[leaf-user] RE:Image CF drive
Hi, I use dd.exe - port for the GNU dd tool. I don't recall however, which site I got it. But doing a quick google, Here's a site that seems to host it: http://users.erols.com/gmgarner/forensics/ Regards, Vic --__--__-- Message: 10 Date: Thu, 14 Jul 2005 16:37:34 -0700 From: Richard Amerman [EMAIL PROTECTED] To: leaf-user@lists.sourceforge.net Subject: [leaf-user] Image CF drive Does anyone know of any windows tools that can do a disk image of a CF card? I have multiple identical CF cards I need to propagate a uClibc install to, bootable portion and all. The only tools I have found that work with CF cards so far have been for linux. Thanks! Richard Amerman -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.13/47 - Release Date: 7/12/2005 --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] RE: IPSEC md5sum not found (Tibbs, Richard)
Hi, Message: 1 Date: Sun, 8 May 2005 09:31:43 -0400 From: Tibbs, Richard [EMAIL PROTECTED] To: Bering List leaf-user@lists.sourceforge.net Subject: [leaf-user] IPSEC md5sum not found Dear list: I have a subnet-to-subnet ipsec tunnel that is not coming up, and an=20 ipsec barf shows several md5sum not found messages in association with all of the secrets. I looked through the ipsec.conf man page with no luck to find some way to generate the md5 checksum. Is this a fatal error? I believe ipsec keying mechanisms are looking for the tool `md5sum`. Regards, Vic -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.11.6 - Release Date: 5/6/2005 --- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] RE: hda: write_intr error1
Hi, Message: 1 Date: Tue, 12 Apr 2005 10:18:15 +0200 To: leaf-user leaf-user@lists.sourceforge.net From: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: [leaf-user] hda: write_intr error1: hello! I'm running Bering 1.2 on a CF nowdays I have a Problem with my CF if I write some things to my CF it come alot of messages hda: write_intr error1:. on my console so that I can't do anything. (cause bad sector) my question ist can I disable this message? Regard Phuoc Try using hdparm (http://www.die.net/doc/linux/man/man8/hdparm.8.html) during bootup. On my case, I do an `hdparm -m1 /dev/name` on my CF during bootup to fix those NO DRQ... messages. Busybox has an hdparm applet. HTH - Vic -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.9.5 - Release Date: 4/7/2005 --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] RE: Booting from a USB Device
Hi, --__--__-- Message: 1 Reply-To: [EMAIL PROTECTED] From: Andrew Gray [EMAIL PROTECTED] To: Leaf User Group leaf-user@lists.sourceforge.net Date: Sun, 20 Mar 2005 19:10:22 +1000 Organization: Willowcrest Solutions Subject: [leaf-user] Booting from a USB Device I wish to boot a LEAF Bering uCiblic box from a USB memory stick. I can't find any howto and am just wondering if someone could point me to any which may have been written. Thankyou in advance for any help I can get. Does your hardware BIOS support such? Regards, Vic -- Internal Virus Database is out-of-date. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.7.2 - Release Date: 3/11/2005 --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] RE: Write error on CF ([EMAIL PROTECTED])
Hi, Going through your log results I can't help but notice this: - Mar 3 10:26:36 phuoc kernel: PCI: No IRQ known for interrupt pin A of device 00:11.1. Please try using pci=biosirq. - Is there, by any chance, that you're using a relatively new hardware? Anyways, I get these messages when I try out fairly new SBCs, where IRQs/BIOS are still flakey. I'd like to suggest reformatting your CF using a different, known working board, and try to use/test it there. If this problem does not occur for quite some time, then the other board maybe flakey. There are a number of solutions you can try out if indeed your board + Linux doesn't get along pretty well. Some involve exactly similar to the one suggested by your logs above, that is, using kernel paramaters. Others involve using tools such as `setpci`. I use `hdparm` for my CF in order to solve my _NO_DRQ_... problem (entirely different problem). I hope this gives you an idea to solving you problem. Best regards, Vic Message: 1 Date: Thu, 3 Mar 2005 22:35:17 +0100 To: leaf-user@lists.sourceforge.net From: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: [leaf-user] Write error on CF Hello, I'm runing Bering 1.2 nowdays I have the problem that I can't write on my CompactFlash anymore. In my syslog there is a message: Mar 3 10:26:41 phuoc kernel: Filesystem panic (dev 03:01). Mar 3 10:26:41 phuoc kernel: fat_free: deleting beyond EOF Mar 3 10:26:41 phuoc kernel: File system has been set read-only how can I solve this problem? thank you Phuoc -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.5.7 - Release Date: 3/1/2005 --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] A bit LEAF OT: CF woes
Hi everyone, In line with current posts regarding CFs, please allow me to include my own observations: I'm using both minix and ext2 FS on my CF environments. I noticed that deleting files from the CF, and running `sync` right after, does not immediately reflect (all of) the free'd space on my CF. In order to (re-)gain free space back, I had to unmount the altered partition, then do an fsck. This happens in both minix and ext2 formatted partitions. Any of you guys encounter this same problem? Any solutions? TIA - Vic --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] RE: hostap_cs (Scott Merrill)
Hi Scott, -Original Message- From: Scott Merrill [EMAIL PROTECTED] To: leaf-user@lists.sourceforge.net Date: Wed, 5 Jan 2005 21:33:11 -0500 (EST) Subject: [leaf-user] hostap_cs I'm using Bering uClibc 2.2, trying hostap for the first time. I have a Microsoft MN-520 PCMCIA NIC and a PCMCIA-to-ISA bridge. I used the drivers from the /2.4.26/pcmcia/ directory of the Bering-uClibc_2.2.1_modules_2.4.26.tar.gz tarball (the PCMCIA bus drivers included in the pcmod.lrp package did not work for me). When I insmod hostap_cs.o, I see this: firewall# insmod /lib/modules/pcmcia/hostap_cs Using /lib/modules/pcmcia/hostap_cs.o insmod: unresolved symbol hostap_set_multicast_list_queue insmod: unresolved symbol hostap_setup_dev [messages snipped] hostap.o must be properly installed prior to insmodding hostap_cs.o. Notice your unresolved symbols. HTH - Vic --- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almosthttp://www.thinkgeek.com/sfshirt leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] RE: LEAF: HA and Load balancing
