from:"Sean"

[leaf-user] am i being spoofed

2006-09-11 Thread sean coogan

recently my (extremely old but up to now totally reliable) leaf install
has been choking on what seem to be packets dropped from itself. The
firewall is a standard two interface install of bering 1.0 rc3 (packages
listed )
  

initrd   V1.0-rc3   
rootV1.0-rc3 
etc V1.0-rc3 
local   V1.0-rc3   Local package. This package does not contain a
modules V1.0-rc3   Modules package. Contains kernel modules and u
pump0.8.11-3   DHCP/BOOTP client from Redhat 
keyboard0.3Use this package to adjust the keyboard settin
shorwall1.3.1  Shoreline Firewall (Shorewall)
weblet  1.2.0  weblet - LRP status via a small web server
sshd3.4p1  OpenSSH sshd daemon.  
sshkey  3.4p1  OpenSSH ssh-keygen program.   
libz1.1.4  zlib compression library. Needed for openssh  
dhcpd   2.0pl5 dhcpd - Autoconfigure client machines 
dnscache1.05a  dnscache from djbdns (V1.05a) package creates 

every time these sort of packets show up in the logs the firewall stops 
allowing access to
the internet (logs from one instance)

Aug 8 04:22:11 firewall kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT=
MAC= SRC=192.168.1.254 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00
TTL=64 ID=11867 DF PROTO=UDP SPT=68 DPT=67 LEN=308 Aug 8 04:22:14
firewall kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC=
SRC=192.168.1.254 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64
ID=19697 DF PROTO=UDP SPT=68 DPT=67 LEN=308 Aug 8 04:22:20 firewall
kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC= SRC=192.168.1.254
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=23785 DF
PROTO=UDP SPT=68 DPT=67 LEN=308 Aug 8 04:22:32 firewall kernel:
Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC= SRC=192.168.1.254
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=12132 DF
PROTO=UDP SPT=68 DPT=67 LEN=308 Aug 8 04:22:41 firewall kernel:
Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC= SRC=192.168.1.254
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=24526 DF
PROTO=UDP SPT=68 DPT=67 LEN=308 Aug 8 04:22:41 firewall kernel:
Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC= SRC=192.168.1.254
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=3804 DF
PROTO=UDP SPT=68 DPT=67 LEN=308 Aug 8 04:22:41 firewall kernel:
Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC= SRC=192.168.1.254
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=31457 DF
PROTO=UDP SPT=68 DPT=67 LEN=308 Aug 8 04:22:41 firewall kernel:
Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC= SRC=192.168.1.254
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=12128 DF
PROTO=UDP SPT=68 DPT=67 LEN=308 Aug 8 04:22:41 firewall kernel:
Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC= SRC=192.168.1.254
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=9879 DF
PROTO=UDP SPT=68 DPT=67 LEN=308

my question is does this show someone trying to access my firewall or is it a 
false positive (?) 
ie something on my network producing these hits or is some one trying to get in
(god alone knows why they'd bother).


-- 
regards
sean coogan


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] Image CF drive

2005-07-16 Thread Sean Covel

WinImage.  I use it to create copies of my floppies and CDs for Bering.

Joey Officer wrote:
 Not to sound like a smart ass, but Ghost, from Symantec will do this, quite
 nicely.  It'll either just recognize the card as a drive, which you can
 create an image from (and restore from) or allow you to perform a Ghost
 mirror of the drive to another CF on the fly.
 
 Alternateively, you can use rawwrite, I think... the version for window I
 think will allow you to read an image.
 
 You could also get cygwin installed, and then run 'dd' to create the
 image...
 
 Joey
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of Richard
 Amerman
 Sent: Thursday, July 14, 2005 6:38 PM
 To: leaf-user@lists.sourceforge.net
 Subject: [leaf-user] Image CF drive
 
 
 Does anyone know of any windows tools that can do a disk image of a CF
 card?
 
 I have multiple identical CF cards I need to propagate a uClibc install
 to, bootable portion and all. The only tools I have found that work with
 CF cards so far have been for linux.
 
 Thanks!
 
 Richard Amerman
 
 
 ---
 SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
 from IBM. Find simple to follow Roadmaps, straightforward articles,
 informative Webcasts and more! Get everything you need to get up to
 speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=ick
 
 leaf-user mailing list: leaf-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 Support Request -- http://leaf-project.org/
 
 
 
 ---
 SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
 from IBM. Find simple to follow Roadmaps, straightforward articles,
 informative Webcasts and more! Get everything you need to get up to
 speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click
 
 leaf-user mailing list: leaf-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 Support Request -- http://leaf-project.org/
 


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Re: [leaf-user] puzzle: listen on port X on internal interface, and send data to remote host with dynamic ip]

2005-06-09 Thread Sean Covel

Matt,

Erich Titl wrote:
 Matt
 
 Matt wrote:
 
Hi all, I have a strange goal.

the setup:  two sites (a and b) both with linux machines running
shorewall.  a machine at site 'a' needs to connect to services on a
machine at site 'b'.  both sites have dsl with dynamicaly assigned ip
addresses.  site 'b's ip can be resolved from siteb.dynamic.dns.com (one
of those fancy dynamic-dns sites)

the goal: to have a computer at site 'a' connect to a port on the
internal nic of the router at site 'a' and have it transparently
communicate through this port to a computer at site 'b'.  this will be a
windows networking/smb connection, so the client machine and the server
can't specify a port number.  For various reasons we cannot expose the
standard smb port at site 'b'.
I know i can use DNAT on the router at site 'b' to accept connections on
port 12345 and send them to the server port 139.
what can i use at site 'a' to accept connections on port 139 on the
local interface and forward them to siteb.dynamic.dns.com port 12345? 
If I specify the fqdn in the shorewall config I see two problems:  it
either will not work at all, or it'll resolve the address once (when
shorewall is started) and never again.

I'd like to avoid setting up a vpn as i'm short on time, and I can't
install ssh on either machine.

ideas? comments? suggestions?
 
 
 This is a typical VPN situation, short of time use OpenVPN to solve this.
 
 my 0.02
 
 Erich
 

Zebedee might be a quick and dirty solution.  Secure tunnel.  VPN like.
 Runs on Windows and Linux.  I use it to tunnel VNC.  Google it.

Sean


---
This SF.Net email is sponsored by: NEC IT Guy Games.  How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?
If you want to score the big prize, get to know the little guy.  
Play to win an NEC 61 plasma display: http://www.necitguy.com/?r=20

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[leaf-user] New RFC1918 file needed?

2005-05-17 Thread Sean Covel


I'm running uClibc Bering, Shorewall 1.3.14.  I'm trying to access a
site and its timing out.  My log has lots of DROP rfc1918 entries to
70.84.14.101.  Is 70.x.x.x a newly assigned number range?  Is there a
new rfc1918 file for Shorewall 1.3.14?

Sean



---
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] New RFC1918 file needed?

2005-05-17 Thread Sean Covel

I looked under errata for 1.3.14 and the rfc1918 file that was there was
old.  I guess that one is more up-to-date.

BTW, I downloaded an IANA list and made it into an rfc1918 file. It was
longer than yours.  Any idea why?  Here's that list:

0.0.0.0/7   logdrop

2.0.0.0/8   logdrop

5.0.0.0/8   logdrop

7.0.0.0/8   logdrop

10.0.0.0/8   logdrop

23.0.0.0/8   logdrop

27.0.0.0/8   logdrop

31.0.0.0/8   logdrop

36.0.0.0/7   logdrop

39.0.0.0/8   logdrop

42.0.0.0/8   logdrop

49.0.0.0/8   logdrop

50.0.0.0/8   logdrop

74.0.0.0/7   logdrop

76.0.0.0/6   logdrop

89.0.0.0/8   logdrop

90.0.0.0/7   logdrop

92.0.0.0/6   logdrop

96.0.0.0/4   logdrop

112.0.0.0/5   logdrop

120.0.0.0/6   logdrop

127.0.0.0/8   logdrop

169.254.0.0/16   logdrop

172.16.0.0/12   logdrop

173.0.0.0/8   logdrop

174.0.0.0/7   logdrop

176.0.0.0/5   logdrop

184.0.0.0/6   logdrop

189.0.0.0/8   logdrop

190.0.0.0/8   logdrop

192.0.2.0/24   logdrop

192.168.0.0/16   logdrop

197.0.0.0/8   logdrop

198.18.0.0/15   logdrop

223.0.0.0/8   logdrop

224.0.0.0/3   logdrop


Sean

Tom Eastep wrote:
 Sean Covel wrote:
 
I'm running uClibc Bering, Shorewall 1.3.14.  I'm trying to access a
site and its timing out.  My log has lots of DROP rfc1918 entries to
70.84.14.101.  Is 70.x.x.x a newly assigned number range?  Is there a
new rfc1918 file for Shorewall 1.3.14?
 
 
 http://shorewall.net/errata.htm
 
 -Tom


---
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] New RFC1918 file needed?

2005-05-17 Thread Sean Covel

Tom,

Tom Eastep wrote:
 Sean Covel wrote:
 
I looked under errata for 1.3.14 and the rfc1918 file that was there was
old.  I guess that one is more up-to-date.

 
 
 Sean -- There is one up-to-date rfc1918 file for Shorewall versions up to
 2.0.1 linked from the top of the errata page. Do you actually think I have
 enough spare time to prepare separate updated rfc1918 files (which have the
 same contents) for each of the dozens of Shorewall releases that included
 Bogon address ranges in that file? Especially Shorewall releases that have
 not been supported for over two years (Hint: 1.3.14 falls into that
 category)??
 

Since I'm not a Shorewall developer, I assumed I should look under the
errata for the version of Shorewall I was using.  How am I to know that
every version of Shorewall from xxx to yyy had exactly the same format
for the rfc1918 file?

 Do you actually believe that the list of bad IP addresses is dependent on
 which verison of Shorewall your are running? Please THINK when you sit down
 to your computer.

Ouch!  Having a bad day?

Obviously bad IP addresses are not Shorewall version dependant, but
are rfc1918 files?  How should I know?  Besides, I  went to the
Shorewall site, clicked on the version I am running, then clicked on the
errata for that version.  Is this what I did wrong?  Perhaps if that
rfc1918 was a link to the one you maintained we wouldn't be having this
discussion...


 
 And for your other question, I aggregate adjacent ranges whereas the IANA
 lists them separately.


Thanks, good info.

Sean


 -Tom


---
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] New RFC1918 file needed?

2005-05-17 Thread Sean Covel

Tom,

The page you referred me to says the following:

-
RFC1918 File

Here is the most up to date version of the rfc1918 file. This file only
applies to Shorewall versions 1.4.* and 2.0.0 and its bugfix updates.


So that seems to imply that the file is not for 1.3.x versions of Shorewall.

Sean


Sean Covel wrote:
 Tom,
 
 Tom Eastep wrote:
 
Sean Covel wrote:


I looked under errata for 1.3.14 and the rfc1918 file that was there was
old.  I guess that one is more up-to-date.



Sean -- There is one up-to-date rfc1918 file for Shorewall versions up to
2.0.1 linked from the top of the errata page. Do you actually think I have
enough spare time to prepare separate updated rfc1918 files (which have the
same contents) for each of the dozens of Shorewall releases that included
Bogon address ranges in that file? Especially Shorewall releases that have
not been supported for over two years (Hint: 1.3.14 falls into that
category)??

 
 
 Since I'm not a Shorewall developer, I assumed I should look under the
 errata for the version of Shorewall I was using.  How am I to know that
 every version of Shorewall from xxx to yyy had exactly the same format
 for the rfc1918 file?
 
 
Do you actually believe that the list of bad IP addresses is dependent on
which verison of Shorewall your are running? Please THINK when you sit down
to your computer.
 
 
 Ouch!  Having a bad day?
 
 Obviously bad IP addresses are not Shorewall version dependant, but
 are rfc1918 files?  How should I know?  Besides, I  went to the
 Shorewall site, clicked on the version I am running, then clicked on the
 errata for that version.  Is this what I did wrong?  Perhaps if that
 rfc1918 was a link to the one you maintained we wouldn't be having this
 discussion...
 
 
 
And for your other question, I aggregate adjacent ranges whereas the IANA
lists them separately.

 
 
 Thanks, good info.
 
 Sean
 
 
 
-Tom
 
 
 
 ---
 This SF.Net email is sponsored by Oracle Space Sweepstakes
 Want to be the first software developer in space?
 Enter now for the Oracle Space Sweepstakes!
 http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click
 
 leaf-user mailing list: leaf-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
 


---
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Shorewall problem

2005-04-15 Thread Sean Covel

 
 To correct this problem.
 
 1) xtgyo spiteys 988674 flsiey8 http://xxx.xxx.xxx.xxx/yy.htm
 2) psyyt witii sopom dspslosy
 3) soppllmo soppoym splo
 

ROTFL!!!


---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: RESOLVED [leaf-user] Shorewall policies symmetric, but web page results are not.

2005-04-13 Thread Sean Covel

Rick,

Do tell.  Documentation might keep some other guy from pulling all his
hair out.

