Re: [leaf-user] Stumped trying to get Bering uClibc 2.2.0b4 interfaces to light up
John, what does your daemon.log/ppp.log say about pppd connection. John Desmond wrote: Friends- I've stared at this problem for several hours now and must admit I'm missing something very important but can't see it. I'm currently running Bering 1.0-rc3 on a 486 and have run EigerStein and LRP previously, so I've got several years of LEAF under my belt. I downloaded the stock uClibc 2.2.0b4 and made some configuration changes to bring up a PPPoE link with Verizon. I used my old configuration changes as guidance as I stepped through the Bering [ uClibc] Installation [ User] Guides. Everything boots up except eth0 and eth1 appear not to have TCP/IP bound to them and Shorewall spits and hisses about interfaces. The output of ping 127.0.0.1 is: - PING 127.0.0.1 (127.0.0.1): 56 data bytes ping: sendto: Network is unreachable - The output of ip link show is: - 1: lo: LOOPBACK mtu 16436 qdisc noop link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: BROADCAST,MULTICAST mtu 1500 qdisc noop qlen 1000 link/ether 00:10:4b:00:64:c4 brd ff:ff:ff:ff:ff:ff 4: eth1: BROADCAST,MULTICAST mtu 1500 qdisc noop qlen 1000 link/ether 00:60:08:08:78:81 brd ff:ff:ff:ff:ff:ff - Troubleshooting info follows. The strings in 3c509.o say: - kernel_version=2.4.26 description=3Com Etherlink III (3c509, 3c509B) ISA/PnP ethernet driver - so I seem to have the right compiled version of the ethernet card driver. syslinux.cfg is unchanged from stock. leaf.cfg looks like this: - LRP=root config etc local modules iptables dhcpcd shorwall ulogd dnsmasq dropbear weblet ppp pppoe PKGPATH=/dev/fd0u1680:msdos syst_size=6M log_size=2M - ls -l /lib/modules/3c509.o: - -rwxr-xr-x1 root root13632 Jul 3 10:21 3c509.o - 3c509.o is the first and only uncommented entry in /etc/modules until the PPPOE section, like in my current working /etc/modules. lsmod: - Module Size Used byNot tainted softdog 1508 1 ipt_state336 2 ipt_helper 464 0 (unused) ipt_conntrack820 0 ipt_REDIRECT 544 0 (unused) ipt_MASQUERADE 1056 0 (unused) ip_nat_irc 2152 0 (unused) ip_nat_ftp 2792 0 (unused) iptable_nat15716 2 [ipt_REDIRECT ipt_MASQUERADE ip_nat_irc ip_nat_ftp] ip_conntrack_irc2876 1 ip_conntrack_ftp3484 1 ip_conntrack 18312 2 [ipt_state ipt_helper ipt_conntrack ipt_REDIRECT ipt_MASQUERADE ip_nat_irc ip_nat_ftp iptable_nat ip_conntrack_irc ip_conntrack_ftp] pppoe 6732 0 (unused) pppox924 1 [pppoe] ppp_synctty 4632 0 (unused) ppp_generic16204 0 [pppoe pppox ppp_synctty] n_hdlc 5792 0 (unused) slhc4296 0 [ppp_generic] 3c509 8240 0 (unused) - dmesg shows the two 3c509's getting IRQs (which IIRC doesn't happen if 3c509.o isn't present): - Linux version 2.4.26 ([EMAIL PROTECTED]) (gcc version 2.95.3 20010315 (release)) #1 Sun Jun 6 11:44:34 CEST 2004 BIOS-provided physical RAM map: BIOS-88: - 0009f000 (usable) BIOS-88: 0010 - 0100 (usable) 16MB LOWMEM available. On node 0 totalpages: 4096 zone(0): 4096 pages. zone(1): 0 pages. zone(2): 0 pages. DMI not present. Kernel command line: BOOT_IMAGE=linux initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0 LEAFCFG=/dev/fd0u1680:msdos Initializing CPU#0 Console: colour VGA+ 80x25 Calibrating delay loop... 33.28 BogoMIPS Memory: 14004k/16384k available (973k kernel code, 1992k reserved, 111k data, 64k init, 0k highmem) Checking if this processor honours the WP bit even in supervisor mode... Ok. Dentry cache hash table entries: 2048 (order: 2, 16384 bytes) Inode cache hash table entries: 1024 (order: 1, 8192 bytes) Mount cache hash table entries: 512 (order: 0, 4096 bytes) Buffer cache hash table entries: 1024 (order: 0, 4096 bytes) Page-cache hash table entries: 4096 (order: 2, 16384 bytes) CPU: After generic, caps: 0003 CPU: Common caps: 0003 CPU: Intel 486 DX/2 stepping 05 Checking 'hlt' instruction... OK. POSIX conformance testing by UNIFIX PCI: System does not support PCI Linux NET4.0 for Linux 2.4 Based upon Swansea University Computer Society NET3.039 Initializing RT netlink socket Starting kswapd pty: 256 Unix98 ptys configured Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ DETECT_IRQ SERIAL_PCI enabled Real Time Clock Driver v1.10f Floppy drive(s): fd0 is 1.44M, fd1 is 1.44M FDC 0 is a post-1991 82077 RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize Initializing Cryptographic API NET4: Linux TCP/IP 1.0 for NET4.0 IP Protocols: ICMP, UDP, TCP, IGMP IP: routing
Re: [leaf-user] Name resolution (dnscache?) difficulty, on the firewall only - RESOLVED
