Re: [Leaf-user] Wishing to upgrade to Dachstein
I have a slightly older version of Charles' LRP, with plenty of settings I have made and some extra masq modules. What I need to know is: What do I do to bring my version up to Dachstein without finding and recreating all the little settings I have made? Is this going to be an easy upgrade? I have been using an IDE version almost since I started. I have copied down the normal Dachstein which, upon reading, has IDE support and the necessary VPN (for future, I don't yet use that) in the kernal. So I'm thinking that it shouldn't be too bad. Another concern is if the masq modules are compatible and if I can locate updated ones if necessary. I think you will find most masquerading modules are now available in the default kernel build. You will have to check to be sure...compare what you're running (use lsmod to find out) with the modules available in the new kernel tree: http://lrp.steinkuehler.net/files/kernels/Dachstein-normal/modules/ or http://lrp.steinkuehler.net/files/kernels/Dachstein-small/modules/ For your configuration, I suggest you migrate your existing network.conf settings to the new firewall manually. I normally do this with the following general procedure: Rename your existing etc.lrp somehing else (like etcx.lrp) or copy it to a different disk so it won't get loaded. Delete your existing modules.lrp, and replace with the modules package from Dachstein Boot into Dachstein using the default Dachstein etc.lrp Configure your modules, adding any required modules not in the default package, and deleting any you don't need. Verify everything works using svi modultils start, and backup modules. Unpack your old etc into /tmp. With the disk containing your old etc (etcx.lrp) mounted on /mnt, do the following: cd /tmp zcat /mnt/etcx.lrp | tar -xv This will put your old etc directory in /tmp/etc. Copy over any files you may have manually created/modified. Possibilities include: crontab, fstab, hostname, ipchains.*, localtime, nsswitch... Manually merge your settings from your previous network.conf file into the new network.conf Reload the firewall rules and verify they match your previous rules. I like to create and print out a list of the ipchains rules from my running system, then build a new configuration on a test machine, comparing it's configuration with the hardcopy previous config. When they match (or I know why they differ), I migrate the test configuration to my production firewall. You may find both the output of svi network ipfilter list and ipchains -nvL --line-numbers to be useful. Backup etc Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Wishing to upgrade to Dachstein
Thanks Charles. I'll be giving this a try on the weekend. I'll post my successes/failures. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Charles Steinkuehler Sent: Friday, November 16, 2001 9:26 AM To: John Mullan; Leaf-User Subject: Re: [Leaf-user] Wishing to upgrade to Dachstein I have a slightly older version of Charles' LRP, with plenty of settings I have made and some extra masq modules. What I need to know is: What do I do to bring my version up to Dachstein without finding and recreating all the little settings I have made? Is this going to be an easy upgrade? I have been using an IDE version almost since I started. I have copied down the normal Dachstein which, upon reading, has IDE support and the necessary VPN (for future, I don't yet use that) in the kernal. So I'm thinking that it shouldn't be too bad. Another concern is if the masq modules are compatible and if I can locate updated ones if necessary. I think you will find most masquerading modules are now available in the default kernel build. You will have to check to be sure...compare what you're running (use lsmod to find out) with the modules available in the new kernel tree: http://lrp.steinkuehler.net/files/kernels/Dachstein-normal/modules/ or http://lrp.steinkuehler.net/files/kernels/Dachstein-small/modules/ For your configuration, I suggest you migrate your existing network.conf settings to the new firewall manually. I normally do this with the following general procedure: Rename your existing etc.lrp somehing else (like etcx.lrp) or copy it to a different disk so it won't get loaded. Delete your existing modules.lrp, and replace with the modules package from Dachstein Boot into Dachstein using the default Dachstein etc.lrp Configure your modules, adding any required modules not in the default package, and deleting any you don't need. Verify everything works using svi modultils start, and backup modules. Unpack your old etc into /tmp. With the disk containing your old etc (etcx.lrp) mounted on /mnt, do the following: cd /tmp zcat /mnt/etcx.lrp | tar -xv This will put your old etc directory in /tmp/etc. Copy over any files you may have manually created/modified. Possibilities include: crontab, fstab, hostname, ipchains.*, localtime, nsswitch... Manually merge your settings from your previous network.conf file into the new network.conf Reload the firewall rules and verify they match your previous rules. I like to create and print out a list of the ipchains rules from my running system, then build a new configuration on a test machine, comparing it's configuration with the hardcopy previous config. When they match (or I know why they differ), I migrate the test configuration to my production firewall. You may find both the output of svi network ipfilter list and ipchains -nvL --line-numbers to be useful. Backup etc Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Wishing to upgrade to Dachstein
Well, I've been off the lists for several months now. I would probably still be in the shadows but if it wasn't for upgrading to ICQ 2001b. So, as luck would have it, I began visiting the old sites and found some new (and potentially exciting) changes. I have a slightly older version of Charles' LRP, with plenty of settings I have made and some extra masq modules. What I need to know is: What do I do to bring my version up to Dachstein without finding and recreating all the little settings I have made? Is this going to be an easy upgrade? I have been using an IDE version almost since I started. I have copied down the normal Dachstein which, upon reading, has IDE support and the necessary VPN (for future, I don't yet use that) in the kernal. So I'm thinking that it shouldn't be too bad. Another concern is if the masq modules are compatible and if I can locate updated ones if necessary. Thanks in advance for any help *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* John Mullan - Technical Manager Ontario Lottery and Gaming Corporation Direct Gaming Distribution Center Personal: mailto:[EMAIL PROTECTED] Business: mailto:[EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
