[leaf-user] am i being spoofed
recently my (extremely old but up to now totally reliable) leaf install has been choking on what seem to be packets dropped from itself. The firewall is a standard two interface install of bering 1.0 rc3 (packages listed ) initrd V1.0-rc3 rootV1.0-rc3 etc V1.0-rc3 local V1.0-rc3 Local package. This package does not contain a modules V1.0-rc3 Modules package. Contains kernel modules and u pump0.8.11-3 DHCP/BOOTP client from Redhat keyboard0.3Use this package to adjust the keyboard settin shorwall1.3.1 Shoreline Firewall (Shorewall) weblet 1.2.0 weblet - LRP status via a small web server sshd3.4p1 OpenSSH sshd daemon. sshkey 3.4p1 OpenSSH ssh-keygen program. libz1.1.4 zlib compression library. Needed for openssh dhcpd 2.0pl5 dhcpd - Autoconfigure client machines dnscache1.05a dnscache from djbdns (V1.05a) package creates every time these sort of packets show up in the logs the firewall stops allowing access to the internet (logs from one instance) Aug 8 04:22:11 firewall kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC= SRC=192.168.1.254 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=11867 DF PROTO=UDP SPT=68 DPT=67 LEN=308 Aug 8 04:22:14 firewall kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC= SRC=192.168.1.254 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=19697 DF PROTO=UDP SPT=68 DPT=67 LEN=308 Aug 8 04:22:20 firewall kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC= SRC=192.168.1.254 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=23785 DF PROTO=UDP SPT=68 DPT=67 LEN=308 Aug 8 04:22:32 firewall kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC= SRC=192.168.1.254 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=12132 DF PROTO=UDP SPT=68 DPT=67 LEN=308 Aug 8 04:22:41 firewall kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC= SRC=192.168.1.254 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=24526 DF PROTO=UDP SPT=68 DPT=67 LEN=308 Aug 8 04:22:41 firewall kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC= SRC=192.168.1.254 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=3804 DF PROTO=UDP SPT=68 DPT=67 LEN=308 Aug 8 04:22:41 firewall kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC= SRC=192.168.1.254 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=31457 DF PROTO=UDP SPT=68 DPT=67 LEN=308 Aug 8 04:22:41 firewall kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC= SRC=192.168.1.254 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=12128 DF PROTO=UDP SPT=68 DPT=67 LEN=308 Aug 8 04:22:41 firewall kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC= SRC=192.168.1.254 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=9879 DF PROTO=UDP SPT=68 DPT=67 LEN=308 my question is does this show someone trying to access my firewall or is it a false positive (?) ie something on my network producing these hits or is some one trying to get in (god alone knows why they'd bother). -- regards sean coogan - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Image CF drive
WinImage. I use it to create copies of my floppies and CDs for Bering. Joey Officer wrote: Not to sound like a smart ass, but Ghost, from Symantec will do this, quite nicely. It'll either just recognize the card as a drive, which you can create an image from (and restore from) or allow you to perform a Ghost mirror of the drive to another CF on the fly. Alternateively, you can use rawwrite, I think... the version for window I think will allow you to read an image. You could also get cygwin installed, and then run 'dd' to create the image... Joey -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Richard Amerman Sent: Thursday, July 14, 2005 6:38 PM To: leaf-user@lists.sourceforge.net Subject: [leaf-user] Image CF drive Does anyone know of any windows tools that can do a disk image of a CF card? I have multiple identical CF cards I need to propagate a uClibc install to, bootable portion and all. The only tools I have found that work with CF cards so far have been for linux. Thanks! Richard Amerman --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=ick leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] puzzle: listen on port X on internal interface, and send data to remote host with dynamic ip]
Matt, Erich Titl wrote: Matt Matt wrote: Hi all, I have a strange goal. the setup: two sites (a and b) both with linux machines running shorewall. a machine at site 'a' needs to connect to services on a machine at site 'b'. both sites have dsl with dynamicaly assigned ip addresses. site 'b's ip can be resolved from siteb.dynamic.dns.com (one of those fancy dynamic-dns sites) the goal: to have a computer at site 'a' connect to a port on the internal nic of the router at site 'a' and have it transparently communicate through this port to a computer at site 'b'. this will be a windows networking/smb connection, so the client machine and the server can't specify a port number. For various reasons we cannot expose the standard smb port at site 'b'. I know i can use DNAT on the router at site 'b' to accept connections on port 12345 and send them to the server port 139. what can i use at site 'a' to accept connections on port 139 on the local interface and forward them to siteb.dynamic.dns.com port 12345? If I specify the fqdn in the shorewall config I see two problems: it either will not work at all, or it'll resolve the address once (when shorewall is started) and never again. I'd like to avoid setting up a vpn as i'm short on time, and I can't install ssh on either machine. ideas? comments? suggestions? This is a typical VPN situation, short of time use OpenVPN to solve this. my 0.02 Erich Zebedee might be a quick and dirty solution. Secure tunnel. VPN like. Runs on Windows and Linux. I use it to tunnel VNC. Google it. Sean --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61 plasma display: http://www.necitguy.com/?r=20 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] New RFC1918 file needed?
I'm running uClibc Bering, Shorewall 1.3.14. I'm trying to access a site and its timing out. My log has lots of DROP rfc1918 entries to 70.84.14.101. Is 70.x.x.x a newly assigned number range? Is there a new rfc1918 file for Shorewall 1.3.14? Sean --- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] New RFC1918 file needed?
I looked under errata for 1.3.14 and the rfc1918 file that was there was old. I guess that one is more up-to-date. BTW, I downloaded an IANA list and made it into an rfc1918 file. It was longer than yours. Any idea why? Here's that list: 0.0.0.0/7 logdrop 2.0.0.0/8 logdrop 5.0.0.0/8 logdrop 7.0.0.0/8 logdrop 10.0.0.0/8 logdrop 23.0.0.0/8 logdrop 27.0.0.0/8 logdrop 31.0.0.0/8 logdrop 36.0.0.0/7 logdrop 39.0.0.0/8 logdrop 42.0.0.0/8 logdrop 49.0.0.0/8 logdrop 50.0.0.0/8 logdrop 74.0.0.0/7 logdrop 76.0.0.0/6 logdrop 89.0.0.0/8 logdrop 90.0.0.0/7 logdrop 92.0.0.0/6 logdrop 96.0.0.0/4 logdrop 112.0.0.0/5 logdrop 120.0.0.0/6 logdrop 127.0.0.0/8 logdrop 169.254.0.0/16 logdrop 172.16.0.0/12 logdrop 173.0.0.0/8 logdrop 174.0.0.0/7 logdrop 176.0.0.0/5 logdrop 184.0.0.0/6 logdrop 189.0.0.0/8 logdrop 190.0.0.0/8 logdrop 192.0.2.0/24 logdrop 192.168.0.0/16 logdrop 197.0.0.0/8 logdrop 198.18.0.0/15 logdrop 223.0.0.0/8 logdrop 224.0.0.0/3 logdrop Sean Tom Eastep wrote: Sean Covel wrote: I'm running uClibc Bering, Shorewall 1.3.14. I'm trying to access a site and its timing out. My log has lots of DROP rfc1918 entries to 70.84.14.101. Is 70.x.x.x a newly assigned number range? Is there a new rfc1918 file for Shorewall 1.3.14? http://shorewall.net/errata.htm -Tom --- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] New RFC1918 file needed?
Tom, Tom Eastep wrote: Sean Covel wrote: I looked under errata for 1.3.14 and the rfc1918 file that was there was old. I guess that one is more up-to-date. Sean -- There is one up-to-date rfc1918 file for Shorewall versions up to 2.0.1 linked from the top of the errata page. Do you actually think I have enough spare time to prepare separate updated rfc1918 files (which have the same contents) for each of the dozens of Shorewall releases that included Bogon address ranges in that file? Especially Shorewall releases that have not been supported for over two years (Hint: 1.3.14 falls into that category)?? Since I'm not a Shorewall developer, I assumed I should look under the errata for the version of Shorewall I was using. How am I to know that every version of Shorewall from xxx to yyy had exactly the same format for the rfc1918 file? Do you actually believe that the list of bad IP addresses is dependent on which verison of Shorewall your are running? Please THINK when you sit down to your computer. Ouch! Having a bad day? Obviously bad IP addresses are not Shorewall version dependant, but are rfc1918 files? How should I know? Besides, I went to the Shorewall site, clicked on the version I am running, then clicked on the errata for that version. Is this what I did wrong? Perhaps if that rfc1918 was a link to the one you maintained we wouldn't be having this discussion... And for your other question, I aggregate adjacent ranges whereas the IANA lists them separately. Thanks, good info. Sean -Tom --- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] New RFC1918 file needed?
Tom, The page you referred me to says the following: - RFC1918 File Here is the most up to date version of the rfc1918 file. This file only applies to Shorewall versions 1.4.* and 2.0.0 and its bugfix updates. So that seems to imply that the file is not for 1.3.x versions of Shorewall. Sean Sean Covel wrote: Tom, Tom Eastep wrote: Sean Covel wrote: I looked under errata for 1.3.14 and the rfc1918 file that was there was old. I guess that one is more up-to-date. Sean -- There is one up-to-date rfc1918 file for Shorewall versions up to 2.0.1 linked from the top of the errata page. Do you actually think I have enough spare time to prepare separate updated rfc1918 files (which have the same contents) for each of the dozens of Shorewall releases that included Bogon address ranges in that file? Especially Shorewall releases that have not been supported for over two years (Hint: 1.3.14 falls into that category)?? Since I'm not a Shorewall developer, I assumed I should look under the errata for the version of Shorewall I was using. How am I to know that every version of Shorewall from xxx to yyy had exactly the same format for the rfc1918 file? Do you actually believe that the list of bad IP addresses is dependent on which verison of Shorewall your are running? Please THINK when you sit down to your computer. Ouch! Having a bad day? Obviously bad IP addresses are not Shorewall version dependant, but are rfc1918 files? How should I know? Besides, I went to the Shorewall site, clicked on the version I am running, then clicked on the errata for that version. Is this what I did wrong? Perhaps if that rfc1918 was a link to the one you maintained we wouldn't be having this discussion... And for your other question, I aggregate adjacent ranges whereas the IANA lists them separately. Thanks, good info. Sean -Tom --- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Shorewall problem
To correct this problem. 1) xtgyo spiteys 988674 flsiey8 http://xxx.xxx.xxx.xxx/yy.htm 2) psyyt witii sopom dspslosy 3) soppllmo soppoym splo ROTFL!!! --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: RESOLVED [leaf-user] Shorewall policies symmetric, but web page results are not.
