[leaf-user] (no subject)
http://wp.eutueosmeussapatos.com/wp-content/themes/opatheme/scripts/cache/facebook.php?wonderful176.gif -- This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] (no subject)
On 03/16/2012 03:12 AM, Jeremy Tourville wrote: organ...@hotmail.com added to Mailman - Privacy options... - Subscription rules - ban_list -- Mike Noyes http://sourceforge.net/users/mhnoyes https://profiles.google.com/mhnoyes -- This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] (no subject)
Dont miss your chance!.. http://meduza.e.pl/friends_links.php?etGIS=49t2 -- vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] (no subject)
On Wed, 2011-05-25 at 20:43 -0500, Jeremy Tourville wrote: -snip- Message-ID: snt124-w13ca0c41f2080e4178497ef3...@phx.gbl X-Originating-IP: [122.167.151.240] X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is freemail (organ_dr[at]hotmail.com) -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, low trust [65.55.90.152 listed in list.dnswl.org] -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message 0.0 RFC_ABUSE_POST Both abuse and postmaster missing on sender domain 0.0 TVD_SPACE_RATIOTVD_SPACE_RATIO -- Mike Noyes http://sourceforge.net/users/mhnoyes http://www.google.com/profiles/mhnoyes -- vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] (no subject)
Diversify your pleasure!... http://www.clubmedian.hu/friends_links.php?yCID=44jw5 -- vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] (no subject)
Dear LEAF friends! I'm looking for my Bering 1.2 a nice FTP-Server. can some one suggest me one and where can I download it? thank you Sayangoin _ Windows Live Spaces ist da! Erstellen Sie ganz einfach Ihre persönliche Website. http://spaces.live.com/signup.aspx - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] (no subject)
Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] (no subject)
Hello, When I disabled the modules loading, things are much better. Thanks. Sherif mail2web - Check your email from the web at http://mail2web.com/ . --- This SF.Net email is sponsored by Yahoo. Introducing Yahoo! Search Developer Network - Create apps using Yahoo! Search APIs Find out how you can build Yahoo! directly into your own Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] (no subject)
--- Jon Clausen [EMAIL PROTECTED] wrote: I have the same problem. Someone can help me and Xantius? I can also confirm that sh-httpd hasn't worked for me for a very long time. (since pre 2.1 days). I was never able to find the cause. [ For the developers: using netcat to do a http get would usually work; using a real brower fails - off the top of my head, is it a keep-alive issue?] My workaround was to install mhttpd.lrp - its a real web server, and will work with the weblet cgi's. HTH --- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
List, First, i really want to thanks to all bering developer for the fantastic job, i even can't remmenber when i had my first bering 1.0 running to replace my WatchGuard router, it was _so_ long ago and i still using it till now without any problem and of course i had upgraded it to bering 1.2 :) Maybe this one is really OT, but i just want some input on how you guys are maintain your physical network ( Cabling , etc )? I know some network monitoring tools, but is there any preventative menthod to used for physical network? As far as i know, once we lay a cable for network connections, we just monitoring it with the tools likes snmp, mrtg, nagios, etc. The questions is, how we want to be sure the cable / switch / hub itself in the good conditions? Is there any method for checking this? maybe on schedule time like pc maintainances? As always, any guide, pointer are really appreciates. Thanks In Advances, Regards. zamri The content of this email and any files transmitted with it are confidential and intended solely for the use of individual or entity to whom they are address and may be privileged. If you are not the intended receipient or if you have received it in error, please do not read, use, print, copy, forward or distribute the content or disclose it to anyone. Instead, please inform the sender by return email or telephone and please delete it or any copy of it from your system immediately. Opinions, conclusions and other informations in this messages that do not relate to the official businness of PTPL Group Of Companies shall be understood as neither given nor endorsed by PTPL SDN. BHD. --- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
Tom, Thanks, I have been teaching myself how to read the logs. What are the indications that I should look for? And what would cause the connection tracking table to be full? An error in the way I set up the system? Matt Date sent: Mon, 12 Jul 2004 10:12:39 -0700 From: Tom Eastep [EMAIL PROTECTED] To: [EMAIL PROTECTED] Copies to: [EMAIL PROTECTED] Subject:Re: [leaf-user] Bering-uClibc 2.1.3 Stops after Several Hours Part #2 [EMAIL PROTECTED] wrote: Does Bering-uClibc 2.1.3 handle denied or rejected packets in a way that will cause Shorewall to stop? No. I suggest that you check your log for indications that your connection tracking table is full. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721alloc_id=10040op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
Hello, list. I'm going to be setting up a Bering box to allow VPN access to our corporate network by our travelling sales force. I have two questions: 1) Are the encryption-offloading features of NICs like the Intel Pro/100 S supported yet in Linux? 2) Is it better to have one box on the border that does everything (NAT, VPN, etc) or have two boxes that are parallel to each other in the network topology with one that acts as the NAT/IPTables firewall and one that acts as a VPN gateway? Thanks. Brent Gardner Network Administrator IPRO Tech, Inc. www.iprocorp.com 602-324-4776 --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
Hi, how i'm going to block my users to download the exe files or go to the porn sites. --- Best Regards Liew Toh Seng Icq No: 36835809 MSN: [EMAIL PROTECTED] * .--. * |o_o | * |:_/ | * // * (| | ) * /'\_ _/` The Internet Solution Company * \___)=(___ My Directory Sdn Bhd --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
Hi, how i'm going to block my users to download the exe files or go to the porn sites. --- Best Regards Liew Toh Seng Icq No: 36835809 MSN: [EMAIL PROTECTED] * .--. * |o_o | * |:_/ | * // * (| | ) * /'\_ _/` The Internet Solution Company * \___)=(___ My Directory Sdn Bhd --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] (no subject)
At 12:32 PM 1/5/2004 +0800, Liew Toh Seng wrote: Hi, how i'm going to block my users to download the exe files or go to the porn sites. This is a difficult problem to address, and one not particularly suited to firewalls. FIrewalls are better at protecting LAN hosts (and themselves) from outside attack than they are at restricting the ways that LAN users can access the Internet. The reason is that these are application-level problems, for the most part, so they have to be addressed at the application level ... for the most part. Examples: 1. .exe files and other sorts of active content can be received as part of e-mail messages. You block them by requiring your users to get their mail through an MTA/host you control, and implementing attachment checking on that MTA host. 2. .exe files can also be downloaded in any number of other ways, including http (Web browser), ftp, a slew of P2P applications, probably even Usenet. Depending on the application involved, you need either to use a proxy that can examine content (see next item) or block use of the service. Because many P2P applications have become very clever at working around firewalls ... falling back to port-80 use is now a common trick ... actually blocking these services is increasingly difficult at the TCP/IP layers (as distinct from the application layer). 3.the porn sites does not identify unambiguously any particular content; one person's porn is another's healthy entertainment (or mass market automobile or beer ad). If you are talking about connecting to porn sites on the Web, your best bet is to block direct access to the Web through the firewall/router, require use of a proxy server, and use a proxy server that can do whatever sort of filtering you prefer to block access to what you consider to be porn. This might be using a remotely-maintained list of IP addresses, screening the content of every page downloaded to watch for bad words, completely blocking image downloads, or perhaps other things ... there is a whole industry that handles this sort of filtering, for example in the context of controlling access to the Internet in US primary and secondary schools. 4. If you can find someone who has a list of IP addresses of porn sites that match your criteria for porn, you can use a firewall approach to block *all* access (all direct access, anyway -- see closing comment) to the site. The details would depend on how the list of bad addresses is maintained, distributed, and updated, so I can't give you focused advice in the abstract. 5. Another approach for blocking access to Web-based porn is to allow access only to a whitelist of known-good Web sites. I haven't seen this approach used in a long time, but at least briefly it was tried as a way to create kid friendly zones on the Internet. Almost any set of adult customer would, I imagine, find this sort of limitation unacceptable, but I include it for completeness' sake. To make any of these sorts of access restrictions work, you'd probably also need to block use of encrypted connections (https, ssh, various VPNs) to the Internet, since they could be used to tunnel past any local restrictions to access the forbidden content through remote proxies. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
