[leaf-user] Upgrade instructions
I sent a message a few weeks ago asking for clarification on upgrading from UClibc v 3.0.2 to the latest 3.1.1 beta CD version. I'm saving my settings to a floppy. Is there a clear set of upgrade guidelines anywhere in the documentation? If so, can you point me to it because I can't seem to find it. I've tried what I thought would work (booting with the CD, loading the modules into /lib/modules and trying to save to diskette) but it hasn't worked. No diskette is mounted and I can't find where the hell to change the target to the diskette. I know it must be something stupid that I'm overlooking. I tried booting with the configdb.lrp and leaf.cfg on the diskette, but nothing else but am running into a problem with /dev devices not found. I don't have the names, but I think it was from the inittab loading that was the problem. Any pointers would be appreciated Tony - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Update question
Hi All, Just a quick question to make sure I understand how to update a Bering uClibc CD install. I currently have 3.0.2 installed and want to move to the latest 3.1.1 beta version. I'm running primarily Shorewall, Snort and DNScache along with Webconf to manage it. I do not use dropbear. I should be able to pop in the new CD, update any kernel modules and save to disk and all is well, correct? The Shorewall settings and others should migrate as they're saved to the floppy, correct? Thanks, Tony - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Problem with home firewall.
I agree, shouldn't the comments be on a line by themselves with a # in front? I always separate anything I add by making it really obvious i.e.: # for office ACCEPT net loc:192.168.10.0 255.255.255.0 udp 500 # Tony Erich Titl wrote: Hi Rick Tibbs, Richard wrote: ACCEPT net loc:192.168.10.0 255.255.255.0 udp 500 // for office firewall ACCEPT net loc:192.168.10.0 255.255.255.0 udp 4500 ACCEPT net loc:192.168.10.0 255.255.255.0 net 50 ACCEPT net loc:192.168.10.0 255.255.255.0 net 51 ACCEPT loc:192.168.1.0 255.255.255.0 net 50 // for home firewall ACCEPT loc:192.168.1.0 255.255.255.0 net 51 ACCEPT loc:192.168.10.0 255.255.255.0 UDP 500 ACCEPT loc:192.168.10.0 255.255.255.0 UDP 4500 So what I did is comment out with # the lines above and home fw now connects to the internet Some questions: Is upper case required for UDP? What else is wrong with the lines above? Not sure, but the comments look suspicious Erich - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] The old floppy question
This is actually my setup as well. I've been using the CD since it first came out way back when with Charles' distro (I think it was 1.02). I think the ability to lock the floppy with the sliding tab is invaluable. Test, make and save the changes, lock the tab and you can leave it right in the drive. Power Failure? No problem, no action needed and forget worrying about someone injecting a rootkit or what have you into system, no way to save it without physical access. Other than SD cards, do any of the CF/USB sticks offer a write protect switch? If so, I haven't seen one. Tony Kwon wrote: My current LEAF box would not fit into a floppy - it is 3.1MB. Just want to be clear, my current Leaf box won't fit into a floppy neither. What I do is: 1. Download the leaf.iso image and burn to a CD 2. Create leaf.cfg into a floppy and boot from the CD 3. Save configuration (configdb.lrp) and backup modules (moddb.lrp) to floppy This way I don't have to recreate my own CD. One other reason why we experience many floppy failure is the fact that we are using /dev/fd0u1680 and not the standard /dev/fd0u1440. Can anyone has more experience comment on this? Nowadays, my floppy only has three files I can go back to the 1.44mb floppy format of which I have not experience any problem. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] The old floppy question
This may be prudent, but it may not be reality. If you were worried about resiliency, would you be using old or repurposed hardware to begin with? I agree that CF's or USB sticks are a better choice, but the user base seems to be indicating that the floppy isn't dead yet. Tony Harry Lachanas wrote: Imagine this scenario, you have LEAF boxes spread all over your country, would you trust floppy disks on your installations even with backups around? Floppy disk devices have movable parts, CFs don't, usb-sticks don't, I personally haven't used any floppies for 4 years now, period. Regards, Harry. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Website hosed?
I'm trying to view the Bering-Ulibc page and am getting this message: *Fatal error*: session_start(): Failed to initialize storage module: user (path: /tmp/persistent/leaf/tmp) in */home/groups/l/le/leaf/htdocs/core/Core.php* on line *305 == *The other pages seem to be working. Thanks Tony* * - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Website hosed?
It figures, I waited 20 minutes and retried numerous times during that period before I sent the e-mail. I should have known as soon as I sent it the web fairies would sprinkle their magical dust on the servers. KP Kirchdoerfer wrote: On Tuesday 17 July 2007 19:18:35 Tony wrote: I'm trying to view the Bering-Ulibc page and am getting this message: *Fatal error*: session_start(): Failed to initialize storage module: user (path: /tmp/persistent/leaf/tmp) in */home/groups/l/le/leaf/htdocs/core/Core.php* on line *305 == Seems to have been a temporary pb at SF.net. Just tried and it works. You may try again. kp - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Cable Modem speeds with Bering-uClibc
Exactly Bob, and this was why Andrew, I suggested using the DOS utility to force half-duplex, full duplex with testing performed each time. And as far as the networking terms go, errors = bad. Pretty simple. As you can see with your test, every one of those errors are overruns. 3: eth0: BROADCAST,MULTICAST,NOTRAILERS,UP mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:20:af:17:57:b2 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 741077003 1773743 18161 0 18161 0 TX: bytes packets errors dropped carrier collsns 438580149 852431 0 0 219 2150 4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:20:af:3f:53:d4 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 440479032 855735 42710 42710 TX: bytes packets errors dropped carrier collsns 680103683 783492 0 0 0 4193 Andrew, you've spent this much time with this, what's another 20 minutes with the DOS utility (which was designed for that card) to change the settings? Tony Bob Coffman Jr - Info From Data wrote: One thing to check is that your NICs are negotiating duplex properly. - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Fwd: Cable Modem speeds with Bering-uClibc
Andrew Haninger wrote: On 2/25/07, George Metz [EMAIL PROTECTED] wrote: This is almost certainly an issue of half vs. full duplex. The only reason a hub would cause a problem is if you were using a hub to connect the router and the cablemodem. If the cablemodem is directly connected to the LEAF box, you should have no collisions at all showing up, because the SB4200 is usually capable of 100BaseTX Full Duplex. George is correct. I saw a similar issue with my business's switch. It was set to force 100M Full duplex and the cards on the machines were set to auto. They weren't switching to Full Duplex so while everything worked, it was slow and very heavy with errorsspecifically overruns and collisions. Once I set the cards to match, there are very few (VERY few, a few dozen per 10M of traffic) Here's my structure: {Internet}-SB4200-3c509-LEAF-3c509-3Com 10/100 Hub-WinXP The SB4200 is directly connected (via Cat 5) to the LEAF box. The 3c509B's default to half-duplex. When I use ethtool to force them to full (eth0 and eth1) the speeds are no different. So what was the output to the ip -s command? Without this, you're assuming there's no difference. Did you boot into a DOS environment and check the cards with the 3com program? Speaking of which, check your provider's top available speeds. I'm with RoadRunner in the central Ohio area. I've just spent maybe 10 minutes browsing their site and I'm unable to find their listed top speed. However, I'm fairly certain that it is only 5Mb/s. That is around the speed I got on the speed tests when I connected the modem to my laptop. As far as I know, my 3c509B's should be able to easily handle those speeds. Andy Did you try dslreports.com to check what your neighbors might have reported for their speeds? They also have a speed test available in their tools section. Make one change, then test, then another, then test. Record the results so you can be sure of what's happening. Don't rely on your memory. Good Luck, Tony - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Fwd: Does Leaf works on VMWARE
/me taps mikeis this thing on? ===repost I don't have VMware, but I do have Virtual PC and have some experience with this. First, just rename the bin file to iso, no big deal. Second, does VMware allow the specification of using a floppy image? Virtual PC does, so I point the floppy to the extracted bootdisk.ima and the CD to the ISO image and it's all good. When you save the configuration, it'll add the db files to the bootdisk.ima file. When you want to burn a CD, I extract the files from the ISO, putting them in a folder called LEAF. I rename the original bootdisk.ima file to bootdisk.ima.original. Then I fire up Nero or Roxio and make a bootable CD using my modified bootdisk.ima file for the floppy image. This makes configuring the system so much easier than doing it onsite with the customer breathing over you. Good luck, Tony ram wrote: Check that you don't have a problem with the .iso image itself. Burn it to CD, does it boot? Check the md5 sum. Does the VMWare Server user/group have access all the way along the path to the .iso Are there any problems with virtual or physical nics you are giving the VM access to. Hi i have seen its downloaded with .bin File yes iam running vmware as Local user, so Administrator have Full rights to access the Files .bin is the ISO image, i see i have downloaded the other ISO, they are coming with .ISO image. why is here Bin ? No i have not tried that Burning CD, since i have option of installtion using ISO image, dont want to waste Another CD (may be i could do the last option) ram - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Stumped trying to get Bering uClibc 2.2.0b4 interfaces to light up
Hi John, Did you set the cards up with PNP turned off? Are you sure nothing is conflicting with the io addresses or the IRQ's? Also, what does the interfaces config file hold? I believe from memory it's in lfcfgnetworks#1 (interfaces) Thanks Tony --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] dachstein vt100 emulation
TeraTerm Pro? Putty? Tony - Original Message - From: Arnold Wiegert [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 20, 2004 12:28 PM Subject: [leaf-user] dachstein vt100 emulation Hi all I'm still running Dachstein, but would like to use a serial line to access the 'box' from a Windows machine. Since I haven't found a good free VT100 emulation program, I've used and older modem program which does a pretty good job, except for the page up and down keys. They work well enough in the editor at the console but not in the editor when run on a serial link. What am I missing? TIA, Arnold --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Re: Which Distro for This Firewall/Router?
HI Calvin, Bering and Bering uClibc are kissing cousins, so what you find in the original Bering docs are relevant to Bering uClibc. Any differences are noted in the uClibc docs. Check out: http://leaf.sourceforge.net/doc/guide/binstall.html - Bering Install guide http://leaf.sourceforge.net/doc/guide/busers.html - Bering Users Guide http://leaf.sourceforge.net/doc/guide/buc-install.html - Bering-uClibc Installation Guide http://leaf.sourceforge.net/doc/guide/buc-user.html - Bering-uClibc User's Guide As far as your requirements, I think you'll find either to be up to snuff, with the exception there is no web based configuration at this time. All CLI baby Don't forget to backup your disk after making changes, as they will be lost upon reboot if you don't. Good Luck Tony Calvin Webster wrote: Well, I've gotten no responses from the list so I think I'm going with the Bering-uClibc distribution since it seems to be more actively maintained than most of the others and apparently can handle the multiple interfaces I'll need. Hopefully, someone will chime in with some pointers when they get the time. From what I've found so far, there is precious little real documentation on installation, configuration, and implementation. A nice HTML or PDF User Guide would be nice. Thanks in advance for any suggestions. :-) --Cal Webster On Tue, 2004-03-16 at 18:17, Calvin Webster wrote: I've been looking over the LEAF distros for a candidate to build a set of border firewall/routers. They are to replace existing devices built with PC hardware and commercial DOS-based firewall software. I have several questions. Here are a few to start: 1. Given the details below, which distro would be most appropriate? 2. Given the firewall/routing requirements, which dynamic routing protocols would be recommended. 3. Suggestions on configuring IPSEC VPNs over the untrusted networks? I have given an outline of the project below. This is a fictitious network, but representative of the real project. Details of infrastructure have been obfuscated, but the outline describes project parameters. Please let me know if I've left out anything. Thanks! --Cal Webster There are 4 devices, one in each building at our site. Two of the new firewalls will run on the older hardware, while the other two will run on recently purchased hardware stored in DiskOnChip. Eventually, I want to replace all older platforms with newer machines and run them from DiskOnChip or straight Flash memory. I have some 40 GB hard drives installed in the new machines on which I plan to build the custom kernels and setup the services for testing. Old Hardware Platform: Generic Desktop Chassis AMD K6-2 336 MHz CPU 1MB cache 128 MB RAM 2 GB HDD 1.44 FDD 4 3c905 NICs New Hardware Platform: Cyber Research 2U rack-mount passive backplane chassis CPTD CEL/COP-850 All-In-One Single Board Computer PIII 850 MHz 100 MHz front side bus Intel 82558 10/100-TX (integrated) 768 MB RAM 256 MB DiskOnChip 1.44 FDD USB 4 3C905-TX NIC's I began building one new machine with RedHat Linux 8 but had to put the project on hold after finally getting the drivers to work with DiskOnChip. Here is a summary of the functionality required: Firewall: stateful packet inspection NAT/PAT IPSEC Auth IPSEC VPN tunneling Router: BGP RIP Logging to external syslog server https/ssh configuration/management tool Port Knocking to trigger remote vpn/ssh access Optional user authentication to access Internet Block outbound traffic by IP,subnet,user,port Block all inbound traffic from untrusted networks except that which is initiated from inside Allow all traffic between trusted networks. Fastest available link should be chosen when redundant paths exist. Here is a sketch of the network: DSL = 500 Kbps ADSL Link RF1 = 100 Mbps RF Wireless direct point-to-point link RF2 = 1.5 Mbps RF Wireless direct point-to-point link ISP = 2 Mbps Cable ISP PLANn = Fast Ethernet Private LANs within buildings at site. [PLAN2] [PLAN2] [Remote User] | | | [PLAN1] | [PLAN1] | | | | || [Internet] | | || | Building A Building B| [Firewall 1]-[RF1]-[Firewall 2]---[ISP] ^ \/ ^ \ \ / / \ [DSL][DSL]/ \ \ / / \ \ [Internet] / / \ \ | / / \ \ | / / \ \| / / \ \ |/ / [RF1] \ | /[RF1
Re: [leaf-user] Here is how to use Bering as a bridge with shorewall.
