtu_max_initial=MTU_INITIAL_UNDEF
mtu_initial=MTU_SET_TO_MAX mtu_min=144 mtu_max=1300 mtu=1300 ]]
Nov 29 17:30:48 firewall openvpn[16040]: TUN/TAP device tun0 opened
Nov 29 17:30:48 firewall openvpn[16040]: /sbin/ifconfig tun0 10.1.1.1
pointopoint 10.1.10.2 mtu 1256
Nov 29 17:30:48 firewall openvpn[16040]: Linux ifconfig failed: could
not execute shell command
Nov 29 17:30:48 firewall openvpn[16040]: Exiting

 openvpn.conf ==
# Use a dynamic tun device.
dev tun
local my.pub.lic.IP
# Our remote peer
remote public IP address of laptop

# 10.1.0.1 is our local VPN endpoint
# 10.1.10.2 is our remote VPN endpoint
ifconfig 10.1.1.1 10.1.10.2
up ./route-a.up
# Our pre-shared static key
secret static.key






---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real
users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
---
-
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html






---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which 

[leaf-user] Leaf Bering uClibc

[Robert K Coffman Jr - Info From Data Corporation]

Let me add my thanks and congratulations to the Bering uClibc developers.
As good as Bering 1.2 was, it has definitely improved in the most recent
uClibc incarnation.  My first firewall conversion from 1.2 went extremely
well, and I'm looking forward to converting the other 3 production systems
I'm responsible for.

It seems to me that the only ongoing maintenance this firewall will have is
the shorewall bogons and rfc1918 files.  The other two things I needed to
have updated (NTP addresses and ISP DNS server addresses) are no longer an
issue.

Thanks again!

- Bob Coffman




---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Natsemi.o

[Robert K Coffman Jr - Info From Data Corporation]

I have not had luck with Bering uclibc -- some of my nics are natsemi,
and I could not get a working natsemi.o.

Is this really an issue?  I've got several 1.2 boxes that I was planning on
eventually moving to uclibc but this would be a showstopper.

- Bob Coffman




---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] WinSCP with Bering Uclibc 2.2.2 (Dropbear)

[Robert K Coffman Jr - Info From Data Corporation]

I had to disable the autostart of lrcfg to use WinSCP with Bering 1.2.
Modify the .profile file in the user's to remark out the /usr/sbin/lrcfg
line (ie. #/usr/sbin/lrcfg)

You'll get an error message about groups that you can safely ignore.

- Bob Coffman

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Troy Aden
Sent: Monday, November 08, 2004 2:52 PM
To: Leaf-User (E-mail)
Subject: [leaf-user] WinSCP with Bering Uclibc 2.2.2 (Dropbear)


Hello list.
I am trying to get WinSCP to connect to my Bering box running Dropbear. I
know that I am being authenticated because I have tried it with a false
password and gotten rejected. What happens is that it tells me starting the
session and times out I am allowing shh port 22 to connect to my
firewall and I can login with ssh (putty) just fine. Is there something I am
missing in my Bering configs? I am assuming that others have used WinSCP to
copy files to and from their Bering boxes so I am assuming that I am just
missing something simple here. Maybe I have mis-configured WinSCP as well...

Any pointers would be most appreciated.
Thanks in advance!

Troy


---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] LRP router failing? - Alcatel SpeedTouchHome (STH)DSL line-quality info

[Robert K Coffman Jr - Info From Data Corporation]

Dale,

If I am understanding correctly, you've confirmed:

1.  The Win98 box doesn't drop packets ever (ie. their equipment works)
2.  Your equipment works (connected the laptop to the DachBox via a
crossover cable and dropped no
packets from the laptop to the LEAF router or from the LEAF router to the
laptop.)


This smells like an autonegotiation problem between their equipment and
yours.  What NICs are in your machine?  After you try another NIC, I would
give another type of NIC a shot.

- Bob Coffman





---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] RE: Bering and VMware - No network connectivity

[Robert K Coffman Jr - Info From Data Corporation]

I have seen this working with Bering 1.2 on GSX (and Workstation.)

/etc/modules
#VMWare PCNET32 Cards
mii
pcnet32

The only problem I've seen with this configuration is port forwards to RDP
targets (port 3389 I believe.)

