Re: [Leaf-user] Help with demand dial on Dachstein
Hi Stepen, your problem is that your external interface has an ip of 10.64.64.64. To get an real IP you must get up your demand-dial link. This happens, when you want to send a packet to the external net, but this packet is dropped by the firewall rules and so can not bring up the link. I solved this egg-chicken problem with a rule to accept this package. ipchains -I output 2 -i ppp0 -s 10.64.64.64 -j ACCEPT. Regards Manfred Stephen More schrieb: > > How I made Dachstein Dial: > > Assumptions: > > 1 Ethernet > Router IP will be 192.168.1.1 > Configs will be stored on floppy > > Before booting with CD-ROM > > 0. rawrite bootdisk.bin to floppy > 1. edit lrpkg.cfg on floppy > 2. add packages: > lncurses( dependant for bash ) > lrdline2( dependant for bash ) > bash-optional > ppp -required > libpcap ( dependant for tcpdump ) > tcpdump -optional > vim -optional > ifconfig-optional > > After booting with floppy and CD-ROM > > 1. vi /etc/modules > add: > slhc( needed for ppp ) > ppp > > uncomment: > 3c509 ( for my ethernet card ) > ip_masq_ipsec ( use of vpn behind router ) > > 2. vi /etc/network.conf > > IF_AUTO='eth0 ppp0' > > comment out all of eth0 > change eth1 to eth0 > eth0=192.168.1.1 > > Line 257: EXTERN_IF=ppp0 > > Line 319: EXTERN_UDP_PORTS="0/0_500" ( use of vpn behind router ) > Line 341: EXTERN_PROTO0="50 0/0" ( use of vpn behind router ) > > Line 348: INTERN_IF=eth0 > INTERN_IP=192.168.1.1 > > 3. vi /etc/ppp/peers/provider > > /dev/ttyS0 > 57600 > > 4. vi /etc/chatscripts/provider > > edit: > phone-number > username > password > > 5. backup etc, modules, ppp using lrcfg > > So far so good. A dedicated dialup router with VPN behind the router works > well. > > Now here is where I am having trouble: > I try to make it on demand dial by: > vi /etc/ppp/peers/provider > > add: > demand > idle 600 > > When I ping from a computer on the LAN ( which worked before I added > 'demand' ) I get: > > Feb 19 02:37:17 firewall kernel: Packet log: output DENY ppp0 PROTO=1 > 10.64.64.64:8 129.3.1.1:0 L=60 S=0x00 I=6659 F=0x T=31 (#6) > > What do I need to do to allow that packet to pass and bring up ppp0 ? > > -Thanks > Steve More > > ___ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Help with demand dial on Dachstein
At 08:54 AM 2/19/02 -0800, Mike Noyes wrote: >Eigerstein Series LRP will not route with private range IP Address assigned >to external NIC >http://sourceforge.net/docman/display_doc.php?docid=2869&group_id=13751 Thanks Mike, and everyone else who responded. I think it would be helpful to new users to change "External NIC" to "External Interface" on the above doc. I see "external NIC" and I immediately assume that it does not pertain to me, I am using ppp. ( Perhaps some of that is my fault. ) Another assumptionI though the ppp0 interface would be un-numbered until it got one from the other end, I never gave ppp0 an ipaddress. -Steve More >>At 07:30 PM 2/18/02 -0800, Matt Schalit wrote: >> >Stephen More wrote: >> > >> >> Feb 19 02:37:17 firewall kernel: Packet log: output DENY ppp0 PROTO=1 >> >> 10.64.64.64:8 129.3.1.1:0 L=60 S=0x00 I=6659 F=0x T=31 (#6) >> >> >> >> What do I need to do to allow that packet to pass and bring up ppp0 > >-- >Mike Noyes <[EMAIL PROTECTED]> >http://sourceforge.net/users/mhnoyes/ >http://leaf.sourceforge.net/content.php?menu=1000&page_id=4 > > > ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Help with demand dial on Dachstein
- Original Message - From: "Matt Schalit" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, February 19, 2002 12:39 PM Subject: Re: [Leaf-user] Help with demand dial on Dachstein > Mike Leone wrote: > > > > > This FAQ and many others needs to be updated. The lrp.c0wz.com site is no > > > longer maintained. There are mirrors of its content at: > > > > Really? Rick called it quits with LRP/LEAF? How sad. > > > I thought we were all happy that Rick found a job to > keeps him so busy. I didn't hear that he "quit" so to > speak. (Though he left awful quite like :-) Well, he's not maintaining his site anymore. Stopped providing ongoing support and resources, even if he didn't quit being a user. I wondered where he was; I remember his posts about being out of work; guess I missed the one about finding new work. Oh, well - good luck to you, Rick, if you're listening. :-) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Help with demand dial on Dachstein
Mike Leone wrote: > > > This FAQ and many others needs to be updated. The lrp.c0wz.com site is no > > longer maintained. There are mirrors of its content at: > > Really? Rick called it quits with LRP/LEAF? How sad. I thought we were all happy that Rick found a job to keeps him so busy. I didn't hear that he "quit" so to speak. (Though he left awful quite like :-) Matthew ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Help with demand dial on Dachstein