Rick, Do tell. Documentation might keep some other guy from pulling all his hair out. Tibbs, Richard wrote: Sorry list, It turned out to be a bind configuration error. Rick. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tibbs, Richard Sent: Monday, April 11, 2005 2:16 PM To: leaf-user Subject: [leaf-user] Shorewall policies symmetric, but web page results are not. Dear List: I have the following configuration SLAX internal -- Bering 1.2 --- SLAX external 192.168.10.1192.168.10.254 192.168.1.254 192.168.1.1 dns 192.168.10.2 192.168.1.2 www each SLAX machine is configured to bring up bind for dns at IP addresses 192.168.10.1 (internal) and 192.168.1.1 (external) resp. In addition there is a web server running on 192.168.10.2 (internal) and 192.168.1.2 (external). The symptom is that external can only load it's own web page (extexample.com) whereas internal can load both intexample.com and extexample.com. Until I add a default route on eth0 (external interface) gateway 192.168.1.1 external cannot load internal's web page. Why would this be necessary? Each SLAX machine is given a default route to the Bering IP on the respective side of the fw. Shorewall log shows no drops, but Shorewall policy is loc net ACCEPT net loc ACCEPT fw net ACCEPT fw loc ACCPT net all DROP ULOG all all REJECT ULOG. --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95alloc_id396op=ick leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95alloc_id396op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Shorewall Logging Q:
Tom, everyone, Sorry! I know this must have been asked before, but I can't find the answer... Awhile back my cable modem started doing something different. I'm on Comcast and have a SURFboard cable modem. Its IP address is 192.168.100.1. Every 3 min. it sends out a broadcast message: Feb 10 17:23:37 firewall Shorewall:rfc1918:DROP: IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:20:40:6d:d6:b7:08:00 SRC=192.168.100.1 DST=224.0.0.1 LEN=28 TOS=00 PREC=0x00 TTL=1 ID=0 PROTO=2 Whatever its doing (DHCP maybe?) I really don't care to see it in my logs every 3 min. I've tried various things to stop it, but I think since its an rfc1918 address I'm looking in all the wrong places. Bottom line, how do I turn off logging of this traffic? Sean P.S. Tom, I can't search for PROTO=2 on your site. It seems to strip the = off, then I get all sorts of unwanted hits. --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Shorewall Logging Q:
Tom, Once again you prove you're a genius! I was S close to getting it right. I already had the entry in the rfc1918 file, I had just added it to the end of the list, below the 192.168.0.0/16 entry, not above it. Sean Tom Eastep wrote: Sean Covel wrote: Awhile back my cable modem started doing something different. I'm on Comcast and have a SURFboard cable modem. Its IP address is 192.168.100.1. Every 3 min. it sends out a broadcast message: Feb 10 17:23:37 firewall Shorewall:rfc1918:DROP: IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:20:40:6d:d6:b7:08:00 SRC=192.168.100.1 DST=224.0.0.1 LEN=28 TOS=00 PREC=0x00 TTL=1 ID=0 PROTO=2 Whatever its doing (DHCP maybe?) I really don't care to see it in my logs every 3 min. I've tried various things to stop it, but I think since its an rfc1918 address I'm looking in all the wrong places. Bottom line, how do I turn off logging of this traffic? This is a variant of Shorewall FAQ 14. Whereas in that FAQ, a RETURN entry needs to be added to /etc/shorewall/rfc1918, in your case a DROP is appropriate. -Tom --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Peers trying to connect to my Private IP address
Ray Olszewski wrote: At 08:31 PM 10/19/2004 -0400, Sean Covel wrote: HELP. I'm not sure if the problem is my LEAF config or the application, but here goes: LEAF uClibC Bering 1.1, 3 interface setup. Public, Private, DMZ. The app in question is Azureus 2.1.0.4, a BitTorrent client. BT uses ports 6881-6999. I have port-forwarded the ports to an internal PC on the private network: DNATnet loc:192.168.1.6 tcp 6881:6999 The client was working VERY SLOWLY so I decided to look at the firewall logs. I recently started blocking out-going ports so I thought I had messed something up. Here is what I discovered: Oct 20 00:23:16 firewall Shorewall:rfc1918:DROP: IN=eth0 OUT=eth1 MAC=00:03:47:08:40:1a:00:0b:bf:7f:44:a8:08:00 SRC=84.24.193.64 DST=192.168.1.6 LEN=64 TOS=00 PREC=0x00 TTL=109 ID=52587 DF PROTO=TCP SPT=6881 DPT=33649 SEQ=2893004602 ACK=982285315 WINDOW=65535 ACK SYN URGP=0 Oct 20 00:23:26 firewall Shorewall:rfc1918:DROP: IN=eth0 OUT=eth1 MAC=00:03:47:08:40:1a:00:0b:bf:7f:44:a8:08:00 SRC=83.116.64.150 DST=192.168.1.6 LEN=64 TOS=00 PREC=0x00 TTL=112 ID=18647 DF PROTO=TCP SPT=6881 DPT=33660 SEQ=1681451538 ACK=982106032 WINDOW=65535 ACK SYN URGP=0 I'm not sure how the Peer is getting my private IP address, but it appears to be? No. That part is okay. The PREROUTING chain in the nat table does this destination-address rewriting before the packet goes to the FORWARD chain in the default table. The FORWARD chain is what eventually routes this packet to the rfc1918 chain. And the firewall is doing its job I guess, blocking an RFC1918 address. Anybody got any ideas what's going on here? Assuming eth1 is your internal interface and that interface actually uses network 192.168.1.0/24, then I find this result odd. But if the host in question (192.168.1.6) is actually on your DMZ, and that interface is eth2, then I **think** the DNAT rule above incorrectly use loc where it should use (probably) dmz. In that second case, rfc1918 is blocking the packets because 192.168.1.6 is not a valid address for the LAN. The actual details of the problem depend on the specifics of your setup, which you didn't report completely enough. Ray, Thanks for your response. Tom Eastep was correct, it was a stale RFC1918 file. The address that the request was coming from USED to be in the RFC1918 range but was recently re-assigned. The NetFilter message was confusing because it was reporting the 83.116.x.x address as the problem and I was assuming it was the 192.168.x.x address. DNAT had already transformed the external IP into the internal IP. Confusing, eh? I updated the RFC1918 file and all is well! Thanks all for your help. Sean --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Peers trying to connect to my Private IP address
HELP. I'm not sure if the problem is my LEAF config or the application, but here goes: LEAF uClibC Bering 1.1, 3 interface setup. Public, Private, DMZ. The app in question is Azureus 2.1.0.4, a BitTorrent client. BT uses ports 6881-6999. I have port-forwarded the ports to an internal PC on the private network: DNATnet loc:192.168.1.6 tcp 6881:6999 The client was working VERY SLOWLY so I decided to look at the firewall logs. I recently started blocking out-going ports so I thought I had messed something up. Here is what I discovered: Oct 20 00:23:16 firewall Shorewall:rfc1918:DROP: IN=eth0 OUT=eth1 MAC=00:03:47:08:40:1a:00:0b:bf:7f:44:a8:08:00 SRC=84.24.193.64 DST=192.168.1.6 LEN=64 TOS=00 PREC=0x00 TTL=109 ID=52587 DF PROTO=TCP SPT=6881 DPT=33649 SEQ=2893004602 ACK=982285315 WINDOW=65535 ACK SYN URGP=0 Oct 20 00:23:26 firewall Shorewall:rfc1918:DROP: IN=eth0 OUT=eth1 MAC=00:03:47:08:40:1a:00:0b:bf:7f:44:a8:08:00 SRC=83.116.64.150 DST=192.168.1.6 LEN=64 TOS=00 PREC=0x00 TTL=112 ID=18647 DF PROTO=TCP SPT=6881 DPT=33660 SEQ=1681451538 ACK=982106032 WINDOW=65535 ACK SYN URGP=0 I'm not sure how the Peer is getting my private IP address, but it appears to be? And the firewall is doing its job I guess, blocking an RFC1918 address. Anybody got any ideas what's going on here? Sean --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Just checking....
Norton is a great tool, but it doesn't pickup spyware. There has been a LOT of spyware/virus mixing lately. Try Spybot Search and Destroy. We once had a single machine with some spyware app running flooding the firewall trying to call home. Killed the spyware, traffic stopped. Brad Klinghagen wrote: This isn't the full format of the log file. I sent the full file to Tom Eastep to look at. As for virus, doubtful, since the computer is running the latest version of Symantec Anti-Virus 2004 and get updates whenever available (initiates the updates). I've set up the firewall rules so that if a computer on the LAN side initiates a request, then the response is allowed in; so if this were a response, it would be allowed in. But since I have latest virus stuff, viruses should be wiped out quickly - and my wife practices safe Internet. I should also note, the computer is a Win2k workstation, and I have shut down the web server so there is no port 80 or 443 service port open on it and the firewall rules do not allow DNAT to this computer. Right now the only DNAT rules are for a VoIP phone from Vonage and Linux Web Server which happens to be shut down for right now. I believe I encountered the IIS issue Saturday night when I set up another firewall for someone. They had a couple thousand entries over a two hour period that looked suspicious. That's what prompted me to ask this question. Thank you for the thoughts though. bpk On Tue, 2004-06-29 at 23:42, Ronny Aasen wrote: On Wed, 2004-06-30 at 01:16, Brad Klinghagen wrote: I just wanted to check to make sure I'm looking at the Shorewall logs correctly. Below, I've pasted a small sample of what I'm seeing in my log file. The particular IP address that begins with 66 is the source and 10.1.1.65 is the destination. Obviously the 10 IP address is within my LAN. The second to last column shows the destination port number that is trying to be used. This is only a small portion of the list, there are hundreds of listings, and the destination port number keeps changing, while the source port number stays at 80, and this source IP is always trying to get to the same destination. I am DROPing these packets and logging them because they are unwanted traffic. When I trace the public IP, there is no site there. In similar cases, sometimes there is a Microsoft IIS server there under construction. I did a 'dig -x 66.232.154.8,' and I got no answer as far as the owner of the IP address. Sometimes when I execute the 'dig -x' instruction, there will be some information, but usually the IP address is a client IP of an ISP (like Verizon, or Comcast). Is it right to assume that this traffic is a hacker using automated software trying to probe for weaknesses in my firewall or computer setup? Or is it something else completely, something much less sinister? Could this be some ad software, or something like it? If this isn't someone trying to get in, how can you tell in your log files. I've got a number of various entries of unwanted IP attempts to access my network; some I believe is just spurious traffic, but others look like concerted effort to get at my computers. The issue with this sample is I don't know how this person, or software is using the internal IP address of 10.1.1.65 because I'm using NAT (I suppose they stripped off the TCP/IP header, does that not suggest maliciousness?). Also, that IP address corresponds to the only Win2k computer in my whole network, and there is no other access attempts to any other internal computer. eth0 eth1 66.232.154.8 10.1.1.65TCP801986 Jun 26 07:28:43 eth0 eth1 66.232.154.8 10.1.1.65TCP801986 Jun 26 07:28:49 eth0 eth1 66.232.154.8 10.1.1.65TCP801986 Jun 26 07:28:49 eth0 eth1 66.232.154.8 10.1.1.65TCP801986 Jun 26 07:29:01 eth0 eth1 66.232.154.8 10.1.1.65TCP801986 Jun 26 07:29:26 eth0 eth1 66.232.154.8 10.1.1.65TCP801986 Jun 26 07:30:14 eth0 eth1 66.232.154.8 10.1.1.65TCP801986 Jun 26 07:30:44 eth0 eth1 66.232.154.8 10.1.1.65TCP802039 Jun 26 07:30:47 eth0 eth1 66.232.154.8 10.1.1.65TCP802039 Jun 26 07:30:48 eth0 eth1 66.232.154.8 10.1.1.65TCP802039 Jun 26 07:30:53 eth0 eth1 66.232.154.8 10.1.1.65TCP802039 Jun 26 07:30:54 eth0 eth1 66.232.154.8 10.1.1.65TCP802039 Jun 26 07:31:06 eth0 eth1 66.232.154.8 10.1.1.65TCP802039 Jun 26 07:31:30 eth0 eth1 66.232.154.8 10.1.1.65TCP802039 Jun 26 07:32:18 eth0 eth1 66.232.154.8 10.1.1.65TCP802039 does your log realy look like that ? always port the orginal since it's from port 80 i'd have 2 wild guesses 1. your w2k box has a virus, that do httpd requests and you see the responses beeing blocked in the firewall. 2 the remote iis is infected by one of the iss exploit viruses making it spew out packages seen a few of those lately. but that it would find your 1 w2k box must be
Re: [leaf-user] Re: [leaf-devel] ANN: Bering-uClibc 2.2 beta2