What I observed was after sending your credentials to the RDP host, the
connection would drop.  This occurred every time with VMWare Workstation.
With GSX, it only occurs when connecting to the host machine (even though in
both cases the host had a dedicated NIC.)  It appears to me to be a problem
with the VMWare bridge protocol.  Same configuration ported to a physical
machine works fine.

Also, this booted from an IDE disk, which I'm not sure ESX supports.  There
was no need for the floppy boot that Ronny described below.  Also, be sure
to disable all non-essential networking components from your interfaces.
For the configuration I described above, we disabled everything but the
VMWare Bridge Protocol.

- Bob Coffman

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Ronny Aasen
Sent: Monday, October 11, 2004 4:22 AM
To: leaf
Cc: Paul Reynolds
Subject: Re: [leaf-user] RE: Bering and VMware - No network connectivity


i have this working useing bering-uclibc,

i use pcnet32 (dont forget the mii module) on the vlance virtual nic

only problem i had was that i was unable to boot on the virtual scsi
harddrive, and had to boot using a virtual floppy image, and save my
config and packages on the virtual scsi disk.

the virtual bering is used as a firewall between the internett and the
virtual servers running on the virtual lan.

from what you write, i would guess that you need to uncomment the mii
module also, (copy it over if you dont have it already)

good luck
Ronny Aasen


On Sun, 2004-10-10 at 15:30, Paul Reynolds wrote:
 Hi Everyone,

 I am new to LEAF and am trying to get Bering working under VMware, but I
am
 unable to get the networking component working.

 I have turned Shorewall and iptables off, to eliminate problems. (infact I
 deleted them from the syslinux.cfg file)

 I am using a static ip address and am unable to  ping other machines on my
 network but I am able to ping the interface.

 My virtual network device is vlance - (thus I should be able to use the
 pcnet32 module).
 I copied across the pcnet32.o module from the Bering extra modules
website.

 I have installed the module and uncommented the pcnet32 line in the
modules
 file.

 I have backed everything up and restarted networking, but I am still
unable
 to ping other machines on my network, I know the LAN details are correct
as
 they work with other on another PC.

 Details:
 command: lsmod

 Modules Pages Used by
 pcnet32   13300 1
 mmi   2092 0   [pcnet32]

 command: ip addr show

 1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
 2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop
 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
 3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100
 link/ether 00:0c:29:70:86:dc brd ff:ff:ff:ff:ff:ff
 inet 192.168.184.229/24 brd 192.168.184.255 scope global eth0


 Note: VMware tools is not installed.

 Is there a guide to using Bering or and LEAF distro with VMware?

 Any help is much appreciated.

 Thanks

 RenO

 _
 Searching for that dream home? Try   http://ninemsn.realestate.com.au  for
 all your property needs.



 ---
 This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
 Use IT products in your business? Tell us what you think of them. Give us
 Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out
more
 http://productguide.itmanagersjournal.com/guidepromo.tmpl
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
--
Ronny Aasen [EMAIL PROTECTED]



---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give 

[leaf-user] Linksys WMP54G

[Robert K Coffman Jr - Info From Data Corporation]

Nothing in the archives, anyone using a Linksys WMP54G with Bering (1.2
preferred but info on any version appreciated.)

- Bob Coffman





---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Updating DYNDNS - Solution

[Robert K Coffman Jr - Info From Data Corporation]

I'm using dyndns.org and ezipupdate on Bering 1.2 on several boxes - no
problems so far.

- Bob Coffman

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Erich Titl
Sent: Tuesday, October 05, 2004 8:45 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [leaf-user] Updating DYNDNS - Solution


Bruce

At 23:08 05.10.2004 +1300, Bruce McNamara wrote:
I use dyndns as my provider.

That's probably it, I am using zoneedit and hardly ever had a problem.
Either dyndns changed it's request format ort they are plain and simply
broken. They alway return a code 2xx which means success, even with wrong
authentication.

cheers
Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16




---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] again: DHCP and IPSEC lost default route

[Robert K Coffman Jr - Info From Data Corporation]

Erich,

I'd be interested in the versions you are running.  I'm on Bering 1.2 and I
have a single IPSEC tunnel and am using DHCP for my external interface
(cable modem.)  I've never seen this happen.