Hi KP and Peter, Thanks for the links. I'm currently going through the ultra monkey docs. I've already managed to come up with rough packages for heartbeat and ldirectord (plus a new perl package). My configs however, are not yet working properly. I'll try to contribute stuff once I manage to get things up and running well. BR - Vic --__--__-- Message: 18 Subject: RE: [leaf-user] LEAF: HA and Load balancing Date: Tue, 9 Nov 2004 10:16:12 -0800 From: Peter Mueller [EMAIL PROTECTED] To: =?iso-8859-1?Q?K=2E-P=2E_Kirchd=F6rfer?= [EMAIL PROTECTED], [EMAIL PROTECTED] Hi Vic KP, As always please let us know if you have any suggestions for the documentation. If an area is unclear that would be something that would = be nice to fix. I haven't used Keepalived with LVS configuration (health checker), so maybe this is an area where you can help once you = implement? (The 'links' at the bottom should be a good guide; in particular, I = think http://world.anarchy.com/~peter/keepalived.conf.SYNOPSIS will be useful = in this regard). You're the first one to ask questions about this documentation, so = either it is working or you are a guinea pig. Regards, P maybe=20 http://leaf.sourceforge.net/doc/guide/bucu-keepalived.html =20 helps. =20 kp =20 Am Dienstag, 9. November 2004 06:06 schrieb Vic Berdin: Hi, Can anyone point me to READMEs and/or existing packages that will allow me to implement HA and Load balancing using LEAF? TIA - Vic --- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=3D5588alloc_id=3D12065op=3Dclick --- - leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html =20 =20 --- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=3D5588alloc_id=3D12065op=3Dclick -- -- leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html =20 --__--__-- ___ leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user End of leaf-user Digest --- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] LEAF: HA and Load balancing
Hi, Can anyone point me to READMEs and/or existing packages that will allow me to implement HA and Load balancing using LEAF? TIA - Vic --- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] non-root `hwclock --systohc`
Hi, Is the above title possible? I'm using busybox hwclock. Doing an a+rwx on /dev/rtc does not seem to help. TIA - Vic --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.672 / Virus Database: 434 - Release Date: 4/28/2004 --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] RE: USB Keyboard (Roger E McClurg)
Hi --__--__-- Message: 5 To: [EMAIL PROTECTED] From: Roger E McClurg [EMAIL PROTECTED] Date: Mon, 17 May 2004 16:13:15 -0400 Subject: [leaf-user] USB Keyboard Has anyone managed to get a USB keyboard to work with a Bering 1.2 machine? I can't seem to find the correct drivers. Roger This response is not Bering-centric but it *should* work for Bering also. Here's how my modules script loads my needed USB drivers: --- usbcore usb-ohci input hid keybdev --- Above modules were generated by following Kernel build options: Input core support M Input core support -- generates input.o M Keyboard support -- generates keybdev.o M Mouse support -- generates mousedev.o (mousedev.o for USB mice also works if you need it) USB Support M Support for USB-- generates usbcore.o M OHCI ( -- generates usb-ohci.o (HW specific, yours may require UHCI) M Human Interface device... -- generates hid.o Other info/findings: I experience repetitive instances of keyed-in characters if I compile all of the above modules into my Kernel. Thus, I had to make do with a script-based insmodding of USB modules upon startup (LEAF-influence). HTH best regards, Vic --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.672 / Virus Database: 434 - Release Date: 4/28/2004 --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562alloc_id=6184op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] RE: CF-IDE help
Hi, Message: 1 Date: Thu, 13 May 2004 06:46:04 -0700 From: Peter Mueller [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [leaf-user] CF-IDE help Hello, Does anyone know why my new both my new 64mb CF-IDE solutions don't seem to want to work properly? I can format the devices properly, syslinux properly, but when I try to copy data over there is corruption and very strange things happen. For example, it looks like I copy all my LRPs over properly but they don't actually copy. I've tried this process from both Linux and windows, with two completely different sets of hardware. I didn't run into this problem with my 256mb CF-IDE cards a year ago. I'm using a 64M CF + syslinux. I encountered no problem. I prepare my CF using a microtech USB CF card r/w on a Linux environment, and everything goes well. Maybe you can supply us more details as to what are the exact error/s, etc that you encounter. Also, after preparing my CF w/ fdisk mkfs.msdos, and mounting and dumping my files into the CF, I used to verify if the files are actually written. Added info: Another nice solution other than syslinux, as documented on the Bering site is to make use of grub. And it also works perfectly well. Best regards, Vic --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.672 / Virus Database: 434 - Release Date: 4/28/2004 --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562alloc_id=6184op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Very OT: maximum ftp transfer rate for two 10/100Mbps P2P end points
Hi everyone, Does any one have any idea regarding the said title? I'm just trying out the latest rtl8139too driver code from realtek on my LEAF-based machines. I'm using my own 2.4.x kernel and I noticed that the stock RTL driver codes are not performing satisfactorily with my on-board RTL8100C cards. The latest driver code seems to work pretty well. I just just figured it's best if I can really compare my results with actual FTF P2P (at least) standards. Any links are also very much welcome. BTW, sorry for this OT post. You guys are the only credible individuals I know regarding Linux networking ;o). TIA, Vic --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.656 / Virus Database: 421 - Release Date: 4/9/2004 --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] LEAF use of M$ technology: FAT fs
Hi Giovani, -Original Message- From: Giovanni Franza [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 28, 2004 7:39 PM To: Vic Berdin Subject: Re: [leaf-user] LEAF use of M$ technology: FAT fs Vic Berdin ha scritto: Hi everyone, Just a bit concerned. Look here: http://www.microsoft.com/mscorp/ip/tech/fat.asp However, we have this to keep our hopes up: http://www.pubpat.org/Microsoft_517_Reexam.htm Any ideas for LEAF floppies (at least) in case M$ gets their patent claim? This is going to be a real headache for embedded solutions using CFs and digtal cam manufacturers, that's for sure. I was concerned, too. So I used the documentation to use GRUB joined to the documentation to use USB stick joined to some help to use ext2 filesystem and, putting all together, the thing worked, with some limitations. I'm not sure that this can be done on a floppy, but I think that this can be done on a CF. If anybody is interested, the informations to use GRUB and USB are on the leaf project site (as viewed in previous postings) and, to use ext2, the only need is to add ext2.o in /boot/lib/modules and list it in /boot/etc/modules that (both) belongs to initrd.lrp. I hope that this can be useful, Giovanni Franza IMHO, I do not think ext2 will cut it for production use with respect to data integrity. Maybe ext3 or reiserfs (or xfs?) on CFs. But what about for floppies? Ouch! Even for CFs, the mentioned fs may not prove to be efficient at all due to space consumed by journalling (if you have a large footprint). I'm currently testing ext3 + cramfs on CF. Seems ok... but still in testing stage. Can anyone really vouch for ext3 inegrity/stability on CF? If ever M$ gets it, will really miss the LEAF floppy approach though :o(. Regards, Vic --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.656 / Virus Database: 421 - Release Date: 4/9/2004 --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] LEAF Theory of Operation