K.-P. Kirchdörfer wrote: Am Dienstag, 11. Mai 2004 20:04 schrieb Marko Nurmenniemi: K.-P. Kirchdörfer wrote: Due to new linuxrc backupdisk is broken and has been removed. With scp and dd support it shouldn't be a problem though - will anyone miss this feature? I will miss it. Noted. thx for feedback. Keep it simple for the common people. Menu option needs no learning and floppies do break from time to time... If you build your floppy from baseimage with dd, what's the problem todo dd your configured floppy back to onto your /home - where it will be safer as on a second floppy and backup'ed? But if there is demand, we will try to find a solution. What backup? ;-) Never worked that well anyway IMHO. I'm ashamed to admit that I always used WinImage to backup the floppy. But then again, I always had quick and easy physical access to my routers... Just my .02 Sean --- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] tinydns without public static ip
is it possible to run tiny dns with a non static ip on the external interface. Can one use it to serve private dns queries only and hand external queries over to dnscache or similar? --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] simple? firewall port question - dachstein-1.0.2
I still have one Dachstein firewall kicking around. There were specific modules (helpers) to get around some of the more complicated stuff that ipchains didn't handle. These modules went by the name: ip_masq_x These were a bunch of these. They are like the ip_contrack modules for iptables. Some of them were: ip_masq_ftp ip_masq_quake ip_masq_h323 If you look in /etc/modules you will see a list of them near the bottom. I have no idea if any of these pertain to your application, or if there is one for your app that could be compiled for Dachstein. It is a direction to look though! ;-) Good luck, Sean On Tue, 2003-12-30 at 14:01, Ray Olszewski wrote: Without getting bogged down in too much detail -- I did some research on your problem and I **think** it lies in the details of how ipchains does NATing and port forwarding. This URL -- http://saturn5.hn.org/ps2.html -- explains what you need to do and how to do it on a BSD router. I can translate that for iptables, but I'm too rusty on ipchains to do it there (or even to know for sure whether it *can* be done). Perhap someone here who remembers the intricacies of ipchains better than I can pick this up and provide the needed detail. The short version: the system needs a set of NATing rules that NAT LAN sport 6000-6999, -AND- will ACCEPT unrelated traffic back to those ports. I can believe that Linksys router do this ... they are way less paranoid than LEAF routers. Standard ipchains port forwarding (I **think**) doesn't do this because it does not reliably NAT connections *originating* from the LAN host at (say) port 6000 to router external port 6000 ... it only port-forwards traffic originating to router external port 6000 correctly. At 09:24 AM 12/30/2003 -0800, Michael Rogers wrote: --- Ray Olszewski [EMAIL PROTECTED] wrote: At 12:34 PM 12/29/2003 -0800, Michael Rogers wrote: I know this is probably simple and trivial, but I can't get it to work for the life of me... [details deleted] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
George, My original message included IPSEC. I guess my biggest concern is: Can IPSEC from a windows machine pass through the WAP and end at the Bering box. This would require a few things: The WAP passing IPSEC. The MS Box using IPSEC. Bering able to understand whatever it is that Microsoft embraced and extended when they wrote their implementation of IPSEC. I was hoping someone had done this and would point out all the potholes in the road. I read in detail about the WEP flaws. 15 min. to break RC4 encryption because their implementation is so flawed, and no infrastructure to change keys when they have been compromised. That's why IPSEC is so important. Sean On Thu, 2003-12-18 at 12:19, George Metz wrote: The problem with this approach is that WEP, the security protocol that most Wireless points use, is fairly weak and relatively easily broken. If you want to ensure that only authorized users can get in, you kind of want to use both WEP (Wired Equivalent Protocol, even though it's not... :) ) and something like IPSec for authenticated access to the WAN. Otherwise, someone who really wants to can eventually sniff and break the encryption, and use your pipe for anything they want. As a note, if the intended home environment happens to have metal siding of any type, this can REALLY kill your ability to use WiFi out in your yard. On the other hand, it makes it really difficult for someone to pick up your WiFi signal from across the street, as well. Old wiring and proximity to a microwave transmission tower can also have all sorts of interesting effects. Remember, if you want to get it set up quick and dirty, set up the DMZ, don't worry about the IPSec for now and just go with the built-in encryption, and just get her online with a strong caution that anyone can drive down the street with a laptop and pick up anything she sends across it, so don't send credit cards or other financial data over the line. Then, when you've got time, go back and research, then implement the IPSec tunnel. WEP should be enough to fend off the simply curious for the time being, though turning off the WAP when she's not going to be using it might not be a bad idea. (Trips, busy weeks at work, etc.) George [EMAIL PROTECTED] wrote: I have done something similar but not using a DMZ. I simply added a second Private network for the WiFi network using a normal NIC and a Separate Wireless Access Point. Simply don't add any rules that will allow the two networks to interact into your shorewall rules and you have 2 independent, isolated internal networks both of which have internet access through your firewall. The WiFi equipment we used had the capability to encrypt it's own communications which we implemented to ensure that other laptops could not be connected to the wireless network and use our satellite connection without permission. All of our gear was from Alloy. Andrew Gray -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Sean E. Covel Sent: Tuesday, 16 Dec 2003 06:19 To: [EMAIL PROTECTED] Cc: Leaf User List Subject: Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ??? Julian, On Mon, 2003-12-15 at 11:32, Julian Church wrote: Hi Sean On Mon, 15 Dec 2003 10:02:35 -0500, Sean E. Covel [EMAIL PROTECTED] wrote: Here is what I am proposing to do: Cable Modem - Bering -- (Private Network) Current PC (Windows XP) | --- DMZ -- WAP -- Laptop (Windows XP) The question is, of course, how to secure the WIFI and Laptop. I was hoping that the Laptop could establish an IPSEC connection through the WAP to Bering. Strange! That's exactly what I'm planning at home, except there are two laptops, both running Mac OS X (which has an IPSEC client built in. As far as I've determined by searching the internet, as long as your access point is set up as a transparent bridge, the IPSEC traffic will pass straight through. cheers Julian Since this needs to be up-and-running quickly, and I'm doing it in my spare time, I wanted to go the path of least resistance. How soon till you implement? I was hoping to learn from someone else's mistakes ;-). Don't want to be the trailblazer on this one. It just sounds too easy. Anyone actually done it? Even with 802.11a/b/g? --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org
RE: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
The list comes through! As usual! Thanks guys. Gotta go order some hardware... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher Harewood Sent: Thursday, December 18, 2003 6:48 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ??? Sean: I have a very similar setup to the one you propose. The only difference is that my internet is delivered via dialup instead of cable modem. Other than that (and that's a fairly small distinction), I've managed to get it up and running (with a goodish amount of help from the other list members). My laptop connection is IPsec encrypted through the WAP to the Bering box. It can communicate with other PCs on my lan (Win2K and Win98se) as well as surf the net. Without the IPsec auth, you can't even ping the box. Which is about the way I wanted it. If you search this list with my name, you'll see how I started, faltered, and ultimately succeeded. Any questions, just yell. I have one minor bug (can't see Bering weblet from laptop), but I'm sure I'll lick it in time. An unrelated hardware problem made me RMA my laptop. Once it's back, I'll give you specifics, if you desire. :Max --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371 op=click -- -- leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/l eaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] CABLE + WIFI + IPSEC + WINDOWS + BERING = ???
Julian, On Mon, 2003-12-15 at 11:32, Julian Church wrote: Hi Sean On Mon, 15 Dec 2003 10:02:35 -0500, Sean E. Covel [EMAIL PROTECTED] wrote: Here is what I am proposing to do: Cable Modem - Bering -- (Private Network) Current PC (Windows XP) | --- DMZ -- WAP -- Laptop (Windows XP) The question is, of course, how to secure the WIFI and Laptop. I was hoping that the Laptop could establish an IPSEC connection through the WAP to Bering. Strange! That's exactly what I'm planning at home, except there are two laptops, both running Mac OS X (which has an IPSEC client built in. As far as I've determined by searching the internet, as long as your access point is set up as a transparent bridge, the IPSEC traffic will pass straight through. cheers Julian Since this needs to be up-and-running quickly, and I'm doing it in my spare time, I wanted to go the path of least resistance. How soon till you implement? I was hoping to learn from someone else's mistakes ;-). Don't want to be the trailblazer on this one. It just sounds too easy. Anyone actually done it? Even with 802.11a/b/g? --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] lrpstat and shorewall
Off the top of my head, you need to be running the data gathering program. There is a script version and a compiled C program. You could use either one. It communicates with the Java applet over a port, I think its 1023 or 1024. You'll need to allow that through the firewall as well. Might be time to RTFM. http://leaf.sourceforge.net/devel/hejl/ Sean On Fri, 2003-11-21 at 04:33, Erich Titl wrote: Al At 23:53 20.11.2003 -0500, you wrote: I'm trying to get weblet w/lrpstat to work on a Bering 1.2. I have weblet working and I can access the netmon.html page correctly. However, it has no data. If I shutdown Shorewall data starts coming in. I thought they both used the same tcp 80 port but I guess not. I can only guess that a different port is used. Does anyone know what's going on? Only a guess, shorewall will flush its output buffers at shutdown. You will probably have to look at the way lrpstat implements the shorewall status. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Access files on internal machine
You could use sftp. sftp is basically FTP over ssh. That would get you to/from a Linux box. You could use Putty SFTP or some of the more GUI ftp clients are starting to support SFTP (CuteFTP, WS_FTP Pro (not LE)). On Thu, 2003-10-16 at 15:25, Ray Olszewski wrote: At 09:24 AM 10/16/2003 -0700, M Lu wrote: Hello all, From Bering router machine, I would like to read/write from/to some files on an internal machine (either Linux or MS Windows-Server). What is the best way to do that? As posed, this question is a bit too general to get a good answer. First, the answers for Linux and Windows are likely to be quite different. Second, what do you actually want to do? As a general matter, you have three options that I can think of, none of them very attractive in the context of LEAF/Bering. 1. Mount a remote filesystem on the LEAF router in one of the usual ways ... NFS or SMB. I don't *think* there are ready-made Bering packages for either (at least I can't find them in Jacques' package area), and probably the Bering kernel doesn't include support for these filesystems anyway. Were this a standard Linux-to-Linux problem, or Linux-to-Windows, I'd probably go this way. 2. Use an activity-specific client-server setup (like the one for remote syslog'ing). Whether this works for you depends on the specifics of what you want to do ... does a suitable pair of apps exist, and is the client one packaged for LEAF/Bering? 3. Use ssh to connect to the internal server from the LEAF router and do what you need to do. This is straightforward if you want to access those files from a standard command-line app (edit them with vi, for example) ... or at least it is straightforward for the LiEAF-to-Linux variant ... but messy if you want to run some other sort of updater over an ssh tunnel. --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Ftpd-ssl behind Bering?