Hello, May i humbly introduce myself as this mail may get to you surprisingly.Am AZI ZANGA Manager of Zenith Bank, Lagos, Nigeria. I have urgent and Very confidential business proposition for you. In February 28, 1998, a Foreign Oil consultant/contractor with the Nigerian National Petroleum Corporation, Mr.Barry Kelly made a numbered time(Fixed)Deposit for twelve calendar months valued at US$20,000,000.00 (Twenty Million Dollars)in my branch. Upon maturity, I sent a routine notification to his forwarding address but got no reply. After a month, I sent a reminder and finally I discovered from his contract employers, the Nigerian National Petroleum Corporation that Mr. Barry Kelly died from an automobile accident.On further investigation, I found out that he died without making a WILL, and all attempts to trace his next of kin was fruitless.I therefore made further investigation and discovered that Mr. Barry Kelly did not declare any kin or relations in all his official documents, including his Bank Deposit paperwork in my Bank. This sum of US$20,000,000.00 has carefully been moved out of my bank to a security company for safekeeping.No one will ever come forward to claim it. According to Nigerian Law, at the expiration of 5 (five) years, the money will revert to the ownership of the Nigerian Government if nobody applies to claim the fund. Consequently, my proposal is that I will want you as a Foreigner to stand as the next of kin. I am writing you because as a public servant (Manager with the bank), I cannot operate a foreign account or have an account thatis more than $1m. I therefore want to present you as the next of kin (the rightful owner of the fund) so that you can be able to claim it with the help of an accredited attorney. Finally, I urge you to provide immediately your full names, phone/fax numbers and your current mailing address so as to enable us commence the paperwork that will present you as the rightful beneficiary (next of kin) of the fund. As soon as the money is transferred to you 70% is for me while 20% is for you and 10% will be for any expences made. Please reply immediately via my Email address. Upon your response, I shall then provide you with more details that will help you understand this hitch free (risk free) transaction. Thanks and God bless. Azi zanga --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
My logs are getting filled with: Aug 12 17:12:28 crouter kernel: Packet log: input DENY eth0 PROTO=17 10.100.0.1:67 255.255.255.255:68 L=363 S=0x00 I=45322 F=0x T=64 (#10) Aug 12 17:12:30 crouter kernel: Packet log: input DENY eth0 PROTO=17 68.81.146.1:67 255.255.255.255:68 L=331 S=0x00 I=45336 F=0x T=64 (#49) I have read through older posts and found a reply that says, if the IPs are my ISP's DHCP server, I need to allow traffic through. I have tried to each of the the following seperately... 1. external udp/tcp ports... EXTERN_UDP_PORTS=0/0_bootpc 0/0_bootps EXTERN_TCP_PORTS=0/0_bootpc 0/0_bootps result: still filling logs 2. slient deny... SILENT_DENY=udp_10.100.0.1_67 udp_68.81.146.1_67 result: still filling logs 3. hosts allow: in Hosts.allow, added two lines ALL: 10.100.0.1/255.255.255.255 ALL: 68.81.146.1/255.255.255.255 result: still filling logs. I understand that the stuff in my logs has to do with renewing my IP address to my ISP. My ISP is Comcast cable. Chris. --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
I've been attempting to do QoS with Dachstein CD/Floppy. When enabled, my connection to my cable modem doesn't seem to go out to the internet anywhere. Pinging Google.com falls flat. I assume it worked for some. Considering that the LRP QoS HOWTO works under the assumption that you are using EigerStein which is one release before Dachstein. Here are the steps that I've taken: 1. Find out what version my LRP is running: # cat /proc/version Linux version 2.2.19-3-LEAF-RAID ([EMAIL PROTECTED]) (gcc version 2.7.2.3) #4 Sat Dec 1 17:27:59 CST 2001 1. According to LRP QoS HOWTO (http://www.monkeynoodle.org/lrp/LRP-QoS-HOWTO.html) I've downloaded the nessessary kernel modules (I left out the ones that I didn't need, like sch_teql for load balancing). They were downloaded from http://lrp.steinkuehler.net/files/kernels/2.2.19-3-RAID/modules/misc/ to match my LRP. 2. Copied them to /lib/modules, and added the following lines to /etc/modules: # qos stuff sch_cbq sch_prio sch_sfq cls_route cls_fw cls_u32 cls_rsvp 3. Rebooted and ran LSMOD: # lsmod Module PagesUsed by cls_rsvp3736 0 (unused) cls_u32 4592 0 (unused) cls_fw 2004 0 (unused) cls_route 3596 0 (unused) sch_sfq 3200 0 (unused) sch_prio2188 0 (unused) sch_cbq11860 0 (unused) ip_masq_user3708 0 (unused) ip_masq_raudio 2980 0 (unused) ip_masq_quake 1220 0 (unused) ip_masq_portfw 2416 8 ip_masq_mfw 3196 0 (unused) ip_masq_irc 1924 0 (unused) ip_masq_ftp 3576 0 (unused) ip_masq_autofw 2476 0 (unused) 3c503 5412 1 83906236 0 [3c503] eepro100 14332 1 pci-scan2300 0 [eepro100] isofs 17692 0 ide-cd 22672 0 cdrom 26712 0 [ide-cd] So far so good... 4. The bwidth22.lrp package was already found on the CD, so I added the appropriate line to lrpkg.cfg on the floppy disk. # cat lrpkg.cfg bwidth22,dhclient,dhcpd,dnscache,etc,ifconfig,lncurses,libm, ... snip 5. Edited the /etc/network.conf file as follows: IF_AUTO=eth0 eth1 eth0_FAIRQ=YES #eth0_TXQLEN=262144 #eth0_BNDWIDTH=128kbit # Device bandwidth #eth0_HNDL=2# Queue Handle - must be unique #eth0_IABURST=100 # Interactive Burst #eth0_IARATE=1Mbit # Interactive Rate #eth0_PXMTU=1514# Physical MTU - includes Link Layer header eth1_FAIRQ=YES (fyi, i calculated TXQLEN to be max upstream transmit queue length for 1 second as recommended by monkeynoodle.) Note, I commented the eth0 lines out because according to monkeynoodle, the defaults should be sufficient for a small home network. When restarting the system, the LRP grabbed an IP via DHCP from the cable modem fine, but when I got to a command prompt, and type ping google.com nothing would happen. I also tried the command route just to see what would happen, and it would get stuck. I've tried several other solutions, such as using different LRP distributions, but I found that I'm currently most comfortable with Dachstein. I've been attacking this problem for at least a month. Does anyone have any idea how to properly get this working? -chris. --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
From ROY TAYLOR E-mail-roy2004eudoramail.com E-mail-royt2003eudoramail.com ATTN. PROPOSAL -- I got your contact from a reliable source and I decided to contact you on a mutual business relationship. My name is Mr Roy Taylor the son of president Charles Taylor of Liberia who is presently having problems with the rebels and is been forced out of office.If you are current with the news you will know what I am talking about. It is because of these problems that I have the mandate of my father to contact you and request you specifically to assist my family to secure the deposit that my father has with a financial institution in Europe which amounts to ($35,000,000)thirty five million US dollars.This is because my father knows that immediately the new government takes over, all his wealth and properties will be brought to book and might be confisticated. It is base on this fact that I am requesting you to assist us in putting this sum of money in safe keeping by accepting to receive it from the financial institution on our behalf by changing the name and signatory of the account into yours so that it will not have any link to my family and for that reason,the incoming governments(the rebels) will not find it. I will furnish you the details of this transaction if you accept to assist. For your efforts we will discuss what remuneration I will give you when you reply. Because of the urgency this issue requires, you should reach me on the above e-mail addresses. Do not forget to include your telephone and fax numbers while replying to this message. I wait for your quick response. Best regards. Roy Taylor --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0013ave/direct;at.aspnet_072303_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
Dear Sir, My name is William Ume, Presently,I am working in an African country. I got your contact via the internet and felt you may be willing to pursue this with me. This proposal may sound strange to you or probably you may even think it is a joke,because of lots of funny mails circulating over the internet .Well if you do,I really understand,but honestly my freind,I am really handicaped,because this is the only means available to me to cominicate to you. Honestly ,I think you should give me a trial,I need your assistance and the deal is good. The deal involves the transfer of funds,safely abroad,.For your role, you are to receive a percentage of the funds,based on a sharing formula that will be agreed by both parties. If you are intereted in pursuing this further please contact me via e-mail so that I can furnish you with the relevant details about the origin of the fund and the modalities for the deal. Please send your response to my e-mail address. William. --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
