[leaf-user] A-S but no T-Z packages on /leaf.sourceforge.net/packages/glibc-2.0/
Greetings all, I was thinking of putting a wireless bering system together and noticed that the Package Repository for glibc-2.0 has packages A-S but T-Z are missing. I looked with both the IE and Foxfire browsers. As far as I can tell the repository may be the only place to find the wireless.lrp package. I took a quick look at recent posts but did not notice that this subject had been covered. Regards, Bill __ Do you Yahoo!? Yahoo! Mail - 250MB free storage. Do more. Manage less. http://info.mail.yahoo.com/mail_250 --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] A-S but no T-Z packages on /leaf.sourceforge.net/packages/glibc-2.0/ THANKS!
Mike N., Many thanks - Bill Bill, Did you look in Jacques Nilo's old website. It's still active. I haven't incorporated it yet. Also, all content is available in cvs or the SF FRS. http://leaf-project.org/bering/bin/ http://leaf-project.org/bering/bin/bering/latest/packages/ -or- you can get the tarball of Jacques's old website in our FRS area. http://prdownloads.sourceforge.net/leaf/website_bering.tar.gz?download __ Do you Yahoo!? Jazz up your holiday email with celebrity designs. Learn more. http://celebrity.mail.yahoo.com --- SF email is sponsored by - The IT Product Guide Read honest candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] RoadWarrior and RSA: What does leftid or rightid mean?
Thitiporn, From the FreeS/Wan manual on section RSA signatures for authentication: the RSA public key needs an identifier. The identifier goes into leftid= and rightid= . They are the names the systems use to identify themselves during connection negotiations. 4 different ways: A) IP address (aaa.bbb.ccc.ddd) B) a domain name such as (bad.example.com) C) a fully qualified domain name (FQDN) with a @ to indicate is should not be resolved. (@good.example.com) D) [EMAIL PROTECTED] ([EMAIL PROTECTED]) On my road warrior, I used (C) above: [EMAIL PROTECTED] and it seemed to work very well. I have a how-to available in in the Projects/ -patches section on the main leaf sourceforge homepage. It is title Dachstein CD VPN using x.509 Certs # 525202. It includes a section on how to get a road warrior running. Lynn Avants, (guitarlynn) has also written excellent how-tos also available with some digging in leaf. R - Bill --- Thitiporn Pornpirunrak [EMAIL PROTECTED] wrote: Hi all, Now I have to config RoadWarrior and RSA on my bering box. I am wondering that what is the meaning of leftid and rightid. I had finished generate Certificate using OpenSSL. Anyone know please tell me. Thanx. __ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com --- This SF.net email is sponsored by: The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] RoadWarrior and RSA: What does leftid or rightid mean? conn example
Thitiporn, I looked over my notes again and the configuration I used was left - road warrior, right - firewall with ipsec. conn vpn type=tunnel left=%any leftrsasigkey= . . . right=aaa.bbb.ccc.ddd [EMAIL PROTECTED] . . #There is no leftid in my working configuration file Perhaps this plus the other will help- R - Bill --- Thitiporn Pornpirunrak [EMAIL PROTECTED] wrote: Hi all, Now I have to config RoadWarrior and RSA on my bering box. I am wondering that what is the meaning of leftid and rightid. I had finished generate Certificate using OpenSSL. Anyone know please tell me. Thanx. __ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com --- This SF.net email is sponsored by: The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] dachstein NTP Internal Time Server - M$ freeware works
Kevin, Thanks for weighing in with your results. I am up and running with a M$ freeware called Dimension 4 on a 98se box. It uses the SNTP (Simple NTP) and for whatever reason, works well with the Dachstein firewall. It however, does not mention compatability with XP so - your mileage may vary. Charles S. brought up a valid point as to why I did not want the mandrake 9.0 box performing the time server duty with the others synchronizing off of it. Fairly simply, the firewall is up 24/7 while the mandrake box may get used on the occasional weekend. * Comments inserted in your text ** --- Kevin [EMAIL PROTECTED] wrote: I was curious, so I tried to hit my firewall without making any changes to its current state. I used a program call NetLab 1.4, freeware for windows. It has a time snyc function I use to keep my clocks updated. When I hit the main time server that worked through the firewall - salmon.maths.tcd.ie - my clocks are in sync. The program has options to sync via TCP, UDP or SNTP. When I hit the internet server, all work except the UDP protocol. It crashes Winsock on my winxp box. When I try to sync with the firewall INTERNAL IP Address - it fails on all EXCEPT SNTP, however that is so far off, it gave me the date from 1994. ** I trust you also put in the libm and ntpsimpl packages in your firewall. If so, you and I had the same experience that 'rdate' or 'real' ntp requests to the firewall box do not produce time information. ** I logged on the firewall and did a date and/or hwclock command and it shows the correct date and time. ** # date # hwclock --show ** When I try my external IP address, it only works with SNTP and then again it gives me a date from 1994. ** Completely uninformed opinion is that the time communication between the M$ and firewall have issues. My issue with Automochron sp? resulted in a socket error. You might have enough information coming back that NetLab 1.4 reads it and decides the info means 1994. ** I hope this was able to help in your troubleshooting __ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com --- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] dachstein NTP Internal Time Server - EXTERNAL ports now open