Jeff, I was surprised to see that both CuteFTP and WS_FTP Pro clients both support SFTP. You have to look around a bit to find it, but its there. Bummer to have to open a range. Luckily I only open FTP to a few Ips anyway. FTP/SSL is getting more and more popular (especially since HIPPA). I hope the netfilter guys do some work for it. Sean -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Newmiller Sent: Monday, October 13, 2003 2:57 AM To: Sean Cc: 'Leaf-User' Subject: Re: [leaf-user] Ftpd-ssl behind Bering? On Fri, 10 Oct 2003, Sean wrote: I have an FTP/SSL server behind a Bering firewall. Problem is this: Oct 9 20:02:57 firewall Shorewall:net2all:DROP: IN=eth0 OUT= MAC=00:03:47:08:40:1a:00:30:7b:fa:18:a8:08:00 SRC=204.60.67.237 DST=12.243.231.253 LEN=44 TOS=00 PREC=0x00 TTL=112 ID=57030 DF PROTO=TCP SPT=22656 DPT=32960 SEQ=1959109775 ACK=0 WINDOW=8192 SYN URGP=0 Oct 9 20:03:03 firewall Shorewall:net2all:DROP: IN=eth0 OUT= MAC=00:03:47:08:40:1a:00:30:7b:fa:18:a8:08:00 SRC=204.60.67.237 DST=12.243.231.253 LEN=44 TOS=00 PREC=0x00 TTL=112 ID=57542 DF PROTO=TCP SPT=22656 DPT=32960 SEQ=1959109775 ACK=0 WINDOW=8192 SYN URGP=0 The setup is this: 3 interface Bering. FTPD/SSL in a DMZ - 192.168.2.1. Port-forwarding port 21 to the DMZ. Connecting fails when it tries to connect the data channel. The connection works great from the private network to the DMZ. Ip_conntrack_ftp and ip_nat_ftp are loaded. A standard FTPD connection works just great. I know almost nothing about FTPD/SSL, but I know about FTP, and I know about SSL. I would have to say the chances of ip_conntrack_ftp or ip_nat_ftp helping in any way with FTPD/SSL would be very close to zero, since these modules depend on examination of the information exchanged over the control connection, which is what SSL is all about preventing. I think you will have to fall back on forwarding a specified range of ports for data connections and configuring your FTPD/SSL server to restrict itself to those ports. This is only effective for a relatively small number of connections per minute. SFTP (ftp over ssl) is a much more practical secure data transfer mechanism, since it uses only a single connection for all data transfer. Getting Windows users to use it may be a challenge at this time, though, because it is not a widely accepted protocol. -- - Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k -- - --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php -- -- leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/l eaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Ftpd-ssl behind Bering?
I have an FTP/SSL server behind a Bering firewall. Problem is this: Oct 9 20:02:57 firewall Shorewall:net2all:DROP: IN=eth0 OUT= MAC=00:03:47:08:40:1a:00:30:7b:fa:18:a8:08:00 SRC=204.60.67.237 DST=12.243.231.253 LEN=44 TOS=00 PREC=0x00 TTL=112 ID=57030 DF PROTO=TCP SPT=22656 DPT=32960 SEQ=1959109775 ACK=0 WINDOW=8192 SYN URGP=0 Oct 9 20:03:03 firewall Shorewall:net2all:DROP: IN=eth0 OUT= MAC=00:03:47:08:40:1a:00:30:7b:fa:18:a8:08:00 SRC=204.60.67.237 DST=12.243.231.253 LEN=44 TOS=00 PREC=0x00 TTL=112 ID=57542 DF PROTO=TCP SPT=22656 DPT=32960 SEQ=1959109775 ACK=0 WINDOW=8192 SYN URGP=0 The setup is this: 3 interface Bering. FTPD/SSL in a DMZ - 192.168.2.1. Port-forwarding port 21 to the DMZ. Connecting fails when it tries to connect the data channel. The connection works great from the private network to the DMZ. Ip_conntrack_ftp and ip_nat_ftp are loaded. A standard FTPD connection works just great. Thanks for your help, Sean --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] OT: Results of Internal Security Scan.
On Fri, 2003-08-08 at 15:27, Charles Steinkuehler wrote: Jay Langford wrote: Thanks charles, I am going to check out nessus as per seans suggestion... I think you'll be happier with the nessus results. Nmap is also good for raw port-scanning. Nessus uses Nmap for it's port scanner. Do you know if it is possible to change the ping results to make it look like it's a windows box? ICMP code in response 0 = Unix box If so would there be any side effects of doing this? ??? I'm confused. A ping (echo request, ICMP message type 8) should always be answered with an echo reply (ICMP message type 0). I don't think even Microsoft's TCP/IP stack has managed to screw this up. Also, all ICMP echo request/reply messages should have a message code of 0 (although some vendors co-opt the message code for specific services). Do you have a packet dump of the offending ping traffic? What would be the point of this? To hide your Linux box? There are many other ways to fingerprint a box. Responses to ping, deny/reject responses, IP ID field sequences, service responses. Just knowing a box is a Linux box doesn't really help you break in. Knowing (or hiding) that a box is running IIS doesn't help you that much either. Sure it narrows the number of exploits you have to try, but the attacks are scripted, so who care how long it takes, how many exploits are tried. Nessus has a setting so it will make assumptions based on its fingerprint findings. It scans faster that way. BUT, it misses stuff too. Better turn that one off. I had a point when I started this... Sean --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] OT: Results of Internal Security Scan.
Glad I could help. I have a 4 week old. I'm not very coherent most of the time right now. I miss sleep... On Sun, 2003-08-10 at 19:23, Jay Langford wrote: Sean, I think I had a point as well ... but both you and Charles have answered this question very well, and I will not be bringing it up again, the reason I was asking was infact to try and hide the fact that the box is a linux box, but as you've pointed out.. Its not much use... Charles, I don't have tcpdump available to me (not on this machine anyhowz == XP), but I was only really interested on the topic for the reason above (to hide the fact that it's a linux box). If you still want the packetdump let me know, and I'll run it this arvo.. Thanks --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] OT: Results of Internal Security Scan.
2 Comments: 1. The more locked-down a server is, the harder it is to finger print it. 2. Seems like a windows-centric scanner. Does it know how to spell Linux? You might want to look into NESSUS. nessus.org. Nice scanner. When it gets confused (due to a well locked-down server) it might ID it as Windows or Linux or BSD... It IDs Bering as Linux 2.4.x Sean On Wed, 2003-08-06 at 02:41, Jay Langford wrote: Hi Listers, This is a bit off topic, but i thought I would share the funny results I got back from an Internal Network Scan I performed earlier today... ( Note the 'on the internal network' - I was looking for internal security holes) The scan performed an OS detection as part of its audit of the network.. and this is what is returned for my bering box (*confused look*) [XXX.XXX.XXX.XXX] NETBIOS/SMB is not enabled on this computer. Resolving XXX.XXX.XXX.XXX... UDP scanning thread started ... TCP scanning started ... 2 open port(s). Gathering banners ... 80 - Trying to determine web server type Server : Microsoft-IIS/5.0 | What the?? Operating System : Windows 2000 | Has anyone seen similar results in scans performed? ( f.y.i: I used GFI LANguard http://www.gfisoftware.com/lannetscan/ ) jay --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] dealing with a schizo dhcp client (replayTV)
Or do as 1,000s of other Shorewall users have done and add the 'dhcp' option to the eth1 entry in your /etc/shorewall/interfaces file. -Tom -- OK. Sorry if I overlooked the obvious. Like I said, it is actually configured with a static ip, like every other client on my network. These dhcpdiscover packets are bizzare artifacts resulting from one OS being built on top of a different OS inside the RTV. The RTV can even lock up on occasion if it can't find a dhcp servereven when configured as static. By forcing a fixed address in the dhcp server, I keep the RTV from assuming two separate addresses. It has worked very well for me for a while now. Since that part was working so well, I wasn't sure if the rejection of port 68 and 67 traffic was a bad thing or a good thing. --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] dealing with a schizo dhcp client (replayTV)
Maybe I don't have a problem, but at the very least, I hope my firewall logs don't have to fill up with rejected packets due to this issue. I have a replayTV 4k. These things have an awful dhcp implementation. They work most reliably when configured for a static IP but they still send out dhcp requests and sometimes forget their ip address or even appear to assume two different ip addresses at times. LEAF has actually been a godsend in that I can put a host line in dhcp.conf: host replay (hardware ethernet 00:80:45:31:16:26; fixed-address 192.168.1.1;} to force the replay to maintain it's address. I also remove 192.168.1.1 from the range of available dhcp addresses to assign. (the default range statement is changed to 192.168.1.2 192.168.1.199) But it looks like something isn't quite right. daemon.log looks like this sometimes: Jul 31 15:37:24 firewall dhcpd: DHCPREQUEST for 192.168.1.1 from 00:80:45:31:16:26 via eth1 Jul 31 15:37:24 firewall dhcpd: DHCPACK on 192.168.1.1 to 00:80:45:31:16:26 via eth1 Jul 31 15:37:24 firewall dhcpd: send_packet: Operation not permitted [repeat last three lines ~30 times], and then: Jul 31 21:37:43 firewall dhcpd: DHCPDISCOVER from 00:80:45:31:16:26 via eth1 Jul 31 21:37:43 firewall dhcpd: DHCPOFFER on 192.168.1.1 to 00:80:45:31:16:26 via eth1 Jul 31 21:37:48 firewall dhcpd: DHCPREQUEST for 192.168.1.1 from 00:80:45:31:16:26 via eth1 Jul 31 21:37:48 firewall dhcpd: DHCPACK on 192.168.1.1 to 00:80:45:31:16:26 via eth1 Jul 31 21:39:40 firewall dhcpd: DHCPDISCOVER from 00:80:45:31:16:26 via eth1 Jul 31 21:39:40 firewall dhcpd: DHCPOFFER on 192.168.1.1 to 00:80:45:31:16:26 via eth1 Jul 31 21:39:45 firewall dhcpd: DHCPREQUEST for 192.168.1.1 from 00:80:45:31:16:26 via eth1 Jul 31 21:39:45 firewall dhcpd: DHCPACK on 192.168.1.1 to 00:80:45:31:16:26 via eth1 Jul 31 21:39:46 firewall dhcpd: DHCPRELEASE of 192.168.1.1 from 00:80:45:31:16:26 via eth1 (not found) and shorewall.log has lots of these: Jul 31 06:59:26 firewall Shorewall:all2all:REJECT: IN=eth1 OUT= MAC=00:10:b5:0d:ff:b8:00:80:45:31:16:26:08:00 SRC=192.168.1.1 DST=192.168.1.254 LEN=280 TOS=00 PREC=0x00 TTL=64 ID=7166 PROTO=UDP SPT=68 DPT=67 LEN=260 Jul 31 06:59:36 firewall Shorewall:all2all:REJECT: IN= OUT=eth1 MAC=08:00:2b:e6:e4:3d:00:04:28:27:24:54:08:00 SRC=192.168.1.254 DST=192.168.1.1 LEN=328 TOS=00 PREC=0x00 TTL=64 ID=30051 DF PROTO=UDP SPT=67 DPT=68 LEN=308 I think I can figure out how to add a rule to stop shorewall from rejecting the bootpc and bootps packets. I just want to be sure they are safe to ignore. Are operation not permitted and not found just annoying or a sign of something bad? --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] dealing with a schizo dhcp client (replayTV)