- Bob Coffman

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Erich Titl
Sent: Wednesday, September 29, 2004 6:41 AM
To: [EMAIL PROTECTED]
Subject: [leaf-user] again: DHCP and IPSEC lost default route


Hi everybody

I know there has been a thread on this issue, I am losing the default oute
regularly on a link with dhcp and ipsec. Typically the default route is
taken over by the ipsec interface when this occurs. The proposed solution
was always `check the link`. Has anyone made progress in detecting _why_
this happens at all?

thanks
Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16





---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] using ez-ipupdate behind NAT

[Robert K Coffman Jr - Info From Data Corporation]

Correct me if I'm wrong, and I've found this to be poorly documented, but
can't ez-ipupdate handle this on its own?

IE. from my own configuration file:

max-interval=604800

I believe max-interval is in seconds, and I believe it does what you are
trying to do.

I'm on Bering 1.2

Clarification of this could help us both out.

- Bob Coffman





---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] DHCP NTL cable problem.

[Robert K Coffman Jr - Info From Data Corporation]

(DHCP clients normally write lease information in human-readable form
somewhere;
I forget where pump does it, but surely its man page tells you.)

This information can be easily viewed in the daemon.log on a Bering router,
which I use to verify that my ISP's DNS servers are correctly configured in
dnscache.

- Bob Coffman




---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Bering-uClibc 2.1.3 ProxyARP and DMZ settings again

[Robert K Coffman Jr - Info From Data Corporation]

I set up one Bering 1.2 router with Proxyarp.

I don't recall needing to add the IP addresses to the external interface.  I
just had to specify them in the proxyarp file.  For the interface addressing
I believe I followed Tom Eastep's recommendations.  The client I built this
for is dragging its feet on implementation so I can't get to it right now to
send you the config, but I'll ask them to put it up this afternoon so I can
take a look.

From what I can tell, Proxyarp is what you want.

- Bob Coffman

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, July 22, 2004 9:59 AM
To: [EMAIL PROTECTED]
Subject: [leaf-user] Bering-uClibc 2.1.3 ProxyARP and DMZ settings again



THIs is round two since I didn't get any responses last time.  I know you
guys are busy but if you could just look through what I have so that I know
I setup my firewall correctly.  I really appreciate it.
THanks in advance.
I am a complete newbie to Linux and firewalling.  I have only known windows
operating
systems up until now, so bear with me please.
I have recently got my LAN working with LEAF but I am now having trouble
setting up my
DMZ.
I have five (Cable Modem) static IP's: 24.227.166.194 thru 24.227.166.198.
My default
gateway is 24.227.166.193 with a netmask of 255.255.255.248.
In this setup, 2 of my ip's won't be used.
I have the cable modem going into eth0 of Bering-uClibc 2.1.3 machine.
I have eth1 going to a wireless router/switch which serves my lan.
Then I have eth2(trying to setup a dmz) which goes to a switch which goes to
a web
sever(24.227.166.197) {you can go there now if you want[not much to see
yet], i thnk
it is working now} and a media server{this server is down right now by
choice}
(24.227.166.198).  Both run MS Server 2003 Enterprise Edition.
Both sever's need their own port 80.  I was reading Eastep's Shorwall setup
for
proxyARP and was trying to duplicate that but am having trouble.
I am curious to know if you think Proxy ARP is the best way to go fo my
setup?  Safety
and security?  My setup is at home but I am running this for commercial use,
so it has
to be up and on line as much as possible.
As I was writing this email I think I got proxyARP working on my LEAF.
That's the
second time that's happened to me.
But if you could, check my settings to see if everything looks right
(Blocking and
Forwarding).