I have a few questions regarding this... Now, if I have this figured correctly, the bridge is transparent to your ISP, so you would need another host behind the bridge to have an address, correct? The use I have in mind would be statically assigned. Also, I would expect the bridge still to work without having an IP assigned to the bridge (if the only reason to have the IP is for management) if you connect via serial cable for management, right? Finally, the firewalling aspect of the bridge only works in the FORWARD chain, right? DNAT and SNAT and all that won't work correctly would it? All I want to do is have the bridge do some rough filtering for me, alot of the background noise such as SQL sweeps and backdoor checking. Perhaps an IDS such as Snort, but I don't know yet. Thanks, Tony Tom Eastep wrote: On Mon, 15 Mar 2004 [EMAIL PROTECTED] wrote: I see I misread the shorewall requirement line on that page. What extra does full bridge functionaliy give? I don't completely understand how briding works, just how I made it work with shorewall and bering. The bering user guide said that bridging and shorewall don't work which is why I assumed that shorewall 2.0 had been the difference. I make the statement that Shorewall doesn't work with bridging because prior to the availability of the experimental code, it was not possible to associate a Shorewall zone with a bridge port. Nevertheless, as you and others have discovered, it is possible to associate a zone with the bridge itself and using ip-address or MAC filtering, it is even possible to control traffic through the bridge. The new bridge code which will be released in Shorewall 2.0.1 will allow you to associate zones with bridge ports. That is made possible by the fact that the physdev match capability is available as a standard part of the 2.6 kernels (it is still an add-on under 2.4). -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LEAF and H323
HI Stelios, I have one question in line Stelios Koroneos wrote: Robert, Here is what i did to get netmeeting going through Bering 1.2 In the modules i have declared the following (remove the ftp and irc modules if you don't need them) # Masquerading 'helper' modules # Other modules available in bering/modules/net/ipv4/netfilter ip_conntrack_ftp ip_conntrack_irc ip_conntrack_h323 ip_nat_ftp ip_nat_irc ip_nat_h323 and in shorewall rules you have to add the following (I assume you are NATing you connection) DNATawmn1 loc:192.168.1.3tcp 1720- 10.18.213.1 where awmn1 is your interaced name ] What is an interaced name? loc:192.168.1.3 is the local machine where the netmeeting calls will be directed and 10.18.213.1 is your outside network address The above set up works well on a wireless network with 3 interfaces, accepting and placing netmeeting calls. What it does not do, is work well with a Gatekeeper (when calling or receiving calls from VOIP telephones or other Netmeeting pc's using a Gatekeeper) but this is a problem that the Gatekepper has with NAT firewalls in general... Stelios Thanks, Tony --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LEAF and H323
Oi! I feel stupidI see now Thanks! Tony Stelios Koroneos wrote: where awmn1 is your interaced name ] I think Stelios meant interface but his keyboard bounced :-) Human operator error... system halted... please reboot operator :-) --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering can't handle Dell GX150 integrated Ethernet?
Wouldn't this be accomplished in the modules config, where you identify the modules you want to load? = #ne2k-pci # card1,card2 #ne io=0x300,0x350 = As I found out, some modules (3c509 for example) don't take these arguments, some modules do (smc-ultra). I would grab the source for the modules and read it to see if there are any clues in there. Good Luck Tony Henning Jebsen wrote: With Bering, using the 3c59x.o module found via the Bering installation guide, neither interface is brought up. Did you try to append a boot-Parameter like ether=0,0,eth0 ether=0,0,eth1 The exact syntax for ether= may be found in the ethernet-howto: snip There are two ways that you can enable auto-probing for the second (and third, and...) card. The easiest method is to pass boot-time arguments to the kernel, which is usually done by LILO. Probing for the second card can be achieved by using a boot-time argument as simple as ether=0,0,eth1. In this case eth0 and eth1 will be assigned in the order that the cards are found at boot. Say if you want the card at 0x300 to be eth0 and the card at 0x280 to be eth1 then you could use LILO: linux ether=5,0x300,eth0 ether=15,0x280,eth1 snip good luck --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Where to get libs for Bering uClibc ???
UlibC is a replacement for GlibC. Perhaps UlibC doesn't support GLIBC_PRIVATE call? Have you tried asking the UlibC people how to resolve this error? I suspect they could be of more specific help. Now, as a disclaimer, I'm not a library expert either, and certainly can't speak for any of the other people on the list...this was my best guess at a sloution. Tony - Original Message - From: Hugues Belanger [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 06, 2004 2:12 PM Subject: [leaf-user] Where to get libs for Bering uClibc ??? Hi all, I see most people are not interested in helping me. I'm trying to add java support to Bering for a little demo we are doing and I'm having a [EMAIL PROTECTED] of of time doing it. Excuse my ignorance, but I'm not linux expert...! I'm trying to add libpthread and libdl from a redhat 7.3 distro and I'm getting this error when calling /usr/local/j2re/bin/java : /lib/libc.so.6: version `GLIBC_PRIVATE' not found (required by /lib/libpthread.so.0) Please help Hugues --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] e1000 module (version 4.3.15) for Dachstein?
I don't have specific info for that card, but when I've had cards that have been acting that way, it's either been that the card was conflicting with another device, or that the module needs the io address specified. Hope that helps somewhat. Tony - Original Message - From: Miguel De Avila [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 22, 2003 1:53 PM Subject: [leaf-user] e1000 module (version 4.3.15) for Dachstein? Does anyone have the compiled e1000 module (version 4.3.15) for the Intel Pro/1000 MT Dual Port nic? I believe that the 4.3.15 version of the driver is the most recent one for 2.2 kernels. I'm using Dachstein v1.0.2, which has version 3.0.16. Unfortunately when I try and load the module I get insmod: init_module: e1000: Device or resourrce busy. I'm running on a Dell PowerEdge 650. I'm hoping that a new version of the driver will do the trick. thanks, Miguel DeAvila _ Check your PC for viruses with the FREE McAfee online computer scan. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Question on Shorewall/blacklist/DNAT
Good Morning, I have the latest version of Bering UlibC with shorewall 1.4.5. I also run a DMZ with an ftp server. The DNAT rule logs at the info level so I can see who is accessing the server. I have blacklisted China and Korea according to http://www.okean.com/asianspamblocks.html Now, last night, I get a hit from: Dec 21 01:09:40 firewall kernel: Shorewall:net_dnat:DNAT:IN=eth0 OUT= MAC=00:20:af:9f:15:ff:00:09:12:85:08:70:08:00 SRC=210.82.163.1 DST=66.67.173.226 LEN=60 TOS=0x10 PREC=0x00 TTL=38 ID=24530 DF PROTO=TCP SPT=3457 DPT=21 WINDOW=5840 RES=0x00 SYN URGP=0 But, my blacklist includes 210.82.0.0/15 Also, my shorewall log shows no hit which I didn't expect to, and the counter in shorewall status shows one hit for that range. My question is, did he get blocked or allowed access? It looks as thought he got access. Thanks, Tony --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Question on Shorewall/blacklist/DNAT
Yup, did all that. The actual file reads: net eth0detect dhcp,routefilter,norfc1918,blacklist loc eth1detect dmz eth2detect And the ip's are showing up in the shorewall status under the blacklist column. Thanks Tony Victor McAllister wrote: Tony wrote: Good Morning, I have the latest version of Bering UlibC with shorewall 1.4.5. I also run a DMZ with an ftp server. The DNAT rule logs at the info level so I can see who is accessing the server. I have blacklisted China and Korea according to http://www.okean.com/asianspamblocks.html Now, last night, I get a hit from: Dec 21 01:09:40 firewall kernel: Shorewall:net_dnat:DNAT:IN=eth0 OUT= MAC=00:20:af:9f:15:ff:00:09:12:85:08:70:08:00 SRC=210.82.163.1 DST=66.67.173.226 LEN=60 TOS=0x10 PREC=0x00 TTL=38 ID=24530 DF PROTO=TCP SPT=3457 DPT=21 WINDOW=5840 RES=0x00 SYN URGP=0 But, my blacklist includes 210.82.0.0/15 Also, my shorewall log shows no hit which I didn't expect to, and the counter in shorewall status shows one hit for that range. My question is, did he get blocked or allowed access? It looks as thought he got access. Thanks, Tony Did you actually put the word blacklist in the interfaces file /etc/shorewall/interfaces net ppp0norfc1918,blacklist as welll as fil out the list of IPs to blacklist then do a backup and a shorewall restart --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Question on Shorewall/blacklist/DNAT
OK, so what you're saying is the packet was logged up in the pre-routing NAT section before it got dropped by the blacklisting filter at the Forward section? Thanks, Tony Tom Eastep wrote: snip No. Blacklist rules are enforced in the 'filter' table whereas DNAT is logged out of the 'nat' table. See http://www.shorewall.net/NetfilterOverview.html -Tom --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] RE: can't ping dmz - loc
snip You state here your subnets are 192.168.1.0/24 and 192.168.10.0/24 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254 192.168.10.0/24 dev eth2 proto kernel scope link src 192.168.10.100 128.142.112.0/20 dev eth0 proto kernel scope link src 128.142.121.254 default via 128.142.112.1 dev eth0 snip Yet below, you state eth2 = 192.168.1.100 i don't have a /etc/network.conf ? this is the default /etc/interfaces, as i understand, i can't have dmz on same network as the loc here it is 192.168.1.x for both the dmz and loc ?? auto eth1 iface eth1 inet static address 192.168.1.254 masklen 24 broadcast 192.168.1.255 auto eth2 iface eth2 inet static address 192.168.1.100 masklen 24 broadcast 192.168.1.255 If this is true, that's your problem. Your routing table doesn't match your interfaces table. What is the result of ip addr show? Tony --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Firewall Getting Hammered.
Joe, Are you implementing a blacklist with Shorewall? Just add the offending SRC addys to your list and refresh. If they're spamming you with Messenger spam, why would you want them connecting to any legitimate services you have running? I figure if they're lowlifes to begin with, they can do without knowing our servers exist. Good Luck Tony Julian Church wrote: Hi Joe On Mon, 06 Oct 2003 20:23:58 -0500, j d [EMAIL PROTECTED] wrote: Anyway, in the last two days I've had a lot of hits on my external eth0 from these two sources (x.x.x.x is my eth0 address leased from the upstream DNS server via pump): Oct 5 07:43:33 cerberus Shorewall:net2all:DROP: IN=eth0 OUT= MAC=00:00:bc:11:17:0c:00:04:28:25:9c:54:08:00 SRC=61.143.182.138 DST=x.x.x.x LEN=550 TOS=00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=30110 DPT=1026 LEN=530 and Oct 5 08:02:58 cerberus Shorewall:net2all:DROP: IN=eth0 OUT= MAC=00:00:bc:11:17:0c:00:04:28:25:9c:54:08:00 SRC=210.5.22.10 DST=x.x.x.x LEN=367 TOS=00 PREC=0x00 TTL=242 ID=620 PROTO=UDP SPT=32775 DPT=1026 LEN=347 A few informative links here: http://www.google.com/search?q=UDP+1026 Looks like M$ Messenger Service spam. cheers Julian --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Problem accessing weblet from internal network
Check your hosts.deny, and you should adjust your weblet config file to reflect your internal network. Default is for an internal network of 192.168.1.0/24 which you don't have anymore. Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Robert McRostie Sent: Monday, September 08, 2003 3:27 AM To: [EMAIL PROTECTED] Subject: [leaf-user] Problem accessing weblet from internal network Hello All, After having little success in working out why i can not access weblet from my internal network here are some of the outputs from the box. It is a Bering version 1.2 running a dailup and one ethernet link. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] WAP
Uhhh, those are subnets. I've heard of scopes only when referencing DHCP/BOOTP for the range of IP's to be serviced. If you're using NetBIOS, which you're not from the looks of it, the scope IDs are further described in RFCs 1001/1002. The scope IDs and subnets are similar concepts, but used with different protocols. Tony snip These are scopes ; 10/8 172.16.1/24 192.168.0.0/24 You may run multiple scopes on one subnet(network cable/switch/NIC) and add rules about who may talk to who. It can be complicated at first, but it is very powerful, and much easier than heaps of iptables entries. /steve --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] OT - How many users will a T1 line service?