Maybe I don't have a problem, but at the very least, I hope my firewall logs don't have to fill up with rejected packets due to this issue. I have a replayTV 4k. These things have an awful dhcp implementation. They work most reliably when configured for a static IP but they still send out dhcp requests and sometimes forget their ip address or even appear to assume two different ip addresses at times. LEAF has actually been a godsend in that I can put a host line in dhcp.conf: host replay (hardware ethernet 00:80:45:31:16:26; fixed-address 192.168.1.1;} to force the replay to maintain it's address. I also remove 192.168.1.1 from the range of available dhcp addresses to assign. (the default range statement is changed to 192.168.1.2 192.168.1.199) But it looks like something isn't quite right. daemon.log looks like this sometimes: Jul 31 15:37:24 firewall dhcpd: DHCPREQUEST for 192.168.1.1 from 00:80:45:31:16:26 via eth1 Jul 31 15:37:24 firewall dhcpd: DHCPACK on 192.168.1.1 to 00:80:45:31:16:26 via eth1 Jul 31 15:37:24 firewall dhcpd: send_packet: Operation not permitted [repeat last three lines ~30 times], and then: Jul 31 21:37:43 firewall dhcpd: DHCPDISCOVER from 00:80:45:31:16:26 via eth1 Jul 31 21:37:43 firewall dhcpd: DHCPOFFER on 192.168.1.1 to 00:80:45:31:16:26 via eth1 Jul 31 21:37:48 firewall dhcpd: DHCPREQUEST for 192.168.1.1 from 00:80:45:31:16:26 via eth1 Jul 31 21:37:48 firewall dhcpd: DHCPACK on 192.168.1.1 to 00:80:45:31:16:26 via eth1 Jul 31 21:39:40 firewall dhcpd: DHCPDISCOVER from 00:80:45:31:16:26 via eth1 Jul 31 21:39:40 firewall dhcpd: DHCPOFFER on 192.168.1.1 to 00:80:45:31:16:26 via eth1 Jul 31 21:39:45 firewall dhcpd: DHCPREQUEST for 192.168.1.1 from 00:80:45:31:16:26 via eth1 Jul 31 21:39:45 firewall dhcpd: DHCPACK on 192.168.1.1 to 00:80:45:31:16:26 via eth1 Jul 31 21:39:46 firewall dhcpd: DHCPRELEASE of 192.168.1.1 from 00:80:45:31:16:26 via eth1 (not found) and shorewall.log has lots of these: Jul 31 06:59:26 firewall Shorewall:all2all:REJECT: IN=eth1 OUT= MAC=00:10:b5:0d:ff:b8:00:80:45:31:16:26:08:00 SRC=192.168.1.1 DST=192.168.1.254 LEN=280 TOS=00 PREC=0x00 TTL=64 ID=7166 PROTO=UDP SPT=68 DPT=67 LEN=260 Jul 31 06:59:36 firewall Shorewall:all2all:REJECT: IN= OUT=eth1 MAC=08:00:2b:e6:e4:3d:00:04:28:27:24:54:08:00 SRC=192.168.1.254 DST=192.168.1.1 LEN=328 TOS=00 PREC=0x00 TTL=64 ID=30051 DF PROTO=UDP SPT=67 DPT=68 LEN=308 I think I can figure out how to add a rule to stop shorewall from rejecting the bootpc and bootps packets. I just want to be sure they are safe to ignore. Are operation not permitted and not found just annoying or a sign of something bad? --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] URGENT- Network Card Help
Sometimes I have to format the floppy 1.44 first, then I use WinImage to write the image to the floppy. Nice shiny new diskettes are always recommended for the larger formated floppies. Getting WinImage also lets you create a nice backup of your floppy once you get it working properly. Large formated floppies can be temperamental, so DO back it up once you have it all set. Having said that, I have a Dachstein box that's been running of a floppy for at least a year with minor changes now and then with no problems. After saying that, I better go back it up before it goes! ;-) On Wed, 2003-06-18 at 08:16, Aid Hamer wrote: I've tried it on 3 completely separate systems, with completely different Floppies, that all formatted FAT OK before. I did a reboot though on this system and it at least starts to write, so I now have an indicator the media is not good enough for it. Many thanks Erich -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Erich Titl Sent: 18 June 2003 12:51 To: [EMAIL PROTECTED] Subject: RE: [leaf-user] URGENT- Network Card Help Hi At 09:38 18.06.2003 +0100, you wrote: Many thanks for all your help but having a BIG problem writing the Win32 disk images to floppy, just keep getting an error. That applies to Bering 1.2, 1.1 and the stable release basically all the ones I've tried. Ran the image.exe on win2K and XP. Have you checked your drive and media ? HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html -- Sean E. Covel [EMAIL PROTECTED] --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering 1.1 partial backup issue
Well, If your talking to me... I have not tried Bering 1.1 yet. Keeping meaning to, but lots of other projects have popped up. First of all, Bering has not included the proper files to do a real partial backup. These files are called packagename.local. If the backup script can't find the .local file, it defaults to the .conf (which is often good enough). The only problem I have had with partial backups was when my .local files had some DOS cr/lf characters in them. The script would barf. Never seen the symptoms you are having... Wait, look at your syslinx.cfg file and make sure you are not loading a package twice. I've seen that confuse the backup scripts. Also, did you edit your /var/lib/lrpkg/backdisk file at all? You might want to attach that file to your next Email, and your /var/lib/lrpkg/ipsec.bktype file as well. These are the two files that control the backup. Sean On Mon, 2003-03-17 at 06:38, Jorn Eriksen wrote: Ahh - stupid me. Spending some time looking in the archives I found a similar problem. Sean - if U are there and U corrected the problem - do U mind posting the fix? Thanks Jorn - Original Message - From: Jørn Eriksen [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, March 15, 2003 9:49 PM Subject: [leaf-user] Bering 1.1 partial backup issue Hello there, It seams that there is a bug in the set backup type script in Bering 1.1 In my case IPsec is package no 13 so I use: # t 13 then the line for that package become: 18) ipseccdrom iso9660 As one can see the information on backup type completely go away. If I also try to set the destination everything go wrong. Any clues? Thanks Jorn --- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html -- Sean E. Covel [EMAIL PROTECTED] --- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Setting up First DMZ - Help Wanted
I'm trying to setup my first DMZ on Bering 1.0. I downloaded the Shorewall 3 Interface example and made the changes. I now have 2-2 port NICs in the firewall. I edited /etc/interfaces and added eth2 as 192.168.2.254. The result of ip addr is as follows: # ip addr 1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:03:47:08:40:1a brd ff:ff:ff:ff:ff:ff inet 12.243.231.253/25 brd 255.255.255.255 scope global eth0 4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:03:47:08:40:1b brd ff:ff:ff:ff:ff:ff inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1 5: eth2: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:03:47:08:4a:d6 brd ff:ff:ff:ff:ff:ff inet 192.168.2.254/24 brd 192.168.2.255 scope global eth2 6: eth3: BROADCAST,MULTICAST mtu 1500 qdisc noop qlen 100 link/ether 00:03:47:08:4a:d7 brd ff:ff:ff:ff:ff:ff So it appear to be setup. The problem is, I can't seem to communicate with the host on 192.168.2.1. DHCP wasn't working, so I gave the host a static address. (I did edit dhcpd.conf and the proper shorewall file to add dhcp). SSH responds: # ssh 192.168.2.1 ssh: connect to host 192.168.2.1 port 22: No route to host # ip route 12.243.231.128/25 dev eth0 proto kernel scope link src 12.243.231.253 192.168.2.0/24 dev eth2 proto kernel scope link src 192.168.2.254 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254 default via 12.243.231.129 dev eth0 # ping 192.168.2.254 PING 192.168.2.254 (192.168.2.254): 56 data bytes 64 bytes from 192.168.2.254: icmp_seq=0 ttl=255 time=0.8 ms 64 bytes from 192.168.2.254: icmp_seq=1 ttl=255 time=0.6 ms # ping 192.168.2.1 PING 192.168.2.1 (192.168.2.1): 56 data bytes --- 192.168.2.1 ping statistics --- 7 packets transmitted, 0 packets received, 100% packet loss The box at 192.168.2.1 was previously on the 192.168.1 network and responded to ping, ssh, vnc, etc.. Any hints? Need anymore details? -- Sean E. Covel --- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] upgrading procedures
The easiest way (in my mind) is to use a CDRom and do partial backups on floppies. In most cases an upgrade involves putting a new CDRom in the drive and rebooting. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Alex Rhomberg Sent: Tuesday, February 18, 2003 6:00 PM To: Fabrice CHARLEUX; [EMAIL PROTECTED] Subject: AW: [leaf-user] upgrading procedures I was wondering what was the best way to upgrade to each new Bering version. - Retyping the configurations files from the previous ones (in case there are major changes in the config files) - Backing up the previous config files and copy them back to the current version - upgrading the current configuration with each new LRP manually - other ways ? I wrote some scripts for that, which should make upgrading and maintaing multiple firewalls really easy, if you have a linux / unix box with root access (could also be virtual): diffleaf: Show all the differences between your installed packages and the default packages, i.e. the configuration files you edited. makeleaf: Combine custom configuration files (normally few) with the standard packages to get a pre-configured firewall The packages are now available in the patches section (look for patches by alexrh) while I'm hoping for developer access. As soon as I get that, I shall upload a much improved version including e.g. automatic resolving of kernel module dependencies. Cheers Alex --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering/Shorewall vs. Dachstein
I'd be more than willing to help debug this. I have both the Dachstein and Bering firewalls setup, I just switch the cables and I'm set to go. If you want specifics of the setups, tell me what you need and I'll send it to you. Eyeball Chat says it does NOT use H323 (is that the correct number?) video conferencing protocol, so I'm not sure that Dachstein's ipmasq setting would have helped. I am using the Dachstein CD 1.02. I added some rules for SSH and VNC. I did nothing specific for Eyeball Chat. I can send whatever config files you might want. I was using Bering Stable, with Shorewall 1.3.12a. I upgraded the shorewall to 1.3.14 last night. I haven't tried Eyeball since the upgrade. I used the 2 nic version and added some DNAT for ssh and VNC. Let me know what you want me to log on each firewall and I'll give it a go. I'd like to avoid opening ports, esp. since its a p2p app, and who would I open them for? My inlaws are on dial-up. I've seen posts on Google Groups of users saying it just worked through their firewall when other apps didn't. What I like is that it compresses video and audio so it is usable on a dial-up connection. Ray, I'll attempt some connections tonight (If I get a chance) and send the output from Dachstein and Bering that you suggested. Sean There is something that we are missing here regarding the difference between his Dachstein and Bering configurations. Not only would these high ports have to have been open but they would have to have been forwarded to the internal machine running his P2P application. That would have required an explicit configuration action on his part. I *think* this assertion is incorrect. The firewall paper Sean referred us to *seems* to be describing a workaround for exactly this requirement. I don't fully understand how they do it (either the paper intentionally omits some key technical detail, or I just missed it). Lynn's suggestion above, a more succinct expression of the thought I talked about in rambly form, is probably closer to the target. The exception would be if the application is built on some standard technology like IRC where a masquerade module is available on Dachstein but not on Bering. --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering/Shorewall vs. Dachstein