Tibbs, Richard wrote:
 Sorry list,
 It turned out to be a bind configuration error.
 Rick.
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Tibbs,
 Richard
 Sent: Monday, April 11, 2005 2:16 PM
 To: leaf-user
 Subject: [leaf-user] Shorewall policies symmetric, but web page results
 are not.
 
 
 Dear List:
 I have the following configuration
 SLAX internal -- Bering 1.2 --- SLAX external   
 192.168.10.1192.168.10.254  192.168.1.254 192.168.1.1  dns 
 192.168.10.2
 192.168.1.2 www
 
 each SLAX machine is configured to bring up bind for dns at IP addresses
 
 192.168.10.1 (internal) and 192.168.1.1 (external) resp.
 In addition there is a web server running on 192.168.10.2 (internal) and
 192.168.1.2 (external).
 
 The symptom is that external can only load it's own web page
 (extexample.com) whereas internal can load both intexample.com and
 extexample.com.
 Until I add a default route on eth0 (external interface) 
 gateway 192.168.1.1
 external cannot load internal's web page.
 Why would this be necessary?
 
 Each SLAX machine is given a default route to the Bering IP on the
 respective side of the fw.
 Shorewall log shows no drops, but
 Shorewall policy is
 loc net ACCEPT
 net loc ACCEPT
 fw  net ACCEPT
 fw  loc ACCPT
 net all DROP ULOG
 all all REJECT ULOG.
 
 
 
 
 ---
 SF email is sponsored by - The IT Product Guide
 Read honest  candid reviews on hundreds of IT Products from real users.
 Discover which products truly live up to the hype. Start reading now.
 http://ads.osdn.com/?ad_ide95alloc_id396op=ick
 
 leaf-user mailing list: leaf-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
 
 
 ---
 SF email is sponsored by - The IT Product Guide
 Read honest  candid reviews on hundreds of IT Products from real users.
 Discover which products truly live up to the hype. Start reading now.
 http://ads.osdn.com/?ad_ide95alloc_id396op=click
 
 leaf-user mailing list: leaf-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
 


---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Shorewall Logging Q:

2005-02-10 Thread Sean Covel

Tom, everyone,
Sorry!  I know this must have been asked before, but I can't find the 
answer...

Awhile back my cable modem started doing something different.  I'm on 
Comcast and have a SURFboard cable modem.  Its IP address is 
192.168.100.1.  Every 3 min. it sends out a broadcast message:

Feb 10 17:23:37 firewall Shorewall:rfc1918:DROP: IN=eth0 OUT= 
MAC=01:00:5e:00:00:01:00:20:40:6d:d6:b7:08:00 SRC=192.168.100.1 
DST=224.0.0.1 LEN=28 TOS=00 PREC=0x00 TTL=1 ID=0 PROTO=2

Whatever its doing (DHCP maybe?) I really don't care to see it in my 
logs every 3 min.  I've tried various things to stop it, but I think 
since its an rfc1918 address I'm looking in all the wrong places.

Bottom line, how do I turn off logging of this traffic?
Sean
P.S.  Tom, I can't search for PROTO=2 on your site.  It seems to strip 
the = off, then I get all sorts of unwanted hits.

---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Shorewall Logging Q:

2005-02-10 Thread Sean Covel

Tom,
Once again you prove you're a genius!
I was S close to getting it right.  I already had the entry in the 
rfc1918 file, I had just added it to the end of the list, below the 
192.168.0.0/16 entry, not above it.

Sean
Tom Eastep wrote:
Sean Covel wrote:

Awhile back my cable modem started doing something different.  I'm on
Comcast and have a SURFboard cable modem.  Its IP address is
192.168.100.1.  Every 3 min. it sends out a broadcast message:
Feb 10 17:23:37 firewall Shorewall:rfc1918:DROP: IN=eth0 OUT=
MAC=01:00:5e:00:00:01:00:20:40:6d:d6:b7:08:00 SRC=192.168.100.1
DST=224.0.0.1 LEN=28 TOS=00 PREC=0x00 TTL=1 ID=0 PROTO=2
Whatever its doing (DHCP maybe?) I really don't care to see it in my
logs every 3 min.  I've tried various things to stop it, but I think
since its an rfc1918 address I'm looking in all the wrong places.
Bottom line, how do I turn off logging of this traffic?

This is a variant of Shorewall FAQ 14. Whereas in that FAQ, a RETURN
entry needs to be added to /etc/shorewall/rfc1918, in your case a DROP
is appropriate.
-Tom

---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Peers trying to connect to my Private IP address

2004-10-20 Thread Sean Covel


Ray Olszewski wrote:
At 08:31 PM 10/19/2004 -0400, Sean Covel wrote:
HELP.
I'm not sure if the problem is my LEAF config or the application, but 
here goes:

LEAF uClibC Bering 1.1, 3 interface setup.  Public, Private, DMZ.
The app in question is Azureus 2.1.0.4, a BitTorrent client.  BT uses 
ports 6881-6999.  I have port-forwarded the ports to an internal PC on 
the private network:

DNATnet loc:192.168.1.6 tcp 6881:6999
The client was working VERY SLOWLY so I decided to look at the 
firewall logs.  I recently started blocking out-going ports so I 
thought I had messed something up.  Here is what I discovered:

Oct 20 00:23:16 firewall Shorewall:rfc1918:DROP: IN=eth0 OUT=eth1 
MAC=00:03:47:08:40:1a:00:0b:bf:7f:44:a8:08:00 SRC=84.24.193.64 
DST=192.168.1.6 LEN=64 TOS=00 PREC=0x00 TTL=109 ID=52587 DF PROTO=TCP 
SPT=6881 DPT=33649 SEQ=2893004602 ACK=982285315 WINDOW=65535 ACK SYN 
URGP=0
Oct 20 00:23:26 firewall Shorewall:rfc1918:DROP: IN=eth0 OUT=eth1 
MAC=00:03:47:08:40:1a:00:0b:bf:7f:44:a8:08:00 SRC=83.116.64.150 
DST=192.168.1.6 LEN=64 TOS=00 PREC=0x00 TTL=112 ID=18647 DF PROTO=TCP 
SPT=6881 DPT=33660 SEQ=1681451538 ACK=982106032 WINDOW=65535 ACK SYN 
URGP=0

I'm not sure how the Peer is getting my private IP address, but it 
appears to be?

No. That part is okay. The PREROUTING chain in the nat table does this 
destination-address rewriting before the packet goes to the FORWARD 
chain in the default table. The FORWARD chain is what eventually routes 
this packet to the rfc1918 chain.

And the firewall is doing its job I guess, blocking an RFC1918 
address.  Anybody got any ideas what's going on here?

Assuming eth1 is your internal interface and that interface actually 
uses network 192.168.1.0/24, then I find this result odd. But if the 
host in question (192.168.1.6) is actually on your DMZ, and that 
interface is eth2, then I **think**  the DNAT rule above incorrectly use 
loc where it should use (probably) dmz. In that second case, rfc1918 
is blocking the packets because 192.168.1.6 is not a valid address for 
the LAN.

The actual details of the problem depend on the specifics of your setup, 
which you didn't report completely enough.


Ray,
Thanks for your response.  Tom Eastep was correct, it was a stale 
RFC1918 file.  The address that the request was coming from USED to be 
in the RFC1918 range but was recently re-assigned.  The NetFilter 
message was confusing because it was reporting the 83.116.x.x address as 
the problem and I was assuming it was the 192.168.x.x address.  DNAT had 
already transformed the external IP into the internal IP.  Confusing, eh?

I updated the RFC1918 file and all is well!
Thanks all for your help.
Sean
---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Peers trying to connect to my Private IP address

2004-10-19 Thread Sean Covel

HELP.
I'm not sure if the problem is my LEAF config or the application, but 
here goes:

LEAF uClibC Bering 1.1, 3 interface setup.  Public, Private, DMZ.
The app in question is Azureus 2.1.0.4, a BitTorrent client.  BT uses 
ports 6881-6999.  I have port-forwarded the ports to an internal PC on 
the private network:

DNATnet loc:192.168.1.6 tcp 6881:6999
The client was working VERY SLOWLY so I decided to look at the firewall 
logs.  I recently started blocking out-going ports so I thought I had 
messed something up.  Here is what I discovered:

Oct 20 00:23:16 firewall Shorewall:rfc1918:DROP: IN=eth0 OUT=eth1 
MAC=00:03:47:08:40:1a:00:0b:bf:7f:44:a8:08:00 SRC=84.24.193.64 
DST=192.168.1.6 LEN=64 TOS=00 PREC=0x00 TTL=109 ID=52587 DF PROTO=TCP 
SPT=6881 DPT=33649 SEQ=2893004602 ACK=982285315 WINDOW=65535 ACK SYN URGP=0
Oct 20 00:23:26 firewall Shorewall:rfc1918:DROP: IN=eth0 OUT=eth1 
MAC=00:03:47:08:40:1a:00:0b:bf:7f:44:a8:08:00 SRC=83.116.64.150 
DST=192.168.1.6 LEN=64 TOS=00 PREC=0x00 TTL=112 ID=18647 DF PROTO=TCP 
SPT=6881 DPT=33660 SEQ=1681451538 ACK=982106032 WINDOW=65535 ACK SYN URGP=0

I'm not sure how the Peer is getting my private IP address, but it 
appears to be?

And the firewall is doing its job I guess, blocking an RFC1918 address. 
 Anybody got any ideas what's going on here?

Sean

---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Just checking....

2004-06-30 Thread Sean Covel

Norton is a great tool, but it doesn't pickup spyware.  There has been a 
LOT of spyware/virus mixing lately.  Try Spybot Search and Destroy.  We 
once had a single machine with some spyware app running flooding the 
firewall trying to call home.  Killed the spyware, traffic stopped.

Brad Klinghagen wrote:
This isn't the full format of the log file. I sent the full file to Tom
Eastep to look at. As for virus, doubtful, since the computer is running
the latest version of Symantec Anti-Virus 2004 and get updates whenever
available (initiates the updates). I've set up the firewall rules so
that if a computer on the LAN side initiates a request, then the
response is allowed in; so if this were a response, it would be allowed
in. But since I have latest virus stuff, viruses should be wiped out
quickly - and my wife practices safe Internet.
I should also note, the computer is a Win2k workstation, and I have shut
down the web server so there is no port 80 or 443 service port open on
it and the firewall rules do not allow DNAT to this computer. Right now
the only DNAT rules are for a VoIP phone from Vonage and Linux Web
Server which happens to be shut down for right now.
I believe I encountered the IIS issue Saturday night when I set up
another firewall for someone. They had a couple thousand entries over a
two hour period that looked suspicious. That's what prompted me to ask
this question.
Thank you for the thoughts though.
bpk
On Tue, 2004-06-29 at 23:42, Ronny Aasen wrote:
On Wed, 2004-06-30 at 01:16, Brad Klinghagen wrote:
I just wanted to check to make sure I'm looking at the Shorewall logs
correctly. Below, I've pasted a small sample of what I'm seeing in my
log file. The particular IP address that begins with 66 is the source
and 10.1.1.65 is the destination. Obviously the 10 IP address is within
my LAN. The second to last column shows the destination port number that
is trying to be used. This is only a small portion of the list, there
are hundreds of listings, and the destination port number keeps
changing, while the source port number stays at 80, and this source IP
is always trying to get to the same destination.
I am DROPing these packets and logging them because they are unwanted
traffic. When I trace the public IP, there is no site there. In similar
cases, sometimes there is a Microsoft IIS server there under
construction. I did a 'dig -x 66.232.154.8,' and I got no answer as far
as the owner of the IP address. Sometimes when I execute the 'dig -x'
instruction, there will be some information, but usually the IP address
is a client IP of an ISP (like Verizon, or Comcast).
Is it right to assume that this traffic is a hacker using automated
software trying to probe for weaknesses in my firewall or computer
setup? Or is it something else completely, something much less sinister?
Could this be some ad software, or something like it? If this isn't
someone trying to get in, how can you tell in your log files. I've got a
number of various entries of unwanted IP attempts to access my network;
some I believe is just spurious traffic, but others look like concerted
effort to get at my computers.
The issue with this sample is I don't know how this person, or software
is using the internal IP address of 10.1.1.65 because I'm using NAT (I
suppose they stripped off the TCP/IP header, does that not suggest
maliciousness?). Also, that IP address corresponds to the only Win2k
computer in my whole network, and there is no other access attempts to
any other internal computer.
eth0 eth1 66.232.154.8   10.1.1.65TCP801986 Jun 26 07:28:43 
eth0 eth1 66.232.154.8   10.1.1.65TCP801986 Jun 26 07:28:49 
eth0 eth1 66.232.154.8   10.1.1.65TCP801986 Jun 26 07:28:49 
eth0 eth1 66.232.154.8   10.1.1.65TCP801986 Jun 26 07:29:01 
eth0 eth1 66.232.154.8   10.1.1.65TCP801986 Jun 26 07:29:26 
eth0 eth1 66.232.154.8   10.1.1.65TCP801986 Jun 26 07:30:14 
eth0 eth1 66.232.154.8   10.1.1.65TCP801986 Jun 26 07:30:44 
eth0 eth1 66.232.154.8   10.1.1.65TCP802039 Jun 26 07:30:47 
eth0 eth1 66.232.154.8   10.1.1.65TCP802039 Jun 26 07:30:48 
eth0 eth1 66.232.154.8   10.1.1.65TCP802039 Jun 26 07:30:53
eth0 eth1 66.232.154.8   10.1.1.65TCP802039 Jun 26 07:30:54 
eth0 eth1 66.232.154.8   10.1.1.65TCP802039 Jun 26 07:31:06 
eth0 eth1 66.232.154.8   10.1.1.65TCP802039 Jun 26 07:31:30 
eth0 eth1 66.232.154.8   10.1.1.65TCP802039 Jun 26 07:32:18 
eth0 eth1 66.232.154.8   10.1.1.65TCP802039


does your log realy look like that ? always port the orginal 

since it's from port 80 i'd have 2 wild guesses 

1. your w2k box has a virus, that do httpd requests and you see the
responses beeing blocked in the firewall. 