In fact, if it's JUST for web, open up 80, 443 and only what you need, otherwise, getting it locked down once it opens, will be almost impossible. I take it you mean impossible from a political point of view, not technical...right? Once they've tasted the fruit of unlimited access, they will be much less willing to give it up. Tony --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Operation not supported by device
HI guys, Are the two nics recognized? (i.e. what is the output of ip addr show). I do not believe you need the tulip and the natsemi modules loaded. Check the Ethernet How-To at the LDP to see what modules support what cards and whether or not the PCI-Scan module is needed (I don't think it is needed on all PCI cards). You can also read the modules.dep to see if PCI-Scan is needed. Hope that helps somewhat Tony - Original Message - From: Simon Bolduc [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, August 21, 2003 2:11 PM Subject: Re: [leaf-user] Operation not supported by device Hey Darcy Try loading the pci-scan module as well. I believe this is needed for most (all?) PCI nics. Simon Original Message Follows From: Darcy Parker [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [leaf-user] Operation not supported by device Date: Thu, 21 Aug 2003 02:00:48 -0600 Good day listers, I ma trying to set up a leaf-bering (1.2) FW. I have the following two NICs 3C905-TXIRQ10 D800 3C905-TXIRQ9D400 I am loading the following modules 3c59x.o netsemi.o tulip.o When it gets to configuing the NICs I get the following errors insmodinit_module:netsemi:operation not supported by device tulipinit_module:tulip:operation not supported by device Does this mean the only driver I need is 3c59x? Am I missing something else here? Best Regards, Darcy Parker --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] RE: [leaf-devel] Quick question about Weblet/Bering UClibc
HI Sean, Actually, I was using the file from the UClibc dist on a regular Bering (Glibc 2.0.7) dist. I wasn't seeing a segfault, so I figured it was an HTML error (I was also tweaking the weblet app). The funny thing is, I downloaded the source for parsefw to my development box running in UML, and I could not get it to compile. It was crapping out because it didn't want to process include/parse.h (Nothing to be done for make all in /include or something close to that). When it got into the src directory, main.c was complaining it needed parse.h. I haven't tried tracking that problem down yet. Thanks Tony -Original Message- From: Sean [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2003 11:12 PM To: 'Tony' Cc: 'Leaf-User' Subject: RE: [leaf-devel] Quick question about Weblet/Bering UClibc parsefw is a C program. It needs C libraries. Can you copy the file onto a full distro and do a file parsefw and see what it says? It might be corrupt. Can you copy the file from another version of the firewall and try to run that. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Sent: Sunday, August 17, 2003 10:26 PM To: LEAF-Dev Cc: Leaf-User Subject: [leaf-devel] Quick question about Weblet/Bering UClibc Good evening, I have a quick question about the pretty firewall logs screen in the weblet version that ships with UClibc v1.2.1. The parsefw file, is that a compiled program, or a shell script? I want to make sure it's not corrupt, and also, if it is a compiled program, I assume it would require UClibc libraries to be present to run? I'm trying to add this to a bering v1.1 firewall I have running now, and have copied the relevant files and made all the relevant changes to properly reference the files needed. Long and short of it, if I try to run the relevant command: cat /var/log/shorewall.log | /var/sh-www/cgi-bin/parsefw I am getting: firewall: -root- # cat /var/log/shorewall.log | var/sh-www/cgi-bin/parsefw /var/sh-www/cgi-bin/parsefw: not found Now, this is the dir listing: firewall: -root- # v -rwxr-xr-x1 sh-httpd adm 2452 Mar 15 04:01 checkdisk -rwxr-xr-x1 sh-httpd adm 1935 Aug 17 16:06 checkfw -rwxr-xr-x1 sh-httpd adm 2243 Mar 15 04:06 checkmem -rwxr-xr-x1 sh-httpd adm 9320 Mar 24 16:27 parsefw -rwxr-xr-x1 sh-httpd adm 636 Mar 15 04:35 viewfw -rwxr-xr-x1 sh-httpd adm 2491 Aug 17 16:23 viewhits -rwxr-xr-x1 sh-httpd adm 1804 Mar 15 04:33 viewhits.bak -rwxr-xr-x1 sh-httpd adm 835 Aug 17 16:34 viewlogs lrwxrwxrwx1 root root8 Aug 17 16:46 viewlogs-snort - viewlogs lrwxrwxrwx1 root root8 Aug 17 16:46 viewlogs-www - viewlogs -rwxr-xr-x1 sh-httpd adm 738 Aug 17 15:50 viewlogs.backup -rwxr-xr-x1 sh-httpd adm 1575 Mar 15 04:58 viewmasq -rwxr-xr-x1 sh-httpd adm 947 Mar 15 05:01 viewnet -rwxr-xr-x1 sh-httpd adm 808 Mar 23 08:37 viewshorewall -rwxr-xr-x1 sh-httpd adm 1026 Mar 15 05:05 viewsys -rwxr-xr-x1 sh-httpd adm 2648 Mar 14 06:24 weblet.functions As you can see, the file is there, the group and owner are proper, the file is executable (I even tried chmod 777 on it to make sure) and yet it still tells me it can't find the file. I would think if it was a library issue, it would have crapped out with a segfault or something. Any help would be appreciated. Thanks Tony --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet _072303_01/01 ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Quick question about Weblet/Bering UClibc
Thanks Luis! I had no idea UClibc would not segfault. I appreciate the info, Tony SNIP It is a compiled program and requires the proper uClibc libs... I'm trying to add this to a bering v1.1 firewall I have running now, and have copied the relevant files and made all the relevant changes to properly reference the files needed. Long and short of it, if I try to run the relevant command: cat /var/log/shorewall.log | /var/sh-www/cgi-bin/parsefw I am getting: firewall: -root- # cat /var/log/shorewall.log | var/sh-www/cgi-bin/parsefw /var/sh-www/cgi-bin/parsefw: not found If you get this, the the libs are not present. With uClibc it is not mandatory that you get a segfault :) --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Quick question about Weblet/Bering UClibc
Good evening, I have a quick question about the pretty firewall logs screen in the weblet version that ships with UClibc v1.2.1. The parsefw file, is that a compiled program, or a shell script? I want to make sure it's not corrupt, and also, if it is a compiled program, I assume it would require UClibc libraries to be present to run? I'm trying to add this to a bering v1.1 firewall I have running now, and have copied the relevant files and made all the relevant changes to properly reference the files needed. Long and short of it, if I try to run the relevant command: cat /var/log/shorewall.log | /var/sh-www/cgi-bin/parsefw I am getting: firewall: -root- # cat /var/log/shorewall.log | var/sh-www/cgi-bin/parsefw /var/sh-www/cgi-bin/parsefw: not found Now, this is the dir listing: firewall: -root- # v -rwxr-xr-x1 sh-httpd adm 2452 Mar 15 04:01 checkdisk -rwxr-xr-x1 sh-httpd adm 1935 Aug 17 16:06 checkfw -rwxr-xr-x1 sh-httpd adm 2243 Mar 15 04:06 checkmem -rwxr-xr-x1 sh-httpd adm 9320 Mar 24 16:27 parsefw -rwxr-xr-x1 sh-httpd adm 636 Mar 15 04:35 viewfw -rwxr-xr-x1 sh-httpd adm 2491 Aug 17 16:23 viewhits -rwxr-xr-x1 sh-httpd adm 1804 Mar 15 04:33 viewhits.bak -rwxr-xr-x1 sh-httpd adm 835 Aug 17 16:34 viewlogs lrwxrwxrwx1 root root8 Aug 17 16:46 viewlogs-snort - viewlogs lrwxrwxrwx1 root root8 Aug 17 16:46 viewlogs-www - viewlogs -rwxr-xr-x1 sh-httpd adm 738 Aug 17 15:50 viewlogs.backup -rwxr-xr-x1 sh-httpd adm 1575 Mar 15 04:58 viewmasq -rwxr-xr-x1 sh-httpd adm 947 Mar 15 05:01 viewnet -rwxr-xr-x1 sh-httpd adm 808 Mar 23 08:37 viewshorewall -rwxr-xr-x1 sh-httpd adm 1026 Mar 15 05:05 viewsys -rwxr-xr-x1 sh-httpd adm 2648 Mar 14 06:24 weblet.functions As you can see, the file is there, the group and owner are proper, the file is executable (I even tried chmod 777 on it to make sure) and yet it still tells me it can't find the file. I would think if it was a library issue, it would have crapped out with a segfault or something. Any help would be appreciated. Thanks Tony --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Now On-Line but big trouble...
And I'm resending this one as well OK, you need libpcap.lrp, and you can get that here: http://leaf-project.org/devel/ddouthitt/packages/ and you can grab the tcpdump.lrp in the same directory. That should set you up Tony -Original Message- From: Michelle Konzack [mailto:[EMAIL PROTECTED] Sent: Sunday, July 20, 2003 1:07 PM To: Tony Subject: RE: [leaf-user] Now On-Line but big trouble... Am 12:52 2003-07-20 -0400 hat Tony geschrieben: Have you tried running tcpdump or something similar to see where they are originating from, where they are going and what ports are involved? Tony tcpdump on LRP 2.9.4 ??? Is there a tcpdump.lrp ? Hmmm, not that I know. Michelle -- Registered Linux-User #280138 with the Linux Counter, http://counter.li.org. +--+ | Michelle's Internet-ServiceInh. Michelle Konzack| | FunkLAN-Providerin | +--+ --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Now On-Line but big trouble...
I am resending this message, but including the group as well this time. http://leaf.sourceforge.net/pub/packages-list.html as long as the glibc library is the same (2.0.7), I don't see why any of these wouldn't work. I think you need another library, but I can't remember which one. Same rules apply though. I'd install it and see what it complains about not being installed, then grab that. Tony -Original Message- From: Michelle Konzack [mailto:[EMAIL PROTECTED] Sent: Sunday, July 20, 2003 1:07 PM To: Tony Subject: RE: [leaf-user] Now On-Line but big trouble... Am 12:52 2003-07-20 -0400 hat Tony geschrieben: Have you tried running tcpdump or something similar to see where they are originating from, where they are going and what ports are involved? Tony tcpdump on LRP 2.9.4 ??? Is there a tcpdump.lrp ? Hmmm, not that I know. Michelle -- Registered Linux-User #280138 with the Linux Counter, http://counter.li.org. +--+ | Michelle's Internet-ServiceInh. Michelle Konzack| | FunkLAN-Providerin | +--+ --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Now On-Line but big trouble...
Have you tried running tcpdump or something similar to see where they are originating from, where they are going and what ports are involved? Tony But what can make this traffic !!! All 90-150 seconds I have around 5-12 packages TX and 2-4 packages RX --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Now On-Line but big trouble...
You got my other message though, didn't you? With the pointers to the downloadable lrps of tcpdump and libpcap? Let me know and I can resend Thanks Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michelle Konzack Sent: Sunday, July 20, 2003 6:49 PM To: leaf-user Subject: RE: [leaf-user] Now On-Line but big trouble... Am 12:52 2003-07-20 -0400 hat Tony geschrieben: Have you tried running tcpdump or something similar to see where they are originating from, where they are going and what ports are involved? Tony No I have not... because I curently no running SLINK-System (HD crash) and can not build new LRP 2.9.4 Packages... Michelle -- Registered Linux-User #280138 with the Linux Counter, http://counter.li.org. +--+ | Michelle's Internet-ServiceInh. Michelle Konzack| | FunkLAN-Providerin | +--+ --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] copying files to your firewall.