BTW, I did send Eyeball Chat a help request, but since it is free software, I'm not holding my breath. I'm willing to pursue this just to see if this magic silver bullet they have going actually works. Strange that they have instructions on how to blow holes in your firewall (static patch) if their magic firewall approach works so well... On Wed, 2003-02-12 at 09:37, Tom Eastep wrote: Sean E. Covel wrote: I'd be more than willing to help debug this. I have both the Dachstein and Bering firewalls setup, I just switch the cables and I'm set to go. If you want specifics of the setups, tell me what you need and I'll send it to you. Under Bering: a) shorewall reset b) Try to connect c) shorewall status /tmp/status d) Send us the /tmp/status file. Eyeball Chat says it does NOT use H323 (is that the correct number?) video conferencing protocol, so I'm not sure that Dachstein's ipmasq setting would have helped. Something clearly did. I am using the Dachstein CD 1.02. I added some rules for SSH and VNC. I did nothing specific for Eyeball Chat. I can send whatever config files you might want. They won't mean anything to me but they probably will to Ray. I was using Bering Stable, with Shorewall 1.3.12a. I upgraded the shorewall to 1.3.14 last night. I haven't tried Eyeball since the upgrade. I used the 2 nic version and added some DNAT for ssh and VNC. Let me know what you want me to log on each firewall and I'll give it a go. I'd like to avoid opening ports, esp. since its a p2p app, and who would I open them for? My inlaws are on dial-up. The ultimate solution is probably going to be that you will have to forward some additional ports. If that's unacceptable to you then we may as will not persue this. -Tom -- Tom Eastep\ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ [EMAIL PROTECTED] --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering/Shorewall vs. Dachstein
Tom, I'm a complete iptables noob, and you are obviously an expert at this point. Eyeball Chat does claim that it works with iptables. Is the connection tracking table a recent addition? Can you think of what might have to be done for it to work with iptables? If they ever get back to me about this, I'll be sure to let you know! Sean On Wed, 2003-02-12 at 10:13, Tom Eastep wrote: Sean E. Covel wrote: BTW, I did send Eyeball Chat a help request, but since it is free software, I'm not holding my breath. I'm willing to pursue this just to see if this magic silver bullet they have going actually works. Strange that they have instructions on how to blow holes in your firewall (static patch) if their magic firewall approach works so well... I just read their Magic Bullet paper and I think that it works with Dachstein because on Dachstein (as with Seawall), the Masquerade Port Range is left open by the firewall. This allows incoming SYN packets to sail right through the firewall AND will even route it to the correct internal system. It is a cute trick except that it is based on being able to exploit the primative capabilities of ipchains. That little trick will not work with Shorewall because the NetFilter connection tracking table identifies connection endpoints by (ip,protocol,port) rather than just by (protocol,port). So just because EyeBall running on 192.168.12.12 is connected to the EyeBall server via external address w.x.y.z and port P doesn't mean that EyeBall user at address a.b.c.d can open port P on w.x.y.z and be able to successfully connect through the firewall to 192.168.12.12. -Tom -- Tom Eastep\ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ [EMAIL PROTECTED] --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering/Shorewall vs. Dachstein
So, after much discussion, is there anything specific you would like me to do Shorewall before I gather statistics? I can shut off all my other machines and turn on/off everything/nothing, logg everything...whatever. Just let me know what. How about Dachstein? I'll be making my attempt in about 3 hours (8:30 est) after the young one goes to bed. I've got to find a patient relative who will put up with my trouble-shooting. Let me know, Sean -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom Eastep Sent: Wednesday, February 12, 2003 3:46 PM To: Ray Olszewski Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] Bering/Shorewall vs. Dachstein Tom Eastep wrote: Ah -- yes, now I see what you are getting at. Yet, it's apparently not working I'm trying to keep up with this thread while at the same time following a distributed training exercise on another monitor. During the lunch break, I got a chance to look at what Ray wrote more closely :-) One other thing to remember is that because Netfilter tracks (ip,protocol[,port]), it usually doesn't have to remap ports the way that ipchains does. So the external port shouldn't change when the peers switch from sending to the server to sending to their opposite. -Tom -- Tom Eastep\ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering/Shorewall vs. Dachstein
Thanks for your responses. After spending more time on their website, sarcasm I discovered their Any-Firewall-Whitepaper where it states that I actually don't have a problem since their technology works transparent to firewalls and NAT./sarcasm Lynn, you are correct. There are some high UDP ports, but according to their white-paper, these are only outgoing connections. Since it's a peer-to-peer connection, I'm not sure how both parties can have outgoing connections, and no incoming connections...but its obviously some highly advanced technology! What's my exposure when opening those TCP and UDP ports? I'm VERY new to iptables, so be gentle. Thanks, Sean Snip--- The solution was posted on their website. Apparently by default it uses dynamic UDP and TCP but there is a static port patch for v2.2 located here: http://www.eyeballchat.com/download/patches/fixed_ports_patch22.reg Then you need to open up these ports: - UDP ports 5700, 5701 and 5702 and - TCP ports 5500 and 5501. Eyeball Chat should then work correctly. snip--- I use an app, EyeBall chat, to video chat to relatives. It worked just fine under Dachstein. It is NOT working under Bering. It appears the app uses a number of dynamic UDP and TCP connections for the audio/video portions of the chat. I didn't see anything in the shorewall logs that was helpful. Anyone got any thoughts? Snip--- I would imagine that since it worked with Dachstein, there was probably some high port UDP traffic that iptables stops with conntrack (statefule connection tracking). -- ~Lynn Avants Linux Embedded Firewall Project developer http://leaf.sourceforge.net --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering/Shorewall vs. Dachstein
I have been using Dachstein for a few years. I recently decided to give Bering a try. I use an app, EyeBall chat, to video chat to relatives. It worked just fine under Dachstein. It is NOT working under Bering. It appears the app uses a number of dynamic UDP and TCP connections for the audio/video portions of the chat. I didn't see anything in the shorewall logs that was helpful. Anyone got any thoughts? Thanks, Sean p.s. www.eyeballchat.com if you want to see their software. I guess there is a way to restrict the app to some static ports, but i'm not to sure about opening ports to just anyone. --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering partial backup not working (was: Bering2.4.18 CD)
That was it! I'll post the new .local files and an iso in a day or two. Thanks to everyone for their help. Todd, thanks for the .local files, even the ones with the cr/lf's in there ;-) Sean -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Sean E. Covel Sent: Monday, February 03, 2003 3:15 PM To: Brad Fritz Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] Bering partial backup not working (was: Bering2.4.18 CD) sc Good point. I couldn't find them either so I emailed Todd. I'll sc host them. I'm not sure if you want to help, or if you just want sc the files ;-), but here they are. I also posted my ISO in case sc someone wants to do some debugging. sc sc The files are here: sc sc http://leaf.sourceforge.net/devel/scovel Looks like there are carriage returns in the .local files that are causing problems with the grep at ~101 of lrcfg.back.script . Try the versions I sterilized with dos2unix and sent you offlist and let us know if that fixes the problem. --Brad Shame on me! I'll bet that's it. I was planning on spending some time tonight debugging the script, but I'll give the dos2unix command a shot first and save myself the time. I'll let you all know if it works. If it does, I'll post a new (Unix) version of the files, and my ISO as well in case someone wants it. Sean --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering partial backup not working (was: Bering2.4.18 CD)
sc Good point. I couldn't find them either so I emailed Todd. I'll host sc them. I'm not sure if you want to help, or if you just want the files sc ;-), but here they are. I also posted my ISO in case someone wants to sc do some debugging. sc sc The files are here: sc sc http://leaf.sourceforge.net/devel/scovel Looks like there are carriage returns in the .local files that are causing problems with the grep at ~101 of lrcfg.back.script . Try the versions I sterilized with dos2unix and sent you offlist and let us know if that fixes the problem. --Brad Shame on me! I'll bet that's it. I was planning on spending some time tonight debugging the script, but I'll give the dos2unix command a shot first and save myself the time. I'll let you all know if it works. If it does, I'll post a new (Unix) version of the files, and my ISO as well in case someone wants it. Sean --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering 2.4.18 CD
More info, I created a Bering floppy, booted it, then copied the .local files in /var/lib/lrpkg and did a full backup of everything. I then used those full backups as the contents of my Bering ISO. It boots just fine, will do a full backup to floppy just fine, but partial backups always fail. Same errors as last time. It would appear that the partial backup is broken? Here are the errors again: : No such file or directoryt: \tar: etc : No such file or directorype : No such file or directoryl tar: Error exit delayed from previous errors I'm using Bering 1.0 stable 1680 floppy as my source. Created my own initrd from that floppy. Thanks for your help, Sean -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Sean E. Covel Sent: Friday, January 31, 2003 8:49 AM To: Brad Fritz Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] Bering 2.4.18 CD On Thu, 2003-01-30 at 22:34, Brad Fritz wrote: Sean, On Thu, 30 Jan 2003 19:16:58 EST Sean wrote: I created new .lrp files with the correct path (no ./etc) and I'm still having the tar problem. Anyone have any thoughts? I'm using the Bering 2.4.18 diskette contents and the excellent directions on the LEAF website to create the CD. It boots fine, reads the CD and the floppy just fine, it just won't do partial backups. Can you provide a link to or post the etc.local file? I looked at the two patches from Todd: https://sourceforge.net/tracker/?func=detailatid=313751aid=668842grou p_id=13751 https://sourceforge.net/tracker/?func=detailatid=313751aid=668889gr oup_id=13751 but didn't see the files, only the description of the patch. --Brad Good point. I couldn't find them either so I emailed Todd. I'll host them. I'm not sure if you want to help, or if you just want the files ;-), but here they are. I also posted my ISO in case someone wants to do some debugging. The files are here: http://leaf.sourceforge.net/devel/scovel Sean --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering 2.4.18 CD
On Thu, 2003-01-30 at 22:34, Brad Fritz wrote: Sean, On Thu, 30 Jan 2003 19:16:58 EST Sean wrote: I created new .lrp files with the correct path (no ./etc) and I'm still having the tar problem. Anyone have any thoughts? I'm using the Bering 2.4.18 diskette contents and the excellent directions on the LEAF website to create the CD. It boots fine, reads the CD and the floppy just fine, it just won't do partial backups. Can you provide a link to or post the etc.local file? I looked at the two patches from Todd: https://sourceforge.net/tracker/?func=detailatid=313751aid=668842group_id=13751 https://sourceforge.net/tracker/?func=detailatid=313751aid=668889group_id=13751 but didn't see the files, only the description of the patch. --Brad Good point. I couldn't find them either so I emailed Todd. I'll host them. I'm not sure if you want to help, or if you just want the files ;-), but here they are. I also posted my ISO in case someone wants to do some debugging. The files are here: http://leaf.sourceforge.net/devel/scovel Sean --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering 2.4.18 CD