All - A quick update, I inserted into network.conf, down about line 323, the list of servers matching the list from the ntpsimpl conf from the setup package menu. ie: EXTERN_UPD_PORT0=0/0 domain EXTERN_UDP_PORT1=0/0 bootpc EXTERN_UDP_PORT2=www.xxx.yyy.zzz/24 ntp EXTERN_UDP_PORT3=aaa.bbb.ccc.ddd/24 ntp etc. The linux clock (date) and cmos clock (hwclock --show) are probably within a millisecond of each other and no doubt very close to real time, and the drift log has begun to show a real value instead of 0.0 so I'm pretty sure the daemon is up, running and doing its job. My M$ machine still cannot sync with the DS firewall with a unable to contact server and a mandrake 9.0 box with netdate 192.168.1.254 run from root gets connection refused. Looks like I'm still lost as how to open the internal port 123 for the time server. R - Bill __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com --- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] dachstein NTP Internal Time Server - udp internal port looks open
Thank you Charles for the excellent lead! I took your advice and did a #netstat -ldp | more and got the following lines concerning port 123 (with apologies for the formatting problems): proto recv-Q send-Q local addr foreign addr state PID/Pgrm name udp 0 0 192.168.1.254:123 0.0.0.0:* 1063/ntpd udp 0 0 127.0.0.1:123 0.0.0.0:* 1063/ntpd udp 0 00.0.0.0:123 0.0.0.0:* 1063/ntpd Nothing is in the state column although 'LISTEN' appears with port 53, 1023, and 80. I'm no expert but I get the idea that 'LISTEN'should have been in the 'state' column. I will start looking at the conf file and see if I missed something in the conf to enable the server function. R - Bill --- Charles Steinkuehler [EMAIL PROTECTED] wrote: Port 123 for internal systems should be open already. I strongly suspect either your M$ machine is looking for a different flavor of time-server (ie something other than NTP), or the NTP package you're running does not implement the server functions (I'm not personally familiar with the NTP software you're using). It's also possible you need to configure your ntp software to listen to the internal NIC. You can check which programs are listening on which IP's with the netstat command: netstat -lnp Look for UDP port 123, and make sure it's either listening on 0.0.0.0 (all IP's), or the IP of your internal interface. If nothing is listening on that port, you either need different NTP software to support the server portion of NTP, or have some kind of configuration problem. -- Charles Steinkuehler __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com --- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] dachstein NTP Internal Time Server - Any Bering Folks using this?
Thank you Charles for the expert advice on upd. I did a little more snooping and turns out #netdate command (linux box) is port 37 while ntp is port 123. (I realize I'm beginning to sound like a total moron and should have done the homework and rtfmed). I downloaded a program called automachron for the M$ box (which looks pretty good for free) that specifically calls out which port it plans to connect to, 37 or 123. I asked it to hit the firewall 192.168.1.254 and received Error: 192.168.1.254 (123) - Socket Error: Valid name, no data record of requested type. Asking it to look at a 'real' server under the various protocols (v1,v2,v3,v4) produced the desired result of providing information to update the time. The LEAF Time in Bearing 14.5 Subsection indicates that the combination of libm.lrp and ntpsimpl.lrp can be used to create a time server. The paper then explicitly says to open the firewall with: ACCEPT loc fw upd ntp (to query the Bering time server for local net). I did NOT attempt to improve the standard firewall rules so your comment below saying the internal network should be able to access the firewall should still be valid. Maybe a little more snooping in the ntpsimpl.lrp documentation is the next step. Thank you for your valued comments and opinions. R - Bill --- Charles Steinkuehler [EMAIL PROTECTED] wrote: Don't knock yourself out about the missing listen. UDP is a stateless protocol, so *NO* UDP entries in the netstat output will have anything in the state column. States only make sense for TCP. It looks like your server is listening to the internal interface, and there are no firewall rules blocking any access from internal networks to the firewall itself, so unless you did something really wacky to the ipchains rules, that's not your problem either. I'd make sure your windows client is actually talking NTP, rather than one of the other (typically simpler) time protocols. -- Charles Steinkuehler __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com --- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] dachstein NTP Internal Time Server - Up and running