Here are my current settings:

In network Configuration: Interfaces File I have:

auto eth0
iface eth0 inet static
address 24.227.166.194
netmask 255.255.255.248
broadcast 24.227.166.255
gateway 24.227.166.193
up ip addr add 24.227.166.195/29 brd 24.227.166.255 dev eth0 label eth0:1
up ip addr add 24.227.166.196/29 brd 24.227.166.255 dev eth0 label eth0:2
#up ip addr add 24.227.166.197/29 brd 24.227.166.255 dev eth0 label eth0:3
#up ip addr add 24.227.166.198/29 brd 24.227.166.255 dev eth0 label eth0:4

If you notice here, I wasn't completely sure what to do, but this is how it
reads
right now.
Like I said before these are my 5 static IP's. I am not trying to use *.195
and *.196.
 I just added them to this file in case I need them later (maybe DNAT, port
forwarding) and it is interesting to watch their activity on the weblet log.
I want to use *.197 and *.198 as my two DMZ addresses.  After reading Tom
Eastep's
Shorewall setup guide ( for multiple ip addresses) I remarked the lines
because he
said not to add them (ProxyARP addresses) to my interfaces file.  I guess
this is what
he meant, howver I am not sure if it was or not.


Then further down on Step 2 (Configure internal interface) I have:
auto eth1
iface eth1 inet static
address 192.168.1.254
netmask 255.255.255.0
broadcast 192.168.1.255

Then further down on Step 3 (Configure DMZ) I have:
auto eth2
iface eth2 inet static
address 192.168.2.254
netmask 255.255.255.0
broadcast 192.168.2.255


Then on Network configuration - Resolv.comf I have my dns nameservers
entered (Given
to me by my Cable Modem ISP).
Nameserver 24.93.40.62
Nameserver 24.93.40.63

Then in Packages Configuration: Shorewall I have:

I made no changes to PARAMS file

I changed Zones file to read:
#Zone   Display Comments
net Net Intenet
loc Local   Local Networks
dmz DMZ Demilitarized zone
#last Line

In Interfaces file it reads:
#zone   Interface   broadcastoptions
net eth0detect   dhcp,routefilter,norfc1918
loc eth1detect
dmz eth2detect
#last Line

I made no changes to Hosts file

In Policy file it reads:
#source det policy  log limit:burst
loc net accept
net all dropulog

all all reject  ulog
#last line

In Rules it reads:
#Action source  destproto   dest port  souce port
origanl dest
accept  

RE: [leaf-user] How to configure hdsupp in Bering uclibc?

[Robert K Coffman Jr - Info From Data Corporation]

Please read http://leaf.sourceforge.net/doc/guide/bubooting.html

- Bob Coffman

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Tibbs,
Richard
Sent: Wednesday, July 21, 2004 9:17 AM
To: [EMAIL PROTECTED]
Subject: [leaf-user] How to configure hdsupp in Bering uclibc?


Folks,
I tried a floppy version of bering uclibc (2.1).
I want a few more packages then will fit on the floppy, and the Aptiva
won't boot from CD.
Hdsupp loaded, but I find no config entry in lrcfg for it. (But I can
back it up...?)
Whadda ya do here?
THX,
Rick


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idG21alloc_id040op=ick

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Using LEAF (Bering-uClibc) as a router (no shorewall)

[Robert K Coffman Jr - Info From Data Corporation]

The first thing that came to mind to do this was to change the following in
the shorewall policy file:

all all REJECT  ULOG

to

all all ACCEPT

However this doesn't meet the requirement of getting rid of shorewall.
Also, I don't know what the performance implications are of doing it this
way versus eliminating Shorewall.  Maybe someone can comment on that.


- Bob Coffman

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Ben Conrad
Sent: Thursday, July 15, 2004 5:59 PM
To: [EMAIL PROTECTED]
Subject: [leaf-user] Using LEAF (Bering-uClibc) as a router (no
shorewall)


Hello,

I want to use LEAF as a simple router inside my internal networks.  I
don't need any firewalling or NAT.

What is the best way to turn off all the Shorewall and IPTables
configurations so that I can pass all traffic in/out of eth0 and eth1?
 I tried to rename /etc/rc2.d/S41shorewall and then backed up all the
packages but on next boot the /etc/rc2.d/S41shorewall still exists!

Thanks,

Ben


---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] DShield.org

[Robert K Coffman Jr - Info From Data Corporation]

Anyone submitting their firewall logs to dshield.org, and if so, how are you
doing it?

- Bob Coffman




---
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Bering on a Compaq2266

[Robert K Coffman Jr - Info From Data Corporation]

I'd like to move my Bering 1.2 to this little box.  Unfortunately as far
as I can get is:
Loading Linux ...  [Sorry, no I didn't count exactly how many
periods.]
Boot failed: please change disks and press a key to continue.