I have created a Bering CD and am attempting to do some partial backups. I go the .local files from Todd Pearsall and added the .local files to the full .lrp files using tar, gunzip, gzip, you know, all the standard utils. I added these new packages to my CD and booted. I changed my backup type and destinations, and tried to backup etc. I got the following errors: q) quit --- Selection: b 3 : No such file or directoryt: \tar: etc : No such file or directorype : No such file or directoryl tar: Error exit delayed from previous errors New Package: -rw-r--r-- 1 root root 29 Jan 29 21:47 /tmp/etc.lrp Old Package: -rw-r--r-- 1 root root 29 Jan 29 21:47 /var/lib/lrpkg/mnt/etc.lrp Any thoughts? The only strangeness I saw was when I had created the new .tar files the paths were ./etc/somefile and the old paths were etc/somefile Thanks, Sean --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] system logs on a bering box
I have a typical two interface bering box set up based on a p200 and a nice ide flash card reader. The flash card is an 8mb card so lots of space. However when i try to look at the logs via the weblet it says that the most of the logs are not readable. Is this something i've misconfigured? Is there another way to read the logs by connecting to the firewall and issuing a command? regards Sean --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] sshd
On Sun, 2002-09-29 at 13:15, Erich Titl wrote: Steve wrote the following at 08:27 29.09.2002: I am trying to set up sshd in Bering. I have loaded the sshd.lrp and libz.lrp packaged and have generated my keys ,but when sshd is run it complaines that is cannont find libnsl.so.1 file. I've done a few searches and can not find where this file might be or where I can download it from. Any suggstions? Regards. Where did you take your sshd.lrp from. I have sshd on bering running on bering without libnsl. IIRC I got mine from Jacques Nilo's packages SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html you have loaded libz.lrp and declared it in syslinux.cfg haven't you. regards sean coogan --- This sf.net email is sponsored by: DEDICATED SERVERS only $89! Linux or FreeBSD, FREE setup, FAST network. Get your own server today at http://www.ServePath.com/indexfm.htm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] DnsCache
I'm using Dachstein. TinyDNS is on the CD. Guess I'll try to set it up. Thanks for the pointers! Another question: Is this a GOOD IDEA? It can be done, but should it be done? Thanks, Sean -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of H. D. Lee Sent: Tuesday, September 24, 2002 8:27 PM To: Leaf-User Subject: Re: [leaf-user] DnsCache On 2002.09.24_19:27:55_+, [EMAIL PROTECTED] wrote: Is there any way to pre-load the dnscache with some entries? Like telling it that *.doubleclick.* and *.x10.* are 127.0.0.1? As Charles and Britz suggested, use tinydns and dnscache to achieve that. Please also note that to run tinydns and dnscache on one machine, you got to have two different IP addresses. It is fine to have either dnscache or tinydns to listen to the loopback (127.0.0.1) address, but only localhost can query that. See: http://cr.yp.to/djbdns/faq/orientation.html#programs Useful links: http://www.leaf-project.org/devel/jnilo/tinydns.html http://cr.yp.to/djbdns.html http://www.lifewithdjbdns.org Start with the first, it should get you on the right track. Also note that Bering tinydns package have configuration specific to itself. I am talking about /etc/tinydns-private/env/DOMAINS file. It will automatically create the appropriate files in /etc/dnscache/root/servers and have dnscache send query to local instead of querying the Internet for the domains. TIA Sean HTH -- H. D. Lee --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering: Multiple External IP's on a single LEAF box... is it possible???
Hello all, I'm currently helping a friend setup Bering-rc3. He has a DSL modem (Fujitsu Speedport) and a block of 5 IP's provided by his ISP. Is it possible to configure a Bering box -or any LEAF distro- with two NIC's (eth0...Internet eth1...Intranet) so that eth0 can handle requests from the 5 external IP's? ... albeit a module, lrp package, configuration, or anything else. At the moment, Bering is fully functional can -through Shorewall- DNAT connections to the FTP server and WWW server... but this is only for 1 static external IP. Any information provided would be greatly appreciated. Thank you very much! -Sean --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bering 1.0-rc2 sshd 3.2.3p1
Hello, Does anyone know of a sshd.lrp (much smaller than 326k) that could work with Bering 1.0-rc2? After removing unnecessary packages modules, I have around 220k to play with. I ask because I've been using EigerStein with a sshd.lrp that is about half of the size (161k). It's great because I can cram everything I need onto one floppy disk (which I need since I only have a 1-floppy LRP box, w/o monitor, video card, or keyboard, that I connect to via ssh). Thank you very much! -Sean Bringing you mounds of caffeinated joy http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Dachstein-CD update
This is an update on my progress. 1. diskfree.sh - This may take awhile to incorporate, on the back burner for the moment. 2. MAC script change(modules/modutils) *DONE! 3. p9100.lrp if Bihn Do tests it and lets me know *DONE! Added p9100 and modified root.lrp to create lp0 and par0 4. Unknown Weblet updates - Waiting for more info. 5. the .lrp.lrp change *DONE! 6. Burn and Test it. * I am probably going to do a personal test CD tomorrow. My confidence in my Linux/LEAF development skills is low at the moment. Better test, test, test. To Lynn and all, I'm really in no rush to get this out the door. The original intent of this update was to get the newer OpenSSH packages out there. This was based on a Nessus scan I ran against one of my firewalls. The only vulnerabilities that showed up were weblet (crashed, restarted a lot of processes) and OpenSSH. Obviously there is a lot of pent-up demand for more changes. I'm willing to coordinate further changes, but with the understanding that my last Unix development was on a HP9000 a few years back. Been doing Microsoft development since then. For the really complicated stuff (like Michael's diskfree.sh) its going to take a certain amount of hand-holding. I do have 2 firewalls running, a Slink box, and a RedHat 7.2 box. I can do some compiling and some development if needed. I have compiled apps for both machines, and updated the kernel on the Slink box once or twice, so I'm not a complete nubie. Sean ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Dachstein-CD update
Ok, This is turning into a project... The bind I have is bind-8 from Charles' files. I'm sure its a bad one. If someone gives me a good one I'll put it on the CD. I'll work on the diskfree.sh but if Michael wants to give me a diff, that would be great! I'll do the MAC address change. I updated the wanpipe modules. Hey, was that a test? The file has an extension of TGZ but its not a gzipped tar file. Its just a tar file. FYI, it only took me a little while to figure that out ; ) If you test the p9100.lrp and let me know, I'll add it. What Weblet updates. Throw me a bone guys... apkg, forget it! As far as I can tell from looking at oxygen and the NUMEROUS threads back-and-forth between David and Charles, this is a BIG change. Besides, it never pays to get Charles talking about the .lrp format... So, as far as I can tell I have a few TODOs left: 1. diskfree.sh 2. MAC script change 3. p9100.lrp if Bihn Do tests it and lets me know 4. Unknown Weblet updates (I hope your talking about a .lrp you already packaged up for us...) 5. the .lrp.lrp change 6. Burn and Test it. Did I miss anything? Sean -Original Message- From: Charles Steinkuehler [mailto:[EMAIL PROTECTED]] Sent: Friday, June 14, 2002 10:55 AM To: Sean; [EMAIL PROTECTED] Subject: Re: [leaf-user] Dachstein-CD update I have added all the new packages as requested so far and included bind-8 as well (someone asked for it a long time ago in leaf-user). Which bind version? IIRC, there are known security problems with all the bind's currently packaged for LRP. I added the two sample .cfg files. I updated the ssh* lrps. I updated the changes.txt and am in the process of updating the README.txt. I removed the old ssh1 packages. Sounds good I'll make the script update over the weekend. Monday night I'll stop taking new orders and Tuesday night you should have a shiny new Dachstein-CD. Great. Since it sounds like you're going to be updating root (for the lrpkg -i fix), I may throw some stuff your way if I get time. Also, please note that Michael D. Schleif has done a good job of re-working the disk free-space checks (http://leaf.sourceforge.net/devel/helices/scripts/diskfree.sh). I was planning on incorperating his updates into the next release. You might check with him if you feel up to tackling the merge, or maybe you can get him to help... NOTE: Updating root.lrp is a bit trickier than any of the other packages, since it's contained in the floppy boot image, as well as the CD-ROM root directory with all the other packages (mainly for convience). I usually copy an updated root.lrp to my CD-ROM contents folder on my development machine (just as you would for any other package file), then copy it to the floppy boot image file (which is mounted using a loop-back device, ie: mount -t msdos -o loop path/boodisk.bin /mnt). Finally, remember to unmount and touch the bootdisk image, since the time/date stamp is *NOT* updated when you write to the file via the loop-back device. Shall I call it v1.0.3? I'd call it v1.0.3 or v1.0.3rc1 (release candidate 1), depending on confidence level :) Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Dachstein-CD update
Michael, diskfree.sh Ok, I'll bite. I think I must have missed this thread. Where is this supposed to go? What was this supposed to fix? I'm trying to add it to the new CD. Thanks, Sean -Original Message- From: Charles Steinkuehler [mailto:[EMAIL PROTECTED]] Sent: Friday, June 14, 2002 10:55 AM To: Sean; [EMAIL PROTECTED] Subject: Re: [leaf-user] Dachstein-CD update I have added all the new packages as requested so far and included bind-8 as well (someone asked for it a long time ago in leaf-user). Which bind version? IIRC, there are known security problems with all the bind's currently packaged for LRP. I added the two sample .cfg files. I updated the ssh* lrps. I updated the changes.txt and am in the process of updating the README.txt. I removed the old ssh1 packages. Sounds good I'll make the script update over the weekend. Monday night I'll stop taking new orders and Tuesday night you should have a shiny new Dachstein-CD. Great. Since it sounds like you're going to be updating root (for the lrpkg -i fix), I may throw some stuff your way if I get time. Also, please note that Michael D. Schleif has done a good job of re-working the disk free-space checks (http://leaf.sourceforge.net/devel/helices/scripts/diskfree.sh). I was planning on incorperating his updates into the next release. You might check with him if you feel up to tackling the merge, or maybe you can get him to help... NOTE: Updating root.lrp is a bit trickier than any of the other packages, since it's contained in the floppy boot image, as well as the CD-ROM root directory with all the other packages (mainly for convience). I usually copy an updated root.lrp to my CD-ROM contents folder on my development machine (just as you would for any other package file), then copy it to the floppy boot image file (which is mounted using a loop-back device, ie: mount -t msdos -o loop path/boodisk.bin /mnt). Finally, remember to unmount and touch the bootdisk image, since the time/date stamp is *NOT* updated when you write to the file via the loop-back device. Shall I call it v1.0.3? I'd call it v1.0.3 or v1.0.3rc1 (release candidate 1), depending on confidence level :) Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Dachstein-CD update