All, I put the NTP rpm in my mandrake 9.0 linux box. Set the ntp.conf server to 192.168.1.254 (firewall address). Inserted a /etc/ntp.drift and put a 1 in the file. Started the ntpd daemon. Tested out the troubleshooting guide and on the mandrake box tried a: # ntpq -p 192.168.1.254 The results indicated that the firewall was doing its job as a time server. The display indicated every server I had in the conf file of the fire wall as well as detailed statistics on how much they vary from each other. Now the strange part: From the M$ box, using Automachron time update software, the time will sync fine to the mandrake box, but still has the socket error for the firewall. Looks like I need to test some other software that will be more forgiving with the firewall. __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com --- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] dachstein NTP Internal Time Server
Greetings All- I took a look at my logs and realized the time recorded was very different than the real time. I tried setting up a check once per day by inserting a server in the lrp.conf but that did not work. A system that worked was to place the following lines in /etc/cron.d/multicron 11 05,11,17,23 * * * root /usr/sbin/rdate -s x.x.x.x 12 05,11,17,23 * * * root /sbin/hwclock --systohc And have the time examined every 6 hours beginning 5 am and updating the clock at 11 mins past and writing to the cmos clock at minute 12. That was accurately keeping the firewall time but since I now had a machine that knew the time, could I use the firewall as an internal time server for the rest of the machines in my house? Bearing has a hint of how this may be done and I downloaded and added to my DS floppy libm.lrp and ntpsimpl.lrp. Updated my /mnt/syslinux.cfg placing libm,ntpsimpl at the end of the line and making sure it was not over 254 characters long. Started up the new configuration and added servers to the ntpd.conf under package settings for ntpsimpl. Syslogs indicate the ntpd daemon is alive and kicking but the clock (date) and cmos clock (hwclock --show) are progressively getting worse and worse. My guess is that I need to open ntp port 123 (either tcp, or udp) to allow the ntpd daemon out to the selected servers. Of course, that is where I got stuck. I also tried to connect to the firewall with 192.168.1.254 as the time server from a M$ box. The connection was Unable to contact server. Once again, the guess is that I need to open the INTERNAL ports 123 to my internal network, which is once again where I get stuck. I really don't want to open the EXTERNAL upd ports and let my box be the time server to the world. Any suggestions on how to let the ntpd daemon contact the net, as well as how to let my internal machines through to get a time sync would be greatly appreciated. __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com --- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] dachstein NTP Internal Time Server
Erich, Thanks for asking! I should have looked earlier! I examined the denied packets carefully, and yes, the selected internet time servers were getting blocked coming back to the firewall in a rather impressive (in volume of traffic) manner. I disabled the servers until I can start to let the information into the box. Excellent Catch! - Bill --- Erich Titl wrote: What about your log files, do they indicate any port 123 traffic to be blocked? Erich __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com --- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [Leaf-user] Please Please Help me...!
Greeting Sudhir: A thought might be that you have not enabled the 10.0.0.0 subnet on the internal network. The Dachstein CD has as its default the 192.168.1.0 subnet so to get the 10.0.0.0 working you must edit the configuration. 1) In /etc/network.conf lines 164, 349, 350 2) in /etc/sh-httpd.conf lines 2 and 3 3) in /etc/dhcpd.conf lines 4,5,7,8 4) in /etc/hosts.allow line 9 5) # lrcfg and in the dnscache package pick menu items 1 and 2. Regards, Bill --- barwals [EMAIL PROTECTED] wrote: Hi everybody, Please Please help me! I'm trying to do it since last One month but could not then only I have sent a mail to this mailing list. I 'm running the Dachstein LEAF firewall. I'm not able to forwarding the external traffice which is coming to my valid IPaddr (eth0) to my internal web server which is a windows 2000 server. I have allready gone through all the related mailing list archive but could not solve the problem and hence I'm writing to this list. The error I'm getting in my browser is Connection faild