One thing to try is take a 1.44MB floppy, run syslinux on it, and put a copy
of the kernel on there from the Bering disk.  Then boot with it - that
should tell you if its a floppy drive problem or if the kernel has a problem
with your Cyrix chip... It will crash with no packages but at least you can
see if you get past the boot failed message.  If you succeed, throw another
floppy drive in there or boot from CD as someone suggested.

- Bob Coffman




---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] dyndns, ez-ipupd (update hostname)

[Robert K Coffman Jr - Info From Data Corporation]

What is the impact of the max-interval= setting?  I assume that while
running as a daemon this is the longest it will go between update attempts,
but it is poorly documented.

- Bob Coffman





---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] HDPARM

[Robert K Coffman Jr - Info From Data Corporation]

Roger,

I set this up on one system so far (not using your .lrp) and it works great.
You did it the right way and i'd like to add your lrp to my routers...  Old
hard drives are too cheap and plentiful, and its too easy to replace a
failed drive not to take advantage of them.

- Bob Coffman

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Roger E
McClurg
Sent: Wednesday, April 07, 2004 4:23 PM
To: [EMAIL PROTECTED]
Subject: [leaf-user] HDPARM


I created an hdparm.lrp package for Bering 1.2. It uses the 5.2 version of
hdparm from RedHat 9.0. The package includes a script called spindown.
Spindown will automatically put the HD into standby mode (hdparm -y) at
the end of the boot process.  I can send it to anyone interested, but if
the developers think it is useful maybe one of them will agree to put it
up on Sourceforge.

Roger



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] hdsupp.lrp (or hdparm) for Bering 1.2

[Robert K Coffman Jr - Info From Data Corporation]

Looking for hdparm (or equivalent) for Bering 1.2.  Need to be able to shut
down the hard drive after the machine boots.

Thanks in advance.

- Bob Coffman




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Problem making Bering CD

[Robert K Coffman Jr - Info From Data Corporation]

The one I use to build CDROMs looks like this:

display syslinux.dpy
timeout 0
default linux initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0
boot=/dev/cdrom:iso9660 PKGPATH=/dev/cdrom LRP=root,


- Bob Coffman

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
Luis.F.Correia
Sent: Thursday, March 11, 2004 2:40 AM
To: [EMAIL PROTECTED]
Subject: RE: [leaf-user] Problem making Bering CD


The line starting with 'default' must be in a single line and must not have
more then 256 characters!!!

Other from that, in the kernel messages, do you see it recognize the cdrom
device?

 -Original Message-
 From: Mike Sussman [mailto:[EMAIL PROTECTED]
 Sent: Thursday, March 11, 2004 2:26 AM
 To: [EMAIL PROTECTED]
 Subject: [leaf-user] Problem making Bering CD

 Folks, I need a little help getting my Bering CD going,
 if you please.

 I tried to follow Luis Correia's clear and excellent
 instructions for changing from a floppy Bering 1.2 system
 to a CD version.  I must not really have followed
 the directions, because although everything seemed to work
 fine, it doesn't boot.

 The boot sequence goes fine until it tries to read the
 packages, and then tries going to the floppy instead of
 the CD.  The boot messages look like (hand copy)
 Freeing unused kernel memory: 64k freed
 LINUXRC: Bering - Initrd - V1.2
 Using /boot/lib/modules/cdrom.o
 Mounting a 6M TMPFS filesystem ...
 end_request: I/O error, dev 02:00 (floppy), sector 0
 end_request: I/O error, dev 02:00 (floppy), sector 0
 LINUXRC: Could not mount the boot device.  Can't install packages
 Kernel panic: Attempted to kill init!

 The beginning of my isolinux.cfg file is:
 display syslinux.dpy
 timeout 0
 default linux initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0
   boot=/dev/cdrom:iso9660 PKGPATH=/dev/cdrom:iso9660,/dev/fd0:msdos
   LRP=root, ...
 (line beginning with default is all one long line)

 This happened when there was no floppy at all in the drive.  If
 I put a floppy without any packages on it into the drive, then
 I get additional errors complaining that it cannot find the
 packages on the floppy.