I take it you don't have a floppy in the machine? Also, I don't have ssh on my box, but I do have sshd and I scp stuff to the box all the time. You can set it up to only listen to the internal interface. But, you seem to already know that. I think Jeff is right, if BBM (Big BossMan) don't want to allow ssh(d) on the box, he best set aside $$$ for downtime and your labor. Tony - Original Message - From: Charles Holbrook [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 14, 2003 11:39 AM Subject: [leaf-user] copying files to your firewall. I am currently running Bering Uclibc on a system that uses a CF Disk as the boot media. This disk is inside of the case and thus updating any software means pulling the system offline unracking it and opening the box up. About 20 minutes worth of work. Besides ssh does anyone have a secure means of transfer to bering. Bossman doesn't even want to have an ssh client on the firewall that can scp out to a single IP address. Because of this I am pretty much limited to a serial connection to the box. Any suggestions at all would be greatly appreciated. --- This SF.Net email sponsored by: Parasoft Error proof Web apps, automate testing more. Download eval WebKing and get a free book. www.parasoft.com/bulletproofapps1 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email sponsored by: Parasoft Error proof Web apps, automate testing more. Download eval WebKing and get a free book. www.parasoft.com/bulletproofapps1 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Re: Trouble getting started
Nope, I thought that too. I was mistaken. I confused that driver with another card's driver I was using (smc-ultra). The 509 driver will find all the cards inside the box. Here is an abbreviated copy of what my dmesg looks like: snipped PIIX3: not 100% native mode: will probe irqs later hda: MATSHITA CR-581, ATAPI CD/DVD-ROM drive ide0 at 0x1f0-0x1f7,0x3f6 on irq 14 hda: ATAPI 4X CD-ROM drive, 128kB Cache Uniform CD-ROM driver Revision: 3.12 VFS: Can't find a Minix or Minix V2 filesystem on device 03:00. FAT: bogus logical sector size 0 VFS: Can't find a valid FAT filesystem on dev 03:00. eth0: 3c5x9 at 0x200, 10baseT port, address 00 20 af 9e f4 2e, IRQ 5. 3c509.c:1.19 16Oct2002 [EMAIL PROTECTED] http://www.scyld.com/network/3c509.html eth1: 3c5x9 at 0x280, 10baseT port, address 00 20 af 9f 16 09, IRQ 7. 3c509.c:1.19 16Oct2002 [EMAIL PROTECTED] http://www.scyld.com/network/3c509.html klips_info:ipsec_init: KLIPS startup, FreeS/WAN IPSec version: 1.99 = Notice the two cards listed. Are you sure both cards are working? Have you used 3com's DOS config program to set them up, make sure there are no conflicts with the irq or the io addresses? Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Stefaan Van Dooren Sent: Thursday, June 26, 2003 3:22 AM To: [EMAIL PROTECTED] Subject: RE: [leaf-user] Re: Trouble getting started If I remember correctly, if you have more then one 3C509, you'll have to specify the io irq for both cards when you load the module. It only probs for one card automagically. Stefaan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Somerlot, Chris Sent: woensdag 25 juni 2003 17:22 To: '[EMAIL PROTECTED]' Subject: [leaf-user] Re: Trouble getting started Still can't get it going. I have loaded the module for the 3c509 driver, (I'm using 2 ISA 3c509B cards) but only get 1 showing up in ip addr: 1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: BROADCAST,MULTICAST mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:a0:24:12:bd:9c brd ff:ff:ff:ff:ff:ff nothing in ip route. The meassages log shows the driver is loaded: Jun 24 21:53:30 firewall syslogd 1.3-3#31.slink1: restart. Jun 24 21:53:30 firewall kernel: klogd 1.3-3#31.slink1, log source = /proc/kmsg started. Jun 24 21:53:30 firewall kernel: No module symbols loaded. Jun 24 21:53:30 firewall kernel: BIOS-provided physical RAM map: Jun 24 21:53:30 firewall kernel: 32MB LOWMEM available. Jun 24 21:53:30 firewall kernel: Initializing CPU#0 Jun 24 21:53:30 firewall kernel: Memory: 30128k/32768k available (948k kernel code, 2252k reserved, -1176k data, 64k init, 0k highmem) Jun 24 21:53:30 firewall kernel: Dentry cache hash table entries: 4096 (order: 3, 32768 bytes) Jun 24 21:53:30 firewall kernel: Inode cache hash table entries: 2048 (order: 2, 16384 bytes) Jun 24 21:53:30 firewall kernel: Intel Pentium with F0 0F bug - workaround enabled. Jun 24 21:53:30 firewall kernel: Checking 'hlt' instruction... OK. Jun 24 21:53:30 firewall kernel: PCI: PCI BIOS revision 2.10 entry at 0xfd9a1, last bus=0 Jun 24 21:53:30 firewall kernel: PCI: Using configuration type 1 Jun 24 21:53:30 firewall kernel: PCI: Probing PCI hardware Jun 24 21:53:30 firewall kernel: Limiting direct PCI/PCI transfers. Jun 24 21:53:30 firewall kernel: Linux NET4.0 for Linux 2.4 Jun 24 21:53:30 firewall kernel: Based upon Swansea University Computer Society NET3.039 Jun 24 21:53:30 firewall kernel: Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ DETECT_IRQ SERIAL_PCI enabled Jun 24 21:53:30 firewall kernel: ttyS00 at 0x03f8 (irq = 4) is a 16550A Jun 24 21:53:30 firewall kernel: ttyS01 at 0x02f8 (irq = 3) is a 16550A Jun 24 21:53:30 firewall kernel: Real Time Clock Driver v1.10e Jun 24 21:53:30 firewall kernel: Software Watchdog Timer: 0.05, timer margin: 60 sec Jun 24 21:53:30 firewall kernel: Floppy drive(s): fd0 is 1.44M Jun 24 21:53:30 firewall kernel: FDC 0 is a National Semiconductor PC87306 Jun 24 21:53:30 firewall kernel: NET4: Linux TCP/IP 1.0 for NET4.0 Jun 24 21:53:30 firewall kernel: IP Protocols: ICMP, UDP, TCP, IGMP Jun 24 21:53:30 firewall kernel: IP: routing cache hash table of 512 buckets, 4Kbytes Jun 24 21:53:30 firewall kernel: TCP: Hash tables configured (established 2048 bind 2048) Jun 24 21:53:30 firewall kernel: NET4: Unix domain sockets 1.0/SMP for Linux NET4.0. Jun 24 21:53:30 firewall kernel: RAMDISK: Compressed image found at block 0 Jun 24 21:53:30 firewall kernel: Freeing initrd memory: 401k freed Jun 24 21:53:30 firewall kernel: Freeing unused kernel memory: 64k freed Jun 24 21:53:30 firewall kernel: 3c509.c:1.19
Re: [leaf-user] Re: Trouble getting started
I don't remember what dist you're running, but I assume it's a recent one with Shorewall? Have you declared both interfaces? If you run lsmod, you should see something like: ip_nat_irc 2032 0 (unused) ip_nat_ftp 2672 0 (unused) ip_conntrack_irc2144 0 (unused) ip_conntrack_ftp2848 0 (unused) 3c509 6564 2 Do you? Thanks Tony - Original Message - From: Somerlot, Chris [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 11:21 AM Subject: [leaf-user] Re: Trouble getting started Still can't get it going. I have loaded the module for the 3c509 driver, (I'm using 2 ISA 3c509B cards) but only get 1 showing up in ip addr: 1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: BROADCAST,MULTICAST mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:a0:24:12:bd:9c brd ff:ff:ff:ff:ff:ff nothing in ip route. The meassages log shows the driver is loaded: Jun 24 21:53:30 firewall syslogd 1.3-3#31.slink1: restart. Jun 24 21:53:30 firewall kernel: klogd 1.3-3#31.slink1, log source = /proc/kmsg started. Jun 24 21:53:30 firewall kernel: No module symbols loaded. Jun 24 21:53:30 firewall kernel: BIOS-provided physical RAM map: Jun 24 21:53:30 firewall kernel: 32MB LOWMEM available. Jun 24 21:53:30 firewall kernel: Initializing CPU#0 Jun 24 21:53:30 firewall kernel: Memory: 30128k/32768k available (948k kernel code, 2252k reserved, -1176k data, 64k init, 0k highmem) Jun 24 21:53:30 firewall kernel: Dentry cache hash table entries: 4096 (order: 3, 32768 bytes) Jun 24 21:53:30 firewall kernel: Inode cache hash table entries: 2048 (order: 2, 16384 bytes) Jun 24 21:53:30 firewall kernel: Intel Pentium with F0 0F bug - workaround enabled. Jun 24 21:53:30 firewall kernel: Checking 'hlt' instruction... OK. Jun 24 21:53:30 firewall kernel: PCI: PCI BIOS revision 2.10 entry at 0xfd9a1, last bus=0 Jun 24 21:53:30 firewall kernel: PCI: Using configuration type 1 Jun 24 21:53:30 firewall kernel: PCI: Probing PCI hardware Jun 24 21:53:30 firewall kernel: Limiting direct PCI/PCI transfers. Jun 24 21:53:30 firewall kernel: Linux NET4.0 for Linux 2.4 Jun 24 21:53:30 firewall kernel: Based upon Swansea University Computer Society NET3.039 Jun 24 21:53:30 firewall kernel: Serial driver version 5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ DETECT_IRQ SERIAL_PCI enabled Jun 24 21:53:30 firewall kernel: ttyS00 at 0x03f8 (irq = 4) is a 16550A Jun 24 21:53:30 firewall kernel: ttyS01 at 0x02f8 (irq = 3) is a 16550A Jun 24 21:53:30 firewall kernel: Real Time Clock Driver v1.10e Jun 24 21:53:30 firewall kernel: Software Watchdog Timer: 0.05, timer margin: 60 sec Jun 24 21:53:30 firewall kernel: Floppy drive(s): fd0 is 1.44M Jun 24 21:53:30 firewall kernel: FDC 0 is a National Semiconductor PC87306 Jun 24 21:53:30 firewall kernel: NET4: Linux TCP/IP 1.0 for NET4.0 Jun 24 21:53:30 firewall kernel: IP Protocols: ICMP, UDP, TCP, IGMP Jun 24 21:53:30 firewall kernel: IP: routing cache hash table of 512 buckets, 4Kbytes Jun 24 21:53:30 firewall kernel: TCP: Hash tables configured (established 2048 bind 2048) Jun 24 21:53:30 firewall kernel: NET4: Unix domain sockets 1.0/SMP for Linux NET4.0. Jun 24 21:53:30 firewall kernel: RAMDISK: Compressed image found at block 0 Jun 24 21:53:30 firewall kernel: Freeing initrd memory: 401k freed Jun 24 21:53:30 firewall kernel: Freeing unused kernel memory: 64k freed Jun 24 21:53:30 firewall kernel: 3c509.c:1.19 16Oct2002 [EMAIL PROTECTED] Jun 24 21:53:30 firewall kernel: http://www.scyld.com/network/3c509.html the ip tables shows: Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 1 packets, 60 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 1 packets, 60 bytes) pkts bytes target prot opt in out source destination and the shorewall status shows snip Chain eth0_fwd (0 references) pkts bytes target prot opt in out source destination 0 0 dynamicall -- * * 0.0.0.0/0 0.0.0.0/0 0 0 rfc1918all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW Chain eth0_in (0 references) pkts bytes target prot opt in out source destination 0 0 dynamicall -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 0 0 rfc1918all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW Chain eth1_fwd (0 references) pkts bytes target prot opt in out source destination 0 0 dynamic
RE: [leaf-user] LRP
political statement - the comment itself has been treated more carefully in terms of free speach - very american - I appreciated that. pn] Hey, I'm all for freedom of speech. He had every right to do what he did on his domain. With that freedom comes responsibility and accountability. I also appreciated the freedom others exercised that day or shortly thereafter. ;) And your right to Freedom of Association. As did I. Tony --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] ide disk insmod errors :(:(:(
Are you declaring them in the same order as the FAQ? Tony DONE , but same prob :( and same insmod answers ... thanks for your help --- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] weblet extension version 2
Hi Ken, Yeah, actually I picked that up. What happened was I was missing a backtick that somehow dropped off when I pasted the code into the window. Thanks, Tony P.S. Thanks for that lookup code, that's also helpful. I had thought about that, but didn't want to push my luck. ;-) -Original Message- From: Ken Marshall [mailto:[EMAIL PROTECTED] Sent: Monday, June 02, 2003 11:55 AM To: 'Tony'; 'eric wolzak'; 'Leaf-User' Cc: [EMAIL PROTECTED] Subject: RE: [leaf-user] weblet extension version 2 Hi Tony, I tried this code as well and I think that you have to substitute /var/log/shorewall.log for /var/log/messages in the code that Eric provided. It didn't work for me until I made this change. Perhaps an older version of Bering or Dach used the messages file to log packets, hence the confusion. Please correct me if I'm wrong, Eric. Thanks, Ken --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] weblet extension version 2
HI Eric and Jeff, Thanks Eric for the code, this is half of what I was looking for, Jeff gave the other half. If you use the proverb: Give a man a fish, he eats today Teach a man to fish, he eats forever you both gave me one of those lines and I appreciate it. But, I do have some questions about the code, I can get the portsort section to work (from a previous e-mail, but the ipsort section is giving me the headers, but no data under it. I have some observations, but should I move this discussion to the devel list? I don't want to clog up this list with any more messages than necessary. Please advise, and I can pick up with my observations. Thanks, Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of eric wolzak Sent: Saturday, May 31, 2003 12:26 PM To: Tony; Leaf-User Subject: Re: [leaf-user] weblet extension version 2 Hello Tony Another variant is to change in the file viewhits the option ipsort to - ipsort) HEAD='trtd width=50 Hits /tdtdIP-Adress/tdtdnbsp;/td/tr' AUS=`grep DPT=$content /var/log/messages |\ sed 's/.*SRC=\(.* \)DST.*$/a href=viewhits?x_\1\1\/a\/tdtd\/td\/tr/'| sort -n | uniq -c |sort -rn|\ sed 's/^/trtd/ s/a/\/tdtda/` ;; --- this is a little bit slower but let you click on each ip address that tried to connect to the certain port and shows the messages that it caused, including those to another port Regards Eric Wolzak member of the bering crew --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] weblet/sed question
Good Evening all, I'm sorry to ask a question like this, but here goes. I want to expand weblet a little and would like some pointers. I'm currently running weblet 1.2 under Bering v1.1. I like the screens where you can view the hits by either port or sorted IP address. What I want to do is, add the functionality of the IP address screen to the port screen. On the IP screen, the addresses are clickable to view the actual hits the IP was associated with. What I would like to do is have the ports be clickable to view a sorted list of IP addresses. So if I clicked port 53, I could get a listing of all the IP's who hit that port. I could then get the offending IP's without having to plow through the current IP list to see who hit what port. Did I describe that clearly enough? I viewed the code to see how the different pages are rendered and how the sub routines are called, but I don't really know sed. I'm not sure where to start. Any pointers would be helpful. Thanks Tony --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] satellite with bering
HI Andrew, Is it a two way connection, or do you have to dial up the ISP with a modem for the return trip? What about the lag? Is there one? If so, how long is it usually? I am happy with cable modem right now, but the idea of satellite, especially two way sat. with the same speed and low latency would be very interesting. Thanks Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Andrew GRAY Sent: Saturday, January 25, 2003 6:52 AM To: 'Paonia Ezrine'; [EMAIL PROTECTED] Subject: RE: [leaf-user] satellite with bering I have a Dachstien CD box running Satellite from iHug here in Australia. I simply downloaded the drivers from the ISPs web site for the Kernel version and installed them. The system has been up for over a month and works well when the ISP gives us a link from the satellite. Andrew Gray -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Paonia Ezrine Sent: Saturday, 25 Jan 2003 10:47 To: [EMAIL PROTECTED] Subject: [leaf-user] satellite with bering I am thinking about getting oneway satellite internet access from http://www.nebulink.com or http://www.copperlink.net/satnet/index.shtml (they both resell the same service). I am wondering if anyone has gotten this to work with bering or any of the other similar fw's out there. If so please let me know how you did it etc. thanks Paonia --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: Follow up to: Re: [leaf-user] Does this indicate I've been hacked?