freeman wrote: Victor: I'm replying back to the list because I have a couple of ancillary questions, and to share my successful experience ... Perhaps you intended your reply to go to the list, but the bummer reality is that the default reply is to the sender, not to the list :( Per below, Victor suggested: - I rename my eth1 eth2 to be eth0 eth1, respectively (since I have no eth0 otherwise); - I change my resolv.conf from: search lan nameserver 127.0.0.1 to instead be: nameserver 127.0.0.1 nameserver 192.168.1.254 Tells the fw to resolve using dns service listening on nameserver. The real answer is below. I figured that the eth0/1/2 naming _shouldn't _ matter (and would require my changing shorewall setup) so I just made the resolv.conf change and voila! we have a fix. So once again thank you to the list, and in particular to Victor! My piddly questions are these: - shouldn't having 127.0.0.1 in resolv.conf permit the fw itself to resolve from itself no differently than adding in 192.168.0.254 (addy of the fw's private-network interface?) The way I see it: 127.0.0.1 = the fw, and 192.168.0.254 = the fw, mais non? By default dnscache listens on 192.168.1.254. - do I care that I don't have a 'search lan' line in my resolv.conf? What does this do? I read up via 'man resolv.conf' but it didn't make much sense to me: perhaps because I don't quite understand what a domain search path is. Search will the useful when you setup Tinydns! Again, thanks to the list and to the LEAF developers. LEAF absolutely ROCKS! I'm going to be setting up a LEAF box at our office because our Linksys model:BEFSX41 is wonky. Newest firmware but IPSec is problematic, exposed ports are sometimes un-connectable, etc. scott; canada Victor McAllister wrote: freeman wrote: I'm running Bering 1.2 My ISP up and died on me so I'm getting by, having reconfigged my LEAF box to use the ppp (serial modem) package, instead of the pppoe/ppp package. As a consequence I have removed eth0 and now have ppp0 as the internet interface. eth1 = private LAN, eth2 = DMZ. I get assigned a dynamic IP address on ppp0, via the modem's dialing-in. With this changed setup the problem is that I can resolve DNS names when asked to do so by PC's that are on the private LAN and for the machine on the DMZ, too (e.g. ping www.yahoo.com resolves and pings fine). However I get the following msg if I try to do the same ping from the firewall itself: ping: www.yahoo.com: Host name lookup failure I've read the dnscache docs and sought on this leaf-user list for any hints but found none that have panned out. I had previously mentioned that I was playing with having a second copy of dnscache running (called dnscach2). I have removed that reference from lrpkg.cfg so that should not be an issue. As well, shorewall makes no complaints (i.e. log entries) about port 53 traffic, nor ICMP packets. Does anyone have any ideas? I fear that I've exhausted the documentation that's available (dnscache homepage, LEAF docs, google ...). Thanks for any help that might come my way. scott; canada Here's some config info that might shed some light: grep -v ^# /etc/network/interfaces auto lo iface lo inet loopback auto ppp0 iface ppp0 inet ppp provider provider auto eth1 iface eth1 inet static address 192.168.0.254 masklen 24 broadcast 192.168.0.255 when I do a dial in LEAF box - I change this to eth0 auto eth2 iface eth2 inet static address 10.0.0.254 masklen 24 broadcast 10.0.0.255 and this to eth1 I then make sure the dnscahe is listening on etho and eth1 did you put in a YES for dnscache forwarding - when you use a modem you should use forwarding and the ISPs DNS servers. grep -v ^# /etc/resolv.conf search lan nameserver 127.0.0.1 should say - otherwise the router has no where to look up names itself - although the clients do. nameserver 127.0.0.1 nameserver 192.168.1.254 grep -v ^# /etc/networks localnet127.0.0.0 grep 53 /etc/shorewall/rules | grep -v ^# ACCEPT dmz fw udp 53 ACCEPT fw net tcp 53 ACCEPT fw net udp 53 ACCEPT loc fw udp 53 grep -v ^# /etc/dnscache/env/IP 192.168.0.254 grep -v ^# /etc/dnscache/env/IPQUERY 192.168.0 127.0.0.1 --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click leaf-user mailing list
Re: [leaf-user] Statit Route
Your private ip is 10.12.1.2/24? Is there an interface for 10.12.1.0/24? Liew Toh Seng wrote: Hi my current leaf private ip is 10.12.1.2/24 and add in a static route 10.1.1.0/24 throught 10.12.1.1 but i can't access the 10.1.1.0/24 network what i should do for the shorewall --- Best Regards Liew Toh Seng Icq No: 36835809 MSN: [EMAIL PROTECTED] * .--. * |o_o | * |:_/ | * // * (| | ) * /'\_ _/` The Internet Solution Company * \___)=(___ My Directory Sdn Bhd --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Send-only qmail