 OK, it sure looks like I have something wrong with
 PKGPATH= but I cannot see what.  Is it possibly because
 I did not but a line break just before LRP= ?  Is there something
 else I should know but do not?

 Thanks in advance for your help.




 ---
 This SF.Net email is sponsored by: IBM Linux Tutorials
 Free Linux tutorial presented by Daniel Robbins, President and CEO of
 GenToo technologies. Learn everything from fundamentals to system
 administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click
 --
 --
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Public IPs in DMZ with Proxy Arp

[Robert K Coffman Jr - Info From Data Corporation]

Ray - thanks again.  Forgive me if I was unclear.  I've got 5 Bering
firewalls in production but this one is bringing a lot of new concepts my
way.

This doesn't deal with my uncertainty about the old setup. Was the old
router  able to handle the address xxx.xxx.xxx.142 or not?

Yes.

That is, did it somehow (either as its own interface with port forwarding,
or via proxy
arp) make that address visible on the external interface, and could it
route traffic going from the server using that address successfully?

Apparently so.  If it didn't, then I'm missing a piece of the puzzle, which
is possible.  I've not been on site where this firewall is installed, and I
apologize to you for the boneheads on site if this is the case.


Were the LAN servers we're talking about also plugged into this same
switch? I suppose they must have been.

Yes they were.

With that physical setup, and knowing as little about the configuration of
the prior router as we seem to, I would not assume it was routing traffic
to and from the other public addresses; the ISP may have been reaching them
directly, without firewalling. It may only have been NAT'ing whatever
private-address IPs were used by workstations ... the physical setup you
(sort of) describe could do this, while not offering any firewalling or
routing whatsoever to the public-address servers.

I never considered this, but this is probably exactly how it was working for
the 27-30 public IPs (see below.)

Even if you can't check the old router, can you check the old
configurations of the servers? What did their routing tables look like? (If
you feel you must conceal the actual addresses, please don't turn them into
jabberwocky ... use some convention that lets us easily distinguish
different hosts, gateway addresses, and netmasks.)  Did they have the old
router's internal IP address as their default gateway or the ISP gateway
appropriate to each distinct network?

ISP gateway appropriate to each distinct network, with the exception of the
FTP server.  It is configured as follows:

Public address
2A9.2B8.2C3.1D2
mask 255.255.255.252
gw 2A9.2B8.2C3.1D1

internal 192.168.1.7

There is only one NIC in this box, and so apparently the old router did
something (SNAT?) for this address.

The other address range (the 26-30 addresses) are configured exactly as the
external interface on the firewall, and are working in a proxy arp'ed DMZ.
In fact, 26 is the firewall address.

In the meantime, please figure out a way to conceal them that does not
leave out information we need to know.

Hopefully the above is better.  I can say that all these addresses are
public and routable - no upstream NAT.

I'm still trying to get access to the old router.

Thanks again for your help.

- Bob Coffman





---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Public IPs in DMZ with Proxy Arp

[Robert K Coffman Jr - Info From Data Corporation]

Tom,

Thanks for your assistance.  It is much appreciated.


 Question 3:  There is a public IP address that has a different gateway
than
 the block of IP addresses currently in the DMZ.  If I use SNAT with that
 IP, is there any way to specify a different gateway?  I'm struggling to
 understand this part so if this makes no sense please ignore it.

TEYou're going to have to give us specifics before we can understand the
question.

Ok, the network setup is this:

They have public IP addresses in the range xx.xx.xx.26-xx.xx.xx.30 with
masklen 29 and gateway xx.xx.xx.25.  These are now in the DMZ

Additionally, they have a public IP address xxx.xxx.xxx.142 masklen 30 and
gateway xxx.xxx.xxx.141.  Apparently, with their old router (IPCHAINS based,
but I don't have access to it) they had all these boxes sitting on their
internal net and could reach them all externally or internally via the
public IP.  I'd like them all in the DMZ however I don't know how to deal
with this 141 address.

Thanks for any assistance.

- Bob Coffman




---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Public IPs in DMZ with Proxy Arp

[Robert K Coffman Jr - Info From Data Corporation]

Ray,

Thanks for the response.  Answers/comments inline:


Offhand, I cannot think of a way to do what you want to do. Control of
gateway addresses is a function of the routing table, not of ipchains or
iptables. But perhaps I'm missing something. It might help if you clarified
a couple of things in your most recent posting.