Hi, Message: 2 Date: Tue, 13 Apr 2004 18:32:41 -0700 (PDT) From: jeremy rubia [EMAIL PROTECTED] To: leaf [EMAIL PROTECTED] Subject: [leaf-user] LEAF Theory of Operation Hi to all, I had been browsing and searching all docs in this archive and including the leaf homepage but still cant find what i want. Just want to know on where can i find a document that explains the theory of operation of LEAF. From experience, LEAF is one of the most documented opensource projects that I know of. Anyways, basically, LEAF is a Linux Firewall (and service/s package) on a floppy disk project. Theories in-practise are: - boot off a Linux Firewall (and server,etc) OS from a floppy disk - floppy disk simply contains compressed images (tgz'd images) - compressed images are exploded on ram disk to make up the entire Linux fs - changes made in config settings are backed up by compressing (tgz'ing) volatile fs files on ramdisk back to image format, then copied back to the floppy disk note that the floppy disk target has now evolved in many forms. many people are also using CDROMS (no backup or backup is done on other media), Compact Flash, MTDs, etc. HTH - vic --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.656 / Virus Database: 421 - Release Date: 4/9/2004 --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] OT: UPX v1.11
Hi, I've been searching for a downloadable source of the said upx version. An attemp to log to cvs using: cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/upx login fails. Any help/link/e-mail attachment with complete (tgz/bz2) buildable source is very much appreciated. I'm also inclined to accept a pre-built binary of upx v1.11 out of desperation. I need it for Kernel compression (obviously). TIA - Vic --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] handling multiple ISPs
Hi everyone, How do you guys handle simultaneous connections to multiple ISPs in such a way that when the primary ISP buckles, my clients will automatically make use of the secondary ISP without having to change their DNS settings (and restarting -- WINPC). I've heard of dnrd, and it looks promising and quite small! It should definitely fit in a LEAF box. How about you guys? Any suggestions? TIA - Vic --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] subnet-to-subnet simulation problem
Hello Charles, Lynn, everyone! And well enough!! A tunnel is UP! Both clients from end-to-end can ping each other. Thanks for all your help! I fixed a bit of chaining rules and followed the 2048 sigkey regeneration recommended by Charles. I did almost nothing on the ipsec confs, but replace the new keys and the secrets files. After a restart! I went: WOW! SO THIS IS WHAT A TUNNEL LOOKS LIKE I'm just so happy :o. My next venture is a LEAF/DS --- WIN2K VPN *sigh* ... I get this feeling you guys will hear from me soon. heheh. Thanks again! Charles/Lynn/Everyone! - 'ipsec look' on SR3K-VPN1 Thu Oct 3 20:10:14 UTC 2002 - SR3K-VPN1 Thu Oct 3 20:10:36 UTC 2002 192.168.4.0/24 - 192.168.5.0/24 = [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] (18) ipsec0-eth0 mtu=16260(1427)-1500 [EMAIL PROTECTED] AH_HMAC_MD5: dir=in src=192.168.3.1 ooowin=64 alen=128 aklen=128 life(c,s,h)=add(2857,0,0) [EMAIL PROTECTED] AH_HMAC_MD5: dir=in src=192.168.3.1 ooowin=64 seq=21 bit=0x0001f alen=128 aklen=128 life(c,s,h)=bytes(2180,0,0)add(2850,0,0)use(2543,0,0)packets(21,0,0) idle=720 [EMAIL PROTECTED] AH_HMAC_MD5: dir=out src=192.168.2.1 ooowin=64 alen=128 aklen=128 life(c,s,h)=add(2857,0,0) [EMAIL PROTECTED] AH_HMAC_MD5: dir=out src=192.168.2.1 ooowin=64 seq=18 alen=128 aklen=128 life(c,s,h)=bytes(2344,0,0)add(2850,0,0)use(2543,0,0)packets(18,0,0) idle=1497 [EMAIL PROTECTED] ESP_3DES: dir=in src=192.168.3.1 iv_bits=64bits iv=0x6a06cbef49d98ab0 ooowin=64 eklen=192 life(c,s,h)=add(2857,0,0) [EMAIL PROTECTED] ESP_3DES: dir=in src=192.168.3.1 iv_bits=64bits iv=0x4c2c3b60a4b7f59b ooowin=64 seq=21 bit=0x0001f eklen=192 life(c,s,h)=bytes(1748,0,0)add(2850,0,0)use(2543,0,0)packets(21,0,0) idle=720 [EMAIL PROTECTED] ESP_3DES: dir=out src=192.168.2.1 iv_bits=64bits iv=0xf764e37594b2c2b3 ooowin=64 eklen=192 life(c,s,h)=add(2857,0,0) [EMAIL PROTECTED] ESP_3DES: dir=out src=192.168.2.1 iv_bits=64bits iv=0x6b76781bf9385d32 ooowin=64 seq=18 eklen=192 life(c,s,h)=bytes(1912,0,0)add(2850,0,0)use(2543,0,0)packets(18,0,0) idle=1497 [EMAIL PROTECTED] IPIP: dir=in src=192.168.3.1 life(c,s,h)=add(2857,0,0) [EMAIL PROTECTED] IPIP: dir=out src=192.168.2.1 life(c,s,h)=add(2857,0,0) [EMAIL PROTECTED] IPIP: dir=in src=192.168.3.1 life(c,s,h)=bytes(1748,0,0)add(2850,0,0)use(2543,0,0)packets(21,0,0) idle=720 [EMAIL PROTECTED] IPIP: dir=out src=192.168.2.1 life(c,s,h)=bytes(1548,0,0)add(2850,0,0)use(2543,0,0)packets(18,0,0) idle=1497 Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.2.200 0.0.0.0 UG0 0 0 eth0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 ipsec0 192.168.5.0 192.168.2.200 255.255.255.0 UG0 0 0 ipsec0 --- 'ipsec auto --status' on SR3K-VPN1 BOX: --- 000 interface ipsec0/eth0 192.168.2.1 000 000 VPN1-VPN2: 192.168.4.0/24===192.168.2.1---192.168.2.200... 000 VPN1-VPN2: ...192.168.3.200---192.168.3.1===192.168.5.0/24 000 VPN1-VPN2: ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 VPN1-VPN2: policy: PSK+ENCRYPT+AUTHENTICATE+TUNNEL+PFS; interface: eth0; erouted 000 VPN1-VPN2: newest ISAKMP SA: #3; newest IPsec SA: #4; eroute owner: #4 000 000 #2: VPN1-VPN2 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 25646s 000 #2: VPN1-VPN2 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] 000 #1: VPN1-VPN2 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 204s 000 #4: VPN1-VPN2 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 26135s; newest IPSEC; eroute owner 000 #4: VPN1-VPN2 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] 000 #3: VPN1-VPN2 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 935s; newest ISAKMP - 'ipsec look' on SR3K-VPN2 Thu Oct 3 20:10:14 UTC 2002 - 192.168.5.0/24 - 192.168.4.0/24 = [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] (21) ipsec0-eth0 mtu=16260(1427)-1500 [EMAIL PROTECTED] AH_HMAC_MD5: dir=out src=192.168.3.1 ooowin=64 alen=128 aklen=128 life(c,s,h)=add(2843,0,0) [EMAIL PROTECTED] AH_HMAC_MD5: dir=out src=192.168.3.1 ooowin=64 seq=21 alen=128 aklen=128 life(c,s,h)=bytes(2684,0,0)add(2836,0,0)use(2529,0,0)packets(21,0,0) idle=706 [EMAIL PROTECTED] AH_HMAC_MD5: dir=in src=192.168.2.1 ooowin=64 alen=128 aklen=128 life(c,s,h)=add(2843,0,0) [EMAIL PROTECTED] AH_HMAC_MD5: dir=in src=192.168.2.1 ooowin=64 seq=18 bit=0x3 alen=128 aklen=128 life(c,s,h)=bytes(1912,0,0)add(2836,0,0)use(2529,0,0)packets(18,0,0) idle=1483 [EMAIL PROTECTED] ESP_3DES: dir=out src=192.168.3.1 iv_bits=64bits iv=0x4747733efef32654
Re: [leaf-user] subnet-to-subnet simulation problem