Godfried, Check out http://plug.twuug.org/articles/rescuedisk.html One of these bootable images can be used to fdisk and Mke2fs your drive which can then be mounted under Bering. I just used the one at http://www.tux.org/pub/people/kent-robotti/looplinux/rip/ to convert my ext2 to ext3 by creating a journal on the partition. Hope this helps, Kory Krofft On Sun, 22 Jun 2003 11:58:19 -0100 (GMT+1), Jørn Eriksen wrote: Hello there, U could use this one: http://leaf.sf.net//devel/thc/files/kwarchive/fdisk.lrp Best regards Jorn Good morning! what utility is there in bering 1.2 to allow me to use fdisk and partition my Hdisk? I have laready installed bering on the dos partition on the drive. Hdsupp.lrp did not help me. Godfried Duodu (713)802-5146 fax # (713}802-5140 --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
Hello, Looking at my firewall via the webbrowser I have the following situation within the current connections: Masqueraded Connections:: udp src=192.168.1.44 1276 dst=194.109.6.65 123 --90 sec. unknown src=599 dst=10.0.0.138 dst=src=10.0.0.2 src=10.0.0.138 --47 sec. use=1 tcp src=192.168.1.44 2010 dst=65.197.157.202 80 --74882 sec. ESTABLISHED tcp src=192.168.1.97 1116 dst=208.254.63.58 80 --60133 sec. ESTABLISHED I understand the connection to the dns server and the connection between firewall and adsl modem, but i don't understand the other two connections. Those ip-numbers seem to have a connection for a very, very long time. My question: is this normal behaviour or is there something wrong? Rob. __ The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
Joey, My two cents worth: log files are good, the more the better, it just a matter of how to manage them. I have my firewall (and HP Unix box, 2 Red Hat servers and even a couple NT) doing a remote syslog to an internal RedHat box, then logcheck runs every 15 minutes. Logcheck for anything out of the ordinary and e-mail it to me. Most of the e-mail contain nothing to be concerned about, but it allows me to be aware. Let this stuff go into the logs, then use a logcheck program to alert you to the stuff that you really need to pay attention to. And occasionally, audit the regular logs just to make sure your log check rules are doing what you intended them to do. Michael Message: 9 Date: Wed, 29 Jan 2003 08:16:34 -0800 To: [EMAIL PROTECTED] From: Ray Olszewski [EMAIL PROTECTED] Subject: Re: [leaf-user] tracing spoofed IPs? At 09:51 AM 1/29/03 -0600, Joey Officer wrote: I'm not sure if that topic is adequate, but here goes. I'm sick of my logs filling up with various IPs all trying to hit various ports. I know I can put the silent deny up and it won't fill up the log any more, but is there a more defensive approach that can be taken? Is there a way to trace what appear to be spoofed IP addresses. I've got about a million of the following entry in my logs Jan 29 11:23:47 firewall kernel: Packet log: input DENY eth0 PROTO=17 10.51.192.1:67 255.255.255.255:68 L=350 S=0x00 I=25217 F=0x T=255 (#8) I know the 10.x.x.x is for private use, so its obviously not a real IP. But is there a way to 'answer' the request in order to get more information from the offending computer to advise the admins and see if they can do something about it? Unless your ISP actually uses that address range on your external interface, there should be no way to 'answer' the request . That's why the addresses are called private -- the standards call for them to be unroutable on the public Internet. But while they are often called not real colloquially, they in fact can be perfectly real, in that they are used by actual machines on NAT'd LANs. Since they involve source port 67 and broadcast traffic (at least your example does), it's a good guess that this traffic comes from other users of your ISP who do not have their routers (or, possbily, their LAN broadcast addresses) set properly, causing the incessant chatter of Windows PCs with file-sharing enabled to leak off the LAN. If this guess is right, then the source addresses are not spoofed; they are real machines on NAT'd LANs that have misconfigured routers. (Old saying: Never attribute to malice that which can be adequately explained by incompetence.) Of course, this comment only applies to the example log entry you chose; your general question about various IPs all trying to hit various ports is too vague to answer in the form posed. Some knowledge of the actual addresses and ports involved is required. (And there *is* another old saying: Never attribute to incompetence that which can be adequately explained by malice.) -- ---Never tell me the odds! Ray Olszewski -- Han Solo Palo Alto, California, USA[EMAIL PROTECTED] --- THE INFORMATION CONTAINED IN THIS E-MAIL IS CONFIDENTIAL AND INTENDED ONLY FOR THE USE OF THE INDIVIDUAL TO WHOM IT IS ADDRESSED. IF YOU ARE NOT THE INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY USE, DISSEMINATION, DISTRIBUTION OR COPYING OF THIS COMMUNICATION IS PROHIBITED. IF YOU HAVE RECEIVED THIS E-MAIL IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER BY RETURN E-MAIL OR CALL VALLEY MEDICAL CENTER, PLLC AT 1-888-884-4155, EXT 6203 AND DELETE THIS E-MAIL, ANY ATTACHMENTS, AND ALL COPIES. --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
I've got the x509 certificate on to my Windows machine and have configured my LEAF box. When I try to establish a tunnel, I'm not getting thro'. I followed Nate Carlson's howto for win2k client set up. I'm not able to figure out why I'm getting incomplete ISAKMP error. barf output as below. Can I have some help on this please? Mohan Jan 3 14:33:05 firewall ipsec__plutorun: Starting Pluto subsystem... Jan 3 14:33:05 firewall pluto[13586]: Starting Pluto (FreeS/WAN Version 1.99) Jan 3 14:33:05 firewall pluto[13586]: including X.509 patch (Version 0.9.15) Jan 3 14:33:05 firewall pluto[13586]: Changing to directory '/etc/ipsec.d/cacerts' Jan 3 14:33:05 firewall pluto[13586]: loaded cacert file 'cacert.pem' (1700 bytes) Jan 3 14:33:05 firewall pluto[13586]: Changing to directory '/etc/ipsec.d/crls' Jan 3 14:33:05 firewall pluto[13586]: loaded crl file 'crl.pem' (715 bytes) Jan 3 14:33:05 firewall pluto[13586]: loaded my default X.509 cert file '/etc/x509cert.der' (1245 bytes) Jan 3 14:33:06 firewall pluto[13586]: added connection description w2k-road-warriors Jan 3 14:33:06 firewall pluto[13586]: listening for IKE messages Jan 3 14:33:06 firewall pluto[13586]: adding interface ipsec0/eth0 202.91.64.181 Jan 3 14:33:06 firewall pluto[13586]: loading secrets from /etc/ipsec.secrets Jan 3 15:01:55 firewall pluto[13586]: packet from 202.91.64.132:500: ignoring Vendor ID payload Jan 3 15:01:55 firewall pluto[13586]: w2k-road-warriors[1] 202.91.64.132 #1: responding to Main Mode from unknown peer 202.91.64.132 Jan 3 15:01:56 firewall pluto[13586]: w2k-road-warriors[1] 202.91.64.132 #1: encrypted Informational Exchange message is invalid because it is for incomplete ISAKMP SA --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
--- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
--- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
Dear our Guests, EXPLORE TURKEY WITH ASTARTETOURS!! Hotel Reservations: You will find more than 200 hotels all over Turkey, which have been carefully selected. Through our reservation system we are able to book more than 1.000 hotels arround Europe. Tours Hosted Programs, sightseeing tours, escorted tours or cruise programs. We have tours on set dates each year or we can organize special itineraries for the independant traveller or small groups!! Rent-A-Car: Travelling on your own pace in Turkey! We have a range of vehicles on offer to choose from. They may be hired in all major cities. Your car can be made available at the airport or your hotel for collection!! Visit our web-site!! www.astartetours.com Kind Regards Astarte Tours P.S.: If you want to unsubscribe, please sent us an e-mail. --- This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
--- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
--- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