From a post early year: -Original Message- From: Alex Rhomberg [mailto:[EMAIL PROTECTED] Sent: Thursday, February 13, 2003 10:20 AM To: Todd Pearsall; [EMAIL PROTECTED] Subject: AW: [leaf-user] Bering Ramdisk sizes How do I allocate more space to the /dev/root ram disk? The syst_size Parameter to the kernel, as described in the docs add it to the kernel start line in syslinux.cfg linux ... PKGPATH=/dev/hdc1 syst_size=20M ... etc. - Alex Shed. Gene Smith wrote: Shed. wrote: Gene Smith wrote: Here is the current df: Filesystem 1k-blocks Used Available Use% Mounted on /dev/root 6144 5196 948 85% / tmpfs1525616 15240 0% /tmp tmpfs 2048 1056 992 52% /var/log Eventually (maybe after 12-14 hours) /var/log went to 100% and at least one user unable to access web or their email via pop3 until I rebooted LEAF box. You can increase the memory allocated / with syst_size and /var/log with log_size by editing syslinux.cfg. default linux initrd=initrd.lrp syst_size=8M log_size=16M init=/linuxrc rw root=/dev/ram0 Hope this helps! Shed. Sorry to beat a dead horse, but according to the documentation: log_size= Defines the size of the /var/log directory. Default= 2M syst_size= Defines the size of the TMPFS filesystem. Default= 6M. tmp_size= Defines the size of the /tmp directory. Default= remaining available memory Which basically agrees with what I see with df. However, what do they mean by remaining avalable memory for the size of /tmp? I have a total of 32M ram in my LEAF box. The sum of the 3 ramdisk filesystems is approximately 24M. Does this mean the system allocates 8M for true RAM and allows me to partition the remaining 24M between the three fs's? That would make sense but I see no documentation specifying that 8M is the default for true RAM or if it can be adjusted too, but I have been known to miss things. :-) Anyhow, it appear that if I increase the size of /var/log and/or / I will automatically reduce the size of /tmp. /tmp usually seems to be empty except when I backup a package. Therefore it could be made quite a bit smaller as long as my largest possible package (I think it is ssh) fits into it during backup. Is that right? Thanks, -gene --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Send-only qmail
Gene Smith wrote: Yes, but that is not really my question. Let me rephrase: Here is my typical df output again. Filesystem 1k-blocks Used Available Use% Mounted on /dev/root 6144 5196 948 85% / tmpfs1525616 15240 0% /tmp tmpfs 2048 1056 992 52% /var/log The 1K-blocks add to approximately 24M. I have 32M of physical ram on my system. Where is the remaining 8M? Also, the documentation states: syst_size= Defines the size of the TMPFS filesystem. Default= 6M I am using the default. The 1k-blocks labeled tmpfs add to approximately 17M, while the /dev/root file system is about 6M. Should the documentation read: syst_size= Defines the size of the /dev/root filesystem. Default= 6M -gene Gene, I am not 100% sure that the docs is clear on this setting (syst_size). I have a similar setup to your, 32M of physical ram. Too utilize my ram made these changes 2 1/2 years ago. sys initrd=initrd.lrp syst_size=8M log_size=16M init=/linuxrc # df -k Filesystem 1k-blocks Used Available Use% Mounted on /dev/root 8192 5240 2952 64% / tmpfs1530012 15288 0% /tmp tmpfs16384 1496 14888 9% /var/log # uptime 10:29pm up 22 days, 15:19, load average: 0.00, 0.00, 0.00 A little overkill on /var/log but it helps when debugging. Hope this answers your question. Shed. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] syslinux.cfg not loading all packages
Is there max packages that can be loaded on default line in the syslinux.cfg file? (Bering 1_rc4) This is what I have: default linux initrd=initrd.lrp log_size=16M init=/linuxrc root=/dev/ram0 boot=/dev/fd0u1680:msdos PKGPATH=/dev/fd0u1680,/dev/fd1u1440 LRP=root,etc,local,modules,iptables, ppp,pppoe,shorewall,daemontl,dnscache,tinydns,libm,ntpsimpl,libz,sshd,sftp,ezipupd,weblet But it is only loading the following (per /var/log/messages and (#3)Packages list: LRP=root,etc,local,modules,iptables,ppp,pppoe,shorewall,daemontl,dnscache,tinydns,libm,ntpsimpl,li Any ideas? Shed. --- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] syslinux.cfg not loading all packages