Matt Schalit wrote: not > It was as easy to search for as I thought, but I think I ^ Sorry. I didn't mean to sound hoity toity. I meant it was hard to find when I used terms like private because they were too common. Best, Matthew ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Help with demand dial on Dachstein
> This FAQ and many others needs to be updated. The lrp.c0wz.com site is no > longer maintained. There are mirrors of its content at: Really? Rick called it quits with LRP/LEAF? How sad. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Help with demand dial on Dachstein
Stephen More wrote: > > If it is 'A frequently asked question' how come it is not on the FAQ > webpage http://leaf.sourceforge.net/content.php?menu=1105&page_id=19 ? :-) > > 'How Do I configure a dial-up ppp line' contains images for: > LRP 2.9.4 (File not found) > Materhorn (File not found) > ( Both Out of Datewhere is the link for Dachstein ? ) > > The other links under that don't work, server unknown. > > I have looked through the email list posts, I have not found the answer. > I was hoping someone could atleast point me in the right direction like > read the "HOWTO-for-IPCHAINS, thats your problem". > > -Thanks Sorry, I didn't have a DF in front of me to track down the answer. I did the search for you, and here's the answer, I'm pretty sure: http://www.mail-archive.com/leaf-user@lists.sourceforge.net/msg03769.html It was as easy to search for as I thought, but I think I got it using "192.168 eth0" HTH, Matthew ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Help with demand dial on Dachstein
Mike just thought would tell you that Kenneth's PPPd pages are AWOL. I do have Bering running doing demand dialing. My workstation has a 192.168.xxx.xxx type address and my firewall (Bering computer) also has same address range and dial my isp just fine. Larry Platzek [EMAIL PROTECTED] On Tue, 19 Feb 2002, Mike Noyes wrote: > Date: Tue, 19 Feb 2002 08:48:56 -0800 > From: Mike Noyes <[EMAIL PROTECTED]> > To: Stephen More <[EMAIL PROTECTED]>, [EMAIL PROTECTED] > Subject: Re: [Leaf-user] Help with demand dial on Dachstein > > At 2002-02-19 11:13 -0500, Stephen More wrote: > >If it is 'A frequently asked question' how come it is not on the FAQ > >webpage http://leaf.sourceforge.net/content.php?menu=1105&page_id=19 ? :-) > > > > > >'How Do I configure a dial-up ppp line' contains images for: > > LRP 2.9.4 (File not found) > > Materhorn (File not found) > > ( Both Out of Datewhere is the link for Dachstein ? ) > > > >The other links under that don't work, server unknown. > > This FAQ and many others needs to be updated. The lrp.c0wz.com site is no > longer maintained. There are mirrors of its content at: > > http://leaf.sf.net/devel/thc > http://c0wz.steinkuehler.net > > >I have looked through the email list posts, I have not found the answer. > >I was hoping someone could atleast point me in the right direction like > >read the "HOWTO-for-IPCHAINS, thats your problem". > > Have you looked at Kenneth Hadley's "PPPoE and PPPd" page? > http://leaf.sourceforge.net/devel/khadley > > Bering has support for ppp also. > http://leaf.sourceforge.net/devel/jnilo/leaffw.html > > I hope this helps. > > -- > Mike Noyes <[EMAIL PROTECTED]> > http://sourceforge.net/users/mhnoyes/ > http://leaf.sourceforge.net/content.php?menu=1000&page_id=4 > > > ___ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Help with demand dial on Dachstein
At 2002-02-19 11:13 -0500, Stephen More wrote: >If it is 'A frequently asked question' how come it is not on the FAQ >webpage http://leaf.sourceforge.net/content.php?menu=1105&page_id=19 ? :-) > > >I have looked through the email list posts, I have not found the answer. >I was hoping someone could atleast point me in the right direction like >read the "HOWTO-for-IPCHAINS, thats your problem". Stephen, This FAQ may help. Eigerstein Series LRP will not route with private range IP Address assigned to external NIC http://sourceforge.net/docman/display_doc.php?docid=2869&group_id=13751 >At 07:30 PM 2/18/02 -0800, Matt Schalit wrote: > >Stephen More wrote: > > > >> Feb 19 02:37:17 firewall kernel: Packet log: output DENY ppp0 PROTO=1 > >> 10.64.64.64:8 129.3.1.1:0 L=60 S=0x00 I=6659 F=0x T=31 (#6) > >> > >> What do I need to do to allow that packet to pass and bring up ppp0 -- Mike Noyes <[EMAIL PROTECTED]> http://sourceforge.net/users/mhnoyes/ http://leaf.sourceforge.net/content.php?menu=1000&page_id=4 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Help with demand dial on Dachstein