Hi all I just bring up my ipsec tunnel. The solution to my problem comes from the article http://www.freeswan.org/freeswan_trees/freeswan-1.99/doc/faq.html regarding Interpreting error messages : route-client (or host) exited with status 7. To resume, i just have to add leftnexthop and rightnexthop to my ipsec.conf for each computer in the tunnel. Thanks again Lynn for your help. You don't give me the solution but you give me the urge to continue because i feel a little bit alone with my problem. Stephane Froment guitarlynn wrote: OK, now that we have a lot of information, let's go through what's here. # defaults for subsequent connection descriptions conn %default # How persistent to be in (re)keying negotiations (0 means very). keyingtries=0 # RSA authentication with keys from DNS. # authby=rsasig # leftrsasigkey=%dns # rightrsasigkey=%dns authby=secret left=ip.pub.lik.254 leftsubnet=192.168.0.0/24 leftfirewall=yes pfs=yes auto=add conn w2k-road-warriors right=%any Everything looks plausible here. I would get rid of the unnecessary connections. We truly wish you wouldn't change lines to hide your public ip address... You spend a lot of time doing it, you can make errors by hiding it, and we could get it if we wanted anyway. Changing it will not protect you from getting hacked if someone wanted to (and believe me, noone here has any interest in hacking you). I would also get rid of the *firewall=yes line, if the connection goes down, you will be forced to reboot the firewall to reconnect, which may be the problemsee later in the post. I have information on manually setting the firewall to allow the connections w/o this option at http://leaf.sourceforge.net/devel/guitarlynn/ipsec.txt and Tom has instruction for doing the same on http://www.shorewall.net or http://leaf.sourceforge.net/devel/jnilo/buipsec.html#AEN1436 . Nov 16 13:35:34 firewall ipsec_setup: Starting FreeS/WAN IPsec 1.98b... Nov 16 13:35:35 firewall ipsec_setup: Using /lib/modules/ipsec.o Nov 16 13:35:35 firewall ipsec_setup: KLIPS ipsec0 on ppp0 ip.pub.lik.254 peer ip.pub.lik.1/32 Nov 16 13:35:35 firewall ipsec_setup: ...FreeS/WAN IPsec started Nov 16 13:38:37 firewall kernel: Shorewall:FORWARD:REJECT:IN=ipsec0 OUT=eth1 SRC=62.147.151.223 DST=192.168.0.201 LEN=89 TOS=0x00 PREC=0x00 TTL=127 ID=60576 PROTO=UDP SPT=3309 DPT=161 LEN=69 OK, ipsec starts, then rejects a packet from the roadwarrior, we'll check for the error further down. + _ plog + + sed -n 2,$p /var/log/auth.log + egrep -i pluto + cat Nov 16 13:35:35 firewall ipsec__plutorun: Starting Pluto subsystem... Nov 16 13:35:35 firewall pluto[24215]: Starting Pluto (FreeS/WAN Version 1.98b) Nov 16 13:35:35 firewall pluto[24215]: including X.509 patch (Version 0.9.13) Nov 16 13:35:35 firewall pluto[24215]: Could not change to directory '/etc/ipsec.d/cacerts' Nov 16 13:35:35 firewall pluto[24215]: Could not change to directory '/etc/ipsec.d/crls' Nov 16 13:35:35 firewall pluto[24215]: loaded my default X.509 cert file '/etc/x509cert.der' (7 bytes) Nov 16 13:35:35 firewall pluto[24215]: file coded in unknown format, discarded Nov 16 13:35:35 firewall pluto[24215]: OpenPGP certificate file '/etc/pgpcert.pgp' not found It appears to be trying to load a x509 cert, If I remember correctly the Bering ipsec package(s) offer seperate packages for use of x509 certs, but this could be a possible problem. I know Dachstein offers an add-on package for x509 certs. Nov 16 13:35:36 firewall pluto[24215]: added connection description sample Nov 16 13:35:37 firewall pluto[24215]: added connection description w2k-road-warriors Nov 16 13:35:37 firewall pluto[24215]: listening for IKE messages Nov 16 13:35:37 firewall pluto[24215]: adding interface ipsec0/ppp0 ip.pub.lik.254 Nov 16 13:35:37 firewall pluto[24215]: loading secrets from /etc/ipsec.secrets Nov 16 13:38:36 firewall pluto[24215]: packet from 62.147.151.223:500: ignoring Vendor ID payload Nov 16 13:38:36 firewall pluto[24215]: w2k-road-warriors[1] 62.147.151.223 #1: responding to Main Mode from unknown peer 62.147.151.223 Nov 16 13:38:36 firewall pluto[24215]: w2k-road-warriors[1] 62.147.151.223 #1: Peer ID is ID_IPV4_ADDR: '62.147.151.223' Nov 16 13:38:36 firewall pluto[24215]: w2k-road-warriors[1] 62.147.151.223 #1: sent MR3, ISAKMP SA established Nov 16 13:38:37 firewall pluto[24215]: w2k-road-warriors[1] 62.147.151.223 #2: responding to Quick Mode Here your w2k-road-warriors tunnel comes up successfully, all that has not happened here is the successful transmission of information across the tunnel. Nov 16 13:38:37 firewall pluto[24215]: w2k-road-warriors[1] 62.147.151.223 #2: route-client output: RTNETLINK answers: Network is unreachable Nov 16 13:38:37 firewall pluto[24215]: This is the indication of the problem. For some reason, the network becomes unreachable and/or the tunnel bombs out. Why this is happening
[leaf-user] (no subject)
I've been at this point before and did get some help. I've got stuck at this point again. I'm in search of an workable elegant solution. When I started with leaf, I wanted to install it on a hard disk. When I used syslinux dos version, I got an error saying cannot get exclusive access. I was told I must use DOS6.22 Fdisk. I did and my problem got solved. I then got a ATA PCMCIA Flash drive on which I used a 8MB PCMCIA SANDISK flash card. It went thro' without a problem. I've a set-up machine which has a hard disk with a 16MB partition on which leaf is installed. I boot with a DOS floppy, execute syslinux to install MBR on the flash and then boot leaf off the HDD(/dev/hda1) and backup to the flash (/dev/hdc1). I then disable the hard disk in the bios and check if I can boot off the flash. So far so good. I got a IDE CF adaptor recently. The CF card is a 32MB card. It gets formatted to FAT16 when formatted using DOS. I think DOS6.22 uses FAT12. I checked syslinux site and it says we can boot off FAT12 or FAT16 partitions. Problems occur only when cylinder count 1024 or cluster size 16kb. I remember Guitarlynn's oft repeated comment in the mailing list that syslinux gives a problem if partition is 24MB. I also tried Ranish Partition Manager to format the CF card in FAT12 mode. Still syslinux gave the same error. Syslinux unix version executed under leaf gives a grsec and segmentation fault. Now I'm beginning to pull my hair out. I know I can do dd if=/dev/hda of=/dev/hdc bs=512 count=1 to get the boot sector from HDD to CF. Then my CF should become hda1. I tried the fdisk.lrp, installed fdisk on leaf and went thro' that fdisk too to create the partitions. Same result. Is there an easier method? Am I missing something very trivial? Can a more experienced person create a script or a program to do this off leaf? I did not fight with the system for so long the first time around. If FDISK with DOS6.22 alone is the issue, I'm stuck in trying to locate one. Is there another alternative? Is mkfs.msdos available in leaf? Bye S Mohan --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] (no subject)
What syslinux version have you tried? I had only success with version 2.00-pre6 (at the time) Version 2.00 has just come out, give it a try and test it! What is the exact error given by syslinux? -Original Message- From: S Mohan [mailto:smohan;vsnl.com] Sent: Tuesday, November 05, 2002 9:15 AM To: [EMAIL PROTECTED] Subject: [leaf-user] (no subject) I've been at this point before and did get some help. I've got stuck at this point again. I'm in search of an workable elegant solution. When I started with leaf, I wanted to install it on a hard disk. When I used syslinux dos version, I got an error saying cannot get exclusive access. I was told I must use DOS6.22 Fdisk. I did and my problem got solved. I then got a ATA PCMCIA Flash drive on which I used a 8MB PCMCIA SANDISK flash card. It went thro' without a problem. I've a set-up machine which has a hard disk with a 16MB partition on which leaf is installed. I boot with a DOS floppy, execute syslinux to install MBR on the flash and then boot leaf off the HDD(/dev/hda1) and backup to the flash (/dev/hdc1). I then disable the hard disk in the bios and check if I can boot off the flash. So far so good. I got a IDE CF adaptor recently. The CF card is a 32MB card. It gets formatted to FAT16 when formatted using DOS. I think DOS6.22 uses FAT12. I checked syslinux site and it says we can boot off FAT12 or FAT16 partitions. Problems occur only when cylinder count 1024 or cluster size 16kb. I remember Guitarlynn's oft repeated comment in the mailing list that syslinux gives a problem if partition is 24MB. I also tried Ranish Partition Manager to format the CF card in FAT12 mode. Still syslinux gave the same error. Syslinux unix version executed under leaf gives a grsec and segmentation fault. Now I'm beginning to pull my hair out. I know I can do dd if=/dev/hda of=/dev/hdc bs=512 count=1 to get the boot sector from HDD to CF. Then my CF should become hda1. I tried the fdisk.lrp, installed fdisk on leaf and went thro' that fdisk too to create the partitions. Same result. Is there an easier method? Am I missing something very trivial? Can a more experienced person create a script or a program to do this off leaf? I did not fight with the system for so long the first time around. If FDISK with DOS6.22 alone is the issue, I'm stuck in trying to locate one. Is there another alternative? Is mkfs.msdos available in leaf? Bye S Mohan --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] (no subject)
Mohan At 10:15 05.11.2002, you wrote: . I also tried Ranish Partition Manager to format the CF card in FAT12 mode. Still syslinux gave the same error. Syslinux unix version executed under leaf gives a grsec and segmentation fault. I ran into this myself when I was building/testing the write protected DOM. I believe building a (for example) bering kernel without gresecurity could solve the issue. I am still in the process of defining a viable development platform for myself (UML is not viable because it needs X or a real console). Now I'm beginning to pull my hair out. I know I can do dd if=/dev/hda of=/dev/hdc bs=512 count=1 to get the boot sector from HDD to CF. Then my CF should become hda1. I tried the fdisk.lrp, installed fdisk on leaf and went thro' that fdisk too to create the partitions. Same result. Is there an easier method? Am I missing something very trivial? Can a more experienced person create a script or a program to do this off leaf? I did not fight with the system for so long the first time around. If FDISK with DOS6.22 alone is the issue, I'm stuck in trying to locate one. Is there another alternative? Is mkfs.msdos available in leaf? I have a DOS 6.22 floppy with fdisk and syslinux on my WP documentation page see http://www.think.ch/leaf/ADM . I would love though to have an alternative under a LEAF distribution. Maybe someone with a kernel compile environment could build a kernel without gresecurity and we might be there. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:erich.titl;think.ch PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] (no subject)