First, when you say the old router could reach them all externally or
internally via the public IP what is the the IP you mean? Do you mean
all 6 addresses were reachable via (probably) proxy arp? Or do you only
mean the servers had reachable services via port forwarding? Or something
else?

The machines I'm referring to had IPs in the same subnet(mask/gateway) as
the external interface on the router.  One thing I do know is that the old
router had both interfaces plugged into the same switch, which is one of the
things I'm trying to correct.

Second, while I understand (though do not really sympathize with) your
desire to keep the IP addresses themselves secret, we really do need to
know the relationship between the xx.xx.xx in xx.xx.xx.25 and the
xxx.xxx.xxx in xxx.xxx.xxx.141. Are they on the same /24, to be
specific?

Once I'm up and firewalled properly I'll be happy to publish them :)

Not same /24.  Where I have xx above, it indicates two actual digits, and
for the other, three.  Anyway, here are the specifics:

xx.xx.xx.26-30
subnet mask 248
gw xx.xx.xx.25

xxx.xxx.xxx.142
subnet masklen 252
gw xxx.xxx.xxx.141

Traceroutes to both address types take same path to their destination.

If so, it *might* work to cheat ... let the rotuer and *all* the servers
use xx.xx.xx.25, or perhaps xxx.xxx.xxx.141, as their gateway. Incoming
traffic will still (probably) flow through the separate gateways ... but
IP-based routing is, by design, quite tolerant of using different routes in
the different directions. (Actually, it might work to do this cheat even if
the 2 networks are not part of the same /24; it depends on configuration
decisions at the ISP's end.)

Understood.  I will try it.  Am I correct in saying that both of these
addresses have to reachable in 1 hop from the firewall??

If you try this, you will need a route on the router to xxx.xxx.xxx.141,
so it can receive traffic from that gateway and acknowledge it. But it need
not be a gateway entry, just an ordinary route.

Ok.

Finally, am I correct in inferring that these two external networks ---
xx.xx.xx.24/29 and xxx.xxx.xxx.140/30 -- are on the same physical interface
(eth0, I imagine) ... the same DSL or T1 or whatever? If they are on
different interfaces, most of what I've said does not make sense for you
... and you'll have to give us those details to get good advice.

They are on the same interface, same T1, which is what made it confusing to
me.

- Bob Coffman






---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Public IPs in DMZ with Proxy Arp

[Robert K Coffman Jr - Info From Data Corporation]

I've been pouring through the docs and archives but can't seem to find the
answer to these.

I've got a setup similar to Tom's 3 interface example, but with public IPs
in the DMZ and proxy arp set to allow access to them.

Question 1:  If I want to firewall all but the necessary public services
from the DMZ machines, should I be using SNAT rather than proxy arp?  I
guess I don't understand how shorewall interacts with proxy arp'ed machines
if at all.

Question 2:  If using proxy arp, should clients on the internal network be
able to access the DMZ machines by their public IP?

Question 3:  There is a public IP address that has a different gateway than
the block of IP addresses currently in the DMZ.  If I use SNAT with that IP,
is there any way to specify a different gateway?  I'm struggling to
understand this part so if this makes no sense please ignore it.

I apologize if this is covered somewhere.  I've read the setup guide, Lynn
Avant's proxy arp howto, and a lot of docs on the shorewall site but I'm
still unclear on these points.

Thanks!

- Bob Coffman




---
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps  Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356alloc_id=3438op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Address block 82.0.0.0/8

[Robert K Coffman Jr - Info From Data Corporation]

There is an updated RFC1918 file at 

http://shorewall.net/pub/shorewall/errata/1.4.8/rfc1918

- Bob Coffman

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Giovanni
Franza
Sent: Thursday, February 05, 2004 10:32 AM
To: [EMAIL PROTECTED]
Subject: [leaf-user] Address block 82.0.0.0/8


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello,
This is only an information.
I'm using LEAF 1.0 stable.
In shorewall RFC1918 listings ( menu 3, 6 ,18 ) i see that
82.0.0.0/7 is blacklisted.
IANA has now assigned 82.0.0.0/8 to RIPE that has assigned some net
numbers (For example 82.89 to telecom italia) so, with this row
enabled some people are locked. I've simply commented out (quite raw, i
know).
Best regards
Giovanni Franza



-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAImHvRMztRXa/wpIRAqXAAKCBLCt7cRcAOMQKYQIeGSGcsiS3iwCfWj2L
6Y0sbXyB0491pMhOMOmOcEE=
=5WE5
-END PGP SIGNATURE-



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Bering with Shorewall compromised ?