2 the remote iis is infected by one of the iss exploit viruses making it
spew out packages seen a few of those lately. but that it would find
your 1 w2k box must be

Re: [leaf-user] Re: [leaf-devel] ANN: Bering-uClibc 2.2 beta2

2004-05-11 Thread Sean E. Covel

K.-P. Kirchdörfer wrote:

Am Dienstag, 11. Mai 2004 20:04 schrieb Marko Nurmenniemi:

K.-P. Kirchdörfer wrote:

Due to new linuxrc backupdisk is broken and has been removed.
With scp and dd support it shouldn't be a problem though - will anyone
miss this feature?
I will miss it.


Noted. thx for feedback.


Keep it simple for the common people.
Menu option needs no learning and floppies do break from time to time...


If you build your floppy from baseimage with dd, what's the problem todo dd 
your configured floppy back to onto your /home - where it will be safer as on 
a second floppy and backup'ed? 

But if there is demand, we will try to find a solution.

What backup?  ;-)

Never worked that well anyway IMHO.

I'm ashamed to admit that I always used WinImage to backup the floppy. 
But then again,
I always had quick and easy physical access to my routers...

Just my .02

Sean



---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson  Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] tinydns without public static ip

2004-05-01 Thread sean coogan

is it possible to run tiny dns with a non static ip on the external
interface. Can one use it to serve private dns queries only and hand
external queries over to dnscache or similar?



---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] simple? firewall port question - dachstein-1.0.2

2003-12-30 Thread Sean E. Covel

I still have one Dachstein firewall kicking around.  There were specific
modules (helpers) to get around some of the more complicated stuff that
ipchains didn't handle.  These modules went by the name:

ip_masq_x

These were a bunch of these.  They are like the ip_contrack modules for
iptables.

Some of them were:

ip_masq_ftp
ip_masq_quake
ip_masq_h323

If you look in /etc/modules you will see a list of them near the
bottom.  I have no idea if any of these pertain to your application, or
if there is one for your app that could be compiled for Dachstein.  It
is a direction to look though! ;-)

Good luck,

Sean

On Tue, 2003-12-30 at 14:01, Ray Olszewski wrote:
 Without getting bogged down in too much detail -- I did some research on 
 your problem and I **think** it lies in the details of how ipchains does 
 NATing and port forwarding.
 
 This URL -- http://saturn5.hn.org/ps2.html -- explains what you need to do 
 and how to do it on a BSD router. I can translate that for iptables, but 
 I'm too rusty on ipchains to do it there (or even to know for sure whether 
 it *can* be done). Perhap someone here who remembers the intricacies of 
 ipchains better than I can pick this up and provide the needed detail.
 
 The short version: the system needs a set of NATing rules that NAT LAN 
 sport 6000-6999, -AND- will ACCEPT unrelated traffic back to those ports. I 
 can believe that Linksys router do this ... they are way less paranoid than 
 LEAF routers. Standard ipchains port forwarding (I **think**) doesn't do 
 this because it does not reliably NAT connections *originating* from the 
 LAN host at (say) port 6000 to router external port 6000 ... it only 
 port-forwards traffic originating to router external port 6000 correctly.
 
 At 09:24 AM 12/30/2003 -0800, Michael Rogers wrote:
 --- Ray Olszewski [EMAIL PROTECTED] wrote:
   At 12:34 PM 12/29/2003 -0800, Michael Rogers wrote:
   I know this is probably simple and trivial, but I
   can't get it to work for the life of me...
 [details deleted]
 
 
 
 
 
 ---
 This SF.net email is sponsored by: IBM Linux Tutorials.
 Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
 Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
 Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???

2003-12-18 Thread Sean E. Covel

George,

My original message included IPSEC.  I guess my biggest concern is: Can
IPSEC from a windows machine pass through the WAP and end at the Bering
box.  This would require a few things:  The WAP passing IPSEC.  The MS
Box using IPSEC.  Bering able to understand whatever it is that
Microsoft embraced and extended when they wrote their implementation
of IPSEC.  I was hoping someone had done this and would point out all
the potholes in the road.

I read in detail about the WEP flaws.  15 min. to break RC4 encryption
because their implementation is so flawed, and no infrastructure to
change keys when they have been compromised.  That's why IPSEC is so
important.

Sean

On Thu, 2003-12-18 at 12:19, George Metz wrote:
 The problem with this approach is that WEP, the security protocol that 
 most Wireless points use, is fairly weak and relatively easily broken. 
 If you want to ensure that only authorized users can get in, you kind of 
 want to use both WEP (Wired Equivalent Protocol, even though it's not... 
 :) ) and something like IPSec for authenticated access to the WAN. 
 Otherwise, someone who really wants to can eventually sniff and break 
 the encryption, and use your pipe for anything they want.
 
 As a note, if the intended home environment happens to have metal siding 
 of any type, this can REALLY kill your ability to use WiFi out in your 
 yard. On the other hand, it makes it really difficult for someone to 
 pick up your WiFi signal from across the street, as well. Old wiring and 
 proximity to a microwave transmission tower can also have all sorts of 
 interesting effects.
 
 Remember, if you want to get it set up quick and dirty, set up the DMZ, 
 don't worry about the IPSec for now and just go with the built-in 
 encryption, and just get her online with a strong caution that anyone 
 can drive down the street with a laptop and pick up anything she sends 
 across it, so don't send credit cards or other financial data over the 
 line. Then, when you've got time, go back and research, then implement 
 the IPSec tunnel. WEP should be enough to fend off the simply curious 
 for the time being, though turning off the WAP when she's not going to 
 be using it might not be a bad idea. (Trips, busy weeks at work, etc.)
 
 George
 
 [EMAIL PROTECTED] wrote:
  I have done something similar but not using a DMZ.   I simply added a second
  Private network for the WiFi network using a normal NIC and a Separate
  Wireless Access Point.   Simply don't add any rules that will allow the two
  networks to interact into your shorewall rules and you have 2 independent,
  isolated internal networks both of which have internet access through your
  firewall.   The WiFi equipment we used had the capability to encrypt it's
  own communications which we implemented to ensure that other laptops could
  not be connected to the wireless network and use our satellite connection
  without permission.   All of our gear was from Alloy.
  
  Andrew Gray
  
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED] Behalf Of Sean E. Covel
  Sent: Tuesday, 16 Dec 2003 06:19
  To: [EMAIL PROTECTED]
  Cc: Leaf User List
  Subject: Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
  
  
  Julian,
  
  On Mon, 2003-12-15 at 11:32, Julian Church wrote:
  
 Hi Sean
 
 On Mon, 15 Dec 2003 10:02:35 -0500, Sean E. Covel [EMAIL PROTECTED]
 wrote:
 
 
 Here is what I am proposing to do:
 
 Cable Modem - Bering -- (Private Network) Current PC (Windows XP)
|
--- DMZ -- WAP -- Laptop (Windows XP)
 
 The question is, of course, how to secure the WIFI and Laptop.  I was
 hoping that the Laptop could establish an IPSEC connection through the
 WAP to Bering.
 
 Strange!
 
 That's exactly what I'm planning at home, except there are two laptops,
 both running Mac OS X (which has an IPSEC client built in.
 
 As far as I've determined by searching the internet, as long as your
 access point is set up as a transparent bridge, the IPSEC traffic will
 pass straight through.
 
 cheers
 
 Julian
 
 
  
  
  Since this needs to be up-and-running quickly, and I'm doing it in my
  spare time, I wanted to go the path of least resistance.  How soon till
  you implement?  I was hoping to learn from someone else's mistakes ;-).
  Don't want to be the trailblazer on this one.  It just sounds too easy.
  Anyone actually done it?  Even with 802.11a/b/g?
  
  
  
  
  ---
  This SF.net email is sponsored by: IBM Linux Tutorials.
  Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
  Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
  Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click
  
  leaf-user mailing list: [EMAIL PROTECTED]
  https://lists.sourceforge.net/lists/listinfo/leaf-user
  SR FAQ: http://leaf-project.org

RE: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???

2003-12-18 Thread Sean

The list comes through!  As usual!

Thanks guys.  Gotta go order some hardware...

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of 
 Christopher Harewood
 Sent: Thursday, December 18, 2003 6:48 PM
 To: [EMAIL PROTECTED]
 Cc: [EMAIL PROTECTED]
 Subject: Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???

 Sean: 

 I have a very similar setup to the one you propose.  The only 
 difference 
 is that my internet is delivered via dialup instead of cable 
 modem.  Other 
 than that (and that's a fairly small distinction), I've 
 managed to get it 
 up and running (with a goodish amount of help from the other list 
 members).  My laptop connection is IPsec encrypted through 
 the WAP to the 
 Bering box.  It can communicate with other PCs on my lan 
 (Win2K and Win98se) as 
 well as surf the net.  Without the IPsec auth, you can't even 
 ping the box.  
 Which is about the way I wanted it.  If you search this list 
 with my name, 
 you'll see how I started, faltered, and ultimately succeeded.  Any 
 questions, just yell.  

 I have one minor bug (can't see Bering weblet from laptop), 
 but I'm sure 
 I'll lick it in time.  An unrelated hardware problem made me RMA my 
 laptop.  Once it's back, I'll give you specifics, if you desire.  

 :Max

 ---
 This SF.net email is sponsored by: IBM Linux Tutorials.
 Become an expert in LINUX or just sharpen your skills.  Sign 
 up for IBM's Free Linux Tutorials.  Learn everything from the 
 bash shell to sys admin. Click now! 
 http://ads.osdn.com/?ad_id=1278alloc_id=3371 op=click

 --
 --
 leaf-user mailing list: [EMAIL PROTECTED] 
 https://lists.sourceforge.net/lists/listinfo/l eaf-user
 SR 
 FAQ: 
 http://leaf-project.org/pub/doc/docmanager/docid_1891.html

---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???

2003-12-15 Thread Sean E. Covel

Julian,

On Mon, 2003-12-15 at 11:32, Julian Church wrote:
 Hi Sean
 
 On Mon, 15 Dec 2003 10:02:35 -0500, Sean E. Covel [EMAIL PROTECTED] 
 wrote:
 
  Here is what I am proposing to do:
 
  Cable Modem - Bering -- (Private Network) Current PC (Windows XP)
  |
  --- DMZ -- WAP -- Laptop (Windows XP)
 
  The question is, of course, how to secure the WIFI and Laptop.  I was
  hoping that the Laptop could establish an IPSEC connection through the
  WAP to Bering.
 
 Strange!
 
 That's exactly what I'm planning at home, except there are two laptops, 
 both running Mac OS X (which has an IPSEC client built in.
 
 As far as I've determined by searching the internet, as long as your 
 access point is set up as a transparent bridge, the IPSEC traffic will 
 pass straight through.
 
 cheers
 
 Julian
 
 

Since this needs to be up-and-running quickly, and I'm doing it in my
spare time, I wanted to go the path of least resistance.  How soon till
you implement?  I was hoping to learn from someone else's mistakes ;-). 
Don't want to be the trailblazer on this one.  It just sounds too easy. 
Anyone actually done it?  Even with 802.11a/b/g?




---
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] lrpstat and shorewall

2003-11-21 Thread Sean E. Covel

Off the top of my head, you need to be running the data gathering
program.  There is a script version and a compiled C program.  You could
use either one.  It communicates with the Java applet over a port, I
think its 1023 or 1024.  You'll need to allow that through the firewall
as well.  Might be time to RTFM. 
http://leaf.sourceforge.net/devel/hejl/

Sean

On Fri, 2003-11-21 at 04:33, Erich Titl wrote:
 Al
 
 At 23:53 20.11.2003 -0500, you wrote:
 I'm trying to get weblet w/lrpstat to work on a Bering 1.2. I have
 weblet working and I can access the netmon.html page correctly. However,
 it has no data. If I shutdown Shorewall data starts coming in. I thought
 they both used the same tcp 80 port but I guess not. I can only guess
 that a different port is used. Does anyone know what's going on?
 
 Only a guess, shorewall will flush its output buffers at shutdown. You will 
 probably have to look at the way lrpstat implements the shorewall status.
 