Latest syslinux 2.00 stable version from freshmeat. Are the programs that will just copy boot sectors or create boot sectors for /dev/hda1, /dev/hda2 etc.. that I can simply copy with a dd command? Mohan -Original Message- From: [EMAIL PROTECTED] [mailto:leaf-user-admin;lists.sourceforge.net]On Behalf Of Luis.F.Correia Sent: 05 November 2002 15:01 To: [EMAIL PROTECTED] Subject: RE: [leaf-user] (no subject) What syslinux version have you tried? I had only success with version 2.00-pre6 (at the time) Version 2.00 has just come out, give it a try and test it! What is the exact error given by syslinux? -Original Message- From: S Mohan [mailto:smohan;vsnl.com] Sent: Tuesday, November 05, 2002 9:15 AM To: [EMAIL PROTECTED] Subject: [leaf-user] (no subject) I've been at this point before and did get some help. I've got stuck at this point again. I'm in search of an workable elegant solution. When I started with leaf, I wanted to install it on a hard disk. When I used syslinux dos version, I got an error saying cannot get exclusive access. I was told I must use DOS6.22 Fdisk. I did and my problem got solved. I then got a ATA PCMCIA Flash drive on which I used a 8MB PCMCIA SANDISK flash card. It went thro' without a problem. I've a set-up machine which has a hard disk with a 16MB partition on which leaf is installed. I boot with a DOS floppy, execute syslinux to install MBR on the flash and then boot leaf off the HDD(/dev/hda1) and backup to the flash (/dev/hdc1). I then disable the hard disk in the bios and check if I can boot off the flash. So far so good. I got a IDE CF adaptor recently. The CF card is a 32MB card. It gets formatted to FAT16 when formatted using DOS. I think DOS6.22 uses FAT12. I checked syslinux site and it says we can boot off FAT12 or FAT16 partitions. Problems occur only when cylinder count 1024 or cluster size 16kb. I remember Guitarlynn's oft repeated comment in the mailing list that syslinux gives a problem if partition is 24MB. I also tried Ranish Partition Manager to format the CF card in FAT12 mode. Still syslinux gave the same error. Syslinux unix version executed under leaf gives a grsec and segmentation fault. Now I'm beginning to pull my hair out. I know I can do dd if=/dev/hda of=/dev/hdc bs=512 count=1 to get the boot sector from HDD to CF. Then my CF should become hda1. I tried the fdisk.lrp, installed fdisk on leaf and went thro' that fdisk too to create the partitions. Same result. Is there an easier method? Am I missing something very trivial? Can a more experienced person create a script or a program to do this off leaf? I did not fight with the system for so long the first time around. If FDISK with DOS6.22 alone is the issue, I'm stuck in trying to locate one. Is there another alternative? Is mkfs.msdos available in leaf? Bye S Mohan --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] (no subject)
No, you run syslinux to create the boot sector ON the CF. Read the docs. -Original Message- From: S Mohan [mailto:smohan;vsnl.com] Sent: Tuesday, November 05, 2002 9:59 AM To: Luis.F.Correia; [EMAIL PROTECTED] Subject: RE: [leaf-user] (no subject) Latest syslinux 2.00 stable version from freshmeat. Are the programs that will just copy boot sectors or create boot sectors for /dev/hda1, /dev/hda2 etc.. that I can simply copy with a dd command? Mohan -Original Message- From: [EMAIL PROTECTED] [mailto:leaf-user-admin;lists.sourceforge.net]On Behalf Of Luis.F.Correia Sent: 05 November 2002 15:01 To: [EMAIL PROTECTED] Subject: RE: [leaf-user] (no subject) What syslinux version have you tried? I had only success with version 2.00-pre6 (at the time) Version 2.00 has just come out, give it a try and test it! What is the exact error given by syslinux? -Original Message- From: S Mohan [mailto:smohan;vsnl.com] Sent: Tuesday, November 05, 2002 9:15 AM To: [EMAIL PROTECTED] Subject: [leaf-user] (no subject) I've been at this point before and did get some help. I've got stuck at this point again. I'm in search of an workable elegant solution. When I started with leaf, I wanted to install it on a hard disk. When I used syslinux dos version, I got an error saying cannot get exclusive access. I was told I must use DOS6.22 Fdisk. I did and my problem got solved. I then got a ATA PCMCIA Flash drive on which I used a 8MB PCMCIA SANDISK flash card. It went thro' without a problem. I've a set-up machine which has a hard disk with a 16MB partition on which leaf is installed. I boot with a DOS floppy, execute syslinux to install MBR on the flash and then boot leaf off the HDD(/dev/hda1) and backup to the flash (/dev/hdc1). I then disable the hard disk in the bios and check if I can boot off the flash. So far so good. I got a IDE CF adaptor recently. The CF card is a 32MB card. It gets formatted to FAT16 when formatted using DOS. I think DOS6.22 uses FAT12. I checked syslinux site and it says we can boot off FAT12 or FAT16 partitions. Problems occur only when cylinder count 1024 or cluster size 16kb. I remember Guitarlynn's oft repeated comment in the mailing list that syslinux gives a problem if partition is 24MB. I also tried Ranish Partition Manager to format the CF card in FAT12 mode. Still syslinux gave the same error. Syslinux unix version executed under leaf gives a grsec and segmentation fault. Now I'm beginning to pull my hair out. I know I can do dd if=/dev/hda of=/dev/hdc bs=512 count=1 to get the boot sector from HDD to CF. Then my CF should become hda1. I tried the fdisk.lrp, installed fdisk on leaf and went thro' that fdisk too to create the partitions. Same result. Is there an easier method? Am I missing something very trivial? Can a more experienced person create a script or a program to do this off leaf? I did not fight with the system for so long the first time around. If FDISK with DOS6.22 alone is the issue, I'm stuck in trying to locate one. Is there another alternative? Is mkfs.msdos available in leaf? Bye S Mohan --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] (no subject)
I know that is the proper way. Unfortunately, I'm stuck and am mad at myself for that. Error message: ERROR 440D: Unable to lock drive for exclusive access - when I use syslinux 2.00 from freshmeat. the last time, I used syslinux 1.75. Mohan -Original Message- From: [EMAIL PROTECTED] [mailto:leaf-user-admin;lists.sourceforge.net]On Behalf Of Luis.F.Correia Sent: 05 November 2002 15:48 To: [EMAIL PROTECTED] Subject: RE: [leaf-user] (no subject) No, you run syslinux to create the boot sector ON the CF. Read the docs. -Original Message- From: S Mohan [mailto:smohan;vsnl.com] Sent: Tuesday, November 05, 2002 9:59 AM To: Luis.F.Correia; [EMAIL PROTECTED] Subject: RE: [leaf-user] (no subject) Latest syslinux 2.00 stable version from freshmeat. Are the programs that will just copy boot sectors or create boot sectors for /dev/hda1, /dev/hda2 etc.. that I can simply copy with a dd command? Mohan -Original Message- From: [EMAIL PROTECTED] [mailto:leaf-user-admin;lists.sourceforge.net]On Behalf Of Luis.F.Correia Sent: 05 November 2002 15:01 To: [EMAIL PROTECTED] Subject: RE: [leaf-user] (no subject) What syslinux version have you tried? I had only success with version 2.00-pre6 (at the time) Version 2.00 has just come out, give it a try and test it! What is the exact error given by syslinux? -Original Message- From: S Mohan [mailto:smohan;vsnl.com] Sent: Tuesday, November 05, 2002 9:15 AM To: [EMAIL PROTECTED] Subject: [leaf-user] (no subject) I've been at this point before and did get some help. I've got stuck at this point again. I'm in search of an workable elegant solution. When I started with leaf, I wanted to install it on a hard disk. When I used syslinux dos version, I got an error saying cannot get exclusive access. I was told I must use DOS6.22 Fdisk. I did and my problem got solved. I then got a ATA PCMCIA Flash drive on which I used a 8MB PCMCIA SANDISK flash card. It went thro' without a problem. I've a set-up machine which has a hard disk with a 16MB partition on which leaf is installed. I boot with a DOS floppy, execute syslinux to install MBR on the flash and then boot leaf off the HDD(/dev/hda1) and backup to the flash (/dev/hdc1). I then disable the hard disk in the bios and check if I can boot off the flash. So far so good. I got a IDE CF adaptor recently. The CF card is a 32MB card. It gets formatted to FAT16 when formatted using DOS. I think DOS6.22 uses FAT12. I checked syslinux site and it says we can boot off FAT12 or FAT16 partitions. Problems occur only when cylinder count 1024 or cluster size 16kb. I remember Guitarlynn's oft repeated comment in the mailing list that syslinux gives a problem if partition is 24MB. I also tried Ranish Partition Manager to format the CF card in FAT12 mode. Still syslinux gave the same error. Syslinux unix version executed under leaf gives a grsec and segmentation fault. Now I'm beginning to pull my hair out. I know I can do dd if=/dev/hda of=/dev/hdc bs=512 count=1 to get the boot sector from HDD to CF. Then my CF should become hda1. I tried the fdisk.lrp, installed fdisk on leaf and went thro' that fdisk too to create the partitions. Same result. Is there an easier method? Am I missing something very trivial? Can a more experienced person create a script or a program to do this off leaf? I did not fight with the system for so long the first time around. If FDISK with DOS6.22 alone is the issue, I'm stuck in trying to locate one. Is there another alternative? Is mkfs.msdos available in leaf? Bye S Mohan --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] (no subject)