Connection timed out. My configuration is as follows. EXTERN_IP=111.222.333.444 EXTERN_IF =eth0 INTERNAL_IP=10.24.33.224 INTERNAL_IF =eth1 INT_NET = 10.0.0.0/8 IPFWDING_KERNEL= FILTER_ON IPALWAYSDEFRAG_KERNEL = YES CONFIG_HOSTNAME = YES CONFIG_HOSTSFILE = YES CONFIG_DNS = NO IPFILTER_SWITCH = firewall SNMP_BLOCK = YES EXTERN_DHCP = NO EXTERN_DHCP = NO EXTERN_TCP_PORT0=0/0 www 111.222.333.444 INTERN_SERVERS=tcp_111.222.333.444_www_10.24.33.150_www My IPCHAINS RULES looks like they are accepting the connection at 111.222.333.444. But could not find the solution. Could anybody help me in that regard. When I see in weblet through brouser I'm seeing this. but no byte(packet) in Chain port forward policy. :: Masqueraded Connections :: IP masquerading entries prot expire source destination ports tcp 0:58.64 10.24.33.150 203.163.160.2 80 2678 (80) Regards . Thanks. Sudhir Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from http://www.planetm.co.in ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user __ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] ipsec errors
All, If I remember correctly, and please correct me if I am wrong, the documentation with the ipsec lrp with the Dachstein CD says that using the leftfirewall=yes or rightfirewall=yes will automatically append the scripts to allow protocol 50 through. If I remember from the first post, the office connection had the left and rightfirewall commented out. Just another thought - Bill --- Charles Steinkuehler [EMAIL PROTECTED] wrote: Where do I check to see if protocol 50 packets are being allowed through? I'll be working more on it this weekend.. I'd really like to get this working so I'll try just about anything.. even possibly step/by/step support via phone (I'd beg someone to call my 800 number for a little assistance... The primary source is the output of net ipfilter list, which shows you exactly how your firewall rules are setup. You're looking for a line allowing protocol 50, preferrably with non-zero byte/packet counts: 1843 356K ACCEPT 50 -- 0xFF 0x00 eth0 snip You open protocol 50 traffic with the following in network.conf: EXTERN_PROTO0=50 0/0 Of course, you can change the 0/0 (the entire internet) to the address (or network) of your remote VPN link, if it's static. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user __ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dachstein CD, IPSEC, KLIPS rp_filter
Michael, Thank you for your fast response. I unfortunately posted before I thought. Turns out that just the eth0 needs the rp_filter turned off so I was able to make things work without worrying about the ipsec0 rp_filter. Thanks again - Bill --- Michael D. Schleif [EMAIL PROTECTED] wrote: Have you looked in /etc/init.d/network -- near line 116? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . __ Do You Yahoo!? Yahoo! Sports - sign up for Fantasy Baseball http://sports.yahoo.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Dachstein CD, IPSEC, KLIPS rp_filter
Greetings All: I have networked two DCD firewalls with IPSec using X.509 certificates. I have added a road warrior M$98 machine using SSH Sentinel package. The interesting part is that the KLIPS warning that usually shows up during boot now really matters! WARNING: ipsec0 has route filtering turned on, KLIPS may not work . /proc/rp_filter ='1' should be 0 The two DCD can seem to get around the rp_filter=1 in /proc/sys/net/ipv4/ipsec0/rp_filter but not the Sentinel. The eth0 error can be cleared by changing line 138 in network.conf eth0_IP_SPOOF=NO yet I cannot seem to figure out how to clear the ipsec0 error. From the shell the standard echo 0 /proc/sys/net/ipv4/ipsec0/rp_filter will work but I am trying to get the setup to do this for me. Inserting the above line in various places has proven futile. Any suggestions on how to clear the ipsec0/rp_filter= '1' error? Thanks in advance, Bill __ Do You Yahoo!? Yahoo! Sports - sign up for Fantasy Baseball http://sports.yahoo.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] DCD IPSEC SSH Sentinel - Add Directory
I am still struggling getting M$ machines to road warrior across a Dachstein CD firewall. I can get two DCD firewalls to use the ipsec and create a VPN between them. I have tried unsuccessfully to use PGPnet so now its SSH Sentinel's turn. An excellent article is from Nadeem Hasan (www.nadmm.com) on getting a VPN going but on SuSEfirewall2 instead of Dachstein. This method does use x.509 certificates. A new directory needs to be setup for this to work. /etc/ipsec.d/cacerts/ - which is where you want to put the certificates. I can mkdir the directory and place the cacert.bin file into it. My problem is that I can't seem keep the directory when I backup the /etc/ directory. After a reboot, the directory has gone away. Does anyone know how to add a /etc/ipsec.d/cacerts/ directory and how (or what) to backup to keep this part of the setup? Anyone interested in a mini-howto once I get this done? Thanks much - Bill __ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Re: How to backup Dachstein packages to floppy?