 HTH
 Erich
 
 THINK
 Püntenstrasse 39
 8143 Stallikon
 mailto:[EMAIL PROTECTED]
 PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16
 
 
 
 
 ---
 This SF.net email is sponsored by: SF.net Giveback Program.
 Does SourceForge.net help you be more productive?  Does it
 help you create better code?  SHARE THE LOVE, and help us help
 YOU!  Click Here: http://sourceforge.net/donate/
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Access files on internal machine

2003-10-16 Thread Sean E. Covel

You could use sftp.  sftp is basically FTP over ssh.  That would get you
to/from a Linux box.  You could use Putty SFTP or some of the more GUI
ftp clients are starting to support SFTP (CuteFTP, WS_FTP Pro (not LE)).

On Thu, 2003-10-16 at 15:25, Ray Olszewski wrote:
 At 09:24 AM 10/16/2003 -0700, M  Lu wrote:
 Hello all,
 
  From Bering router machine, I would like to read/write from/to some files on
 an internal machine (either Linux or MS Windows-Server). What is the best
 way to do that?
 
 As posed, this question is a bit too general to get a good answer.
 
 First, the answers for Linux and Windows are likely to be quite different.
 
 Second, what do you actually want to do?
 
 As a general matter, you have three options that I can think of, none of 
 them very attractive in the context of LEAF/Bering.
 
 1. Mount a remote filesystem on the LEAF router in one of the usual ways 
 ... NFS or SMB. I don't *think* there are ready-made Bering packages for 
 either (at least I can't find them in Jacques' package area), and probably 
 the Bering kernel doesn't include support for these filesystems anyway. 
 Were this a standard Linux-to-Linux problem, or Linux-to-Windows, I'd 
 probably go this way.
 
 2. Use an activity-specific client-server setup (like the one for remote 
 syslog'ing). Whether this works for you depends on the specifics of what 
 you want to do ... does a suitable pair of apps exist, and is the client 
 one packaged for LEAF/Bering?
 
 3. Use ssh to connect to the internal server from the LEAF router and do 
 what you need to do. This is straightforward if you want to access those 
 files from a standard command-line app (edit them with vi, for example) ... 
 or at least it is straightforward for the LiEAF-to-Linux variant ... but 
 messy if you want to run some other sort of updater over an ssh tunnel.
 
 
 
 
 
 ---
 This SF.net email is sponsored by: SF.net Giveback Program.
 SourceForge.net hosts over 70,000 Open Source Projects.
 See the people who have HELPED US provide better services:
 Click here: http://sourceforge.net/supporters.php
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Ftpd-ssl behind Bering?

2003-10-13 Thread Sean

Jeff,

I was surprised to see that both CuteFTP and WS_FTP Pro clients both
support SFTP.  You have to look around a bit to find it, but its there.

Bummer to have to open a range.  Luckily I only open FTP to a few Ips
anyway.

FTP/SSL is getting more and more popular (especially since HIPPA).  I
hope the netfilter guys do some work for it.

Sean

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of 
 Jeff Newmiller
 Sent: Monday, October 13, 2003 2:57 AM
 To: Sean
 Cc: 'Leaf-User'
 Subject: Re: [leaf-user] Ftpd-ssl behind Bering?
 
 
 On Fri, 10 Oct 2003, Sean wrote:
 
  I have an FTP/SSL server behind a Bering firewall.  Problem is this:
  
  Oct 9 20:02:57 firewall Shorewall:net2all:DROP: IN=eth0 OUT= 
  MAC=00:03:47:08:40:1a:00:30:7b:fa:18:a8:08:00 SRC=204.60.67.237 
  DST=12.243.231.253 LEN=44 TOS=00 PREC=0x00 TTL=112 ID=57030 DF 
  PROTO=TCP SPT=22656 DPT=32960 SEQ=1959109775 ACK=0 WINDOW=8192 SYN 
  URGP=0 Oct 9 20:03:03 firewall Shorewall:net2all:DROP: IN=eth0 OUT= 
  MAC=00:03:47:08:40:1a:00:30:7b:fa:18:a8:08:00 SRC=204.60.67.237 
  DST=12.243.231.253 LEN=44 TOS=00 PREC=0x00 TTL=112 ID=57542 DF 
  PROTO=TCP SPT=22656 DPT=32960 SEQ=1959109775 ACK=0 WINDOW=8192 SYN 
  URGP=0
   
  The setup is this:  3 interface Bering.  FTPD/SSL in a DMZ - 
  192.168.2.1.  Port-forwarding port 21 to the DMZ.  Connecting fails 
  when it tries to connect the data channel.
  
  The connection works great from the private network to the DMZ.
  
  Ip_conntrack_ftp and ip_nat_ftp are loaded.  A standard FTPD 
  connection works just great.
 
 I know almost nothing about FTPD/SSL, but I know about FTP, 
 and I know about SSL.  I would have to say the chances of 
 ip_conntrack_ftp or ip_nat_ftp helping in any way with 
 FTPD/SSL would be very close to zero, since these modules 
 depend on examination of the information exchanged over the 
 control connection, which is what SSL is all about preventing.
 
 I think you will have to fall back on forwarding a specified 
 range of ports for data connections and configuring your 
 FTPD/SSL server to restrict itself to those ports.  This is 
 only effective for a relatively small number of connections 
 per minute.
 
 SFTP (ftp over ssl) is a much more practical secure data 
 transfer mechanism, since it uses only a single connection 
 for all data transfer.  
 Getting Windows users to use it may be a challenge at this 
 time, though, because it is not a widely accepted protocol.
 
 --
 -
 Jeff NewmillerThe .   
 .  Go Live...
 DCN:[EMAIL PROTECTED]Basics: ##.#.   
 ##.#.  Live Go...
   Live:   OO#.. Dead: 
 OO#..  Playing
 Research Engineer (Solar/BatteriesO.O#.   #.O#.  with
 /Software/Embedded Controllers)   .OO#.   
 .OO#.  rocks...2k
 --
 -
 
 
 
 ---
 This SF.net email is sponsored by: SF.net Giveback Program. 
 SourceForge.net hosts over 70,000 Open Source Projects. See 
 the people who have HELPED US provide better services: Click 
 here: http://sourceforge.net/supporters.php
 --
 --
 leaf-user mailing list: [EMAIL PROTECTED] 
 https://lists.sourceforge.net/lists/listinfo/l eaf-user
 SR 
 FAQ: 
 http://leaf-project.org/pub/doc/docmanager/docid_1891.html
 




---
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Ftpd-ssl behind Bering?

2003-10-10 Thread Sean

I have an FTP/SSL server behind a Bering firewall.  Problem is this:

Oct 9 20:02:57 firewall Shorewall:net2all:DROP: IN=eth0 OUT=
MAC=00:03:47:08:40:1a:00:30:7b:fa:18:a8:08:00 SRC=204.60.67.237
DST=12.243.231.253 LEN=44 TOS=00 PREC=0x00 TTL=112 ID=57030 DF PROTO=TCP
SPT=22656 DPT=32960 SEQ=1959109775 ACK=0 WINDOW=8192 SYN URGP=0 
Oct 9 20:03:03 firewall Shorewall:net2all:DROP: IN=eth0 OUT=
MAC=00:03:47:08:40:1a:00:30:7b:fa:18:a8:08:00 SRC=204.60.67.237
DST=12.243.231.253 LEN=44 TOS=00 PREC=0x00 TTL=112 ID=57542 DF PROTO=TCP
SPT=22656 DPT=32960 SEQ=1959109775 ACK=0 WINDOW=8192 SYN URGP=0 
 
The setup is this:  3 interface Bering.  FTPD/SSL in a DMZ -
192.168.2.1.  Port-forwarding port 21 to the DMZ.  Connecting 
fails when it tries to connect the data channel.

The connection works great from the private network to the DMZ.

Ip_conntrack_ftp and ip_nat_ftp are loaded.  A standard FTPD connection
works just great.

Thanks for your help,

Sean




---
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] OT: Results of Internal Security Scan.

2003-08-14 Thread Sean E. Covel

On Fri, 2003-08-08 at 15:27, Charles Steinkuehler wrote:
 Jay Langford wrote:
  Thanks charles, 
  
  I am going to check out nessus as per seans suggestion...
 
 I think you'll be happier with the nessus results.  Nmap is also good 
 for raw port-scanning.
 

Nessus uses Nmap for it's port scanner.

  Do you know if it is possible to change the ping results to make it look
  like it's a windows box?
  
  ICMP code in response  0 = Unix box 
  
  If so would there be any side effects of doing this?
 
 ???  I'm confused.
 
 A ping (echo request, ICMP message type 8) should always be answered 
 with an echo reply (ICMP message type 0).
 
 I don't think even Microsoft's TCP/IP stack has managed to screw this up.
 
 Also, all ICMP echo request/reply messages should have a message code of 
 0 (although some vendors co-opt the message code for specific services).
 
 Do you have a packet dump of the offending ping traffic?

What would be the point of this?  To hide your Linux box?  There are
many other ways to fingerprint a box.  Responses to ping, deny/reject
responses, IP ID field sequences, service responses.  Just knowing a box
is a Linux box doesn't really help you break in.  Knowing (or hiding)
that a box is running IIS doesn't help you that much either.  Sure it
narrows the number of exploits you have to try, but the attacks are
scripted, so who care how long it takes, how many exploits are tried.

Nessus has a setting so it will make assumptions based on its
fingerprint findings.  It scans faster that way.  BUT, it misses stuff
too.  Better turn that one off.

I had a point when I started this...

Sean





---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] OT: Results of Internal Security Scan.

2003-08-11 Thread Sean E. Covel

Glad I could help.  I have a 4 week old.  I'm not very coherent most of
the time right now.  I miss sleep...

On Sun, 2003-08-10 at 19:23, Jay Langford wrote:
 Sean, 
 I think I had a point as well ... but both you and Charles have answered
 this question very well, and I will not be bringing it up again, the reason
 I was asking was infact to try and hide the fact that the box is a linux
 box, but as you've pointed out.. Its not much use... 
 
 Charles, I don't have tcpdump available to me (not on this machine anyhowz
 == XP), but I was only really interested on the topic for the reason above
 (to hide the fact that it's a linux box). If you still want the packetdump
 let me know, and I'll run it this arvo.. 
 
 Thanks 
 
 
 
 ---
 This SF.Net email sponsored by: Free pre-built ASP.NET sites including
 Data Reports, E-commerce, Portals, and Forums are available now.
 Download today and enter to win an XBOX or Visual Studio .NET.
 http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] OT: Results of Internal Security Scan.

2003-08-06 Thread Sean E. Covel

2 Comments:

1.  The more locked-down a server is, the harder it is to finger
print it.

2.  Seems like a windows-centric scanner.  Does it know how to spell
Linux?

You might want to look into NESSUS.  nessus.org.  Nice scanner.  When it
gets confused (due to a well locked-down server) it might ID it as
Windows or Linux or BSD...  It IDs Bering as Linux 2.4.x

Sean

On Wed, 2003-08-06 at 02:41, Jay Langford wrote:
 Hi Listers,
 
 This is a bit off topic, but i thought I would share the funny results I got
 back from an Internal Network Scan I performed earlier today... ( Note the
 'on the internal network' - I was looking for internal security holes)
 
 The scan performed an OS detection as part of its audit of the network.. and
 this is what is returned for my bering box (*confused look*)
 
 [XXX.XXX.XXX.XXX]
 NETBIOS/SMB is not enabled on this computer.
 Resolving XXX.XXX.XXX.XXX...
 
 UDP scanning thread started ...
 TCP scanning started ...
 2 open port(s).
 Gathering banners ... 
 80 - Trying to determine web server type
 Server : Microsoft-IIS/5.0  | What the??
 Operating System : Windows 2000 |
 
 Has anyone seen similar results in scans performed? ( f.y.i: I used GFI
 LANguard http://www.gfisoftware.com/lannetscan/ )
 
  jay
 
 
 
 ---
 This SF.Net email sponsored by: Free pre-built ASP.NET sites including
 Data Reports, E-commerce, Portals, and Forums are available now.
 Download today and enter to win an XBOX or Visual Studio .NET.
 http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] dealing with a schizo dhcp client (replayTV)

2003-08-01 Thread Sean Vincent


Or do as 1,000s of other Shorewall users have done and add the 'dhcp'
option to the eth1 entry in your /etc/shorewall/interfaces file.
-Tom
--
OK.  Sorry if I overlooked the obvious.  Like I said, it is actually 
configured with a static ip, like every other client on my network.  These 
dhcpdiscover packets are bizzare artifacts resulting from one OS being 
built on top of a different OS inside the RTV.  The RTV can even lock up on 
occasion if it can't find a dhcp servereven when configured as 
static.  By forcing a fixed address in the dhcp server, I keep the RTV from 
assuming two separate addresses.  It has worked very well for me for a 
while now.  Since that part was working so well, I wasn't sure if the 
rejection of port 68 and 67 traffic was a bad thing or a good thing.  