Thanks for pointing this work around out, Brad. I hadn't looked at the CDROM section. But that fix things, thanks again. Shed Brad Fritz wrote: Shed, On Tue, 14 Jan 2003 09:35:08 EST Shed wrote: Is there max packages that can be loaded on default line in the syslinux.cfg file? (Bering 1_rc4) This is what I have: Not a package limit but there is a line length limit of 254 or 255 characters. default linux initrd=initrd.lrp log_size=16M init=/linuxrc root=/dev/ram0 boot=/dev/fd0u1680:msdos PKGPATH=/dev/fd0u1680,/dev/fd1u1440 LRP=root,etc,local,modules,iptables, ppp,pppoe,shorewall,daemontl,dnscache,tinydns,libm,ntpsimpl,libz,sshd,sftp,ezipupd,weblet But it is only loading the following (per /var/log/messages and (#3)Packages list: LRP=root,etc,local,modules,iptables,ppp,pppoe,shorewall,daemontl,dnscache,tinydns,libm,ntpsimpl,li Looks like yours is (at least) 261 characters, hence the truncation. You can work around that limitation by using a lrpkg.cfg file. Check out http://leaf.sf.net/devel/jnilo/bubooting.html#AEN1155 for details. (It's in an CD-ROM/isolinux booting section, but will work for floppy booting too.) --Brad --- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.NET email is sponsored by: Take your first step towards giving your online business a competitive advantage. Test-drive a Thawte SSL certificate - our easy online guide will show you how. Click here to get started: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] How to configure Bering 1.rc4 w/DMZ
Hi All Need help!! I have setup Bering successfully for the local network. But, don't know what is needed for the dmz to work. Internet | | L ppp0 (ip from ISP) E eth0 A |\ F | \ | \ B | \ (dmz) O | eth2:192.168.1.100 -- 192.168.1.101(80/25/443) X | | (loc) eth1:192.168.1.254 | | 192.168.1 network dnscache queries allowed from 192.168 /etc/shorewall/zones net Net Internet loc Local Local networks dmz DMZ Demilitarized /etc/shorewall/interfaces net ppp0 detect routefilter,noping loc eth1 detect routestopped dmz eth2 192.168.12.255 --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] /var/lib/shorewall/functions does not exist
I noticed the same error while backing up shorewall on rc4. This problem was not present in rc3. This is error echo on each backup attempt: Creating shorwall.lrp Please wait: |tar: var/lib/shorewall: No such file or directory tar: Error exit delayed from previous errors Afterwards, a successful backup takes place. Shed. Troy Aden wrote: Thanks for the quick response. My problem is occurring with the Bering rc4. I downloaded the image that was just released. I did not try to replace any existing files. I simply entered all of my information into the Configs. I am not sure if this is upgrading because I did not try and retain any files from rc3. This is based on a clean install of Bering Rc4. I found this link that alludes to the same problem that I am having. http://www.google.ca/search?q=cache:7DlfPCFeJc4C:mail.shorewall.net/pipermai l/shorewall-users/2002-July/001910.html+/var/lib/shorewall/functions+does+no t+existhl=enie=UTF-8 It was basically concluded in this post that this was a Bering specific problem with how it is backing up shorewall. I am not sure if this is a Bering bug or not. Any ideas? Troy -Original Message- From: Jacques Nilo [mailto:jnilo;users.sourceforge.net] Sent: Saturday, October 26, 2002 1:22 AM To: troy; [EMAIL PROTECTED] Subject: Re: [leaf-user] /var/lib/shorewall/functions does not exist Le Samedi 26 Octobre 2002 07:23, troy a écrit : What is the context ? Are you upgrading from rc3 to rc4 If yes what shorewall files did you try to keep ? Jacques I have done some reading and I know that others had this same issue with older versions of Bering/shorewall but I was unable to find a solution in any of the posts. I just entered all my configs into shorewall and backed up my changes. The first time that I attempted to back up everything using the L option, shorewall failed to back up. But the second try it backed up ok... The problem is when I reboot I get the following error and shorewall fails to load. If I look at the shorewall configs everything is there as it should be. I am not sure what happened here... snip /var/lib/shorewall/functions does not exist Terminated snip I know all of my configs are right because I copied them from my Bering rc3. (Which is working very well I might add. Thanks guys.) I was waiting for someone with a similar issue to ask the list for assistance but I guess I am alone here. Can anyone tell me what is happening here? Thanks in advance. Troy --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html