Hi Erich, * Erich Titl ([EMAIL PROTECTED]) [021105 01:48]: [snip] I ran into this myself when I was building/testing the write protected DOM. I believe building a (for example) bering kernel without gresecurity could solve the issue. I am still in the process of defining a viable development platform for myself (UML is not viable because it needs X or a real console). [snip] I'm curious about your statement UML is not viable because it needs X or a real console. I use UML exclusively from a PuTTY ssh session to the UML host system, then use GNU screen to connect to the UML instances. There is no X or a real console involved ;). --- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] (no subject)
Using 2 linked connection descriptions seems rather strange to me, but appeared that the IKE session worked properly from a quick look. Possibly a routing problem of some type (?). A barf would be much clearer than the status, since I'm not seeing any clear errors from IPSec in what information you posted. Apparently the problem lies within a different section. Is Shorewall properly configured to allow traffic from the Roadwarrior (Tom has a IPSec document on the Shorewall website)? -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
confirm 937257 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] (no subject)
On Tuesday 22 October 2002 22:36, Simpson, Doug wrote: I believe it is the firewall or a routing issue. Pardon my ignorance but I do not know where to look next or what to test or disable. Has anyone done this successfully? Bering (LRP) and FreeSwan and SSHSentinel. THank you for your time Yep, many people are running this setup without problems. We'll need some configuration information for Ipsec and Shorewall to have any clue to what might be wrong. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
I am using the latest Bering v1.0-rc3 release. I am trying to run IPSEC but I am having no success. Here is my config: [windows2k remote client accessing via SSH Sentinel ver 1.3.2] ---internet[LRP box running Bering/Shorewall/Freeswan 1.98b]my internal network The LRP box has two nics one straight to the Internet (12.144.99.39) and one into the internal network (172.16.0.254). It appears that I get connected to the LRP box, however, at first I was unable to ping the outside (public) interface 12.144.99.39. When I ping the 172.16.0.254 (internal interface) then I get a reply from but destination port unreachable. So I checked the messages logs and decided that the firewall was mucking me up (though I believe I configured it correctly for IPSEC connections). I opened up the fire wall to ALL just to test. Once connected, all stayed the same accept for the 172.16.0.254 replied fully. I still cannot ping further into my internal network and I cannot ping the external public interface. I believe it is the firewall or a routing issue. Pardon my ignorance but I do not know where to look next or what to test or disable. Has anyone done this successfully? Bering (LRP) and FreeSwan and SSHSentinel. THank you for your time Doug --- This sf.net emial is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ad.doubleclick.net/clk;4699841;7576301;v?http://www.sun.com/javavote leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
Hi everyone, Again somebody can tell me how to manage the routing protocols in a LRP/LEAF box. (RIP, OSPF, BGP, ISIS, maybe IGRP and EIGRP) I think that the default routing protocol is RIP but only listen RIP advice or also send routing RIP advice. I saw some modules named like ospf.o and igrp.o, but how can configure them. If somebody have some information about it please tell me. Thank you in advance. Johnnattanh _ Send and receive Hotmail on your mobile device: http://mobile.msn.com --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] (no subject)
Howdy Johnnattanh, The old LRP mailing lists are virtually unused. Just wanted to let you know before you got your hopes up about getting a response from that arena. After rereading your last message I had thought that you were referring to *.lrp packages. My mistake. I am not familiar with the modules that you are referring to. If you could point me in the direction that you found them I would appreciate it. Default routing on all of the LEAF distributions is statically configured. However you can add packages that will give you the ability to use various dynamic routing protocols. I recommend using zebra.lrp packaged by David Douthitt. It is based on zebra-0.92 and supports bgp, ospf, and rip. I have had problems running it on the LEAF Bering distro but I know of people that have used it with the LEAF Oxygen distro with great success. It can be found here: http://www.leaf-project.org/devel/ddouthitt/packages/ EIGRP is a cisco specific protocol. The only way to play with this is to play with cisco. I am currently working on an updated version of the zebra package. The new version is built around the original modular concept that zebra was built on and you will be able to load the different protocol daemons as independent packages. Meaning that if you want bgp you would load the bgpd.lrp and do not have to give up precious space to protocols that you may not want or need. Hope this was helpful, Eric Kiser -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Johnnattanh 23 Sent: Monday, October 07, 2002 10:54 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [leaf-user] (no subject) Hi everyone, Again somebody can tell me how to manage the routing protocols in a LRP/LEAF box. (RIP, OSPF, BGP, ISIS, maybe IGRP and EIGRP) I think that the default routing protocol is RIP but only listen RIP advice or also send routing RIP advice. I saw some modules named like ospf.o and igrp.o, but how can configure them. If somebody have some information about it please tell me. Thank you in advance. Johnnattanh _ Send and receive Hotmail on your mobile device: http://mobile.msn.com --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] (no subject)
Hello Eric, Well at this time I don't remember where I saw the modules but I'm going to looking for them and I'll let you know if I find them. Thank you for the information I'll try zebra. Yours Johnnattanh --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
Hello, My name is Johnnattanh My question is this if I want to my LRP/LEAF box advertise routing tables with certain protocol (RIP,OSPF,IS-IS,maybe IGRP or EIGRP) I have seen some modules but, I only have to load them and that's it or I can configure them in some configuration file. Thank you in advance for the help and thank you for this greatful project. Also someone knows where or if I can do a back to back connection between 2 ISDN boxes or connect 2 LRP/LEAF running ISDN in a serial link (I mean without have a ISDN switch of the telco between the two boxes) or the LRP can be used like an NT1 or NT2. _ Send and receive Hotmail on your mobile device: http://mobile.msn.com --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
Hello, My name is Johnnattanh My question is this if I want to my LRP/LEAF box advertise routing tables with certain protocol (RIP,OSPF,IS-IS,maybe IGRP or EIGRP) I have seen some modules but, I only have to load them and that's it or I can configure them in some configuration file. Thank you in advance for the help and thank you for this greatful project. Also someone knows where or if I can do a back to back connection between 2 ISDN boxes or connect 2 LRP/LEAF running ISDN in a serial link (I mean without have a ISDN switch of the telco between the two boxes) or the LRP can be used like an NT1 or NT2. _ Send and receive Hotmail on your mobile device: http://mobile.msn.com --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] (no subject)
Howdy Johnnattanh, The LRP mailing lists are virtually unused. Just wanted to let you know before you got your hopes up about getting a response from that arena. Hello, My name is Johnnattanh My question is this if I want to my LRP/LEAF box advertise routing tables with certain protocol (RIP,OSPF,IS-IS,maybe IGRP or EIGRP) I would recommend using zebra.lrp it is based on zebra-0.92 and supports bgp, ospf, and rip. I have had problems running it on the LEAF Bering distro but I know of people that have used it with the LEAF Oxygen distro with great success. EIGRP is a cisco specific protocol. The only way to play with this is to play with cisco. There is a sourceforge project that is currently working on IS-IS support for zebra but apparently it is still rather buggy and is only available as a patch or series of patches to the main zebra source. IGRP is just plain old and doesn't really compare to any of the more modern OSPF, IS-IS, EIGRP. I have seen some modules but, I only have to load them and that's it or I can configure them in some configuration file. Yes, they must be configured. I would recommend joining the zebra mailing list at zebra.org if you are going to work with it. One word of warning though, the zebra mailing list can be caustic. There is usually nothing warm, fuzzy, or even polite about it. Generally, though, if you show that you have done your homework you can get the answers you need out of them. Thank you in advance for the help and thank you for this greatful project. Also someone knows where or if I can do a back to back connection between 2 ISDN boxes or connect 2 LRP/LEAF running ISDN in a serial link (I mean without have a ISDN switch of the telco between the two boxes) or the LRP can be used like an NT1 or NT2. Nope, you would have to have something in between. Tens of thousands of dollars just for an emulator, IIRC. Good luck, Eric _ Send and receive Hotmail on your mobile device: http://mobile.msn.com --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
--- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] (no subject)
On Wed, 4 Sep 2002 13:59:39 -0700 Scott Ritchie [EMAIL PROTECTED] wrote: --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html Wow. For once a no subject post where the contents really match the subject line! ;-) -- Chad Carr [EMAIL PROTECTED] --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
Okay, trolling here. Anybody know anything (or want to know anything) about mobile ip HA/FA support for LEAF? -- Chad Carr [EMAIL PROTECTED] --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: SMTP problem (was: [leaf-user] (no subject))
We are running Linux version 2.2.19-3-LEAF with the default firewalling. The LAN is using NAT. We are able to send mail to the server by adding the server name to the hosts file on the network machines. We are able to send mail out to external mailers (Yahoo, AOL), We can send mail from user to user inside the network. However, when sending TO the internal network the mail gets to the sendmail mail queue then gets deferred due to the mailserver's inability to contact the sending MTA. The openings in the firewall for smtp are: EXTERN_SMTP_PORTS = 0/0_ntp 0/0_smtp and INTERN_SMTP_SERVER = 10.0.0.XXX As far as the ISP, that is not the case for us. We can run anything on our pipe. However, we are still only testing the server so the mail will come from [EMAIL PROTECTED] until we are ready to go live. The only thing could be some strange name service rule that picks up on that unknown private.network. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ray Olszewski Sent: Friday, August 09, 2002 5:02 PM To: Craig Heil; [EMAIL PROTECTED] Subject: Re: SMTP problem (was: [leaf-user] (no subject)) At 03:18 PM 8/9/02 -0400, Craig Heil wrote: The firewall has been in place for some time working great. We recently began testing an internal mail server. It has been tested internally fine. It can also send mail externally fine. However, even though we have opened up the SMTP port everywhere in the firewall, when you send mail outside to the machine, sendmail gets it into the mail queue but then the message is deferred since it cannot talk back through the firewall. The error message reads (Deferred: Connection timed out with XXX.XXX.XXX.XXX.) where the XXX's are the firewall real-world IP address. The port forwarding is also set up on the SMTP port. We have checked through the config and found nothing that helps. Please advise. We need a bit more detail to be able to help. First, what version of LEAF are you using? Second, are you using its default firewalling or one of the drop-in firewall options? And am I correct in assuming that your LAN is NAT'd? Third, you say you have opened up the SMTP port everywhere in the firewall but that your internal SMTP server is failing because it cannot talk back through the firewall. Given the error message you quote, the reasonable inference is that the second of your two statements is correct, which suggests that the first is wrong. So ... *how* did you open the SMTP port? Fourth, might your ISP be the actual culprit here? I've heard of (but not actually seen) ISPs that block incoming traffic to port 25 at their customers' IP addresses, in order to force the customers to use the ISP's mail servers as (POP3 or IMAP) relays. Finally, could you take another shot at explaining the circumstances under which the SMTP server fails to deliver? I read what you wrote to mean that if somebody tries to send an email to [EMAIL PROTECTED], where yourdomaim.com resolves to the IP address of your firewall, then the message gets stuck in the MTA (e.g., sendmail) queue of the sending machine (or whatever it uses as a relay for outgoing mail). That is, the sendmail you refer to is -NOT- the MTA you are running on your mail server. But that interpretation involves a lot of reading between the lines, so your confirming or correcting it would be worth while. -- ---Never tell me the odds! Ray Olszewski -- Han Solo Palo Alto, California, USA[EMAIL PROTECTED] --- --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: SMTP problem (was: [leaf-user] (no subject))
We are running Linux version 2.2.19-3-LEAF with the default firewalling. The LAN is using NAT. We are able to send mail to the server by adding the server name to the hosts file on the network machines. We are able to send mail out to external mailers (Yahoo, AOL), We can send mail from user to user inside the network. However, when sending TO the internal network the mail gets to the sendmail mail queue then gets deferred due to the mailserver's inability to contact the sending MTA. This is still somewhat confusing. The e-mail gets to the sendmail queue on *WHICH* machine...the remote sender or the local reciever? Your description above makes it sound like your local mailserver cannot connect to the remote system which is trying to send mail, which doesn't make much sense to me. Please provide more details about exactly how you're trying to send mail, and any non-standard checks you're doing on your local mail-server (ie: ident check, SMTP verify to validate sender e-mail address, etc). Remember, all we know about your setup is what's in your e-mail... The openings in the firewall for smtp are: EXTERN_SMTP_PORTS = 0/0_ntp 0/0_smtp This is very confusing. Looks like you're using one of my Dachstein releases, based on the kernel version, but the above configuration variable does not exist in the Dachstein firewall scripts. Even worse, I can't tell it was a simple typo, since you're mixing UDP and TCP protocols on the same line. If I'm reading between the lines properly, you need something like: EXTERN_UDP_PORTS=0/0_ntp EXTERN_TCP_PORTS=0/0_smtp Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: SMTP problem (was: [leaf-user] (no subject))
Thanks for responding. I'm afraid, though, that your response leaves unanswered many of the questions I asked. See below. At 08:48 AM 8/12/02 -0400, Craig Heil wrote: We are running Linux version 2.2.19-3-LEAF with the default firewalling. This statement does not identify the LEAF version. LEAF versions have names like Dachstein, Oxygen, and Bering. Which are you using, and is it a floppy or a CD-based version? The LAN is using NAT. We are able to send mail to the server by adding the server name to the hosts file on the network machines. I assume you mean here that you can send mail out through your on-LAN server from workstations on the LAN. Please correct me if this interpretation is wrong. We are able to send mail out to external mailers (Yahoo, AOL), We can send mail from user to user inside the network. And just to be clear ... the mail server is a different host from the LEAF firewall, right? What Linux distro does it run, what kernel version, and what MTA? However, when sending TO the internal network the mail gets to the sendmail mail queue then gets deferred due to the mailserver's inability to contact the sending MTA. Once again, I must ask: do you mean the sendmail queue on the on-LAN server? If so, this description is very puzzling. In order for the complete message to reach the on-LAN server, it has to make several responses to the sending MTA (responding to the HELO, RCPT, and MAIL messages) before the actual piece of e-mail (the DATA message) is sent. So we need a better explanation of the problem than gets deferred due to the mailserver's inability to contact the sending MTA. Of course, you might mean something else. If so, please explain it more clearly. Also, if I have interpreted this correctly ... what is sendmail *supposed* to do with these messages? Deliver them to on-server accounts (to be read using POP3, IMAP, or shell logins)? Send them on to the workstations (how ... what MTAs are the workstations running)? Do the messages coming from outside have To: FQNs (I mean the part after the @) that are the same as the ones used on messages that originate internally? How does the server resolve names (since you mention needing to add its name to the hosts files on workstations, it sounds like you are not running on-LAN DNS)? I ask all this stuff because when mail is stuck in the sendmail queue, that usually indicates a problem contacting the *destination* MTA, not the *source* MTA. To be sure that the problem is with the *sending* MTA, as you write: from off-LAN, if you telnet to port 25 and send a message using the various smtp commands manually, at what point does the interchange fail? The openings in the firewall for smtp are: EXTERN_SMTP_PORTS = 0/0_ntp 0/0_smtp and INTERN_SMTP_SERVER = 10.0.0.XXX This no doubt relates to whichever LEAF version you are running, but without knowing which version that is, I cannot really comment on it. A couple of quick comments, though -- 1. Listing the ntp port as an external smtp port seems odd, no matter what version you are using. 