---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] dealing with a schizo dhcp client (replayTV)

2003-07-31 Thread Sean Vincent

Maybe I don't have a problem, but at the very least, I hope my firewall 
logs don't have to fill up with rejected packets due to this issue.  I have 
a replayTV 4k.  These things have an awful dhcp implementation.  They work 
most reliably when configured for a static IP but they still send out dhcp 
requests and sometimes forget their ip address or even appear to assume two 
different ip addresses at times.  LEAF has actually been a godsend in that 
I can put a host line in dhcp.conf:

host replay (hardware ethernet 00:80:45:31:16:26; fixed-address 192.168.1.1;}

to force the replay to maintain it's address.  I also remove 192.168.1.1 
from the range of available dhcp addresses to assign.  (the default range 
statement is changed to 192.168.1.2 192.168.1.199)

But it looks like something isn't quite right.

daemon.log looks like this sometimes:
Jul 31 15:37:24 firewall dhcpd: DHCPREQUEST for 192.168.1.1 from 
00:80:45:31:16:26 via eth1
Jul 31 15:37:24 firewall dhcpd: DHCPACK on 192.168.1.1 to 00:80:45:31:16:26 
via eth1
Jul 31 15:37:24 firewall dhcpd: send_packet: Operation not permitted

[repeat last three lines ~30 times], and then:

Jul 31 21:37:43 firewall dhcpd: DHCPDISCOVER from 00:80:45:31:16:26 via eth1
Jul 31 21:37:43 firewall dhcpd: DHCPOFFER on 192.168.1.1 to 
00:80:45:31:16:26 via eth1
Jul 31 21:37:48 firewall dhcpd: DHCPREQUEST for 192.168.1.1 from 
00:80:45:31:16:26 via eth1
Jul 31 21:37:48 firewall dhcpd: DHCPACK on 192.168.1.1 to 00:80:45:31:16:26 
via eth1
Jul 31 21:39:40 firewall dhcpd: DHCPDISCOVER from 00:80:45:31:16:26 via eth1
Jul 31 21:39:40 firewall dhcpd: DHCPOFFER on 192.168.1.1 to 
00:80:45:31:16:26 via eth1
Jul 31 21:39:45 firewall dhcpd: DHCPREQUEST for 192.168.1.1 from 
00:80:45:31:16:26 via eth1
Jul 31 21:39:45 firewall dhcpd: DHCPACK on 192.168.1.1 to 00:80:45:31:16:26 
via eth1
Jul 31 21:39:46 firewall dhcpd: DHCPRELEASE of 192.168.1.1 from 
00:80:45:31:16:26 via eth1 (not found)

and shorewall.log has lots of these:

Jul 31 06:59:26 firewall Shorewall:all2all:REJECT: IN=eth1 OUT= 
MAC=00:10:b5:0d:ff:b8:00:80:45:31:16:26:08:00 SRC=192.168.1.1 
DST=192.168.1.254 LEN=280 TOS=00 PREC=0x00 TTL=64 ID=7166 PROTO=UDP SPT=68 
DPT=67 LEN=260
Jul 31 06:59:36 firewall Shorewall:all2all:REJECT: IN= OUT=eth1 
MAC=08:00:2b:e6:e4:3d:00:04:28:27:24:54:08:00 SRC=192.168.1.254 
DST=192.168.1.1 LEN=328 TOS=00 PREC=0x00 TTL=64 ID=30051 DF PROTO=UDP 
SPT=67 DPT=68 LEN=308

I think I can figure out how to add a rule to stop shorewall from rejecting 
the bootpc and bootps packets.  I just want to be sure they are safe to 
ignore.  Are operation not permitted and not found  just annoying or a 
sign of something bad?





---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] dealing with a schizo dhcp client (replayTV)

2003-07-31 Thread Sean Vincent

Maybe I don't have a problem, but at the very least, I hope my firewall 
logs don't have to fill up with rejected packets due to this issue.  I have 
a replayTV 4k.  These things have an awful dhcp implementation.  They work 
most reliably when configured for a static IP but they still send out dhcp 
requests and sometimes forget their ip address or even appear to assume two 
different ip addresses at times.  LEAF has actually been a godsend in that 
I can put a host line in dhcp.conf:

host replay (hardware ethernet 00:80:45:31:16:26; fixed-address 192.168.1.1;}

to force the replay to maintain it's address.  I also remove 192.168.1.1 
from the range of available dhcp addresses to assign.  (the default range 
statement is changed to 192.168.1.2 192.168.1.199)

But it looks like something isn't quite right.

daemon.log looks like this sometimes:
Jul 31 15:37:24 firewall dhcpd: DHCPREQUEST for 192.168.1.1 from 
00:80:45:31:16:26 via eth1
Jul 31 15:37:24 firewall dhcpd: DHCPACK on 192.168.1.1 to 00:80:45:31:16:26 
via eth1
Jul 31 15:37:24 firewall dhcpd: send_packet: Operation not permitted

[repeat last three lines ~30 times], and then:

Jul 31 21:37:43 firewall dhcpd: DHCPDISCOVER from 00:80:45:31:16:26 via eth1
Jul 31 21:37:43 firewall dhcpd: DHCPOFFER on 192.168.1.1 to 
00:80:45:31:16:26 via eth1
Jul 31 21:37:48 firewall dhcpd: DHCPREQUEST for 192.168.1.1 from 
00:80:45:31:16:26 via eth1
Jul 31 21:37:48 firewall dhcpd: DHCPACK on 192.168.1.1 to 00:80:45:31:16:26 
via eth1
Jul 31 21:39:40 firewall dhcpd: DHCPDISCOVER from 00:80:45:31:16:26 via eth1
Jul 31 21:39:40 firewall dhcpd: DHCPOFFER on 192.168.1.1 to 
00:80:45:31:16:26 via eth1
Jul 31 21:39:45 firewall dhcpd: DHCPREQUEST for 192.168.1.1 from 
00:80:45:31:16:26 via eth1
Jul 31 21:39:45 firewall dhcpd: DHCPACK on 192.168.1.1 to 00:80:45:31:16:26 
via eth1
Jul 31 21:39:46 firewall dhcpd: DHCPRELEASE of 192.168.1.1 from 
00:80:45:31:16:26 via eth1 (not found)

and shorewall.log has lots of these:

Jul 31 06:59:26 firewall Shorewall:all2all:REJECT: IN=eth1 OUT= 
MAC=00:10:b5:0d:ff:b8:00:80:45:31:16:26:08:00 SRC=192.168.1.1 
DST=192.168.1.254 LEN=280 TOS=00 PREC=0x00 TTL=64 ID=7166 PROTO=UDP SPT=68 
DPT=67 LEN=260
Jul 31 06:59:36 firewall Shorewall:all2all:REJECT: IN= OUT=eth1 
MAC=08:00:2b:e6:e4:3d:00:04:28:27:24:54:08:00 SRC=192.168.1.254 
DST=192.168.1.1 LEN=328 TOS=00 PREC=0x00 TTL=64 ID=30051 DF PROTO=UDP 
SPT=67 DPT=68 LEN=308

I think I can figure out how to add a rule to stop shorewall from rejecting 
the bootpc and bootps packets.  I just want to be sure they are safe to 
ignore.  Are operation not permitted and not found  just annoying or a 
sign of something bad?





---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] URGENT- Network Card Help

2003-06-18 Thread Sean E. Covel

Sometimes I have to format the floppy 1.44 first, then I use WinImage to
write the image to the floppy.  Nice shiny new diskettes are always
recommended for the larger formated floppies.  Getting WinImage also
lets you create a nice backup of your floppy once you get it working
properly.  Large formated floppies can be temperamental, so DO back it
up once you have it all set.  Having said that, I have a Dachstein box
that's been running of a floppy for at least a year with minor changes
now and then with no problems.  After saying that, I better go back it
up before it goes! ;-)

On Wed, 2003-06-18 at 08:16, Aid Hamer wrote:
 I've tried it on 3 completely separate systems, with completely different
 Floppies, that all formatted FAT OK before.
 
 I did a reboot though on this system and it at least starts to write, so I
 now have an indicator the media is not good enough for it.
 
 Many thanks Erich
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of Erich Titl
 Sent: 18 June 2003 12:51
 To: [EMAIL PROTECTED]
 Subject: RE: [leaf-user] URGENT- Network Card Help
 
 
 Hi
 
 At 09:38 18.06.2003 +0100, you wrote:
 Many thanks for all your help but having a BIG problem writing the Win32
 disk images to floppy, just keep getting an error.
 
 That applies to Bering 1.2, 1.1 and the stable release basically all the
 ones I've tried. Ran the image.exe on win2K and XP.
 
 Have you checked your drive and media ?
 
 HTH
 Erich
 
 
 THINK
 Püntenstrasse 39
 8143 Stallikon
 mailto:[EMAIL PROTECTED]
 PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16
 
 
 
 
 ---
 This SF.Net email is sponsored by: INetU
 Attention Web Developers  Consultants: Become An INetU Hosting Partner.
 Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
 INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
 
 
 
 ---
 This SF.Net email is sponsored by: INetU
 Attention Web Developers  Consultants: Become An INetU Hosting Partner.
 Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
 INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
-- 
Sean E. Covel [EMAIL PROTECTED]



---
This SF.Net email is sponsored by: INetU
Attention Web Developers  Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering 1.1 partial backup issue

2003-03-17 Thread Sean E. Covel

Well, If your talking to me...

I have not tried Bering 1.1 yet.  Keeping meaning to, but lots of other
projects have popped up.  

First of all, Bering has not included the proper files to do a real
partial backup.  These files are called packagename.local.  If the
backup script can't find the .local file, it defaults to the .conf
(which is often good enough).  The only problem I have had with partial
backups was when my .local files had some DOS cr/lf characters in them. 
The script would barf.  Never seen the symptoms you are having...

Wait, look at your syslinx.cfg file and make sure you are not loading a
package twice.  I've seen that confuse the backup scripts.  Also, did
you edit your /var/lib/lrpkg/backdisk file at all?  You might want to
attach that file to your next Email, and your
/var/lib/lrpkg/ipsec.bktype file as well.  These are the two files that
control the backup.

Sean

On Mon, 2003-03-17 at 06:38, Jorn Eriksen wrote:
 Ahh - stupid me.  Spending some time looking in the archives I found a
 similar problem.  Sean - if U are there and U corrected the problem - do U
 mind posting the fix?
 
 Thanks
 
 Jorn
 - Original Message -
 From: Jørn Eriksen [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Saturday, March 15, 2003 9:49 PM
 Subject: [leaf-user] Bering 1.1 partial backup issue
 
 
  Hello there,
 
  It seams that there is a bug in the set backup type script in Bering 1.1
 
  In my case IPsec is package no 13 so I use:
   # t 13
  then the line for that package become:
  18) ipseccdrom iso9660
  As one can see the information on backup type completely go away.
 
  If I also try to set the destination everything go wrong.
 
  Any clues?
 
  Thanks
  Jorn
 
 
 
 
  ---
  This SF.net email is sponsored by:Crypto Challenge is now open!
  Get cracking and register here for some mind boggling fun and
  the chance of winning an Apple iPod:
  http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
  
  leaf-user mailing list: [EMAIL PROTECTED]
  https://lists.sourceforge.net/lists/listinfo/leaf-user
  SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
 
 
 
 
 ---
 This SF.net email is sponsored by:Crypto Challenge is now open! 
 Get cracking and register here for some mind boggling fun and 
 the chance of winning an Apple iPod:
 http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
-- 
Sean E. Covel [EMAIL PROTECTED]



---
This SF.net email is sponsored by:Crypto Challenge is now open! 
Get cracking and register here for some mind boggling fun and 
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Setting up First DMZ - Help Wanted

2003-03-13 Thread Sean E. Covel

I'm trying to setup my first DMZ on Bering 1.0.  I downloaded the
Shorewall 3 Interface example and made the changes.  I now have 2-2 port
NICs in the firewall.  I edited /etc/interfaces and added eth2 as
192.168.2.254.  The result of ip addr is as follows:

# ip addr
1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue 
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop 
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:03:47:08:40:1a brd ff:ff:ff:ff:ff:ff
inet 12.243.231.253/25 brd 255.255.255.255 scope global eth0
4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:03:47:08:40:1b brd ff:ff:ff:ff:ff:ff
inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1
5: eth2: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:03:47:08:4a:d6 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.254/24 brd 192.168.2.255 scope global eth2
6: eth3: BROADCAST,MULTICAST mtu 1500 qdisc noop qlen 100
link/ether 00:03:47:08:4a:d7 brd ff:ff:ff:ff:ff:ff

So it appear to be setup.  The problem is, I can't seem to communicate
with the host on 192.168.2.1.  DHCP wasn't working, so I gave the host a
static address.  (I did edit dhcpd.conf and the proper shorewall file to
add dhcp).  SSH responds:

# ssh 192.168.2.1
ssh: connect to host 192.168.2.1 port 22: No route to host

# ip route
12.243.231.128/25 dev eth0  proto kernel  scope link  src 12.243.231.253
192.168.2.0/24 dev eth2  proto kernel  scope link  src 192.168.2.254 
192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.254 
default via 12.243.231.129 dev eth0 

# ping 192.168.2.254
PING 192.168.2.254 (192.168.2.254): 56 data bytes
64 bytes from 192.168.2.254: icmp_seq=0 ttl=255 time=0.8 ms
64 bytes from 192.168.2.254: icmp_seq=1 ttl=255 time=0.6 ms

# ping 192.168.2.1
PING 192.168.2.1 (192.168.2.1): 56 data bytes

--- 192.168.2.1 ping statistics ---
7 packets transmitted, 0 packets received, 100% packet loss

The box at 192.168.2.1 was previously on the 192.168.1 network and
responded to ping, ssh, vnc, etc..