Glad to hear it all worked out OK. I had a feeling it would. As final replies: The disk is write protected isn't it? I normally just boot the disk and then eject it until it is needed again. Now, it's just me, but I write protect it after I do any and all backups, then leave it in. If the power fails, or I need to reboot, then I don't have to make a trip over and push the diskette in. Later Tony --- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] 2 3com etherlink III cards
OK, I have to do some testing here. What I thought were 3c509 cards are SMC-Ultra cards in my setup. Perhaps I am wrong with the arguments the 3c509 module takes. I thought for sure it took the io arg, but examining the code as well as the other input from people like Jeff and Brad make me inclined to think I am wrong. If I am Eyal, I apologize :) I will have to convince myself when I get some time by setting up a box with the 509 cards. Thanks for all the replies. Later, Tony --- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] 2 3com etherlink III cards
Eyal, Do you mean the 3c509 or the 3c905 module? You stated 905 below, and 509 in one of your previous posts. I don't know about the 905 module, but the 3c509.o most certainly does take the argument. That is what I am using right now and without it, the probe finds only one card. Later, Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eyal Lebedinsky Sent: Saturday, January 11, 2003 5:27 PM To: Leaf-User Subject: Re: [leaf-user] 2 3com etherlink III cards Tony wrote: Whatcha need to do is tell the modules file to search for more than the first one it finds. You can do that by specifying the io addys (io=0x200,0x220,etc) or IRQ (IRQ=5,7,9,etc). I am rather sure that 3c905 does not accept 'io='. Use the 'irq=' with a list. -- Eyal Lebedinsky ([EMAIL PROTECTED]) http://samba.org/eyal/ --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Does this indicate I've been hacked?
Well, my thought is...why not just reboot to be sure. I mean, your LEAF box is running out of RAM disk right? The disk is write protected isn't it? Now, that doesn't mean that it can't happen again, so I would continue to investigate but I would copy all relevant log files to a disk and reboot. Later Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Lynn Avants Sent: Tuesday, January 07, 2003 11:46 PM To: leaf-user Subject: Re: [leaf-user] Does this indicate I've been hacked? On Tuesday 07 January 2003 01:08 pm, Dennis Stephens wrote: Saw the following in my syslog Jan 3 15:17:12 ardentpursuit portsentry[1120]: attackalert: External command run for host: 218.156.227.172 using command: /root/add2chain 218.156.227.172 12345 Did that command actually run, or did portsentry prevent it from running? Well, a Google search didn't come up with anything but Win32 exploits and there are (normally) no services running/listening to port 12345 on a LEAF box. The ip MX is owned by Korea Telecom. I don't run portsentry, so I'm not familiar with the output from it. I would definately take a look in your /root directory, but I would doubt your hackeddepending on what LEAF system and add-on packages you're using/config. In any case, I would do a thorough look at the box to make sure, unless somebody has any better insight into this. -- ~Lynn Avants Linux Embedded Appliance Firewall developer http://leaf.sourceforge.net --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Does this indicate I've been hacked?
Hi Lynn, When you say you, you mean the original poster...right? I was responding to him. Anyway, I think your approach would be a better one, backup the whole disk to a blank diskette, reboot the original disk and then you have a snapshot and can compare while returning to a safe condition. That was my first thought was to get back to safe ASAP and save the logs for ip addys and such. I like your approach better. Just as quick, and more complete. Later Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Lynn Avants Sent: Wednesday, January 08, 2003 10:26 AM To: leaf-user Subject: Re: [leaf-user] Does this indicate I've been hacked? On Wednesday 08 January 2003 07:42 am, Tony wrote: Well, my thought is...why not just reboot to be sure. I mean, your LEAF box is running out of RAM disk right? All LEAF variants do, you haven't stated what you are specifically using. The disk is write protected isn't it? Only you can answer that, personally I generally use Cd's or CF cards. Now, that doesn't mean that it can't happen again, so I would continue to investigate but I would copy all relevant log files to a disk and reboot. The log files won't generally indicate anything that was _successful_. I would back _everything_ up on another disk and check the packages from another box.definately root.lrp. I haven't heard of a LEAF firewall that has been compromised in over 3 years now, but you haven't given any ideas of what you've actually setup other than it is LEAF. You may be running telnet to the internet for all I know at this point. I wouldn't expect much more help unless you can give us a lot more specific information than what you have. I would tend to think that you possibly have a compromised box on your LAN or someone is attempting to attack your firewall, but I don't know anything about your system. -- ~Lynn Avants Linux Embedded Appliance Firewall developer http://leaf.sourceforge.net --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Does this indicate I've been hacked?
Hi Brad, I know, hence my last sentence :-) Later, Tony On Wed, 08 Jan 2003 08:42:33 EST Tony wrote: Well, my thought is...why not just reboot to be sure. I mean, your LEAF box is running out of RAM disk right? The disk is write protected isn't it? Now, that doesn't mean that it can't happen again, so I would continue to investigate but I would copy all relevant log files to a disk and reboot. The problem with that approach is that it a) erases the logs of the incident (unless you save offline copies first) and b) prevents all further forensic analysis. Granted, in some situations those aren't concerns of the firewall administrator. --Brad --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Disk on Chip media? and Bering/Orinoco question
Hello, Two quickies: 1. Can anyone share what DoC media they have used successfully with the WISP distribution, and which US vendor they obtained the media from? I have searched the web for an hour trying to find anyone selling M-Systems, SST or Sandisk media IDE flash systems. 2. Can anyone with a working PCI--PCMCIA orinoco desktop Bering machine please explain what specific modules you have installed? Is it orinoco_pcmcia.o or p80211.o or what? What does your syslinux.cfg look like? I can not get the green light on the Orinoco card to illuminate so I think I have a long way to go. Thank you! -- Regards. Tony Cappelli L A Bridge Internet DSL http://www.LABridge.com/ Read and post reviews at: http://www.dslreports.com/comments/329 --- This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] OT: Cisco IGS Multiprotocol Router Bridge
Hi Gang, Does anyone have any interest in this piece of hardware? If so, it's yours for the cost of shipping. It has the serial and token ring connectors on the back, along with an aux and console port. I have no documentation and can not help you set it up. I don't have token ring at the house, and doubt I will be installing it anytime soon. If you know how to use it, and _can_ use it, drop me a private e-mail and we can go from there. Now back you your regularly scheduled program already in progress Thanks, Tony --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Which LEAF for wireless router
All, Can I get your experienced recommendation about which LEAF to might work best for a very specific application? I am with an ISP in Los Angeles and we have rolled out 802.11b towers in several cities where distance prohibits extending DSL. We now need equipment to put out at our customers (end-user) home or business. This equipment would have an Orinoco card with antenna attached that faces the tower. The Orinoco is the WAN interface for the customer router. Th ethernet faces their LAN. So far we have been using Win98 computers with WinRoutePro and Orinoco PCI--PCMCIA converters. These have been somewhat unreliable. What is the best LEAF for this purpose? The WISP seems like it's designed for base stations and not customer premises equipment. Also, is it necessary to follow the steps outlined by Richard Dale below to get an Orinoco card working with Bering LEAF still? At 12:05 PM -0700 10/14/02, [EMAIL PROTECTED] wrote: Message: 11 From: Richard Dale [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [leaf-user] Bering pcmcia_orinoco.lrp - Orinoco_cs updated versions? Date: Mon, 14 Oct 2002 22:32:22 +0800 A followup solution. It seems that the orinoco v0.09b drivers aren't very good. I am now running the 0.13beta1 drivers and they're no longer spitting up the various errors and timeouts I was having before. Here's how I did it: 0.Original BERING RC3 is using the pcmcia_orinoco.lrp package as referenced by JN's pages. 1.Used Brad Fritz' scripts (slightly hacked) to download the 2.4.18 kernel and patches http://fritzfam.com/brad/leaftmp/ 2.Downloaded the pcmcia-cs 3.1.33 source from http://pcmcia-cs.sourceforge.net/ 3.Downloaded the latest orinoco drivers from http://www.ozlabs.com/people/dgibson/dldwd/ 4.Extracted pcmcia-cs 5.Copied the orinoco source into the wireless directory inside the pcmcia-cs tree 6../Confiugre (making sure the kernel source pointed to the downloaded 2.4.18 kernel source above) 7.Make 8.Replace all of the modules inside /lib/modules/pcmcia with the recently compiled modules 9.Stopped and started the pcmcia service (/etc/init.d/pcmcia restart) and made sure things came up properly (dmesg) 10.Added the newly replaced modules to /var/lib/lrpkg/pcmcia.local file, so I could make a local backup (I use a CD-based boot, with configuration on floppy) 11.Reboot for good luck to make sure everything was fine. Thanks again to Brad Fritz for his detailed respons and assistance. Cheers, Richard. -- Regards. Tony Cappelli L A Bridge Internet DSL http://www.LABridge.com/ Read and post reviews at: http://www.dslreports.com/comments/329 --- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] What's this guy trying?
Microsoft SQL server listens on that port (1433)...there's a worm going around that is looking for unprotected SQL server hosts. Hopefully this doesn't wrap: http://securityresponse.symantec.com/avcenter/venc/data/digispid.b.worm.html Hope that helps Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Monday, October 14, 2002 6:09 PM To: Jon Clausen; [EMAIL PROTECTED] Subject: Re: [leaf-user] What's this guy trying? port 1433.. isn't that Citrix or more specifically the ICA protocol. Or was it VNC... joey On Mon, 14 Oct 2002 23:29:42 +0200 Jon Clausen [EMAIL PROTECTED] wrote: Logged into a remote Dachstein box to check up on something else, and I see huge amounts of denied packets in /var/log/messages... Connection attempts from f.x: 10.131.224.1:3 - 62.243.222.62:1 ^^unknown^^ ^^my remote^^ I see a bunch of these from different IPs (that is, from port 3 to port 1)... dunno what to make of that, but then there's this guy: # grep 65.82.107.120 $_ | nl 1 Oct 14 15:05:56 skilderhus kernel: Packet log: input DENY eth0 PROTO=1 65.82.107.120:5 62.243.222.62:0 L=56 S=0x00 I=5685 F=0x T=45 (#2) continues in 'bursts' to: ... 164 Oct 14 15:06:07 skilderhus kernel: Packet log: input DENY eth0 PROTO=1 65.82.107.120:5 62.243.222.62:0 L=56 S=0x00 I=5866 F=0x T=45 (#2) is this some kind of DoS? Am I under attack, or is it just some misconfigured box? I nmapped the IP, and the only thing that came up was: Port State Service 1433/tcp openms-sql-s -so I'm guessing it's a zombie windows host... (?) TIA Jon Clausen --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] OT: Won't boot if headless
Some motherboards (my Zeos 486 for example) have just a field that says keyboard where you can set enable/disable. For the longest time, I had no idea why you'd want to disable a keyboard (and how you'd re-enable it once it's disabled). Silly me. Disable the *search* for a keyboard on boot; if it's there, use it.if not, then the machine doesn't worry about it. Finally, if it is such a pain to get it to boot without a keyboard, why not get a compact one, plug it in and just set it aside? Changing motherboards seems extreme and expensive compared to a $10 compact, low-tech solution. Good Luck Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ewald Wasscher Sent: Tuesday, September 24, 2002 4:26 PM To: Warren Post Cc: leaf-user Subject: Re: [leaf-user] OT: Won't boot if headless On Tue, 2002-09-24 at 22:04, Warren Post wrote: This is a hardware problem, not a LEAF problem. But perhaps someone has faced this issue before. Now that I have sshd working on our Dachstein box I want to run it headless. Only now do I discover that it won't boot unless I plug a keyboard back in. As a workaround I've got an old keyboard that doesn't work very well plugged into the box, but that is both an inelegant solution and a temptation to idle fingers. And our frequent power outages mean that the box must reboot often and reliably. I suspect that the problem is hardwired and the only solution is to change the motherboard. (I see no BIOS settings that should affect the keyboard.) But somebody prove me wrong, please. In many bioses there is an option like Halt on: where you can choose if your machine should refuse booting if it has no keyboard, no videocard etc, or that it should boot without those. You should be able to find more information in the manual of the mainboard. For most mainboards the manual can be found at the manufacturer's website if you don't have it anymore. Ewald Wasscher --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] backup bug in bering/shorwall?
DO'H! Sorry, I didn't think to look in there, that was it. Thanks! Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brad Fritz Sent: Sunday, September 08, 2002 8:53 PM To: Tony Cc: Leaf-User Subject: Re: [leaf-user] backup bug in bering/shorwall? Hi Tony, On Sun, 08 Sep 2002 17:13:21 -0400 Tony wrote: Good Evening, I am putting together a bering fw (rc-3) with the latest version of shorwall. I am making a CD bootable with the packages I need from J-Nilo's instructions. What I am doing is starting with default files, modifying for my setup and doing a full backup to diskette. When I get the setup just right, burn a new CD with the setup and all my config's in place. Now, the funny part. When I make the changes to shorewall, and do a full backup to the floppy, it is losing the /var/lib/shorewall directory and all the contents. I have verified they are listed in the shorwall.list = firewall: -root- # cat shorwall.list etc/init.d/shorewall etc/shorewall sbin/shorewall var/lib/shorewall var/lib/lrpkg/shorwall.* = Also, I read a thread on the shorwall user list regarding this, but it was mentioned that the /var/lib/shorewall entry was missing in the .list file, which you can see above, I have. Any ideas? Not positive, but this sounds like the typical LEAF with shorewall = 1.3.3 problem. Have you edited root.exclude.list to remove the /var/lib/shorewall entry? Full instructions at http://shorewall.net/errata.htm#Upgrade . --Brad --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] backup bug in bering/shorwall?