- Original Message - From: Charles Steinkuehler [EMAIL PROTECTED] To: guitarlynn [EMAIL PROTECTED]; Vic Berdin [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, October 02, 2002 12:07 AM Subject: Re: [leaf-user] subnet-to-subnet simulation problem Both sides are intending to start the connection only one can start the connection, the other side(s) must add. Actually, this is quite legal, and how I have most of my VPN's setup (the exceptions are the connections where one end has a dynamic IP...you can't start these from the end that doesn't know both IPs!). Typically, I'll set keying retries to a small number on the more stable box (ie the Office VPN gateway) so if for any reason it reboots it will restore the connections, but won't keep trying forever (in case one of the home firewalls is off-line), while I set the home-based systems retries to 0, so they'll keep trying to establish a connection as long as they're on-line. Yes, and I've looked closely into what Lynn Avant is pointing out about my routes. Well, I don't see anything wrong with it. I repeat that VPN1-CLI can 'ping' VPN2 BOX's 192.168.3.1 external IP. And likewise VPN2-CLI can 'ping' VPN1-BOX 192.168.2.1 external IP. I also allow the two client machines to access our office network and the net via ROUTER's 192.168.1.200 external interface. FWIW, I pasted my routes and traceroute results. Anyway, as an update to my VPN woes, I'm already able to rid off of the md5sum descrepancies pointed out by Charles (the md5sum bin I got is broken). Yet, the same 'trapped' status remains. I also tried using the very latest ipsec kernel patch which is 1.98b againts JNilo's ipsec.lrp v1.97 (not sure if this is OK though, but I'll also rolling one using the latest builds). And still, this 'trapped' status lurks. My desperate approach now is to try to look more closely to my configs and secrets files and also try using an RH7.2 standard distro and learn from it once I get my first tunnel! From the diagram: VPN1-CLI (Client) |eth0: 192.168.4.1 gw: 192.168.4.200 | |eth1: 192.168.4.200 gw: 192.168.2.1 VPN1 BOX |eth0: 192.168.2.1 gw: 192.168.2.200 | |eth1: 192.168.2.200 gw: 192.168.1.200 ROUTER---eth0: 192.168.1.200 gw: 192.168.1.3 |eth2: 192.168.3.200 gw: 192.168.1.200 | |eth0: 192.168.3.1 gw: 192.168.3.200 VPN2 BOX |eth1: 192.168.5.200 gw: 192.168.3.1 | |eth0: 192.168.5.1 gw: 192.168.5.200 VPN2-CLI (Client) Route tables: VPN1 BOX Kernel IP routing table Destination Gateway Genmask Iface 192.168.5.0 192.168.2.200 255.255.255.0 ipsec0 192.168.4.0 0.0.0.0 255.255.255.0 eth1 192.168.2.0 0.0.0.0 255.255.255.0 eth0 192.168.2.0 0.0.0.0 255.255.255.0 ipsec0 0.0.0.0 192.168.2.200 0.0.0.0 eth0 VPN2 BOX Kernel IP routing table Destination Gateway Genmask Iface 192.168.5.0 0.0.0.0 255.255.255.0 eth1 192.168.4.0 192.168.3.200 255.255.255.0 ipsec0 192.168.3.0 0.0.0.0 255.255.255.0 eth0 192.168.3.0 0.0.0.0 255.255.255.0 ipsec0 0.0.0.0 192.168.3.200 0.0.0.0 eth0 Traceroutes: VPN1 BOX: 'traceroute www.google.com': 1 192.168.2.200 (192.168.2.200) 0.582 ms 0.559 ms 0.543 ms 2 192.168.1.3 (192.168.1.3) 0.697 ms 0.734 ms 0.679 ms 3 202.164.181.237 (202.164.181.237) 2.089 ms 1.812 ms 1.836 ms 4 203.167.82.33 (203.167.82.33) 1.946 ms 11.94 ms 1.968 ms 5 207.176.97.97 (207.176.97.97) 29.38 ms 29.115 ms 29.338 ms 6 207.176.96.65 (207.176.96.65) 32.044 ms 32.725 ms 29.991 ms 7 202.84.143.25 (202.84.143.25) 183.209 ms 187.223 ms 184.571 ms 8 eqixsj-google-gige.google.com (206.223.116.21) 183.135 ms 182.435 ms 187.193 ms 9 core2-0-2-0.pao.net.google.com (216.239.48.213) 185.187 ms 186.571 ms 187.59 ms 10 216.239.48.53 (216.239.48.53) 190.836 ms 189.131 ms 187.449 ms 11 br1-1-3-0.ex.net.google.com (216.239.48.57) 194.241 ms 195.882 ms 195.433 ms 12 exbi2-1-1.net.google.com (216.239.47.6) 202.401 ms 203.635 ms 197.497 ms 13 * * * 14 * * * 15 * * * VPN2 BOX: 'traceroute www.slashdot.org': 1 192.168.3.200 (192.168.3.200) 0.755 ms 0.537 ms 0.525 ms 2 192.168.1.3 (192.168.1.3) 0.733 ms 0.716 ms 0.71 ms 3 202.164.181.237 (202.164.181.237) 1.842 ms 2.695 ms 1.825 ms 4 203.167.82.33 (203.167.82.33) 1.918 ms 1.863 ms 1.835 ms 5 208.172.151.5 (208.172.151.5) 258.009 ms 257.719 ms 258.078 ms 6 agr2-loopback.SantaClara.cw.net (208.172.146.102) 258.227 ms 259.141 ms 258.215 ms 7 dcr1-so-7-1-0.SantaClara.cw.net (208.172.156.57) 258.067 ms 258.154 ms 257.993 ms 8 agr3-so-4-0-0.SantaClara.cw.net (208.172.156.26) 260.374 ms agr4-so-4-0-0.SantaClara.cw.net (208.172.156.30) 258.151 ms 258.936
Re: [leaf-user] subnet-to-subnet simulation problem
Hello Lynn Avants, Thanks for your reply. I already tookout the 'ip_masq_ipseq' from loading, but still, the exact problem remains. BTW, the eth1 interface from VPN1 BOX actually goes to the VPN1 BOX client. Hence, it's actually an internal device. My diagram is indeed a bit confusing. I do have some more queries regarding keys and my pluto authlog though. Having the authlog below, from my new 'ipsec barf' result, notice that there are errors generated by Pluto. I've already gotten openssl.lrp from JNilo's site in order to resolv this. I'm thinking that Pluto's failure to read the needed certificates brings about problems in my keying/ipsec.secrets resolution. Anyways, if I'm not on the right track please let me know. TIA - Vic == + egrep -n Starting Pluto /var/log/auth.log + cat + sed -n $s/:.*//p + sed -n 1,$p /var/log/auth.log Jul 30 06:42:07 SR3K-VPN1 Pluto[1737]: Starting Pluto (FreeS/WAN Version 1.91) Jul 30 06:42:07 SR3K-VPN1 Pluto[1737]: including X.509 patch (Version 0.9.3) Jul 30 06:42:07 SR3K-VPN1 Pluto[1737]: Could not change to directory '/etc/ipsec.d/cacerts' Jul 30 06:42:07 SR3K-VPN1 Pluto[1737]: Could not change to directory '/etc/ipsec.d/crls' Jul 30 06:42:07 SR3K-VPN1 Pluto[1737]: could not open my X.509 cert file '/etc/x509cert.der' Jul 30 06:42:07 SR3K-VPN1 Pluto[1737]: OpenPGP certificate file '/etc/pgpcert.pgp' not found Jul 30 06:42:10 SR3K-VPN1 Pluto[1737]: added connection description VPN1-VPN2 Jul 30 06:42:10 SR3K-VPN1 Pluto[1737]: listening for IKE messages Jul 30 06:42:10 SR3K-VPN1 Pluto[1737]: adding interface ipsec0/eth0 192.168.2.1 Jul 30 06:42:10 SR3K-VPN1 Pluto[1737]: loading secrets from /etc/ipsec.secrets Jul 30 06:42:11 SR3K-VPN1 Pluto[1737]: VPN1-VPN2 #1: initiating Main Mode Jul 30 06:42:21 SR3K-VPN1 Pluto[1737]: some IKE message we sent has been rejected with ECONNREFUSED (kernel supplied no details) Jul 30 06:42:22 SR3K-VPN1 Pluto[1737]: packet from 192.168.2.200:61013: initial Main Mode message received on 192.168.2.1:500 but no connection has been authorized Jul 30 06:44:53 SR3K-VPN1 Pluto[1737]: packet from 192.168.2.200:61013: initial Main Mode message received on 192.168.2.1:500 but no connection has been authorized Jul 30 06:45:33 SR3K-VPN1 Pluto[1737]: packet from 192.168.2.200:61013: initial Main Mode message received on 192.168.2.1:500 but no connection has been authorized Jul 30 06:46:12 SR3K-VPN1 Pluto[1737]: packet from 192.168.2.200:61013: initial Main Mode message received on 192.168.2.1:500 but no connection has been authorized + _ + + date Tue Jul 30 06:46:40 UTC 2002 - Original Message - From: guitarlynn [EMAIL PROTECTED] To: Vic Berdin [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, September 30, 2002 11:57 AM Subject: Re: [leaf-user] subnet-to-subnet simulation problem On Sunday 29 September 2002 05:08, Vic Berdin wrote: VPN1-CLI |eth0: 192.168.4.1 |gw:192.168.4.200 | | |eth1: 192.168.4.200 |gw:192.168.2.1 VPN1 BOX From the look of things, your using Dachstein, so I will assume this. Looks pretty unusual to use eth1 as an external interface, this can bork the networking pretty good with Dachstein in the default setup. ip_masq_ipsec 7328 0 (unused) DO NOT USE the ipsec module with Dachstein it will bork everything up with the ipsec-kernel. The module is only used for pass-through with Dachstein. Jul 30 03:42:30 SR3K-VPN1 Pluto[1574]: packet from 192.168.2.200:61070: initial Main Mode message received on 192.168.2.1:500 but no connection has been authorized Looks like your keys/naming isn't right in ipsecrets and the point of failure unless having the ipsec module loaded is messing the connection up here (good possibility). -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] subnet-to-subnet simulation problem