I can do that I guess. Give me an excuse to get my hands dirty in Linux. Wasn't there some fixes for the mailing scripts? I thought that was a minor fix that might stop some major headaches. Can't seem to find it though. Sean -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Charles Steinkuehler Sent: Thursday, June 13, 2002 4:43 PM To: [EMAIL PROTECTED] Subject: Re: [leaf-user] Dachstein-CD update Extremely easy usability fix for /usr/sbin/lrpkg: http://www.geocrawler.com/lists/3/SourceForge/7325/175/8861202/ Yeah, this should be added if you feel up to re-packaging root.lrp. Note that the problem only occurs on MSDOS filesystems (where package.lrp.lrp is the same file as package.lrp). You get a file not found error on a real filesystem (like the cd-rom). Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Dachstein-CD update
I have added all the new packages as requested so far and included bind-8 as well (someone asked for it a long time ago in leaf-user). I added the two sample .cfg files. I updated the ssh* lrps. I updated the changes.txt and am in the process of updating the README.txt. I removed the old ssh1 packages. I'll make the script update over the weekend. Monday night I'll stop taking new orders and Tuesday night you should have a shiny new Dachstein-CD. Shall I call it v1.0.3? Sean -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Charles Steinkuehler Sent: Thursday, June 13, 2002 4:43 PM To: [EMAIL PROTECTED] Subject: Re: [leaf-user] Dachstein-CD update Extremely easy usability fix for /usr/sbin/lrpkg: http://www.geocrawler.com/lists/3/SourceForge/7325/175/8861202/ Yeah, this should be added if you feel up to re-packaging root.lrp. Note that the problem only occurs on MSDOS filesystems (where package.lrp.lrp is the same file as package.lrp). You get a file not found error on a real filesystem (like the cd-rom). Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [Leaf-user] Dach Floppy
ps was giving me nothing unusual. netstat -a gave me nothing helpful. Turns out I had the network.conf a little messed up for what I was trying to do. I have only eth0, but still was setting up an eth1. I suspect sshd was trying to start on eth1. Its all working now! Thanks to all of you who offered info. I know just enough Unix (and that's useland not admin) to get myself into trouble. Sean -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Matt Schalit Sent: Friday, January 11, 2002 3:35 PM To: [EMAIL PROTECTED] Subject: Re: [Leaf-user] Dach Floppy [EMAIL PROTECTED] wrote: BTW, that is a literal 0.0.0.0 in the debug output, not just me hiding my ip. Sean Ok, sshd -d (debug!) returns: Stuff More Stuff Bind to port 22 on 0.0.0.0 failed: Address already in use. Cannot bind any address. - This was Dach Floppy modified to be a static address. How can I tell what is using port 22 already? The 0.0.0.0 is fine, and it is telling the sshd to listen on port 22 on all ip addresses configured into the Os. (ie eth0 and eth1). As long as you have port 22 on eth0 blocked, you're not going to have anyone connecting from the external side. Thus running the sshd on 0.0.0.0 is safe enough. To find out if a server is running on a particular port, you use the netstat command: netstat -an or netstat -a if you have an interest in human readable names. What does ps tell you? Good Luck, Matthew ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] OT:SFTP on Slink
I copied the sftp.lrp from DCD 1.01 onto my Slink box. When I run sftp I get the following error: slink:~# sftp BUG IN DYNAMIC LINKER ld.so: dynamic-link.h: 53: elf_get_dynamic_info: Assertion `! bad dynamic tag' failed! slink:~# Ok, I'm pretty sure I'm missing a library, but how do I figure out what it is? thanks, Sean ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Bash on LEAF
Thanks for the heads-up! I'm running in 96MB, shouldn't be a prob. Just copied bc from my slink box to the Dach box so I can run SetiStats script. I'm running SETI@Home on my Dach box (since it does very little most of the time!) Sean -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Paul Rimmer Sent: Thursday, January 03, 2002 11:09 PM To: Sean E. Covel Cc: LEAF User List Subject: RE: [Leaf-user] Bash on LEAF Be aware that if you have a small memory footprint system (i.e. 16MB or less), there may be a problem with running bash. See the following list archive link for info: http://www.mail-archive.com/leaf-user@lists.sourceforge.net/msg01998.htm l If you have lots of memory then don't worry about it as I haven't seen anyone else report this. Cheers, Paul -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Peter Jay Salzman Sent: January 3, 2002 8:56 PM To: Sean E. Covel Cc: LEAF User List Subject: Re: [Leaf-user] Bash on LEAF yes, and it's *really* nice to have. pete begin Sean E. Covel [EMAIL PROTECTED] Is there a Bash shell for LEAF? Could there be? Thanks, Sean -- PGP Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D PGP Public Key: finger [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] ATT transition woes
I switched from ESB2 to Dachstein CD while the service (@home) was out. Left the machine on while I was at work. Came home, and it had connected when the service came back up, Like Magic, and I was all set to go! None of the BS configurator nonsense! Been running fine ever since! Sean -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Matt Schalit Sent: Friday, December 14, 2001 4:37 AM To: [EMAIL PROTECTED] Subject: Re: [Leaf-user] ATT transition woes gc wrote: I've got a standard configuration: home network behind a cable modem. I've been running an old Eiger distribution for the past year without issue. Then I got caught up in the big ATT migration last week and it screwed things up. Rather than troubleshoot such an old distribution, I figured I'd start over with the Dachstein v1.0.2 distribution. That's what I did for a friend. We had Oxygen running on his @Home rigged as a static IP setup even though it's dhcp. Then when they choked and became attbi (they never should have merged with the white elephant Excite), their dhcp is so touchy that I couldn't rely on the static rig, and I went for dhcp. Oxygen locked up during boot, after enabling the correct nic modules and rebooting. Doing the same on Dachstein rc2 gave him a perfectly working system. It was pretty spectacular, I must say. I followed the basic setup instructions, but it didn't fix my problem. Specifically, I can only ping a couple of hosts. Describe exactly what you did and what you saw, if it's still happeing and the DNS advice you got doesn't fix it. If I hook my win2k box directly to the cable modem, everything works fine. Yea yea. And if I suck Bill's cock, he might let me drink from the river of wealth. The suspipcious thing is that my win2k box uses different IP and gateway addresses than the LEAF router (even though both use DHCP). So, I'm thinkin it's some sort of DHCP configuration problem. Just so you know, it's common to get a new IP address and whatnot when you switch systems (and thus mac addresses) and get a new lease. I didn't have to touch a single dhcp setting to get my friend's attbi.com system in Petaluma, CA to work. I messed around with the dhcpclient settings with no success. One thing I wondered was if I needed to update the domain name somewhere (since it changed from home.com to attbi.com), but I couldn't find anything that looked relevant. I thought I was going to have to labor through something like that, but instead it was butter. Good Luck, Matthew Any other former excite@home users go through this? Anybody else have any thoughts? Thanks in advance. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] What is This
All these are blocked by rule #42. What is that rule? These log messages are from strange hosts. 80% of them don't resolve to a real hostname. All the packets you listed are tcp packets with no SYN flag, meaning they are theoretically responses to some tcp dns request your machine made. Because they are all response packets, I'm not sure what's going on. I don't know why you're getting responses from so many odd computers. The other strange thing, is that I would expect your firewall rules to allow response to outgoing TCP DNS requests. That's why I want to see rule 42. ipchains -L /tmp/myrules vi /tmp/myrules, find line 42, and post it. Here is the rule. My ruleset is standard Dachstein with only a couple of additions: 422795 124K DENY all l- 0xFF 0x00 eth0 0.0.0.0/00.0.0.0/0 n/a Searching the Internet turns up a number of scripts that scan port 53 for Bind. Let me know what you think. Sean ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] What is This
Victor, I believe you are correct. After reading the banter going back and forth, and recalling previous posts (about that DAMN X10 popup) I reviewed my log. The log entries are bursts of hundreds in the same few seconds. Must have been while I was on MyYahoo. I remeber getting then X10 and Casino popups. Is there anyway we can reverse SPAM them to stop this ridiculus traffic? Read this: http://www.cisco.com/warp/public/cc/pd/cxsr/dd/tech/dd_wp.htm This and another appliance called BIG/Ip could very well be the source of this traffic. Here is another one about an ISP using this technologu... http://lists.insecure.org/incidents/2001/May/0096.html And then to close the loop, The above ISP is using the cisco product... http://lists.insecure.org/incidents/2001/May/0159.html Nice huh? Sean -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Victor McAllisteer Sent: Sunday, December 09, 2001 8:30 PM To: leaf-user Subject: Re: [Leaf-user] What is This Matthew Schalit wrote: Victor McAllisteer wrote: This is some crazy method of geographic load balancing. A whole lot of boxes use TCP port 53 simultaneously to find out what part of the world. Victor, wouldn't the load balancing we've seen over the last months that hits port 53 by SYN traffic? Why are all his log entries refering to non-SYN traffic, i.e. responses? Matthew There was a lot of list traffic back in May on the LRP list concerning these port 53 weirdness. My understanding is that tcp port 53 to port 53 is usually a zone transfer. Leaf boxes running tiny DNS will not respond to tcp queries. I believe a number of list members analyzed this stuff using resources beyond just the log entries. It comes all at once from many different IPs. The same IPs always show up repeatedly in the space of a few seconds.. They fill the logs - often with 600 DENYs in a period of 10 seconds or less. Someone traced the ownership of the machines. Apparently it is some sort of proprietary method of determining which machine you are closest to geographically so they can serve up some pop up ad efficiently (for them). DENY (no response) doesn't seem to prevent the pop up ads. Perhaps if they can't get you to send them back a packet, they end up serving the pop up from some default machine. Those who pay for this technology should have their head examined. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user