Good Evening, I am putting together a bering fw (rc-3) with the latest version of shorwall. I am making a CD bootable with the packages I need from J-Nilo's instructions. What I am doing is starting with default files, modifying for my setup and doing a full backup to diskette. When I get the setup just right, burn a new CD with the setup and all my config's in place. Now, the funny part. When I make the changes to shorewall, and do a full backup to the floppy, it is losing the /var/lib/shorewall directory and all the contents. I have verified they are listed in the shorwall.list = firewall: -root- # cat shorwall.list etc/init.d/shorewall etc/shorewall sbin/shorewall var/lib/shorewall var/lib/lrpkg/shorwall.* = Also, I read a thread on the shorwall user list regarding this, but it was mentioned that the /var/lib/shorewall entry was missing in the .list file, which you can see above, I have. Any ideas? Thanks, Tony --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] file system problems.
Screw winzip, use PowerArchiver (www.powerarchiver.com). It supports all the usual types (i.e. zip) as well as RAR, TAR, GZIP...etc. It will allow you to create TAR files on W2K ( I just tried it to make sure). It also supports ACE, CAB and other formats. Check it out. Later, Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eric B Kiser Sent: Friday, September 06, 2002 2:59 AM To: [EMAIL PROTECTED] Subject: RE: [leaf-user] file system problems. I just checked the help file for WinZip 8.0 and it states... [snip] TAR, Z, GZ, TAZ, and TGZ files are often found on Unix-based Internet sites. TAR stands for Tape ARchive. The TAR format does not provide compression; it is used only to group files. GZ and Z files are gzip files. GZ and Z files cannot contain multiple files. TAZ and TGZ files are TAR files compressed in the gzip format. Since almost all new archives are created in Zip format, WinZip does not provide facilities to add to or create files in these formats (however, all other WinZip functions are supported). WinZip does not use external programs when working with files in these formats. Copyright © 1991-2000 by WinZip Computing, Inc. All rights reserved. [/snip] Regards, Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of S Mohan Sent: Friday, September 06, 2002 12:58 AM To: guitarlynn; [EMAIL PROTECTED] Subject: RE: [leaf-user] file system problems. Winzip reads tar but does not write tar. Saving is in zip format perforce. If I'm wrong, please let me know. Mohan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of guitarlynn Sent: 06 September 2002 09:42 To: [EMAIL PROTECTED] Subject: Re: [leaf-user] file system problems. On Thursday 05 September 2002 22:59, S Mohan wrote: In the recent past, we have seen a lot of mail on partition size and associated problems. I initially had problems with MSDOS 8.3 name format and had to go thro' renaming object files. If we take the netfilter objects, it is particularly difficult with the long names where the difference comes only beyond the 8th character. Why not just tar the modules and stick the tar file on the floppy? WinZIP supports tar, doesn't it? ;-) -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Follow-up on archive programs for Windows
I grabbed this from the FAQ on what formats power archiver (www.powerarchiver.com) supports: == Q: Does PowerArchiver support other archive formats besides ZIP? A: Yes, in addition to ZIP files, PowerArchiver currently supports creating and working with CAB, LHA (LZH), TAR, TAR.GZ, TAR.BZ2, and BH (BlakHole) archives, and supports reading and extracting RAR (version 1, 2 3), ARJ, ARC, ACE (version 1 2), GZIP, BZIP2, and ZOO archives. PowerArchiver also has complete built-in support for XXE, UUE AND MIME (base64) Internet encoded files. No, I have no connection with these guys at all other than being a registered, happy user. Hope this helps, Tony --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] ORIENT BANK OF NIGERIA INVITES YOU
Goodie Goodie Goodie I'm rich! I'm rich HAHAHA, where's the phone so I can call my boss and tell her I quit!!! Stinking Rich Tony Take this job and shove itI ain't workin here no mo'... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of BELLO MOHAMMED Sent: Friday, September 06, 2002 2:57 PM To: [EMAIL PROTECTED] Subject: [leaf-user] ORIENT BANK OF NIGERIA INVITES YOU Greetings, I am Mohammed Bello, Bank Manager of ORIENT BANK OF NIGERIA, Lagos Branch. worthless shit snipped --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] WISP-DIST
FYI we also tested with out 180mW cards works great :) http://www.demarctech.com/products/reliawave-180mw-prism2-5-pcmcia-card. html Sincerely Tony Morella Demarc Technology Group Office: 908-996-7995 Cell: 908-246-9170 Fax: 908-847-0202 email: [EMAIL PROTECTED] http://www.demarctech.com Wireless Solution Provider -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Vladimir I. Sent: Wednesday, August 14, 2002 9:38 AM To: Marty Buchaus Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] WISP-DIST Hi, There is a test image on http://www.hazard.maks.net/wisp-dist/downloads. It already supports Teletronics high power 100mW cards. Marty Buchaus wrote about [leaf-user] WISP-DIST: I've tried to mount the distribution image using the build-scripts from the source forge DL area and am having problems finding the proper file system type to mount the image.. The reason for me even tinkering with this already well packed image is the lack of the prism2.5 driver module.. The 2290 image properly recognizes the Teletronics embedded NSA nic but not the Teletronics High-Power Prism 2.5 based 100mw card.. Please Help the default Teletronics firm/soft ware just isn't cutting it and I love the configurability and Openness of this distro.. Marty Buchaus CTO Dabuke Internet Services (ASI / BigSky) RHCE - 807101943103186 ICQ - 10579998 --- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 -- -- leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html -- Best Regards, Vladimir Systems Engineer (RHCE) --- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Dachstein CD iso problem (kind off)
So perhaps I am stating the obvious, but have you considered it's a bad burn? Just because you can read some files doesn't mean all will be readable. I ran into the same problem with full distros. The download MD5 was fine, but when I burned them some files were not readable but I was able to boot and start the install (isn't that always the way, 3/4 into the install...I'm sorry, I can't find this very important file, please insert the install disk and hit enter) Later Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Stefke Sent: Thursday, May 30, 2002 2:23 AM To: guitarlynn Cc: [EMAIL PROTECTED] Subject: RE: [leaf-user] Dachstein CD iso problem (kind off) Lynn, Well, the modules are not in a package on the CD, but rather a folder named modules. This is fine on the .iso format, but will not work on a msdos formatted harddrive because of DOS fs limitations. You will need to transfer the modules on the CD to the /lib/modules directory, change the bang command in /etc/modules to reflect that the modules are now in /lib/modules, and do a full backup of the modules package. I hope this helps! -- ~Lynn Avants aka Guitarlynn I realies that, problem is I can't read those modules from the cd. On a normal (slackware :-) ) linux system, I mounted the iso image. When I try just to copy everything under /mnt/lib/modules to another disk on my normal system I get the same error. So the real problem isn't getting those modules ON my firewall system, but getting those modules FROM the CD. Thanx anyway, Stefaan ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Dachstein CD iso problem (kind off)
Ah, I see. Well, I am using the image from the website burned on a CD and it's working for me. But, the image was downloaded months ago. If it was changed, then all bets are off. Thanks Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Stefke Sent: Thursday, May 30, 2002 8:36 AM To: Tony; Stefke Cc: [EMAIL PROTECTED] Subject: RE: [leaf-user] Dachstein CD iso problem (kind off) Tony, It isn't a burn. It's just the image file I mounted under Linux with : mount -o loop imagefile.iso /mnt I solved the problem. Just downloaded the kernel file from Charles website, and untarred the modules from there. Still want someone to verify the iso-image that's on the website. Stefaan So perhaps I am stating the obvious, but have you considered it's a bad burn? Later Tony Stefaan ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [Leaf-user] internal NAT question
Would not the ipchains/iptables rules be applied? Could you not say forward only traffic from external_ip/32 to internal_server/32 port 3389 or whatever and essentially say, yeah, this port is open but only for this one client on the internet? All others would be rejected/denied. Or am I mistaken, and that port forwarding bypasses all rules. Thanks, Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steve Fink Sent: Friday, April 26, 2002 3:55 PM To: LEAF-List Subject: RE: [Leaf-user] internal NAT question Phillip, The security implications are the same as having that port on that machine exposed directly to the internet. Example: Portforwarding port 3389 ( Terminal Server ) from the firewall to port 3389 on a NT/2000 system behind the firewall. Terminal Server is totally exposed, it's like taking a pipe and tunneling all communications on port 3389 to the NT/2000 system. So if there is a vulnerability in Terminal Server ( which there is ) then Terminal Server is suceptable to this vulnerability, despite the fact that you have the firewall in place. During a scan of your firewall ( with port forwarding enabled on port 3389 ) you would see that port 3389 was open and accepting connections. So you would know that there was a Terminal Server connection there, but the TCP/IP signature and timing would look like a Linux box. Opening a Terminal Server connection to the box would bring up a Terminal Server login screen to a potential intruder. Then he/she could attempt to gain access using any other information that could be gleened from the scan, and possibly guess usernames/passwords etc, or use a known Terminal Server vulnerability to gain access. So in short, port forwarding is creating a tunnel from your firewall into the internal system. Any traffic directed at your firewall on that port will be transferred directly to the internal system. Hope this helps, Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Friday, April 26, 2002 9:12 AM To: [EMAIL PROTECTED] Subject: [Leaf-user] internal NAT question I have situations in which my vpn router is a peer to a proxy server. The proxy server is the default gateway for the servers behind it. Therefore I use NAT on the internal interface to force traffic to the servers back through the router. This is approximately the same thing as port forwarding. Does anyone know of any security implications in this? Thanx. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] DMZ Options - additional questions
Good Morning, I am resending a message that got no response the last time, I would appreciate any input anyone might have. I am going to try and impliment this on Sunday. Thanks in advance Tony Good Evening, I would like to build on this DMZ discussion and combine it with a post that Matt had a few days ago. My situation is that I am going to impliment a DMZ with the private switch, and have a second firewall (MS ISA server) between the DMZ and internal network. Here is a lame pic of what I want to do: Internet | | | |eth0 (IP assigned from RR) LRP Box | | | |eth1(192.168.1.2) | | | |_ 192.168.1.0/24 DMZ | eth2 (192.168.1.3) | 192.168.1.1 ISA ext. nic 192.168.0.1 ISA int. network | | Internal network (192.168.0.0/24) OK, now what I was thinking was, that the eth1 and eth2 would be on the same subnet. This way, updating the web server from the internal network would be fairly easy, because the internal nets default gateway is the ISA server, and the external nic on the ISA server has a default gateway of the LRP box. Same with the DMZ box. Assuming they penetrate the LRP box and hack the DMZ server, they are still removed from the internal net by the ISA server. I want to allow the DMZ box access to a Access database on the internal network (read only) and the DMZ box also needs access to relay SMTP messages to an internal Exchange box. The DMZ box is a W2K server running IIS and SMTP w/ ISA's message screener. (Everything is patched :-) Anyway, what do you all think? Any flaws you can see in this plan? I appreciate all the feedback you can give Thanks Tony Whether you want a DMZ or not (YES, PROXY, NAT, PRIVATE, NO) Proxy NAT Private... Does PRIVATE mean, that i have a DMZ, but with PRIVATE ip ranges etc, YES - This is a traditional routed DMZ...your ISP routes a block of IP's to the external interface of your firewall PROXY - A Proxy-ARP DMZ...used if you've got a block of static IP's from your ISP. The firewall essentially glues together two identical network segments, allowing your DMZ systems to be configured with public IP's (just like they were connected directly to your upstream modem), but still having the protection of a firewall. NAT - Similar to a Proxy-ARP setup, but uses static-NAT translation instead. Each DMZ system is configured with a private IP, and a translation table is built, converting public IP's to the private IP of your DMZ systems. PRIVATE - This architecture is unique...it port-forwards specific services to DMZ machines, which have private IP's. The main benifit is you don't have to have multiple IP's assigned to be able to implement this form of DMZ. NO - No DMZ Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] changing internal subnet addrs on Dachstein
Don't forget hosts.allow Later Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Christopher Holmes Sent: Sunday, February 03, 2002 5:34 PM To: [EMAIL PROTECTED] Subject: [Leaf-user] changing internal subnet addrs on Dachstein I just changed the internal network address on my Dachstein box. I changed the 192.168.1.xx to 192.168.5.xx in... /etc/dhcpd.conf /etc/network.conf /etc/sh-httpd.conf /etc/ipfilter.conf looked OK as-is. I backed up packages etc, dhcpd, weblet. Everything works fine except I can't get the weblet page to display. What did I miss? Chris ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Strange error messages
Funny, I had 2 Boca VLB cards that used the lance.o module in a 486DX100 with 24M, and heat buildup caused them to give error messages just like that. How do I know it was heat? ***It only happened in the summer. ***When I took the cover off the machine, it ran fine. ***When I installed a second fan the problems went away. I tried replacing the cards but still had the same errors until I changed the interior temp. Give that a try. Later, Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Scott Coley Sent: Wednesday, January 23, 2002 6:22 PM To: [EMAIL PROTECTED] Subject: [Leaf-user] Strange error messages I used to run Mike Leone's PPPoE Materhorn image on a 486/100 with 16 megs of ram and had no problems. I upgraded my motherboard to a P90 with 24 megs of ram and now I'm getting some strange error message like the following Jan 23 18:08:08 marchwarden kernel: eth0: Bus master arbitration failure, status 8cf2. Jan 23 18:08:09 marchwarden kernel: eth0: Tx FIFO error! Status 02e2. Jan 23 18:08:12 marchwarden last message repeated 7 times Jan 23 18:08:12 marchwarden kernel: eth0: Bus master arbitration failure, status 8cf2. Jan 23 18:08:12 marchwarden in.telnetd[786]: connect from 192.168.1.1 Jan 23 18:08:13 marchwarden kernel: eth0: Tx FIFO error! Status 02e2. Jan 23 18:08:15 marchwarden last message repeated 4 times Jan 23 18:08:15 marchwarden kernel: eth0: Tx FIFO error! Status 06e2. Jan 23 18:08:16 marchwarden kernel: eth0: Tx FIFO error! Status 02e2. Jan 23 18:08:17 marchwarden kernel: eth0: Tx FIFO error! Status 02e2. Jan 23 18:08:17 marchwarden kernel: eth0: Tx FIFO error! Status 06e2. Jan 23 18:08:17 marchwarden kernel: eth0: Tx FIFO error! Status 02e2. I have no idea as to what's causing the problem. I'm using 2 Compaq 10 megabit Netelligent ISA Ethernet cards equipped with the PCNet-ISA II (Lance compatible) chip. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] NIC card offer to list members
Just in case anyone needs some cards, I have a buttload of 3c509-TP ISA cards that I would share with any list members that want some. You pay shipping and I'll give you a couple no charge(max 3 per person please). These cards have tested fine, but I have not tested every single one. I don't want to warranty these since I am giving them away. But like I said, I tested over 40 of these cards with not one failure. The only thing I ask is you pay for priority mail (since I have the boxes already and it will make my life 10x easier) and you use it on a LEAF system :-) Drop me a private e-mail and we can work out the details. Later, Tony [EMAIL PROTECTED] PS I also have a few RACAL ISA cards that were in the same bunch, if you would prefer some of thoselet me know. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Help with a webserver on a DMZ network.