192.168.3.255 Sep 11 06:19:54 SR3K-VPN2 ipsec_setup: ...FreeS/WAN IPsec started Sep 11 06:19:57 SR3K-VPN2 ipsec__plutorun: 104 VPN1-VPN2 #1: STATE_MAIN_I1: initiate + _ + + egrep -i pluto + egrep -n Starting Pluto /var/log/auth.log + cat + sed -n $s/:.*//p + sed -n 1,$p /var/log/auth.log Sep 11 06:19:54 SR3K-VPN2 Pluto[1581]: Starting Pluto (FreeS/WAN Version 1.91) Sep 11 06:19:56 SR3K-VPN2 Pluto[1581]: added connection description VPN1-VPN2 Sep 11 06:19:57 SR3K-VPN2 Pluto[1581]: listening for IKE messages Sep 11 06:19:57 SR3K-VPN2 Pluto[1581]: adding interface ipsec0/eth0 192.168.3.1 Sep 11 06:19:57 SR3K-VPN2 Pluto[1581]: loading secrets from /etc/ipsec.secrets Sep 11 06:19:57 SR3K-VPN2 Pluto[1581]: VPN1-VPN2 #1: initiating Main Mode Sep 11 06:20:16 SR3K-VPN2 Pluto[1581]: packet from 192.168.3.200:61012: initial Main Mode message received on 192.168.3.1:500 but no connection has been authorized + _ + + date Wed Sep 11 06:20:38 UTC 2002 - Original Message - From: Charles Steinkuehler [EMAIL PROTECTED] To: Vic Berdin [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, September 30, 2002 9:06 PM Subject: Re: [leaf-user] subnet-to-subnet
[leaf-user] subnet-to-subnet simulation problem
Hello everyone, This is actually a freeswan VPN query, so I'm sorry if I had to post this query here also. But I do know that most of you are experts in the VPN field, hence, here goes... I've been trying to do a subnet-to-subnet VPN using my LEAF based routers without success. My setup involves another LEAF machine acting as a virtual internet between the two VPN boxes. Here's a diagram of my setup: VPN1-CLI |eth0: 192.168.4.1 |gw:192.168.4.200 | | |eth1: 192.168.4.200 |gw:192.168.2.1 VPN1 BOX |eth0: 192.168.2.1 |gw: 192.168.2.200 | | |eth1: 192.168.2.200 |gw: 192.168.1.200 ROUTEReth0: 192.168.1.200 |eth2: 192.168.3.200 |gw:192.168.1.200 | | |eth0: 192.168.3.1 |gw:192.168.3.200 VPN2 BOX |eth1: 192.168.5.200 |gw:192.168.3.1 | | |eth0: 192.168.5.1 |gw:192.168.5.200 VPN2-CLI My VPN and ROUTER machines are LEAF/LRP 2.2.19 based, while the VPN-CLI client machines are Win98 PCs. My problem is that, I cannot 'ping' 192.168.4.1 from 192.168.5.1 and vise versa. Upon running 'ipsec look' on either side, I get a 'trap' status instead of a tunnel. SR3K-VPN1 Tue Jul 30 04:02:27 UTC 2002 192.168.4.0/24 - 192.168.5.0/24 = %trap (0) ipsec0-eth0 mtu=16260(1500)-1500 Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.2.200 0.0.0.0 UG0 0 0 eth0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 ipsec0 192.168.5.0 192.168.2.200 255.255.255.0 UG0 0 0 ipsec0 I believe there's nothing wrong with my network setup and ipchaining / routing rules as I am able to 'ping' VPN1 BOX from VPN2-CLI, and 'ping' VPN2 BOX from VPN1-CLI. I can also 'ping' VPN1 from VPN2 BOX, and vise versa. Below are some of the listings in my 'ipsec barf' result. I'm currently employing a very lame ipchain rule set just to see this work. Both of my VPN machines are currently using the same set of rules with respect to their network settings. I also tried allowing ipsec protocols to pass thru ROUTER's internal networks thinking it may be needed not! What else am I missing here? TIA - Vic = SR3K-VPN1 Tue Jul 30 03:43:58 UTC 2002 + _ + + ipsec --version Linux FreeS/WAN 1.91 See `ipsec --copyright' for copyright information. + _ + + cat /proc/net/ipsec_eroute 0 192.168.4.0/24 - 192.168.5.0/24 = %trap + _ + + cat /proc/net/ipsec_spi + _ + + cat /proc/net/ipsec_spigrp + _ + + netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.5.0 192.168.2.200 255.255.255.0 UG0 0 0 ipsec0 192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 ipsec0 0.0.0.0 192.168.2.200 0.0.0.0 UG0 0 0 eth0 + _ + + cat /proc/net/ipsec_tncfg ipsec0 - eth0 mtu=16260(1500) - 1500 ipsec1 - NULL mtu=0(0) - 0 ipsec2 - NULL mtu=0(0) - 0 ipsec3 - NULL mtu=0(0) - 0 + _ + + cat /proc/net/pf_key sock pid socket next prev e n p sndbfFlags Type St c7278680 1574 c54643b000 0 0 2 32767 3 1 + _ + + cd /proc/net + egrep ^ pf_key_registered pf_key_supported pf_key_registered:satype socket pid sk pf_key_registered: 2 c54643b0 1574 c7278680 pf_key_registered: 3 c54643b0 1574 c7278680 pf_key_registered: 9 c54643b0 1574 c7278680 pf_key_registered:10 c54643b0 1574 c7278680 pf_key_supported:satype exttype alg_id ivlen minbits maxbits pf_key_supported: 2 14 3 0 160 160 pf_key_supported: 2 14 2 0 128 128 pf_key_supported: 3 15 3 128 168 168 pf_key_supported: 3 14 3 0 160 160 pf_key_supported: 3 14 2 0 128 128 pf_key_supported: 9 15 4 0 128 128 pf_key_supported: 9 15 3 0 32 128 pf_key_supported: 9 15 2 0 128 32 pf_key_supported: 9 15 1 0 32 32 pf_key_supported:10 15 2 0 1 1 + _ + + cd /proc/sys/net/ipsec + egrep ^ debug_ah debug_eroute debug_esp debug_ipcomp
[leaf-user] query on pubkey format
Hello everyone, Upon initiating the command ipsec rsasigkey 1024, I get a pubkey format that seems different from that of the examples I gather from the docs. For some reason, perhaps due to this pubkey value, I can't establish a successful subnet-to-subnet VPN. Below is a snip of my generated pubkey value. # RSA 1024 bits SR3K-VPN1 Tue Sep 10 11:53:55 2002 # for signatures only, UNSAFE FOR ENCRYPTION #pubkey=0sAQNnQtCrwTIPX9+lBMZuGzaYulXNzFFlZmAC0HVPO19mqJd2Gbt38OLLp/nBFY PyW+p+CKeoIVuWV7nxIZz/KovwQ4gmh3Ec3SUVFuQtRZY+htOWh28m5iaiIsH+w+TCxT3pdL Jq+ScnrpZCOOQUhFaZVHUJB8B4tDbjEO9LMYt8UQ== #IN KEY 0x4200 4 1 AQNnQtCrwTIPX9+lBMZuGzaYulXNzFFlZmAC0HVPO19mqJd2Gbt38OLLp/nBFYPyW+p+CKeo IVuWV7nxIZz/KovwQ4gmh3Ec3SUVFuQtRZY+htOWh28m5iaiIsH+w+TCxT3pdLJq+ScnrpZC OOQUhFaZVHUJB8B4tDbjEO9LMYt8UQ== # (0x4200 = auth-only host-level, 4 = IPSec, 1 = RSA) .. .. Is there something wrong with my pubkey above? I would also like to send out my lengthy ipsec barf result if there's nothing wrong with this pubkey. TIA - Vic --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] /var/log/wtmp data log on LEAF
Hello everyone, I need to manage /var/log/wtmp data log on a regular basis (preferably using a cron triggered binary/script). As other mail archive trails suggests, A C program that will truncate it must be created. It can be done but, what do you guys have to say about it? How do LEAF users manage /var/log/wtmp? TIA --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] followup: manage /var/log/wtmp data...