[Robert K Coffman Jr - Info From Data Corporation]

4 Bering 1.2 Firewalls in production, starting about a year ago and the
latest went in this past summer.  No compromises.

I do have an interesting problem running Bering on VMWare.  If anyone is
interested I'll repost the details with new information.  I'm not sure how
to fix it as it appears to me to be a bug in VMWare bridged networking.  The
same configuration on a physical machine works fine - but running Bering on
VMWare is a joy.

- Bob Coffman

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of franco segna
Sent: Tuesday, December 23, 2003 3:21 AM
To: Leaf-User
Subject: [leaf-user] Bering with Shorewall compromised ?


Hi all,
for statistical purposes only I'd like to know if someone actually
experienced compromissions or intrusions running Shorewall over Bering.
I'm currently running five B/S floppy-based firewalls (frequently
updated) followed by various NIDS. Due to the rather critical missions
involved, all the logs are carefully being parsed every morning. After
two years ADSL connections (statical IPs) to the Internet, with
extensive VPNing, I have not one single evidence of compromission.
Thanks for any answer and (if applicable) details

Franco

--

Franco Segna  -  [EMAIL PROTECTED]





---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Re: PPPoE without username and password

[Robert K Coffman Jr - Info From Data Corporation]

I didn't think of this when you first posted.  My ISP limits each cable
modem to pulling 1 or 2 addresses at a time.  If you don't know what was
going on, you would swear your DHCP client or NIC was malfunctioning...

- Bob Coffman

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of and hansen
Sent: Thursday, December 11, 2003 5:35 AM
To: [EMAIL PROTECTED]
Subject: [leaf-user] Re: PPPoE without username and password


Hello again

I turned off my modem over night, and now it all runs
perfect
pump gets it´ address
Thanks..!
I was´t able to get an IP under win2000 on a third MAC
address either
so powering off the modem over night, released this
DHCP trust

Regards
Lasse

Yahoo! Mail (http://dk.mail.yahoo.com) - Gratis: 6 MB lagerplads, spamfilter
og virusscan


---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78alloc_id371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] dnscache

[Robert K Coffman Jr - Info From Data Corporation]

Nothing in your config sounds incorrect, but here is what I did:

1. change LRP box internal IP
2. Changed querying hosts IP (actually this may be the default, but I'm
using a 192.168 address) to 192.168
3. I have logging disabled (its working so I don't need it.)
4. I have forwardonly enabled
5. Set my ISPs DNS servers (definitely double check this)
6. I added the following to shorewall rules:


ACCEPT  fw  net tcp 53
ACCEPT  fw  net udp 53

ACCEPT  loc fw  udp 53

Try running NSLOOKUP to see if your machine is answering:

NSLOOKUP
 server yourserversIP
 www.amazon.com
 Server:  myreallyrockinrouter.mydomain.com
 Address:  192.168.2.1

 Non-authoritative answer:
 Name:www.amazon.com
 Address:  207.171.181.16

Hope this helps.

- Bob Coffman

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of ALParada
Sent: Thursday, November 06, 2003 8:36 PM
To: [EMAIL PROTECTED]
Subject: [leaf-user] dnscache


Hello,

I am running Bering with dnscache. Either I don't understand how a
caching server works, or I missed something in the configuration.
Dnscache is running because I verified it with ps aux. I however can't
resolve any names. I changed the internal ip address under option1. Set
option 4 to yes and option 5 with my isp DNS servers. I added an accept
loc fw udp 53 under shorewall rules. I also allowed access to the net
from the fw. What am I forgetting? Does dnscache need something like
tinydns to work?  There is also no /var/log/dnscache which I keep seeing
references to. Any help would be appreciated.

TIA



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html