At 2002-02-19 11:13 -0500, Stephen More wrote: >If it is 'A frequently asked question' how come it is not on the FAQ >webpage http://leaf.sourceforge.net/content.php?menu=1105&page_id=19 ? :-) > > >'How Do I configure a dial-up ppp line' contains images for: > LRP 2.9.4 (File not found) > Materhorn (File not found) > ( Both Out of Datewhere is the link for Dachstein ? ) > >The other links under that don't work, server unknown. This FAQ and many others needs to be updated. The lrp.c0wz.com site is no longer maintained. There are mirrors of its content at: http://leaf.sf.net/devel/thc http://c0wz.steinkuehler.net >I have looked through the email list posts, I have not found the answer. >I was hoping someone could atleast point me in the right direction like >read the "HOWTO-for-IPCHAINS, thats your problem". Have you looked at Kenneth Hadley's "PPPoE and PPPd" page? http://leaf.sourceforge.net/devel/khadley Bering has support for ppp also. http://leaf.sourceforge.net/devel/jnilo/leaffw.html I hope this helps. -- Mike Noyes <[EMAIL PROTECTED]> http://sourceforge.net/users/mhnoyes/ http://leaf.sourceforge.net/content.php?menu=1000&page_id=4 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Help with demand dial on Dachstein
If it is 'A frequently asked question' how come it is not on the FAQ webpage http://leaf.sourceforge.net/content.php?menu=1105&page_id=19 ? :-) 'How Do I configure a dial-up ppp line' contains images for: LRP 2.9.4 (File not found) Materhorn (File not found) ( Both Out of Datewhere is the link for Dachstein ? ) The other links under that don't work, server unknown. I have looked through the email list posts, I have not found the answer. I was hoping someone could atleast point me in the right direction like read the "HOWTO-for-IPCHAINS, thats your problem". -Thanks Steve More At 07:30 PM 2/18/02 -0800, Matt Schalit wrote: >Stephen More wrote: > > >> Feb 19 02:37:17 firewall kernel: Packet log: output DENY ppp0 PROTO=1 >> 10.64.64.64:8 129.3.1.1:0 L=60 S=0x00 I=6659 F=0x T=31 (#6) >> >> What do I need to do to allow that packet to pass and bring up ppp0 ? >> >> -Thanks >> Steve More > > >Yea, A frequently asked question :) > >People are always trying to figure out how to get a private >address to make it out the external interface. I think it'd >be a quick find if you searched the list. I've seen this >twice in the last couple of weeks. Ray's answered it a few >times for sure :) > >Matthew > >___ >Leaf-user mailing list >[EMAIL PROTECTED] >https://lists.sourceforge.net/lists/listinfo/leaf-user > > ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Help with demand dial on Dachstein
Stephen More wrote: > Feb 19 02:37:17 firewall kernel: Packet log: output DENY ppp0 PROTO=1 > 10.64.64.64:8 129.3.1.1:0 L=60 S=0x00 I=6659 F=0x T=31 (#6) > > What do I need to do to allow that packet to pass and bring up ppp0 ? > > -Thanks > Steve More Yea, A frequently asked question :) People are always trying to figure out how to get a private address to make it out the external interface. I think it'd be a quick find if you searched the list. I've seen this twice in the last couple of weeks. Ray's answered it a few times for sure :) Matthew ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Help with demand dial on Dachstein
How I made Dachstein Dial: Assumptions: 1 Ethernet Router IP will be 192.168.1.1 Configs will be stored on floppy Before booting with CD-ROM 0. rawrite bootdisk.bin to floppy 1. edit lrpkg.cfg on floppy 2. add packages: lncurses( dependant for bash ) lrdline2( dependant for bash ) bash-optional ppp -required libpcap ( dependant for tcpdump ) tcpdump -optional vim -optional ifconfig-optional After booting with floppy and CD-ROM 1. vi /etc/modules add: slhc( needed for ppp ) ppp uncomment: 3c509 ( for my ethernet card ) ip_masq_ipsec ( use of vpn behind router ) 2. vi /etc/network.conf IF_AUTO='eth0 ppp0' comment out all of eth0 change eth1 to eth0 eth0=192.168.1.1 Line 257: EXTERN_IF=ppp0 Line 319: EXTERN_UDP_PORTS="0/0_500" ( use of vpn behind router ) Line 341: EXTERN_PROTO0="50 0/0" ( use of vpn behind router ) Line 348: INTERN_IF=eth0 INTERN_IP=192.168.1.1 3. vi /etc/ppp/peers/provider /dev/ttyS0 57600 4. vi /etc/chatscripts/provider edit: phone-number username password 5. backup etc, modules, ppp using lrcfg So far so good. A dedicated dialup router with VPN behind the router works well. Now here is where I am having trouble: I try to make it on demand dial by: vi /etc/ppp/peers/provider add: demand idle 600 When I ping from a computer on the LAN ( which worked before I added 'demand' ) I get: Feb 19 02:37:17 firewall kernel: Packet log: output DENY ppp0 PROTO=1 10.64.64.64:8 129.3.1.1:0 L=60 S=0x00 I=6659 F=0x T=31 (#6) What do I need to do to allow that packet to pass and bring up ppp0 ? -Thanks Steve More ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