Hello everyone, Ok, don't mind my previous post. cat /dev/null wtmp does it! thanks! --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Dachstein ipfilter.conf query
Hello everyone, I was wondering if when/how will the $BORDER_RTR parameter of /etc/ipfilter.conf will be set. I can't find the variable in /etc/init.d/network and /etc/network.conf. I'm going thru the ipfilter details for my quest of improving my own ipchain script. - TIA --- This sf.net email is sponsored by:ThinkGeek Stuff, things, and much much more. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] query on: sending ack [client IP] message
Hello Everyone, I have one query about Lynn Avant's udhcp package (that came along with the dachstein-ipsec-1680.bin contribution). I'm wondering if what the sending ACK to [dhcp client ip] message that kept on scrolling on my LRP terminal one really means. Everything seems to function correctly though. But why does this message continously scroll even if my client was already able to grab a dhcp lease? TIA - Vic --- This sf.net email is sponsored by:ThinkGeek No, I will not fix your computer. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] RE: FreeS/Wan and tinydns
Hello Brock, Would Vic's use of the DNS server be to allow opportunistic connections, where the key is stored on the DNS server? Presumably tinydns would allow this? Would it allow dynamic updates of your IP (and thus eliminate a commercial dynamic DNS server subscription)? I didn't quite understand what he was getting at in the original post, I wonder if this is the real question? Brock Actually, my query is a lot lamer than what you guys thought (heheheh). All really needed is if tinydns will suffice to supply what freeswan needs so that I can implement a successful VPN. I'm still in the process of going through all the docs though. But thanks anyway! - Vic ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] FreeS/Wan and tinydns
Hello Charles, Your response is quite sufficient. I have not gone to the details of FreeS/WAN docs yet. All I know is that it is dependent on a DNS server, specificly the standard linux DNS server which is Bind. All I wanted to know is if the tinydns package is enough to work with FreeS/WAN. And you said yes. Hence, excellent! And thanks! Regards, Vic - Original Message - From: Charles Steinkuehler [EMAIL PROTECTED] To: Vic Berdin [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, June 11, 2002 10:40 PM Subject: Re: [leaf-user] FreeS/Wan and tinydns Can FreeS/Wan make use of tinydns instead of bind8? I've read docs from J.Nilo's site and I'm sold that tinydns is a much better choice compared to bind. However, I also would like to setup VPN using FreeS/Wan (already patched my kernel). But will FreeS/Wan work with tinydns? The short answer is yes, but actually, your question doesn't make much sense. Tinydns and bind are both DNS servers. While a DNS server is critical in getting any domains you may be in control of to resolve for folks out on the internet, it doesn't have much to do with name resolution on your local hosts. What really matters is the contents of the /etc files hosts, resolv.conf, nsswitch, and similar. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] FreeS/Wan and tinydns
Hello Everyone, Can FreeS/Wan make use of tinydns instead of bind8? I've read docs from J.Nilo's site and I'm sold that tinydns is a much better choice compared to bind. However, I also would like to setup VPN using FreeS/Wan (already patched my kernel). But will FreeS/Wan work with tinydns? TIA - Vic ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] ifconfig result
Hello everyone, I'm wondering if anyone knows *exactly* what causes TX errors, and none on the RX side. My machine here has two on-board eths, and one wireless pcmcia eth. I'm using eth0 as my external if, and the other two hosts my internal nets. Everything is working fine, ping latency is not erratic, but I'm getting these alarming TX errors displayed by the ifconfig command. I've read some archives and it suggests that such errors are caused by flaky cards. Everything seems working though. Any insights on this matter? TIA - Vic loLink encap:Local Loopback inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:566 errors:0 dropped:0 overruns:0 TX packets:0 errors:43721 dropped:566 overruns:0 eth0 Link encap:Ethernet HWaddr 00:04:A7:02:0A:39 inet addr:192.168.1.200 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:585264 errors:0 dropped:0 overruns:0 TX packets:0 errors:41361141 dropped:426663 overruns:0 Interrupt:10 Base address:0xdc00 eth1 Link encap:Ethernet HWaddr 00:04:A7:02:0A:38 inet addr:192.168.2.200 Bcast:192.168.2.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 TX packets:0 errors:458353 dropped:2701 overruns:0 Interrupt:11 Base address:0xd800 wlan0 Link encap:Ethernet HWaddr 00:90:4B:00:5D:A1 inet addr:192.168.4.200 Bcast:192.168.4.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:9309 errors:0 dropped:1 overruns:0 TX packets:0 errors:1995847 dropped:18651 overruns:4 Interrupt:10 Base address:0x100 ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[Leaf-user] Help on initrd patch to autoload minix
Hello everyone, I've tried rebuilding my DS kernel in an attempt to add some more features. My problem is that the standard 2.2.19 source trees .config listing does not include the following lines: CONFIG_BLOCK_DEV_INITRD_ARCHIVE=y CONFIG_BLOCK_DEV_INITRD_ARCHIVE_AUTOFS_MINIX=y I tried scouring the net for the initrd source patches created by Dave Cinege way back but wasn't able to find one. Can anyone show me links on where to get, and how to apply these patches on a 2.2.19 source tree? I already checked out Dave's ftp psychosis site, but there isn't much you can do when logged as anonymous. TIA ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] ramdisk_size query for DS 1.0.2
Hello Jacques, I figured someone from LEAF would suggest this. For starters, I'll try to minimize/optimize my DS 2.2.19 packages as everything is already well configured for DS 1.0.2 and hopefully create more ram space. But I'll definitely look into Bering's offerings as the 2.4 environment seem quite tempting. Thanks! - Original Message - From: Jacques Nilo [EMAIL PROTECTED] To: Vic Berdin [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, March 14, 2002 4:24 AM Subject: Re: [Leaf-user] ramdisk_size query for DS 1.0.2 I have a need to increase my syslinux.cfg ramdisk_size declaration to a value above 65536. My DS box has 128MB physical ram, and it's currently using 65536, but for database reasons, I'm thinking of jacking this value to 98304. I did some research on the past mail archives and stumbled upon old queries posted by other LEAF users talking about a 2.4 package called initrd.lrp, and setting additional syslinux.cfg parameters like initrd, and syst_size. Going thru the archives, I also came across informative exchanges from our LEAF developers on modelling the use and packaging of initrd (and root.lrp) for future the LRPs. I would like to know if how do I handle/implement this on a DS 2.2.19 environment (if this hasn't been done yet). I really need to raise my ram disk size to above 64M. initrd.lrp is a package that was designed for Bering in order to get rid of the original LRP patches and move on kernel 2.4.x development. Check http://leaf.sourceforge.net/devel/jnilo In this distro, you can use tmp_size=xxM, to allocate xxM of space /tmp or log_size=yyM to control max size of /var/log Jacques ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] ramdisk_size query for DS 1.0.2
Hello Charles, As mentioned, the size limit for minix is 64M. I see. If you want a really huge ramdisk, you can format and mount one after the system has initally booted. Ext2 would be a good choice for the file-system...you can get the ext2 userspace tools from the hard-disk support packages, and the Dachstein kernels have ext2 filesystem support compiled as a loadable module. If stripping my packages even more will not create the space I need, I will definitely do this. Thanks! - Message: 1 From: Charles Steinkuehler [EMAIL PROTECTED] To: Vic Berdin [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [Leaf-user] ramdisk_size query for DS 1.0.2 Date: Wed, 13 Mar 2002 09:09:22 -0600 I have a need to increase my syslinux.cfg ramdisk_size declaration to a value above 65536. My DS box has 128MB physical ram, and it's currently using 65536, but for database reasons, I'm thinking of jacking this value to 98304. I did some research on the past mail archives and stumbled upon old queries posted by other LEAF users talking about a 2.4 package called initrd.lrp, and setting additional syslinux.cfg parameters like initrd, and syst_size. Going thru the archives, I also came across informative exchanges from our LEAF developers on modelling the use and packaging of initrd (and root.lrp) for future the LRPs. I would like to know if how do I handle/implement this on a DS 2.2.19 environment (if this hasn't been done yet). I really need to raise my ram disk size to above 64M. As mentioned, the size limit for minix is 64M. If you want a really huge ramdisk, you can format and mount one after the system has initally booted. Ext2 would be a good choice for the file-system...you can get the ext2 userspace tools from the hard-disk support packages, and the Dachstein kernels have ext2 filesystem support compiled as a loadable module. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] ramdisk_size query for DS 1.0.2