Any hints?  Need anymore details?

-- 
Sean E. Covel 



---
This SF.net email is sponsored by:Crypto Challenge is now open! 
Get cracking and register here for some mind boggling fun and 
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] upgrading procedures

2003-02-18 Thread Sean

The easiest way (in my mind) is to use a CDRom and do partial backups
on floppies.  In most cases an upgrade involves putting a new CDRom in
the drive and rebooting.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Alex
Rhomberg
Sent: Tuesday, February 18, 2003 6:00 PM
To: Fabrice CHARLEUX; [EMAIL PROTECTED]
Subject: AW: [leaf-user] upgrading procedures


 I was wondering what was the best way to upgrade to
 each new Bering version.
 - Retyping the configurations files from the previous ones (in case 
 there are major changes in the config files)
 - Backing up the previous config files and copy them back
 to the current version
 - upgrading the current configuration with each new LRP manually
 - other ways ?

I wrote some scripts for that, which should make upgrading and maintaing
multiple firewalls really easy, if you have a linux / unix box with root
access (could also be virtual):

diffleaf: Show all the differences between your installed packages and
the default packages, i.e. the configuration files you edited.

makeleaf: Combine custom configuration files (normally few) with the
standard packages to get a pre-configured firewall

The packages are now available in the patches section (look for patches
by
alexrh) while I'm hoping for developer access. As soon as I get that, I
shall upload a much improved version including e.g. automatic resolving
of kernel module dependencies.

Cheers
Alex



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering/Shorewall vs. Dachstein

2003-02-12 Thread Sean E. Covel

I'd be more than willing to help debug this.  I have both the Dachstein
and Bering firewalls setup, I just switch the cables and I'm set to go. 
If you want specifics of the setups, tell me what you need and I'll send
it to you.

Eyeball Chat says it does NOT use H323 (is that the correct number?)
video conferencing protocol, so I'm not sure that Dachstein's ipmasq
setting would have helped.  

I am using the Dachstein CD 1.02.  I added some rules for SSH and VNC. 
I did nothing specific for Eyeball Chat.  I can send whatever config
files you might want.

I was using Bering Stable, with Shorewall 1.3.12a.  I upgraded the
shorewall to 1.3.14 last night.  I haven't tried Eyeball since the
upgrade.  I used the 2 nic version and added some DNAT for ssh and VNC.

Let me know what you want me to log on each firewall and I'll give it a
go.

I'd like to avoid opening ports, esp. since its a p2p app, and who would
I open them for?  My inlaws are on dial-up.

I've seen posts on Google Groups of users saying it just worked
through their firewall when other apps didn't.  What I like is that it
compresses video and audio so it is usable on a dial-up connection.

Ray, I'll attempt some connections tonight (If I get a chance) and send
the output from Dachstein and Bering that you suggested.

Sean



 There is something that we are missing here regarding the difference 
 between his Dachstein and Bering configurations. Not only would these high 
 ports have to have been open but they would have to have been forwarded to 
 the internal machine running his P2P application. That would have required 
 an explicit configuration action on his part.
 
 I *think* this assertion is incorrect. The firewall paper Sean referred us 
 to *seems* to be describing a workaround for exactly this requirement. I 
 don't fully understand how they do it (either the paper intentionally omits 
 some key technical detail, or I just missed it). Lynn's suggestion above, a 
 more succinct expression of the thought I talked about in rambly form, is 
 probably closer to the target.
 
 The exception would be if the application is built on some standard 
 technology like IRC where a masquerade module is available on Dachstein 
 but not on Bering.
 




---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering/Shorewall vs. Dachstein

2003-02-12 Thread Sean E. Covel

BTW,

I did send Eyeball Chat a help request, but since it is free software,
I'm not holding my breath.

I'm willing to pursue this just to see if this magic silver bullet they
have going actually works.  Strange that they have instructions on how
to blow holes in your firewall (static patch) if their 
magic firewall approach works so well...

On Wed, 2003-02-12 at 09:37, Tom Eastep wrote:
 Sean E. Covel wrote:
  I'd be more than willing to help debug this.  I have both the Dachstein
  and Bering firewalls setup, I just switch the cables and I'm set to go. 
  If you want specifics of the setups, tell me what you need and I'll send
  it to you.
 
 Under Bering:
 
 a) shorewall reset
 b) Try to connect
 c) shorewall status  /tmp/status
 d) Send us the /tmp/status file.
 
  
  Eyeball Chat says it does NOT use H323 (is that the correct number?)
  video conferencing protocol, so I'm not sure that Dachstein's ipmasq
  setting would have helped. 
 
 Something clearly did.
 
  
  I am using the Dachstein CD 1.02.  I added some rules for SSH and VNC. 
  I did nothing specific for Eyeball Chat.  I can send whatever config
  files you might want.
 
 They won't mean anything to me but they probably will to Ray.
 
  
  I was using Bering Stable, with Shorewall 1.3.12a.  I upgraded the
  shorewall to 1.3.14 last night.  I haven't tried Eyeball since the
  upgrade.  I used the 2 nic version and added some DNAT for ssh and VNC.
  
  Let me know what you want me to log on each firewall and I'll give it a
  go.
  
  I'd like to avoid opening ports, esp. since its a p2p app, and who would
  I open them for?  My inlaws are on dial-up.
  
 
 The ultimate solution is probably going to be that you will have to 
 forward some additional ports. If that's unacceptable to you then we may 
 as will not persue this.
 
 -Tom
 -- 
 Tom Eastep\ Shorewall - iptables made easy
 Shoreline, \ http://www.shorewall.net
 Washington USA  \ [EMAIL PROTECTED]
 




---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering/Shorewall vs. Dachstein

2003-02-12 Thread Sean E. Covel

Tom, 

I'm a complete iptables noob, and you are obviously an expert at this
point.  Eyeball Chat does claim that it works with iptables.  Is the
connection tracking table a recent addition?  Can you think of what
might have to be done for it to work with iptables?  

If they ever get back to me about this, I'll be sure to let you know!

Sean

On Wed, 2003-02-12 at 10:13, Tom Eastep wrote:
 Sean E. Covel wrote:
  BTW,
  
  I did send Eyeball Chat a help request, but since it is free software,
  I'm not holding my breath.
  
  I'm willing to pursue this just to see if this magic silver bullet they
  have going actually works.  Strange that they have instructions on how
  to blow holes in your firewall (static patch) if their 
  magic firewall approach works so well...
  
 
 I just read their Magic Bullet paper and I think that it works with 
 Dachstein because on Dachstein (as with Seawall), the Masquerade Port 
 Range is left open by the firewall. This allows incoming SYN packets
 to sail right through the firewall AND will even route it to the correct 
 internal system. It is a cute trick except that it is based on being 
 able to exploit the primative capabilities of ipchains.
 
 That little trick will not work with Shorewall because the NetFilter 
 connection tracking table identifies connection endpoints by 
 (ip,protocol,port) rather than just by (protocol,port). So just because 
 EyeBall running on 192.168.12.12 is connected to the EyeBall server via 
 external address w.x.y.z and port P doesn't mean that EyeBall user at 
 address a.b.c.d can open port P on w.x.y.z and be able to successfully 
 connect through the firewall to 192.168.12.12.
 
 -Tom
 -- 
 Tom Eastep\ Shorewall - iptables made easy
 Shoreline, \ http://www.shorewall.net
 Washington USA  \ [EMAIL PROTECTED]
 




---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Bering/Shorewall vs. Dachstein

2003-02-12 Thread Sean

So, after much discussion, is there anything specific you would like me
to do Shorewall before I gather statistics?  I can shut off all my other
machines and turn on/off everything/nothing, logg everything...whatever.
Just let me know what.  How about Dachstein?

I'll be making my attempt in about 3 hours (8:30 est) after the young
one goes to bed.  I've got to find a patient relative who will put up
with my trouble-shooting.

Let me know,

Sean

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Tom Eastep
Sent: Wednesday, February 12, 2003 3:46 PM
To: Ray Olszewski
Cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Bering/Shorewall vs. Dachstein


Tom Eastep wrote:


 
 Ah -- yes, now I see what you are getting at. Yet, it's apparently not
 working
 

I'm trying to keep up with this thread while at the same time following 
a distributed training exercise on another monitor. During the lunch 
break, I got a chance to look at what Ray wrote more closely :-)

One other thing to remember is that because Netfilter tracks 
(ip,protocol[,port]), it usually doesn't have to remap ports the way 
that ipchains does. So the external port shouldn't change when the peers

switch from sending to the server to sending to their opposite.

-Tom
-- 
Tom Eastep\ Shorewall - iptables made easy
Shoreline, \ http://www.shorewall.net
Washington USA  \ [EMAIL PROTECTED]



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Bering/Shorewall vs. Dachstein

2003-02-11 Thread Sean

Thanks for your responses.

After spending more time on their website, sarcasm I discovered their
Any-Firewall-Whitepaper where it states that I actually don't have a
problem since their technology works transparent to firewalls and
NAT./sarcasm

Lynn, you are correct.  There are some high UDP ports, but according to
their white-paper, these are only outgoing connections.  Since it's a
peer-to-peer connection, I'm not sure how both parties can have outgoing
connections, and no incoming connections...but its obviously some highly
advanced technology!  What's my exposure when opening those TCP and UDP
ports?  I'm VERY new to iptables, so be gentle.

Thanks,

Sean

Snip---
The solution was posted on their website.  Apparently by default it uses
dynamic UDP and TCP but there is a static port patch for v2.2 located
here:

http://www.eyeballchat.com/download/patches/fixed_ports_patch22.reg

Then you need to open up these ports:

- UDP ports 5700, 5701 and 5702 and
- TCP ports 5500 and 5501.

Eyeball Chat should then work correctly.

snip---
I use an app, EyeBall chat, to video chat to relatives. 
 It worked just fine under Dachstein.  It is NOT working under Bering. 
 It appears the app uses a number of dynamic UDP and TCP connections
for
 the audio/video portions of the chat.  I didn't see anything in the 
 shorewall logs that was helpful.  Anyone got any thoughts?

Snip---
I would imagine that since it worked with Dachstein, there was probably
some high port UDP traffic that iptables stops with conntrack (statefule
connection tracking).
-- 
~Lynn Avants
Linux Embedded Firewall Project developer http://leaf.sourceforge.net




---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Bering/Shorewall vs. Dachstein

2003-02-09 Thread Sean

I have been using Dachstein for a few years.  I recently decided to give
Bering a try.  I use an app, EyeBall chat, to video chat to relatives.
It worked just fine under Dachstein.  It is NOT working under Bering.
It appears the app uses a number of dynamic UDP and TCP connections for
the audio/video portions of the chat.  I didn't see anything in the
shorewall logs that was helpful.  Anyone got any thoughts?
 
Thanks,
 
Sean
 
p.s.
 
www.eyeballchat.com if you want to see their software.  I guess there is
a way to restrict the app to some static ports, but i'm not to sure
about opening ports to just anyone.




---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Bering partial backup not working (was: Bering2.4.18 CD)

2003-02-04 Thread Sean

That was it!  I'll post the new .local files and an iso in a day or two.
Thanks to everyone for their help.  Todd, thanks for the .local files,
even the ones with the cr/lf's in there ;-)

Sean

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Sean E.
Covel
Sent: Monday, February 03, 2003 3:15 PM
To: Brad Fritz
Cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Bering partial backup not working (was:
Bering2.4.18 CD)


 sc Good point.  I couldn't find them either so I emailed Todd.  I'll 
 sc host them.  I'm not sure if you want to help, or if you just want 
 sc the files ;-), but here they are.  I also posted my ISO in case 
 sc someone wants to do some debugging.
 sc 
 sc The files are here:
 sc 
 sc http://leaf.sourceforge.net/devel/scovel
 
 Looks like there are carriage returns in the .local files that are 
 causing problems with the grep at ~101 of lrcfg.back.script . Try the 
 versions I sterilized with dos2unix and sent you offlist and let us 
 know if that fixes the problem.
 
 --Brad
 

Shame on me!  I'll bet that's it.  I was planning on spending some time
tonight debugging the script, but I'll give the dos2unix command a shot
first and save myself the time.  I'll let you all know if it works.  If
it does, I'll post a new (Unix) version of the files, and my ISO as well
in case someone wants it.

Sean



---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering partial backup not working (was: Bering2.4.18 CD)

2003-02-03 Thread Sean E. Covel

 sc Good point.  I couldn't find them either so I emailed Todd.  I'll host
 sc them.  I'm not sure if you want to help, or if you just want the files
 sc ;-), but here they are.  I also posted my ISO in case someone wants to
 sc do some debugging.
 sc 
 sc The files are here:
 sc 
 sc http://leaf.sourceforge.net/devel/scovel
 
 Looks like there are carriage returns in the .local files that
 are causing problems with the grep at ~101 of lrcfg.back.script .
 Try the versions I sterilized with dos2unix and sent you offlist
 and let us know if that fixes the problem.
 