I am just starting to setup a DMZ, but I have a few questions on your setup, the are noted below # Set EXTERN_IP to DYNAMIC if you need the rules to read the IP from the # interface, but you arn't using DHCP (ie PPPoE and dialup users) EXTERN_IP=PUBLIC IP ^^ What's the purpose of this entry? From what I see in the network.conf file, the line above should take care of business: # External Interface IP number...the default should be fine for most folks #eval EXTERN_IP=\\${$EXTERN_IF_IPADDR:-}\ [snip] ## UDP Services open to outside world # Space seperated list: srcip/mask_dstport # NOTE: bootpc port is used for dhcp client EXTERN_UDP_PORTS=0/0_80 And why do you have udp 80 open? Webservers use tcp. # TCP services open to outside world # Space seperated list: srcip/mask_dstport EXTERN_TCP_PORTS=0/0_80 Good I don't know that much about setting up a DMZ (yet) but this is what jumps out at me as strange in the setup. I hope this is somewhat helpful. Later Tony ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Dachstein-CD V1.0.2 Available
[snip] The /dev/cdrom symlink is created in the /linuxrc script, but the actual code to do this is in /var/lib/lrpkg/root.dev.mk Found it, thanks! This should be part of the root.lrp package, which is part of the bootable floppy disk image embedded on the CD-ROM (or on your boot floppy, if you're not booting directly from the CD). Ok, next question. I update and backup my root.lrp to floppy. When I reboot, it does not read my root.lrp from the floppy, all my settings (i.e. my .ssh directory in /root) is missing. So, what the heck am I missing? I don't have to use that root.lrp to burn a new cd in order to use the it, do I? I know I must be missing something simple. Thanks and Happy Holidays! Tony Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Dachstein-CD V1.0.2 Available
Hi All, I have a question Charles, how/where is the /dev/cdrom symlink created? I took a stock version of your 1.0.2 image and modified it to fit my needs (i.e. set a root passwd, included some other packages like psentry, setup network config for my net, stuff like that). I then did full backups of the packages to floppy. I then created an image with the updated *.lrp files from the floppy overwriting the default packages on the CD. When I reboot, all my settings are there, but the /dev/cdrom symlink is missing and everything is trying to load from /dev/hda. I could just reset the modules to point to /dev/hda and probably be happy, but I was wondering what went wrong, and if I can just find it and fix it, that would be easier than burning a bunch of cd's experimenting. Thanks Tony {snip} The main changes include the inclusion of net-snmp (modified version of Andrew Hoying's package), an update to the latest kernel (2.2.19-3), modifications to the init-scripts and general configuration to intelligently create and use /dev/cdrom (which will hopefully avoid the requirement for most folks to customize their PKGPATH), and a minor tweak to /etc/network.conf. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Is this newbie even in the right ballpark with LEAF?
But, isn't LEAF limited to 64M for the ramdisk? MINIX is the filesys right? And I thought that was limited to 64M total. Now, 64M with the PIII and some quality PCI cardsshould be more than enough for what he needs. I know 3com and Intel have cards with the 3DES decoding chips onboard to offload the work, but I don't know if they work with Linux (I know they work with W2K). I looked at 3com's site, and they have beta version drivers for the 2.2 and 2.4 kernels, but I am not totally sure they support the offloading of the encryption/decryption and tcp checksum calcs. If they did, then you could get away with even less CPU. Later Tony [snip] You're talking about Low end Intel High End Intel - 233 MHz Cpu733 MHz Cpu 3 Mbps 3DES throughput 95 Mbps 3DES throughput That's a big difference. I'm sure you could put together a LEAF box with a PIII 800 and 512 MB ram, but you're asking for other companies solutions, and I'll let someone else answer that. I'd like to think a LEAF box could keep up until it's compared to some fancy hardware with a modified PCI bus or multiple PCI buses. Good Luck, Matthew ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] CPU loading monitor
Ya gotta load the lncurses.lrp library. Later Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kevin Kropf Sent: Wednesday, December 19, 2001 00:17 To: 'Kenneth Hadley'; Leaf-User (E-mail) Subject: RE: [Leaf-user] CPU loading monitor I get the following error: # top top: error in loading shared libraries libncurses.so.4: cannot open shared object file: No such file or directory Help... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kenneth Hadley Sent: Tuesday, December 18, 2001 8:49 PM To: [LEAF-user] Subject: Re: [Leaf-user] CPU loading monitor Not that im aware of, though I do know that I a have a top (which can watch CPU usage among other things) package on my site under the packages section ( http://leaf.sourceforge.net/devel/khadley/ ) and yes, I am doing shameless advertising ;-) -Kenneth Hadley - Original Message - From: Kevin Kropf [EMAIL PROTECTED] To: [EMAIL PROTECTED]; Leaf-User (E-mail) [EMAIL PROTECTED] Sent: Tuesday, December 18, 2001 5:32 PM Subject: RE: [Leaf-user] CPU loading monitor Has anyone made an lrpStat.lrp? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of KP Kirchdörfer Sent: Tuesday, December 18, 2001 3:31 PM To: [EMAIL PROTECTED]; Leaf-User (E-mail) Subject: Re: [Leaf-user] CPU loading monitor Am Dienstag, 18. Dezember 2001 21:58 schrieb Kevin Kropf: Is anyone aware of a CPU monitor for LRP that I could use to see what my box is doing? lrpStat from http://leaf.sourceforge.net/devel/hejl Read there about using the C-program lrpStat instead of stat.sh, which is used in weblet from dachstein. kp ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] OT: Verilink ESF T1 CSU
I know this is off-topic, but I have 4 ATT Paradyne (made by Verilink) ESF T1 CSU's that someone sent me by mistake. I won an auction for a router, and they sent me these. Anyway, if someone on the list could use these, drop me a private e-mail and they can be yours for the cost of shipping. Don't ask me how the hell they work, I know they act as a termination for a T1. But setting up is your deal, not mine. No tech support included with these! Thanks, Tony [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Testing help needed
Is it just me that's wondering, but why do you need a journaling filesystem for a firewall that runs in RAM? I can understand (I guess) if you are using it for a stripped down server application like smtp server, or whateverbut I was under the impression that a journaling filesystem's best attribute was crash recovery because of the way it writes to disk. For a database app server, or smtp server, I can see the benefits. But, again, as a router that loads a minimal filesystem, why go to the bother? Later Tony The existing 2.2.19 kernel trees won't correctly load some of the filesystem modules, which appears to be an interaction between the openwall patches and the reiserfs patch. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] AMD PCNET
First, I don't have a Compaq running LEAF, but I do have NIC cards that have the same chipset. Have you tried the PCNet32 module? Another that works for the VLB cards that I have that use the PCNet chip is the lance.o module. Supposedly the PCNet32 module should work for me, but it doesn't. The lance.o is a generic replacement from what I understand. Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sergio Morilla Sent: Friday, November 23, 2001 10:35 To: Leaf-user@lists. sourceforge. net (E-mail) Subject: [Leaf-user] AMD PCNET Hi all, I have an old Compaq 5100 with an embedded AMD PCNET ethernet card. Does anybody know if which module to use and if this is a PCI card?? Thanks in advance Sergio D. Morilla [EMAIL PROTECTED]Sán Martín 647 Piso 2 SistemasC1004AAM - Buenos Aires Tipoiti SATIC Argentina ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user attachment: winmail.dat
[Leaf-user] FYI on saving CD configs to floppy
Bravo on the new CD release! I love this new release, it was quite easy to setup. I did however, run into a problem saving configs to floppy that I didn't see in any messages. I thought an FYI for the archives would be good idea. I have a Packard Hell computer, Packmate 6200 (stop laughing), and surprisingly, it boots from the CD, even though there is no setting for that in the BIOS. Anyway, if I had the BIOS set to try A then C, when I used the backup command in lrcfg to set a new destination for config files, it would not show the floppy as a choice. I had to use custom. It would ask for the destination and file system which default to fd0 and msdos, so far so good. Then when I tried to backup that package, it would error with could not mount device. Yet, I could manually mount the floppy no problem. I don't know why, but I set the BIOS to boot only from the C drive, and when I tried to set a custom destination, the floppy showed up as an option, and everything is peachy. I looked at the lrcfg.back code and tried to see why it would give me gas about not finding the device, but I couldn't see why it would error. It works just fine now, with no problems. Hope that helps someone. Later Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Charles Steinkuehler Sent: Friday, November 16, 2001 11:07 To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Leaf-user] Announcing official release of Dachstein-CD The official release (v1.0.1) of Dachstein-CD is now available for download from the usual places: slow: http://lrp.steinkuehler.net/files/diskimages/dachstein-CD/ fast: http://lrp1.steinkuehler.net/files/diskimages/dachstein-CD/ http://lrp2.steinkuehler.net/files/diskimages/dachstein-CD/ ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] tcp packets to dns port
Hi Tim, Yeah, you have it rightback in April and May the discussion took place. It was finally tracked down to some annoying pop-up ads like the X-10 ad that triggered a flurry of DNS hits to locate an ad server close to your location. I can't remember the name of the company who had this brainstorm (30+ hits in 3 seconds?!?! WTF?). But, if you had any popups lately, then I bet this is the cause of the log entries. Later Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tim Hicks Sent: Thursday, September 27, 2001 19:16 To: Charles Steinkuehler; [EMAIL PROTECTED] Subject: [Leaf-user] tcp packets to dns port (was Re: Dachstein-pr3 available) Charles, that's great. All the dmz problems appear to have gone away, and everything seems to be working as it should. Thanks very much. I do have one niggle though. My logs have quickly filled up with this sort of thing... Sep 27 23:45:02 glenmore kernel: Packet log: input DENY eth0 PROTO=6 203.208.128.70:35587 213.105.191.213:53 L=44 S=0x00 I=0 F=0x T=242 (#47) Sep 27 23:45:02 glenmore kernel: Packet log: input DENY eth0 PROTO=6 202.139.133.129:56100 213.105.191.213:53 L=44 S=0x00 I=0 F=0x T=239 (#47) Sep 27 23:45:02 glenmore kernel: Packet log: input DENY eth0 PROTO=6 203.194.166.182:43201 213.105.191.213:53 L=44 S=0x00 I=0 F=0x T=232 (#47) Sep 27 23:45:02 glenmore kernel: Packet log: input DENY eth0 PROTO=6 203.208.128.70:35613 213.105.191.213:53 L=44 S=0x00 I=0 F=0x T=242 (#47) I realise that these are tcp packets inbound to my dns port (53), but they don't appear to be from the dns root-servers (which was the case last time something like this happened). I seem to remember a thread on either this, or the linux-router list that discussed something like this a little while ago. If I remember correctly, the conclusion was that it was down to some flakey sort of load-balancing system, but I could be wrong on that. I searched the lists on geocrawler, but I couldn't turn up what I was looking for. I just want to check if I'm better opening up tcp_port_53, or simply silently denying all these packets? If I deny them, isn't there a possibility of certain dns queries failing if the response is too large? If I open the port, do I leave myself in more insecure position, given that I (think I) have a program that is listening on this port i.e. dnscache. cheers tim ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] A small snippet of code for review
Thank you Charles for some feedback, Comments noted below snip To see which libraries you need, run: ldd sdmotor The results are libc.so.6 and ld-linux.so.2 I assume with updated versions of these, it would work? I also assume, if I downgraded my install (see below) to 2.1, then I would be compiling against compatible versions of these libs? What if I updated the libs on the LRP machine? Would I break anything with newer libs? I would assume backward compatibility would be the name of the game, but this is new ground for me. on your debin box. Since you're program's crashing (not generating an error about a missing library), you probably are linking against the wrong version of the standard C library. Are you compiling on Debian 2.1? Nope, 2.2r3 from April, 01 Also, you may need to make sure your kernel has the SCSI support modules loaded... Yup, got that covered. Do what I do...don't buy Seagate drives ;-) $4.00, new in box with a write-protect jumper. I didn't realize I could cook on the damn thing while it was running. And the noiseoi! IIRC, there are some usermode programs to do this sort of thing with SCSI drives. I don't remember off-hand what the programs called, but a bit of searching should turn up something. You might also take a look at noflushd: http://freshmeat.net/projects/noflushd/ Will do! Thanks! Tony ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] A small snippet of code for review