Hello Everyone, I have a need to increase my syslinux.cfg ramdisk_size declaration to a value above 65536. My DS box has 128MB physical ram, and it's currently using 65536, but for database reasons, I'm thinking of jacking this value to 98304. I did some research on the past mail archives and stumbled upon old queries posted by other LEAF users talking about a 2.4 package called initrd.lrp, and setting additional syslinux.cfg parameters like initrd, and syst_size. Going thru the archives, I also came across informative exchanges from our LEAF developers on modelling the use and packaging of initrd (and root.lrp) for future the LRPs. I would like to know if how do I handle/implement this on a DS 2.2.19 environment (if this hasn't been done yet). I really need to raise my ram disk size to above 64M. TIA ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] httpd port in DS
Hello everyone, I can't figure out why httpd won't work on it's native port 80. I've managed to make it work on port 81 and on any other available port as long as it's not 80. I find it a bit odd to to include the port number along with the address when accessing web pages on my DS box. And I also do not wish to change my browser's default port settings juts to make this work. Upon viewing the /etc/services file, it clearly indicates that port 80 is indeed accounted for WWW http: www80/tcphttp#World Wide Web HTTP www80/udp #Hypertext transfer protocol I just can't figure out why httpd can't/won't use port 80. Any hints to those who may have encountered the same problem is greately appreciated. TIA! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] httpd port in DS
Thanks for your reply Ray. I am so sorry for sending such a vague account of my problem. Anyway, here it is. What I meant with can't/won't use port 80 is that the httpd binary won't run if I set the httpd.conf Port setting to 80. Executing httpd manually, having Port variable set to 80 does not result to having httpd processes running in the background. HTTPD daemon simply won't start! But if I set my httpd.conf Port variable to 81 (or other values aside from 80) the daemon launches just fine. It seems that another process is using port 80. I am not using weblet.lrp. Now if I check my /etc/services file, 80 is properly allocated to httpd. My internal clients access my DS web pages simply by typing the box' hostname (or IP number) + assgined port no. (ie: httpd://mydsbox:81/...). I also use a DS customized webmin.lrp package running under a different port no., and also accessible via the same procedure. I've been using this same setup on my old lrp 2.9.8 box and everything runs smoothly. No need to set a different Port value other than the default httpd port 80. TIA! - Original Message - From: Ray Olszewski [EMAIL PROTECTED] To: Vic Berdin [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, March 11, 2002 2:57 AM Subject: Re: [Leaf-user] httpd port in DS To get anything more than guesses, you'll have to tell us what won't work and can't/won't use port 80 mean. Details like whether you are accessing from the external interface or the internal one, and whether you are talking about port forwarding to an internal server or running the weblet (or some other httpd server) on the router itself. As for the guesses ... some ISPs block incoming traffic to port 80 (to enforce no server policies for home accounts, or for security reasons ... or maybe just to keep the traffic up on troubleshooting lists), requiring off-LAN Web servers to use a non-standard port. At 02:12 AM 3/11/02 +0800, Vic Berdin wrote: Hello everyone, I can't figure out why httpd won't work on it's native port 80. I've managed to make it work on port 81 and on any other available port as long as it's not 80. I find it a bit odd to to include the port number along with the address when accessing web pages on my DS box. And I also do not wish to change my browser's default port settings juts to make this work. Upon viewing the /etc/services file, it clearly indicates that port 80 is indeed accounted for WWW http: www80/tcphttp#World Wide Web HTTP www80/udp #Hypertext transfer protocol I just can't figure out why httpd can't/won't use port 80. Any hints to those who may have encountered the same problem is greately appreciated. -- Never tell me the odds!--- Ray Olszewski-- Han Solo Palo Alto, CA[EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] httpd port in DS
Indeed it its. I already commented out the line as hinted out by Ray. I kept on thanking you guys, and forgetting to cc the list. It's OK now. Works perfectly! Thanks again. - Original Message - From: Manfred Schuler [EMAIL PROTECTED] To: Vic Berdin [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, March 11, 2002 11:42 AM Subject: Re: [Leaf-user] httpd port in DS Hi Vic, I think in /etc/inetd.conf is an entry to start the weblet script. Have look at it and comment it if necessary. Manfred Vic Berdin schrieb: Hello everyone, I can't figure out why httpd won't work on it's native port 80. I've managed to make it work on port 81 and on any other available port as long as it's not 80. I find it a bit odd to to include the port number along with the address when accessing web pages on my DS box. And I also do not wish to change my browser's default port settings juts to make this work. Upon viewing the /etc/services file, it clearly indicates that port 80 is indeed accounted for WWW http: www80/tcphttp#World Wide Web HTTP www80/udp #Hypertext transfer protocol I just can't figure out why httpd can't/won't use port 80. Any hints to those who may have encountered the same problem is greately appreciated. TIA! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user -- Manfred Schuler E_Mail: mailto:[EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Multiple device for internal networks
Hello All, In line with the No firewall / more networks response from Charles, and the fact that INTERN_IF and INTERN_IP parameters can only hold values from a single device, what if I would like to have multiple devices serve internal networks? And I would like these devices have the same security rules. How/where should I declare multiple INTERN devices in network.conf? TIA. - Message: 1 From: Charles Steinkuehler [EMAIL PROTECTED] To: brooksp [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [Leaf-user] No firewall / more networks Date: Thu, 28 Feb 2002 09:54:50 -0600 Kindest greetings, Can anyone help me out and give me some information on the following two points. I currently run Dachstein CD and it works a treat, fair play to all involved. Firstly,I want to know if it is possible to run as a general router without firewalling. Absolutely And secondly, if it is possible to route between 3or4 different networks, and if so, how can it be done? You can route between as many network connections as you configure your machine for. I've run several Dachstein routers/firewalls with 5 10/100 Ethernet ports. Does setting the IP Filter Switch to 'router' in network.conf disable the firewall scripts? Not entirely...you'll still have some address spoofing protection, and traffic that shouldn't be crossing the internet (private IP's, all zero's/one's, c) will be dropped. If you don't want any packet filtering, set the IP filter switch to none. Any help on details of how to add settings for more eth cards in network.conf would be appreciated. Only static IP addresses will be used and the box will be firewalled from the internet. To add interfaces, just create additional ethX_* settings (ie eth2_IPADDR, ...), and add the interface to the IF_AUTO list so it will get configured automatically. Also, set: IPFILTER_SWITCH=none and IPFWDING_KERNEL=YES This will get you a multi-port router. If you need to add any static routes, you can do so with the ethX_ROUTES setting. Let's say you get to the remote 10.2.0.0/24 network via a router at 10.1.0.4, which is attached to eth3. Add the following to your eth3 configuration to make a static route: eth3_ROUTES=10.2.0.0/24_via_10.1.0.4 Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] help on wireless pcmcia