 --Brad
 

Shame on me!  I'll bet that's it.  I was planning on spending some time
tonight debugging the script, but I'll give the dos2unix command a shot
first and save myself the time.  I'll let you all know if it works.  If
it does, I'll post a new (Unix) version of the files, and my ISO as well
in case someone wants it.

Sean



---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Bering 2.4.18 CD

2003-02-01 Thread Sean

More info,

I created a Bering floppy, booted it, then copied the .local files in
/var/lib/lrpkg and did a full backup of everything.  I then used those
full backups as the contents of my Bering ISO.  It boots just fine, will
do a full backup to floppy just fine, but partial backups always fail.
Same errors as last time.  It would appear that the partial backup is
broken?

Here are the errors again:

: No such file or directoryt: \tar: etc
: No such file or directorype
: No such file or directoryl
tar:  Error exit delayed from previous errors

I'm using Bering 1.0 stable 1680 floppy as my source.  Created my own
initrd from that floppy.

Thanks for your help,

Sean

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Sean E.
Covel
Sent: Friday, January 31, 2003 8:49 AM
To: Brad Fritz
Cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Bering 2.4.18 CD


On Thu, 2003-01-30 at 22:34, Brad Fritz wrote:
 
 Sean,
 
 On Thu, 30 Jan 2003 19:16:58 EST Sean wrote:
 
  I created new .lrp files with the correct path (no ./etc) and I'm 
  still having the tar problem.  Anyone have any thoughts?  I'm using 
  the Bering 2.4.18 diskette contents and the excellent directions on 
  the LEAF website to create the CD.  It boots fine, reads the CD and 
  the floppy just fine, it just won't do partial backups.
 
 Can you provide a link to or post the etc.local file?  I looked at the

 two patches from Todd:
 

https://sourceforge.net/tracker/?func=detailatid=313751aid=668842grou
p_id=13751
   
 https://sourceforge.net/tracker/?func=detailatid=313751aid=668889gr
 oup_id=13751
 
 but didn't see the files, only the description of the patch.
 
 --Brad
 

Good point.  I couldn't find them either so I emailed Todd.  I'll host
them.  I'm not sure if you want to help, or if you just want the files
;-), but here they are.  I also posted my ISO in case someone wants to
do some debugging.

The files are here:

http://leaf.sourceforge.net/devel/scovel

Sean



---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bering 2.4.18 CD

2003-01-31 Thread Sean E. Covel

On Thu, 2003-01-30 at 22:34, Brad Fritz wrote:
 
 Sean,
 
 On Thu, 30 Jan 2003 19:16:58 EST Sean wrote:
 
  I created new .lrp files with the correct path (no ./etc) and I'm still
  having the tar problem.  Anyone have any thoughts?  I'm using the Bering
  2.4.18 diskette contents and the excellent directions on the LEAF
  website to create the CD.  It boots fine, reads the CD and the floppy
  just fine, it just won't do partial backups.
 
 Can you provide a link to or post the etc.local file?  I looked at
 the two patches from Todd:
 
   https://sourceforge.net/tracker/?func=detailatid=313751aid=668842group_id=13751
   https://sourceforge.net/tracker/?func=detailatid=313751aid=668889group_id=13751
 
 but didn't see the files, only the description of the patch.
 
 --Brad
 

Good point.  I couldn't find them either so I emailed Todd.  I'll host
them.  I'm not sure if you want to help, or if you just want the files
;-), but here they are.  I also posted my ISO in case someone wants to
do some debugging.

The files are here:

http://leaf.sourceforge.net/devel/scovel

Sean



---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Bering 2.4.18 CD

2003-01-30 Thread Sean

I have created a Bering CD and am attempting to do some partial backups.
I go the .local files from Todd Pearsall and added the .local files to
the full .lrp files using tar, gunzip, gzip, you know, all the standard
utils.  I added these new packages to my CD and booted.
 
I changed my backup type and destinations, and tried to backup etc.  I
got the following errors:
 
q) quit
---
Selection: b 3
: No such file or directoryt: \tar: etc
: No such file or directorype
: No such file or directoryl
tar:  Error exit delayed from previous errors
 
New Package:
-rw-r--r--  1  root root 29 Jan  29 21:47  /tmp/etc.lrp 
Old Package:
-rw-r--r--  1  root root 29 Jan  29 21:47
/var/lib/lrpkg/mnt/etc.lrp
 
 
 
Any thoughts?
 
The only strangeness I saw was when I had created the new .tar files
the paths were ./etc/somefile and the old paths were etc/somefile
 
Thanks,
 
Sean
 




---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] system logs on a bering box

2002-10-11 Thread sean

I have a typical two interface bering box set up based on a p200 and a
nice ide flash card reader. The flash card is an 8mb card so lots of
space. However when i try to look at the logs via the weblet it says
that the most of the logs are not readable.

Is this something i've misconfigured? Is there another way to read the
logs by connecting to the firewall and issuing a command?

regards 

Sean 






---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] sshd

2002-10-01 Thread sean


On Sun, 2002-09-29 at 13:15, Erich Titl wrote:
 Steve wrote the following at 08:27 29.09.2002:
 I am trying to set up sshd in Bering.
 I have loaded the sshd.lrp and libz.lrp packaged and have generated my
 keys ,but when sshd is run it complaines that is cannont find
 libnsl.so.1 file.  I've done a few searches and can not find where this
 file might be or where I can download it from.
 Any suggstions?
 Regards.
 
 Where did you take your sshd.lrp from. I have sshd on bering running on 
 bering without libnsl. IIRC I got mine from Jacques Nilo's packages
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
 you have loaded libz.lrp and declared it in syslinux.cfg haven't you.

regards 

sean coogan




---
This sf.net email is sponsored by: DEDICATED SERVERS only $89!
Linux or FreeBSD, FREE setup, FAST network. Get your own server 
today at http://www.ServePath.com/indexfm.htm

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] DnsCache

2002-09-24 Thread Sean


I'm using Dachstein.  TinyDNS is on the CD.  Guess I'll try to set it
up.  Thanks for the pointers!  Another question:  Is this a GOOD IDEA?
It can be done, but should it be done?

Thanks,

Sean

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of H. D. Lee
Sent: Tuesday, September 24, 2002 8:27 PM
To: Leaf-User
Subject: Re: [leaf-user] DnsCache


On 2002.09.24_19:27:55_+, [EMAIL PROTECTED] wrote:
 Is there any way to pre-load the dnscache with some
 entries?  Like telling it that *.doubleclick.* and 
 *.x10.* are 127.0.0.1?
 

As Charles and Britz suggested, use tinydns and dnscache to achieve
that. Please also note that to run tinydns and dnscache on one machine,
you got to have two different IP addresses.

It is fine to have either dnscache or tinydns to listen to the loopback
(127.0.0.1) address, but only localhost can query that. See:

http://cr.yp.to/djbdns/faq/orientation.html#programs

Useful links:
http://www.leaf-project.org/devel/jnilo/tinydns.html
http://cr.yp.to/djbdns.html
http://www.lifewithdjbdns.org

Start with the first, it should get you on the right track. Also note
that Bering tinydns package have configuration specific to itself. I am
talking about /etc/tinydns-private/env/DOMAINS file. It will
automatically create the appropriate files in /etc/dnscache/root/servers
and have dnscache send query to local instead of querying the Internet
for the domains.

 TIA
 
 Sean
 

HTH

-- 
H. D. Lee


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Bering: Multiple External IP's on a single LEAF box... is it possible???

2002-08-01 Thread Sean Woodruff


Hello all,

I'm currently helping a friend setup Bering-rc3. He has a DSL modem
(Fujitsu Speedport) and a block of 5 IP's provided by his ISP. Is it
possible to configure a Bering box -or any LEAF distro- with two NIC's
(eth0...Internet  eth1...Intranet) so that eth0 can handle requests from
the 5 external IP's?  ... albeit a module, lrp package, configuration, or
anything else.

At the moment, Bering is fully functional  can -through Shorewall- DNAT
connections to the FTP server and WWW server... but this is only for 1
static external IP. Any information provided would be greatly appreciated.
Thank you very much!

-Sean



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Bering 1.0-rc2 sshd 3.2.3p1

2002-06-18 Thread Sean Woodruff


Hello,

Does anyone know of a sshd.lrp (much smaller than 326k) that could work
with Bering 1.0-rc2? After removing unnecessary packages  modules, I have
around 220k to play with.

I ask because I've been using EigerStein with a sshd.lrp that is about half
of the size (161k). It's great because I can cram everything I need onto one
floppy disk (which I need since I only have a 1-floppy LRP box, w/o monitor,
video card, or keyboard, that I connect to via ssh).

Thank you very much!

-Sean



   Bringing you mounds of caffeinated joy
http://thinkgeek.com/sf


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Dachstein-CD update

2002-06-15 Thread Sean


This is an update on my progress.

1. diskfree.sh - This may take awhile to incorporate, on the back burner for
the moment.
2. MAC script change(modules/modutils)  *DONE!
3. p9100.lrp if Bihn Do tests it and lets me know  *DONE! Added p9100 and
modified root.lrp to create lp0 and par0
4. Unknown Weblet updates - Waiting for more info.
5. the .lrp.lrp change  *DONE!
6. Burn and Test it.  * I am probably going to do a personal test CD
tomorrow.  My confidence in my Linux/LEAF development skills is low at the
moment.  Better test, test, test.

To Lynn and all,

I'm really in no rush to get this out the door.  The original intent of this
update was to get the newer OpenSSH packages out there.  This was based on
a Nessus scan I ran against one of my firewalls.  The only vulnerabilities
that showed up were weblet (crashed, restarted a lot of processes) and
OpenSSH.

Obviously there is a lot of pent-up demand for more changes.  I'm willing to
coordinate further changes, but with the understanding that my last Unix
development was on a HP9000 a few years back.  Been doing Microsoft
development since then.  For the really complicated stuff (like Michael's
diskfree.sh) its going to take a certain amount of hand-holding.  I do have
2 firewalls running, a Slink box, and a RedHat 7.2 box.  I can do some
compiling and some development if needed.  I have compiled apps for both
machines, and updated the kernel on the Slink box once or twice, so I'm not
a complete nubie.

Sean


___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - 
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Dachstein-CD update

2002-06-14 Thread Sean


Ok,

This is turning into a project...

The bind I have is bind-8 from Charles' files.  I'm sure its a bad one.  If
someone gives me a good one I'll put it on the CD.

I'll work on the diskfree.sh but if Michael wants to give me a diff, that
would be great!

I'll do the MAC address change.

I updated the wanpipe modules.  Hey, was that a test?  The file has an
extension of TGZ but its not a gzipped tar file.  Its just a tar file.  FYI,
it only took me a little while to figure that out ; )

If you test the p9100.lrp and let me know, I'll add it.

What Weblet updates.  Throw me a bone guys...

apkg, forget it!  As far as I can tell from looking at oxygen and the
NUMEROUS threads back-and-forth between David and Charles, this is a BIG
change.  Besides, it never pays to get Charles talking about the .lrp
format...

So, as far as I can tell I have a few TODOs left:

1. diskfree.sh
2. MAC script change
3. p9100.lrp if Bihn Do tests it and lets me know
4. Unknown Weblet updates (I hope your talking about a .lrp you already
packaged up for us...)
5. the .lrp.lrp change
6. Burn and Test it.

Did I miss anything?

Sean

-Original Message-
From: Charles Steinkuehler [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 14, 2002 10:55 AM
To: Sean; [EMAIL PROTECTED]
Subject: Re: [leaf-user] Dachstein-CD update


 I have added all the new packages as requested so far and included bind-8
as
 well (someone asked for it a long time ago in leaf-user).

Which bind version?  IIRC, there are known security problems with all the
bind's currently packaged for LRP.

 I added the two
 sample .cfg files.  I updated the ssh* lrps.  I updated the changes.txt
and
 am in the process of updating the README.txt.  I removed the old ssh1
 packages.

Sounds good

 I'll make the script update over the weekend.  Monday night I'll
 stop taking new orders and Tuesday night you should have a shiny new
 Dachstein-CD.

Great.  Since it sounds like you're going to be updating root (for the
lrpkg -i fix), I may throw some stuff your way if I get time.  Also, please
note that Michael D. Schleif has done a good job of re-working the disk
free-space checks
(http://leaf.sourceforge.net/devel/helices/scripts/diskfree.sh).  I was
planning on incorperating his updates into the next release.  You might
check with him if you feel up to tackling the merge, or maybe you can get
him to help...

NOTE:  Updating root.lrp is a bit trickier than any of the other packages,
since it's contained in the floppy boot image, as well as the CD-ROM root
directory with all the other packages (mainly for convience).  I usually
copy an updated root.lrp to my CD-ROM contents folder on my development
machine (just as you would for any other package file), then copy it to the
floppy boot image file (which is mounted using a loop-back device, ie:
mount -t msdos -o loop path/boodisk.bin /mnt).  Finally, remember to unmount
and touch the bootdisk image, since the time/date stamp is *NOT* updated
when you write to the file via the loop-back device.

 Shall I call it v1.0.3?