I apologize in advance for posting something that is probably more of use in the developer's list, but I want the maximum eyeballs to look and tell me a few things. First, can anyone tell me if this code depends on libraries that have been removed from LEAF? I am running the pre-release EigerStien 2.2.19 copy. When I compile this code on a Debian development box, it seems to run OK, then when I move it to the router, it gives me a segmentation fault. I can't even get it to tell me how to use it (i.e. #:sdmotor ) without it dieing. Second, has anyone a better way to spin down a SCSI drive that throws heat like the sun? I have a full-size Seagate that has a whine worse than my wife, and throws heat like a bastard. After I load from the drive, I want to power it down. Any suggestions? Thanks in advance Tony /* * sdmotor - start/stop scsi drive spindle */ #include scsi/scsi_ioctl.h #include sys/ioctl.h #include errno.h #include stdio.h #include string.h struct s { int inlen, outlen; charcdb[6]; }; main( int argc, char *argv[]) { struct sc; memset( c, 0, sizeof c); c.cdb[0] = 0x1B; if (argc != 2) return (usage( )); if (strcmp( argv[1], start) == 0) c.cdb[4] = 1; else if (strcmp( argv[1], stop) != 0) return (usage( )); if (ioctl( 0, SCSI_IOCTL_SEND_COMMAND, c) == 0) return (0); fprintf( stderr, ioctl failed (%s)\n, strerror( errno)); return (1); } usage( ) { fprintf( stderr, usage: sdmotor { start | stop }\n); return (2); } ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] OT: KVM switches
I just went through that same problem of crappy video. What resolution are you using and how long is your cables? Are you getting ghosting? If so, shitcan those cheap ass cables and get one that is shielded. I just picked up a ps/2 set from cyberguys.com for $23 bucks and it solved all the problems. BTW, I am using an OmniView SE 4 port. I use the other crappy cables for text based machines that don't need high resolution. Later Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Peter Nosko Sent: Monday, June 25, 2001 17:48 To: Leaf-User Subject: [Leaf-user] OT: KVM switches pn] Does anyone here use a KVM switch for GUI workstations? I use the old manual switch boxes for my LRP machines because quality video needs are low. But I've been using a Belkin Omni-Cube 4-port for X/Linux and Windows boxes and am unsatisfied with the video degradation. I'd appreciate any feedback on reasonably-priced KVM switches with decent video performance. Thanks. --- Peter Nosko _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] HD Booting with SCSI disk mod loading problem
Good Morning, Na, I have all the modules, just was at a loss how to get /sbin/insmod to load in root.lrp instead of modules.lrp. I had no idea that it was as simple as deleting the lines /sbin/insmod and /sbin/rmmod from /var/lib/lrpkg/modules.list. This forces the files to be backed up with root.lrp hence, loading when I need them to. Believe me, last night I was thinkingHow the hell did Charles get his RAID to work? ...he would have faced the same problem I was. A little more investigating did the trick. Charles, you may want to add that advice again about removing the lines right under the code as well as later in the document. It was mentioned almost in passing, kinda like oh by the way, you'll need to do this of course. Subtlety goes right over my head, I need the clue bat upside the head. Later Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Luis.F.Correia Sent: Friday, June 22, 2001 04:20 To: '[EMAIL PROTECTED]' Subject: RE: [Leaf-user] HD Booting with SCSI disk mod loading problem Maybe your problem is as simple as having the relevant scsi module compiled in the kernel. This means of course you should recompile the kernel in order to have the module as part o the kernel. I recall a similar problem with RedHat that if the module were not in the initrd archive (similar to our root.lrp), scsi boot was not possible. Hope this sheds some light to your problem. p.s. maybe someone on the list could compile a costum kernel for you... -Original Message- From: Tony [mailto:[EMAIL PROTECTED]] Sent: Friday, June 22, 2001 4:13 AM To: [EMAIL PROTECTED] Subject: [Leaf-user] HD Booting with SCSI disk mod loading problem Evenin All, I have a chicken/egg problem. I am following the HD install advanced section, and have included the code into the spot above the boot line option. I can get the modules loaded by running the script manually once I am booted into the env. However, here is the problem. That script relies on /sbin/insmod being loaded before it is run (obviously). Insmod is loaded in the modules.lrp package, which can't be loaded because the HD isn't mounted yet because it needs the SCSI modules loaded which can't be loaded because the package they're in comes later.see the problem I am having? Can I move insmod into a different package that gets loaded first? What will that break? Has this been discussed before and I am just dense? I assume moving it would include editing the modules.list and the other package.list file to include the directory in backupsright? Thanks a bunch, Tony ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] HD Booting with SCSI disk mod loading problem
Ah, I see, in other words, no need to worry about loading modules, they'd be in the kernel already See what I mean about being subtle? Sometimes I can be as thick as a brick Thanks Luis, Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Luis.F.Correia Sent: Friday, June 22, 2001 08:41 To: '[EMAIL PROTECTED]' Subject: RE: [Leaf-user] HD Booting with SCSI disk mod loading problem No, I have a bad english :) What I mean was: If you compile a NEW kernel with the scsi module as (*) instead of (M), it is part of the kernel. That was what I meant with my previous email... -Original Message- From: Tony [mailto:[EMAIL PROTECTED]] Sent: Friday, June 22, 2001 12:52 PM To: [EMAIL PROTECTED] Subject: RE: [Leaf-user] HD Booting with SCSI disk mod loading problem Good Morning, Na, I have all the modules, just was at a loss how to get /sbin/insmod to load in root.lrp instead of modules.lrp. I had no idea that it was as simple as deleting the lines /sbin/insmod and /sbin/rmmod from /var/lib/lrpkg/modules.list. This forces the files to be backed up with root.lrp hence, loading when I need them to. Believe me, last night I was thinkingHow the hell did Charles get his RAID to work? ...he would have faced the same problem I was. A little more investigating did the trick. Charles, you may want to add that advice again about removing the lines right under the code as well as later in the document. It was mentioned almost in passing, kinda like oh by the way, you'll need to do this of course. Subtlety goes right over my head, I need the clue bat upside the head. Later Tony -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Luis.F.Correia Sent: Friday, June 22, 2001 04:20 To: '[EMAIL PROTECTED]' Subject: RE: [Leaf-user] HD Booting with SCSI disk mod loading problem Maybe your problem is as simple as having the relevant scsi module compiled in the kernel. This means of course you should recompile the kernel in order to have the module as part o the kernel. I recall a similar problem with RedHat that if the module were not in the initrd archive (similar to our root.lrp), scsi boot was not possible. Hope this sheds some light to your problem. p.s. maybe someone on the list could compile a costum kernel for you... -Original Message- From: Tony [mailto:[EMAIL PROTECTED]] Sent: Friday, June 22, 2001 4:13 AM To: [EMAIL PROTECTED] Subject: [Leaf-user] HD Booting with SCSI disk mod loading problem Evenin All, I have a chicken/egg problem. I am following the HD install advanced section, and have included the code into the spot above the boot line option. I can get the modules loaded by running the script manually once I am booted into the env. However, here is the problem. That script relies on /sbin/insmod being loaded before it is run (obviously). Insmod is loaded in the modules.lrp package, which can't be loaded because the HD isn't mounted yet because it needs the SCSI modules loaded which can't be loaded because the package they're in comes later.see the problem I am having? Can I move insmod into a different package that gets loaded first? What will that break? Has this been discussed before and I am just dense? I assume moving it would include editing the modules.list and the other package.list file to include the directory in backupsright? Thanks a bunch, Tony ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] HD Booting with SCSI disk mod loading problem
Speaking of SCSI HD's, does anyone know a way to spin down the drive after it has served its purpose? I have seen a couple of old programs that say they can do this, but they are for the 2.0.x kernel. I wrote the author of hdpram and asked if his program will spin down a SCSI drive and he stated no, that it wouldn't work but a small C program interfacing with the sg.o module could do the trick. Any ideas? Thanks Tony ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] HD Booting with SCSI disk mod loading problem
Well Thank you for the immediate response! Part of the confusion on my part was I never totally understood how the packages worked. I knew that some parts belonged to some packages, but until I had to worry about it.I didn't. I took it on faith, you guys [developers] knew what to do, and I wasn't curious. But, as is often the case, I need to know how this stuff works inside and out if I insist on customizing the release for my situation. It's the best way to learn I guess. Thanks again, Tony P.S. Does anyone have the hardware tools package (hwtools_0.5-0.2.deb) from Debian installed? Could you send me the binaries? I don't want to install Debian just to extract a couple of binaries and I can't find out how the hell you can extract them without dpkg. Thanks for the feedback, and I'll update the HOWTO making the insmod/rmmod change more prominent. The mentioned in passing aspect is due to the fact that I've been running systems set to load modules at boot (and hence including insmod/rmmod in root.lrp) for ages with my LRP-CD disto... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Chicken/egg problem
Sorry about that previous post. Two or three paragraphs down answered the question (D'OH!). I read that thing through and missed it. thanks, Tony ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Now here's an interesting auction
Morning all, I think some of you missed my point. I am not really interested in using freesco, more to the point: 1. It was interesting to see someone trying to make a go of selling computers with a floppy based firewall. 2. Since they claim it runs in 6 MB, I would be interested in seeing how they have the web-based setup routine work in the limited space. 3. I wonder if the web based setup would be something that could be adapted to LRP without alot of overhead (mainly space requirements). I am glad to see some have used it before. My question to you all is, what is the setup routine like? Was it comprehensive? Was it web-based or text-based? I have only tried Oxygen's setup a couple of times, and it is effective, but unless you know the layout of the system and where you should edit for your situation, it can be a little difficult to configure. Now, in all honesty, I have not RTFM's, I have perused them and thought I could figure it out as I went. I was only half effective in that approach. The weird thought I had was what if, like in Oxygen, you had a basic boot disk, then you loaded whatever data disk you wanted, followed only on the initial boot, a setup diskette. The setup diskette would do the grunt work of setting up the basic system (web-based with brief explanations on the various screens of what needed to go where). Then you could use the package system to setup the individual packages as needed. I hope all that made some sense, and more importantly, I hope I have my facts straight on Oxygen since I have only used it twice like I said. It took me about a week the first time I tried LRP to figure out that when I rebooted, the settings weren't being saved (ramdisk...D'OH!). If I am wrong, or misguided, I apologize and would appreciate being pointed in the right direction. Thanks, Tony P.S. The DNS scans have faded out for the most part, but it seems to be tied to that damn X-10 advertisement. Whenever I have one pop up, I get scanned. I can go for a week or two, nothing, then boom, scan-o-rama. I implemented the filter pointing to an external file with the IP's listed and that has taken care of it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of kp vander kleut Sent: Sunday, June 17, 2001 06:38 To: [EMAIL PROTECTED] Cc: David Zilm Subject: Re: [Leaf-user] Now here's an interesting auction Hi, last I checked (some months ago) Freesco did only Modem (PPP)lines, no dsl or cable or ethernet, running on a 2.0.36 kernel. their webconfig is a nice setup though slightly confusing at times. Didn't try to find out more because I prefer 2.2.* kernels and use a cable modem. if you decide to try and adept some of it for LRP I would be intrested of course (as would others I presume). I read through their site quickly and found a newer release than the one I saw some time back, they apperently support eth-eth and cable nowadays, maybe I'll take another shot at it. I couldn't find a kernel version in their docs quickly, don't now whether they use ipchains or tables. (They do have a nice setup manual) Good luck Greetings Peter vanderkleut - Original Message - From: David Zilm [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, June 17, 2001 10:42 AM Subject: [Leaf-user] Now here's an interesting auction Message: 1 From: Tony [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Sat, 16 Jun 2001 11:08:31 -0400 Subject: [Leaf-user] OT: Now here's an interesting auction Reply-To: [EMAIL PROTECTED] First, Hi to all the recently displaced (?) LRP list members, glad to join you over here. Second, sorry about the off topic post, but have a look at this enterprising lad: http://cgi.ebay.com/aw-cgi/eBayISAPI.dll?ViewItemitem=1245384063 Has anyone tried this freesco yet? I am not interested in using it, but I am interested in the web config they tout. That would be interesting considering they say it runs in as little as 6 MB. Later Tony Yes. It works, but in my experience 8MB would be the limit these days. You cant load any additional monitoring functions in 12MB, so 6MB is just a bit wishful thinking. 32MB SDRAM should permit some utilities (like top, accounting etc) to also run. Like LRP, the P133 is an overkill for the job (gee's a 486DX66 would suffice for DSL) It does write some stuff to floppy/hdd though (config based stuff) automatically A unique way to sell a PC I suppose. -- - Dave Melbourne, Victoria, Australia mailto: dzilm@!melbpc.org.au-without-the-! ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user