Hello everyone, Has anyone been successful in rolling a wireless pcmcia package for DS 1.0.2? (with kernel Dachstein-normal.tar.gz - not really sure if this supports wireless pcmcia/pcmcia). If so, care to share it? I'm trying to roll out my own. And the modules I've gotten from http://www.rarf.riken.go.jp/archives/Linux/slackware/slackware seem to load without any errors. But my problem is, the cardmgr demon can't automatically detect if a pcmcia card is replaced. If I manually insmod the corresponding driver for a card (and it loads), then pulls the card off, the daemon properly uninstalls (rmmod) the modules involved (ofcourse leaving i82365, ds, and pcmcia_core untouched). My problem is to make the package detect the card automatically. I also compiled iw* tools and rolled them along with the package. Another concern of mine is that I'm not sure if the kernel I'm using has wireless pcmcia support (but I was able to insmod, maybe it does). Can anyone also throw me a copy of a complete menuconfig for DS1.0.2 that supports wireless pcmcia and usb? Or you can also throw in a fully functional kernel if possible :o). I'm currently running everything on a HD so size really doesn't bother me. Any attempts to help is greately appreciated. TIA! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Strange shell
Yes Lyn, I have also encountered this phenomena many times before (with the old LRP of Dave Cinege), and once in my current DS box. It's so common with the old LRP that I got used to it. And I do think it's a shell problem because even if I'm not connected to anything, it just suddenly happens! I believe many of us here have encountered this fluke. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Strange shell
It doesn't really matter to me that much. Like I've said, I got used to it. But come to think of it, YEAH it's possible that it's a KB-related issue. It just occurred to me coz since I've started playing with LRP, I'm also using a mechanical switch box to handle ALL of my multi-machine I/O peripheral switching. THAT definitely must be IT! Well, on my case at least. I dunno about Lyn and the other guy. But currently, I only use my switch box for switching monitors. I had enough cash saved up last Christmas to buy myself additional KBs. heheheh :o) - Original Message - From: Jeff Newmiller [EMAIL PROTECTED] To: Vic Berdin [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, February 22, 2002 1:33 PM Subject: Re: [Leaf-user] Strange shell On Fri, 22 Feb 2002, Vic Berdin wrote: Yes Lyn, I have also encountered this phenomena many times before (with the old LRP of Dave Cinege), and once in my current DS box. It's so common with the old LRP that I got used to it. And I do think it's a shell problem because even if I'm not connected to anything, it just suddenly happens! I believe many of us here have encountered this fluke. In almost three years, I have never encountered it. But then, I rarely use the console, and I am aware of the capslock key quirk. So I think it could be associated with the console handling (seems unlikely to me), a bad keyboard triggering uppercase-only, or something associated with a rootkit. -- - Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k -- - ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] 3c508 ISA NIC module
Hello all, I'm having a bad hair day finding a linux source to build a module for a 3c508 ISA NIC. Does anyone here know of such a souce? The only linux- related exchanges I got from scouring the web that seems its about installing a 3c508.o module (wow! they have one!) is in thai (I think). And I can't make anything out of it. http://www.google.com/search?hl=enq=3c508.o Any help will be very much appreciated. TIA! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] pppd problem
Hello, Sorry to bug you guys like this, and it's a sunday! Anyways, I'm really desperate. I've already sent a message to the LEAF user mailing list, and still awaiting any replies. I'm having a permission denied problem if I run pppd using a non-root account. This is the reason why I can't log (dial-in) non-root accounts into my Dachstein box. If I were to change the property of the binary to execute on all users (chmod 777 pppd), I get a -pppd: must be root to run -pppd, since it is not setuid-root message. If I change the permission further in order to get a suid bit (chmod 4755 pppd), the said message remains, and more than that, the binary will fail to work at all. This problem applies to all pppd v2.3.xx found on the LEAF site. Are there any special requirements on the accounts that I must create in order for pppd (or login???) to accept my dial-in attemps? Any suggestions? Thanks. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] help on LEAF ppp.lrp (2.3.11)
Hello Charles, Reason why I need to have setuid-root on my pppd binary is that a message saying: -pppd: must be root to run -pppd, since it is not setuid-root pops out each time I log my non-root account into my DS box. I've tried the commands you've suggested, but still, the warning message keeps on popping out. I never had this problem before with the old ppp.lrp package (pppd v2.2). Only for some reason, I'm having problems making the old ppp package dial-out into my ISP. But my non-root account/s can definitely dial-in. I really like to use this 2.3.11 pppd roll as it is already capable of dialing out to my ISP. But first, I must figure out (I need help actually) how to fix this problem. and ofcourse my non-root user/s shell is /usr/sbin/pppd TIA - Original Message - From: Charles Steinkuehler [EMAIL PROTECTED] To: Vic Berdin [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, February 15, 2002 10:40 PM Subject: Re: [Leaf-user] help on LEAF ppp.lrp (2.3.11) Can anyone point me out to a link where i can get a linux tool/source that can setuid-rootthe pppd binary that comes with the package? No special tools necessary. The setuid bit is just one of the normal file mode bits used in *nix. You see these modes when you do ls -l. You can set the mode bits with the chmod command. To set the setuid bit on the pppd binary, just: chmod u+s pppd If for some reason you have problems with this, you can run: chmod 4755 pppd to overwrite any existing permissions, and set the setuid bit in the process. You should end up with: -rwsr-xr-x as permissions when listed with ls -l...the s indicates user execute permissions, with setuid. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] help on LEAF ppp.lrp (2.3.11)
Hello all, Can anyone point me out to a link where i can get a linux tool/source that can setuid-rootthe pppd binary that comes with the package? TIA! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] help with dhcp client internet setup
Hello all, My box is running dachstein with dhcpd.lrp and dhclient.lrp. My preferred setup is: Internet connection device: ttyS0 --- ppp dialup to an ISP eth0 external network with internet/or DSL ISP dhcp client device: eth1 dhcp clients The services that I've already managed to make workare: 1. DHCP server is already up. 2.ttyS0 dialup to an ISP is already workingvia ppp0 3. eth0 internet connection is also working I'm sure that my internet hookups are working fine because I can traceroute into known internet sites. And the way ppp0 internet connection takes over the eth0 net connection is just fine with me. Now my problem is, how to make my dhcp clients connect to the net using which ever internetservice is up on the box. I bring up both eth0(192.168.1.211) and eth1(192.168.2.211) in network.conf.They have the same masklens (24), eth0GW is correct (as it can connect to the outer network layer and it's internet),but I'm not really sure what to use for eth1's GW (I'vetried using eth0's IP as eth1'sGW -- don't know what to do really). Does this problem has something to do with fixing my ipchains? If so, or otherwise, please give me a hint on how to make my dhcp client machines access the internetusing eth0 and ppp0. And also, I've already managed to configure ttyS1 as a dial-in port to my box. Iwould also like to give internet access to this dial-in port. TIA!
[Leaf-user] dachstein dchp with samba?
hello all, is it possible to makedhcp clients under a dachstein dhcp server access samba service installed onthe same dachstien dhcp server? if so, how? ... or do i really haveto set upanother box with the samba service and make it workas another dhcp client? TIA!
Re: [Leaf-user] dachstein dchp with samba?
thanks a lot mate! your prompt response gave me a prompt solution. - Original Message - From: Michael D. Schleif [EMAIL PROTECTED] To: Vic Berdin [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, February 07, 2002 10:22 AM Subject: Re: [Leaf-user] dachstein dchp with samba? Vic Berdin wrote: is it possible to make dhcp clients under a dachstein dhcp server access samba service installed on the same dachstien dhcp server? if so, how? ... or do i really have to set up another box with the samba service and make it work as another dhcp client? Goto http://lrp.steinkuehler.net/Packages/man/dhcp-options.5.man.htm Look for: option netbios-name-servers and other options thereabouts. HTH -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Dachstein source tree?
Hello all, Can anyone point me out to where I can download Charles' Dachstein (floppy) source tree? Thanx very much in advance! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user