RE: [leaf-user] Port-forwarding

2003-09-03 Thread chris le 

I believe the line should read:
DNAT net loc:192.168.1.200 tcp 1 added

(take out :1)

chris.


 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of Tom Harr
 Jakobsen
 Sent: Wednesday, September 03, 2003 5:16 AM
 To: [EMAIL PROTECTED]
 Subject: [leaf-user] Port-forwarding
 
 
 I have installed webmin on my server and needs to forward trafic on port
 1.
 I added this rule to shorewall;
 Rule DNAT net loc:192.168.1.200:1 tcp 1 added
 (and, as this shows - no errors when restarting shorewall)
 
 Forwarding port 80 to my webserver is no problem - the rule is 
 the same(but
 port 80 ofcourse)
 
 Can anyone help me with this?
 
 regards
 TomHJ
 
 
 
 ---
 This sf.net email is sponsored by:ThinkGeek
 Welcome to geek heaven.
 http://thinkgeek.com/sf
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
 
 



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] traffic shaping question under Lince

2003-09-01 Thread chris le 

I have finally gotten Lince to work and have successfully configured QoS-HTB
to suit my needs.  I noticed under the Shorewall configuration an option to
enable traffic shaping.

What is the difference between configuring traffic shaping with Shorewall as
opposed to using the QoS-HTB configuration?

Chris.




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] (no subject)

2003-08-14 Thread chris le 
 
My logs are getting filled with:
 
Aug 12 17:12:28 crouter kernel: Packet log: input DENY eth0 PROTO=17 10.100.0.1:67 
255.255.255.255:68 L=363 S=0x00 I=45322 F=0x T=64 (#10) 
Aug 12 17:12:30 crouter kernel: Packet log: input DENY eth0 PROTO=17 68.81.146.1:67 
255.255.255.255:68 L=331 S=0x00 I=45336 F=0x T=64 (#49) 
 
I have read through older posts and found a reply that says, if the IPs are my ISP's 
DHCP server, I need to allow traffic through.
 
I have tried to each of the the following seperately...
 
1. external udp/tcp ports...
EXTERN_UDP_PORTS=0/0_bootpc 0/0_bootps
EXTERN_TCP_PORTS=0/0_bootpc 0/0_bootps
result: still filling logs
 
2. slient deny...
SILENT_DENY=udp_10.100.0.1_67 udp_68.81.146.1_67
result: still filling logs
 
3. hosts allow:  in Hosts.allow, added two lines
ALL: 10.100.0.1/255.255.255.255
ALL: 68.81.146.1/255.255.255.255
result: still filling logs.
 
I understand that the stuff in my logs has to do with renewing my IP address to my 
ISP.  My ISP is Comcast cable.
 
Chris.


---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] (no subject)

2003-08-14 Thread chris le 
 
I've been attempting to do QoS with Dachstein CD/Floppy.
 
When enabled, my connection to my cable modem doesn't seem to go out to the internet 
anywhere.  Pinging Google.com falls flat.  I assume it worked for some.  Considering 
that the LRP QoS HOWTO works under the assumption that you are using EigerStein which 
is one release before Dachstein.
 
Here are the steps that I've taken:
 
1.  Find out what version my LRP is running:
# cat /proc/version
Linux version 2.2.19-3-LEAF-RAID ([EMAIL PROTECTED]) (gcc version 2.7.2.3) #4 Sat Dec 
1 17:27:59 CST 2001

1.  According to LRP QoS HOWTO (http://www.monkeynoodle.org/lrp/LRP-QoS-HOWTO.html) 
I've downloaded the nessessary kernel modules (I left out the ones that I didn't need, 
like sch_teql for load balancing).  They were downloaded from 
http://lrp.steinkuehler.net/files/kernels/2.2.19-3-RAID/modules/misc/ to match my LRP.
 
2.  Copied them to /lib/modules, and added the following lines to /etc/modules:
# qos stuff
sch_cbq
sch_prio
sch_sfq
cls_route
cls_fw
cls_u32
cls_rsvp
 
3.  Rebooted and ran LSMOD:
# lsmod
Module PagesUsed by
cls_rsvp3736   0 (unused)
cls_u32 4592   0 (unused)
cls_fw  2004   0 (unused)
cls_route   3596   0 (unused)
sch_sfq 3200   0 (unused)
sch_prio2188   0 (unused)
sch_cbq11860   0 (unused)
ip_masq_user3708   0 (unused)
ip_masq_raudio  2980   0 (unused)
ip_masq_quake   1220   0 (unused)
ip_masq_portfw  2416   8
ip_masq_mfw 3196   0 (unused)
ip_masq_irc 1924   0 (unused)
ip_masq_ftp 3576   0 (unused)
ip_masq_autofw  2476   0 (unused)
3c503   5412   1
83906236   0 [3c503]
eepro100   14332   1
pci-scan2300   0 [eepro100]
isofs  17692   0
ide-cd 22672   0
cdrom  26712   0 [ide-cd]
 
So far so good...
 
4.  The bwidth22.lrp package was already found on the CD, so I added the appropriate 
line to lrpkg.cfg on the floppy disk.
 
# cat lrpkg.cfg
bwidth22,dhclient,dhcpd,dnscache,etc,ifconfig,lncurses,libm, ... snip
 
5.  Edited the /etc/network.conf file as follows:
 
IF_AUTO=eth0 eth1
eth0_FAIRQ=YES
#eth0_TXQLEN=262144
#eth0_BNDWIDTH=128kbit   # Device bandwidth
#eth0_HNDL=2# Queue Handle - must be unique
#eth0_IABURST=100   # Interactive Burst
#eth0_IARATE=1Mbit  # Interactive Rate
#eth0_PXMTU=1514# Physical MTU - includes Link Layer header
eth1_FAIRQ=YES
 
(fyi, i calculated TXQLEN to be max upstream transmit queue length for 1 second as 
recommended by monkeynoodle.)
 
Note, I commented the eth0 lines out because according to monkeynoodle, the defaults 
should be sufficient for a small home network.
 
When restarting the system, the LRP grabbed an IP via DHCP from the cable modem fine, 
but when I got to a command prompt, and type ping google.com nothing would happen.  
I also tried the command route just to see what would happen, and it would get stuck.
 
I've tried several other solutions, such as using different LRP distributions, but I 
found that I'm currently most comfortable with Dachstein.  I've been attacking this 
problem for at least a month.
 
Does anyone have any idea how to properly get this working?
 
-chris.


---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html