Very True Gregor! I might also add that the default backup is full and cdrom so I had to go to each section I wanted to back up and change them from full cdrom to partial floppy. There is a letter switch for all three options, 1. backup itself, 2. change destination, and 3. change type of backup (full or partial). The correct sequence for a package to back up would be to change the destination (floppy) type (partial) then follow up with the backup which will write to the floppy. I take it you were successful in getting the modules you wanted to load on the floppy in the lprcfg.cfg file. R- Bill --- GREGOR [EMAIL PROTECTED] wrote: Craig Caughlin writes: Hi folks, I'm using the Dachstein CD, and I've uncommented the correct entries for my NIC's. I just don't know how to backup to the floppy (I'm sorry, I'm fairly I assume that you're using DCD. if you are already in the LRP-configuration menu, type b to choose Back-up ramdisk. since NIC's settings is in 2) etc, so now type d 2. and then type 2 to choose fd0 as the back up destination. don't forget to insert a DOS formatted floppy into your floppy drive. and finally type b 2 to do the back up. when a question appears, just pres Y. if the back up is finished, you will then type q until you enter the command prompt. in the command prompt type svi network reload, so that your changes take effect. regards, Gregor __ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Dachstein CD, LaBrea IP addresses
Being rather new at this I have what is a beginner question. LaBrea option on the D-CD will trap port scanner (like Code Red worm) on virtual machines to keep them from bothering other computers. From what I understand in the documentation, LaBrea will examine your sub-network and select non-used ip addresses to use as the virtual machine. I am using the Dachstein firewall with a DSL for my home and the only sub-net I have is the 192.168.x.x. Will LaBrea still function with this protected group of ip addresses or is it truly suited to working with sub-nets of REAL ip addresses? Thanks for the help. __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dachstein CD, IPSEC and PGPnet
Mr. Steinkuehler thank you for your very prompt reply. Your very valid point below about PGP certificates being in a different format is very true. A key extractor is available at www.zengl.net/freeswan that will pull usable information from the PGP keys. This only works for versions up to 6.5.x of PGP. An excellent article on freeswan - PGPnet through a linksys router is available from http://www-ec.njit.edu/~rxt1077/Howto.txt which deals with x509 certificates. I was hoping to avoid the certificate issue and go direct with open PGP certificates. --- Charles Steinkuehler [EMAIL PROTECTED] wrote: I found Felippe Piazza article in www.strongsec.com/freeswan on how to accomplish this using Open PGP certificates without the x509 certificates. The article indicates that a patch must be made to the kernel of linux to get this to work which strangely enough is the x509 patch. In C. Steinkuehler documentation of the Dachstein CD he indicates that a support lrp is available as ipsec509.lrp to be included on the floppy's pkgpath.cfg file along with the regular ipsec.lrp. So finally the question, does the ipsec509.lrp file include the patch to pluto and kernel modifications so that Open PGP certificates will work with the Dachstein IPSEC? If you're running the CD version of Dachstein, and loading the ipsec and ipsec509 packages, you should be able to use x.509 certificates as authentication keys. The Dachstein firewall/VPN functions great between linux firewalls but I cannot seem to get the M$ product to talk. I don't acutally use certificates, so I haven't verified everything works personally. I do know, however, that there are numerous configuration problems on the windows side if you're not using the entire MS VPN framework. You might ask on the ipsec list (or search the archives) about configuring windows and FreeS/WAN to talk to each other using certificates. You'll also need to import the certificates into freeswan...I have the openssl and fswcert programs to do this available for download from the ipsec pacakge page on my website, if you don't have an alternative linux box to run the programs on... I also seem to remember something odd about PGP cert's...I think they're stored in yet another format, and require a different program to extract their data on a linux system, but I'm not sure...the FreeS/WAN docs mailing list will be your best source of info. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user __ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Dachstein CD, IPSEC and PGPnet
I am currently trying to get my Dachstein CD v1.02 firewall to allow connections through the freeswan ipsec to a windoze 98 machine running PGPnet (freeware 6.5.x). I found Felippe Piazza article in www.strongsec.com/freeswan on how to accomplish this using Open PGP certificates without the x509 certificates. The article indicates that a patch must be made to the kernel of linux to get this to work which strangely enough is the x509 patch. In C. Steinkuehler documentation of the Dachstein CD he indicates that a support lrp is available as ipsec509.lrp to be included on the floppy's pkgpath.cfg file along with the regular ipsec.lrp. So finally the question, does the ipsec509.lrp file include the patch to pluto and kernel modifications so that Open PGP certificates will work with the Dachstein IPSEC? The Dachstein firewall/VPN functions great between linux firewalls but I cannot seem to get the M$ product to talk. Any help or suggestions would be appreciated. __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user