I'd call it v1.0.3 or v1.0.3rc1 (release candidate 1), depending on
confidence level :)

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)



___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - 
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Dachstein-CD update

2002-06-14 Thread Sean


Michael,

diskfree.sh

Ok, I'll bite.  I think I must have missed this thread.  Where is this
supposed to go?  What was this supposed to fix?  I'm trying to add it to the
new CD.

Thanks,

Sean

-Original Message-
From: Charles Steinkuehler [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 14, 2002 10:55 AM
To: Sean; [EMAIL PROTECTED]
Subject: Re: [leaf-user] Dachstein-CD update


 I have added all the new packages as requested so far and included bind-8
as
 well (someone asked for it a long time ago in leaf-user).

Which bind version?  IIRC, there are known security problems with all the
bind's currently packaged for LRP.

 I added the two
 sample .cfg files.  I updated the ssh* lrps.  I updated the changes.txt
and
 am in the process of updating the README.txt.  I removed the old ssh1
 packages.

Sounds good

 I'll make the script update over the weekend.  Monday night I'll
 stop taking new orders and Tuesday night you should have a shiny new
 Dachstein-CD.

Great.  Since it sounds like you're going to be updating root (for the
lrpkg -i fix), I may throw some stuff your way if I get time.  Also, please
note that Michael D. Schleif has done a good job of re-working the disk
free-space checks
(http://leaf.sourceforge.net/devel/helices/scripts/diskfree.sh).  I was
planning on incorperating his updates into the next release.  You might
check with him if you feel up to tackling the merge, or maybe you can get
him to help...

NOTE:  Updating root.lrp is a bit trickier than any of the other packages,
since it's contained in the floppy boot image, as well as the CD-ROM root
directory with all the other packages (mainly for convience).  I usually
copy an updated root.lrp to my CD-ROM contents folder on my development
machine (just as you would for any other package file), then copy it to the
floppy boot image file (which is mounted using a loop-back device, ie:
mount -t msdos -o loop path/boodisk.bin /mnt).  Finally, remember to unmount
and touch the bootdisk image, since the time/date stamp is *NOT* updated
when you write to the file via the loop-back device.

 Shall I call it v1.0.3?

I'd call it v1.0.3 or v1.0.3rc1 (release candidate 1), depending on
confidence level :)

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)



___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - 
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Dachstein-CD update

2002-06-13 Thread Sean


I can do that I guess.  Give me an excuse to get my hands dirty in Linux.
Wasn't there some fixes for the mailing scripts?  I thought that was a minor
fix that might stop some major headaches.  Can't seem to find it though.

Sean

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Charles
Steinkuehler
Sent: Thursday, June 13, 2002 4:43 PM
To: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Dachstein-CD update


 Extremely easy usability fix for /usr/sbin/lrpkg:

  http://www.geocrawler.com/lists/3/SourceForge/7325/175/8861202/

Yeah, this should be added if you feel up to re-packaging root.lrp.  Note
that the problem only occurs on MSDOS filesystems (where package.lrp.lrp is
the same file as package.lrp).  You get a file not found error on a real
filesystem (like the cd-rom).

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)



___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - 
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] Dachstein-CD update

2002-06-13 Thread Sean


I have added all the new packages as requested so far and included bind-8 as
well (someone asked for it a long time ago in leaf-user).  I added the two
sample .cfg files.  I updated the ssh* lrps.  I updated the changes.txt and
am in the process of updating the README.txt.  I removed the old ssh1
packages.  I'll make the script update over the weekend.  Monday night I'll
stop taking new orders and Tuesday night you should have a shiny new
Dachstein-CD.  Shall I call it v1.0.3?

Sean

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Charles
Steinkuehler
Sent: Thursday, June 13, 2002 4:43 PM
To: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Dachstein-CD update


 Extremely easy usability fix for /usr/sbin/lrpkg:

  http://www.geocrawler.com/lists/3/SourceForge/7325/175/8861202/

Yeah, this should be added if you feel up to re-packaging root.lrp.  Note
that the problem only occurs on MSDOS filesystems (where package.lrp.lrp is
the same file as package.lrp).  You get a file not found error on a real
filesystem (like the cd-rom).

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)



___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


___

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas - 
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink


leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [Leaf-user] Dach Floppy

2002-01-11 Thread Sean E. Covel


ps was giving me nothing unusual.  netstat -a gave me nothing helpful.
Turns out I had the network.conf a little messed up for what I was
trying to do.  I have only eth0, but still was setting up an eth1.  I
suspect sshd was trying to start on eth1.  Its all working now!

Thanks to all of you who offered info.  I know just enough Unix (and
that's useland not admin) to get myself into trouble.

Sean

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Matt Schalit
Sent: Friday, January 11, 2002 3:35 PM
To: [EMAIL PROTECTED]
Subject: Re: [Leaf-user] Dach Floppy


[EMAIL PROTECTED] wrote:

 BTW, that is a literal 0.0.0.0 in the debug output,
 not just me hiding my ip.

 Sean
  Ok, sshd -d  (debug!) returns:
 
  
  Stuff
  More Stuff
  Bind to port 22 on 0.0.0.0 failed:  Address already in
  use.
  Cannot bind any address.
  -
 
  This was Dach Floppy modified to be a static address.
  How can I tell what is using port 22 already?
 


The 0.0.0.0 is fine, and it is telling the sshd to
listen on port 22 on all ip addresses configured
into the Os. (ie eth0 and eth1).  As long as you
have port 22 on eth0 blocked, you're not going to
have anyone connecting from the external side.  Thus
running the sshd on 0.0.0.0 is safe enough.

To find out if a server is running on a particular
port, you use the netstat command:

netstat -an
or  netstat -a   if you have an interest in human readable names.

What does ps tell you?

Good Luck,
Matthew

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] OT:SFTP on Slink

2002-01-06 Thread Sean E. Covel


I copied the sftp.lrp from DCD 1.01 onto my Slink box.  When I run sftp
I get the following error:


slink:~# sftp
BUG IN DYNAMIC LINKER ld.so: dynamic-link.h: 53: elf_get_dynamic_info:
Assertion `! bad dynamic tag' failed!
slink:~#


Ok, I'm pretty sure I'm missing a library, but how do I figure out what
it is?

thanks,

Sean


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] Bash on LEAF

2002-01-03 Thread Sean E. Covel


Thanks for the heads-up!  I'm running in 96MB, shouldn't be a prob.
Just copied bc from my slink box to the Dach box so I can run SetiStats
script.  I'm running SETI@Home on my Dach box (since it does very little
most of the time!)

Sean

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Paul Rimmer
Sent: Thursday, January 03, 2002 11:09 PM
To: Sean E. Covel
Cc: LEAF User List
Subject: RE: [Leaf-user] Bash on LEAF


Be aware that if you have a small memory footprint system (i.e. 16MB or
less), there may be a problem with running bash.

See the following list archive link for info:

http://www.mail-archive.com/leaf-user@lists.sourceforge.net/msg01998.htm
l

If you have lots of memory then don't worry about it as I haven't seen
anyone else report this.

Cheers,
Paul

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]]On Behalf Of Peter Jay
 Salzman
 Sent: January 3, 2002 8:56 PM
 To: Sean E. Covel
 Cc: LEAF User List
 Subject: Re: [Leaf-user] Bash on LEAF


 yes, and it's *really* nice to have.

 pete

 begin Sean E. Covel [EMAIL PROTECTED]
  Is there a Bash shell for LEAF?  Could there be?
 
  Thanks,
 
  Sean

 --
 PGP Fingerprint: B9F1 6CF3 47C4 7CD8 D33E  70A9 A3B9 1945 67EA 951D
 PGP Public Key:  finger [EMAIL PROTECTED]

 ___
 Leaf-user mailing list
 [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] ATT transition woes

2001-12-14 Thread Sean E. Covel


I switched from ESB2 to Dachstein CD while the service (@home) was out.
Left the machine on while I was at work.  Came home, and it had
connected when the service came back up, Like Magic, and I was all set
to go!  None of the BS configurator nonsense!  Been running fine ever
since!

Sean

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Matt Schalit
Sent: Friday, December 14, 2001 4:37 AM
To: [EMAIL PROTECTED]
Subject: Re: [Leaf-user] ATT transition woes


gc wrote:

 I've got a standard configuration: home network behind a cable modem.
 I've been running an old Eiger distribution for the past year without
 issue. Then I got caught up in the big ATT migration last week and it
 screwed things up.

 Rather than troubleshoot such an old distribution, I figured I'd start
over
 with the Dachstein v1.0.2 distribution.

That's what I did for a friend.  We had Oxygen
running on his @Home rigged as a static IP setup
even though it's dhcp.

Then when they choked and became attbi (they never
should have merged with the white elephant Excite),
their dhcp is so touchy that I couldn't rely on the
static rig, and I went for dhcp.

Oxygen locked up during boot, after enabling
the correct nic modules and rebooting.

Doing the same on Dachstein rc2 gave him a perfectly
working system.  It was pretty spectacular, I must say.


 I followed the basic setup instructions,  but it didn't fix
 my problem. Specifically, I can only ping a couple of hosts.


Describe exactly what you did and what you saw, if it's
still happeing and the DNS advice you got doesn't fix it.


 If I hook my win2k box directly to the cable modem, everything works
fine.

Yea yea.  And if I suck Bill's cock, he might let me drink
from the river of wealth.

 The suspipcious thing is that my win2k box uses different IP and
gateway
 addresses than the LEAF router (even though both use DHCP). So, I'm
thinkin
 it's some sort of DHCP configuration problem.

Just so you know, it's common to get a new IP address and whatnot
when you switch systems (and thus mac addresses) and get a new lease.
I didn't have to touch a single dhcp setting to get my friend's
attbi.com system in Petaluma, CA to work.


 I messed around with the dhcpclient settings with no success. One
thing I
 wondered was if I needed to update the domain name somewhere (since it
 changed from home.com to attbi.com), but I couldn't find anything that
 looked relevant.

I thought I was going to have to labor through something like
that, but instead it was butter.

Good Luck,
Matthew

 Any other former excite@home users go through this?
 Anybody else have any thoughts?

 Thanks in advance.

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] What is This

2001-12-09 Thread Sean E. Covel


 All these are blocked by rule #42.  What is that rule?
 These log messages are from strange hosts.  80% of them don't
 resolve to a real hostname.  All the packets you listed are
 tcp packets with no SYN flag, meaning they are theoretically
 responses to some tcp dns request your machine made.  Because
 they are all response packets, I'm not sure what's going on.
 I don't know why you're getting responses from so many odd
 computers.  The other strange thing, is that I would expect
 your firewall rules to allow response to outgoing TCP DNS requests.
 That's why I want to see rule 42.

ipchains -L  /tmp/myrules
vi /tmp/myrules, find line 42, and post it.

Here is the rule.  My ruleset is standard Dachstein with only a couple
of additions:

422795  124K DENY   all  l- 0xFF 0x00  eth0
0.0.0.0/00.0.0.0/0 n/a

Searching the Internet turns up a number of scripts that scan port 53
for Bind.  Let me know what you think.

Sean


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] What is This

2001-12-09 Thread Sean E. Covel


Victor,

I believe you are correct.  After reading the banter going back and
forth, and recalling previous posts (about that DAMN X10 popup) I
reviewed my log.  The log entries are bursts of hundreds in the same few
seconds.  Must have been while I was on MyYahoo.  I remeber getting then
X10 and Casino popups.  Is there anyway we can reverse SPAM them to
stop this ridiculus traffic?

Read this:
http://www.cisco.com/warp/public/cc/pd/cxsr/dd/tech/dd_wp.htm
This and another appliance called BIG/Ip could very well be the source
of this traffic.

Here is another one about an ISP using this technologu...
http://lists.insecure.org/incidents/2001/May/0096.html

And then to close the loop, The above ISP is using the cisco product...
http://lists.insecure.org/incidents/2001/May/0159.html

Nice huh?


Sean

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Victor
McAllisteer
Sent: Sunday, December 09, 2001 8:30 PM
To: leaf-user
Subject: Re: [Leaf-user] What is This


Matthew Schalit wrote:

 Victor McAllisteer wrote:
 

  This is some crazy method of geographic load balancing.  A whole lot
of
  boxes use TCP port 53 simultaneously to find out what part of the
world.

 Victor, wouldn't the load balancing we've seen over the
 last months that hits port 53 by SYN traffic?  Why
 are all his log entries refering to non-SYN traffic,
 i.e. responses?

 Matthew

There was a lot of list traffic back in May on the LRP list concerning
these
port 53 weirdness.  My understanding is that tcp port 53 to port 53 is
usually
a zone transfer.  Leaf boxes running tiny DNS will not respond to tcp
queries.


I believe a number of list members analyzed this stuff using resources
beyond
just the log entries.  It comes all at once from many different IPs.

The same IPs always show up repeatedly in the space of a few seconds..

They fill the logs - often with 600 DENYs in a period of 10 seconds or
less.

Someone traced the ownership of the machines.  Apparently it is some
sort of
proprietary method of determining which machine you are closest to
geographically so they can serve up some pop up ad efficiently (for
them).

DENY (no response) doesn't seem to prevent the pop up ads.  Perhaps if
they
can't get you to send them back a packet, they end up serving the pop up
from
some default machine.  Those who pay for this technology should have
their
head examined.



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

61 matches

Mail list logo