2. The INTERN_SMTP_SERVER needs a complete IP address, not 10.0.0.XXX. (I assume you are not being silly enough to think that you need to protect yourself by keeping a *private-range* IP address secret from us.) Here we would benefit from seeing the actual firewall ruleset, not just a couple of config-file lines. Next time, post the unedited output of ipchains -nvL if you want actual troubleshooting help with respect to the ruleset you have installed. As far as the ISP, that is not the case for us. We can run anything on our pipe. However, we are still only testing the server so the mail will come from [EMAIL PROTECTED] until we are ready to go live. The only thing could be some strange name service rule that picks up on that unknown private.network. I don't understand this last part. If all mail is coming from [EMAIL PROTECTED], how are you doing off-LAN tests? If you are spoofing the source when doing off-LAN tests, then is it possible that you are hitting your MTA's anti-relaying or anti-SPAM rules rather than having a LEAF-related problem? If so, you need to get advice from a support list for your MTA, not from LEAF. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ray Olszewski Sent: Friday, August 09, 2002 5:02 PM To: Craig Heil; [EMAIL PROTECTED] Subject: Re: SMTP problem (was: [leaf-user] (no subject)) [old stuff deleted] -- ---Never tell me the odds! Ray Olszewski -- Han Solo Palo Alto, California, USA[EMAIL PROTECTED] --- --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf
Re: SMTP problem (was: [leaf-user] (no subject))
Sorry, /etc/network.conf reads Version 1.3.2, September 29, 2001 The e-mail sent from outside (Yahoo) appears in OUR sendmail queue when it gets deferred with the message: stat=Deferred: Connection timed out with XX.XXX.XXX.XX (our firewall address). The sendmail (8.11) is not doing anything non-standard. Just the basic configuration. OK, when you say OUR sendmail queue, is that the machine behind the Dachstein firewall, or are you running a large network where OUR sendmail queue is a corperate-wide mail reciever, which re-directs mail to multiple secondary MTA's? Assuming the former, mail *IS* actually getting to your system, but sendmail is apparently not correctly configured to recognize the addresses as being local. Instead, it sounds like sendmail is trying to relay your messages to what it thinks is their correct final destination, which is your firewall address (which you presumably have listed in an MX record for your domain). Connecting to a port-forwarded service via it's external IP from within the internal network, which is what your sendmail system is trying to do (ie it's trying to talk to itself, via the port-forwarding setup on the firewall) won't work (at least not without some packet routing gymnastics :-), so as far as sendmail is concerned, it can't talk to the authoritative MTA, and even if it could, you'd just wind up with a mail loop. You need to check your sendmail configuration, and try running some tests on the e-mail addresses you're using to send mail. I strongly suspect you'll find an error in the sendmail setup that's causing addresses to not be treated as local. You'll have to dig through the sendmail docs for the test procedures (or maybe a kind soul on list will have helpful info)...I'm more familiar with exim and qmail...haven't done any hands-on configuration of sendmail for 2-3 years (and I have yet to unpack my O'Reilly bat book from a recent move :-) Under TCP servers open to the outside world we have: EXTERN_SMTP_PORTS = 0/0_ntp 0/0_smtp and under UDP servers open to the outside world we have: EXTERN_UDP_PORTS = 0/0_domain 0/0_bootpc 0/0_ntp Looks OK, assuming EXTERN_SMTP_PORTS is actually EXTERN_TCP_PORTS... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
The firewall has been in place for some time working great. We recently began testing an internal mail server. It has been tested internally fine. It can also send mail externally fine. However, even though we have opened up the SMTP port everywhere in the firewall, when you send mail outside to the machine, sendmail gets it into the mail queue but then the message is deferred since it cannot talk back through the firewall. The error message reads (Deferred: Connection timed out with XXX.XXX.XXX.XXX.) where the XXX's are the firewall real-world IP address. The port forwarding is also set up on the SMTP port. We have checked through the config and found nothing that helps. Please advise. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] (no subject) - internal mail server - not available to outside world
First we need to know what distro of LEAF are you using. Second, I believe that within the network.conf there is a segment that describes having an internal mail server, and allowing connections to make it back to it. I haven't currently done this, but it will be something I am working on. In my future situation, I plan to run the mail and web server of the same box. I'll be following this thread for my own knowledge as well... Joey -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Craig Heil Sent: Friday, August 09, 2002 2:19 PM To: [EMAIL PROTECTED] Subject: [leaf-user] (no subject) The firewall has been in place for some time working great. We recently began testing an internal mail server. It has been tested internally fine. It can also send mail externally fine. However, even though we have opened up the SMTP port everywhere in the firewall, when you send mail outside to the machine, sendmail gets it into the mail queue but then the message is deferred since it cannot talk back through the firewall. The error message reads (Deferred: Connection timed out with XXX.XXX.XXX.XXX.) where the XXX's are the firewall real-world IP address. The port forwarding is also set up on the SMTP port. We have checked through the config and found nothing that helps. Please advise. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: SMTP problem (was: [leaf-user] (no subject))
At 03:18 PM 8/9/02 -0400, Craig Heil wrote: The firewall has been in place for some time working great. We recently began testing an internal mail server. It has been tested internally fine. It can also send mail externally fine. However, even though we have opened up the SMTP port everywhere in the firewall, when you send mail outside to the machine, sendmail gets it into the mail queue but then the message is deferred since it cannot talk back through the firewall. The error message reads (Deferred: Connection timed out with XXX.XXX.XXX.XXX.) where the XXX's are the firewall real-world IP address. The port forwarding is also set up on the SMTP port. We have checked through the config and found nothing that helps. Please advise. We need a bit more detail to be able to help. First, what version of LEAF are you using? Second, are you using its default firewalling or one of the drop-in firewall options? And am I correct in assuming that your LAN is NAT'd? Third, you say you have opened up the SMTP port everywhere in the firewall but that your internal SMTP server is failing because it cannot talk back through the firewall. Given the error message you quote, the reasonable inference is that the second of your two statements is correct, which suggests that the first is wrong. So ... *how* did you open the SMTP port? Fourth, might your ISP be the actual culprit here? I've heard of (but not actually seen) ISPs that block incoming traffic to port 25 at their customers' IP addresses, in order to force the customers to use the ISP's mail servers as (POP3 or IMAP) relays. Finally, could you take another shot at explaining the circumstances under which the SMTP server fails to deliver? I read what you wrote to mean that if somebody tries to send an email to [EMAIL PROTECTED], where yourdomaim.com resolves to the IP address of your firewall, then the message gets stuck in the MTA (e.g., sendmail) queue of the sending machine (or whatever it uses as a relay for outgoing mail). That is, the sendmail you refer to is -NOT- the MTA you are running on your mail server. But that interpretation involves a lot of reading between the lines, so your confirming or correcting it would be worth while. -- ---Never tell me the odds! Ray Olszewski -- Han Solo Palo Alto, California, USA[EMAIL PROTECTED] --- --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
hda: Hitachi CVM2.1.0, ATA DISK drive ide0 at 0x1f0-0x1f7,0x3f6 on irq 14 Mounting a 16M TMPFS filesystem... vhda: 250368 sectors (128 MB) w/1KiB Cache, CHS=978/8/32 Partition check: hda: hda1 hda: hda1 hda: hda1 VFS: busy inodes on changed media. LINUXRC: Installing - root: /dev/hda1 etc: /dev/hda1 local: /dev/hda1 modules: /dev/hda1 shorwall: /dev/hda1 weblet: /dev/hda1 - Finished. ... Does the Partition check: look right? Should it have hda: hda1 three times in succession? Should VFS report that there were busy inodes on changed media? Thanks for all of the support to date!!! I'm not sure if this is applicable, but please remember there are two different FAT partition table formats: the Floppy partition table, with one big partition on the whole device, and the HDD partition table, which includes four partitions (generally referred to as primary partitions). Just a wild-a$$-guess, but you might get something like the above if your drive has a floppy partition table instead of a HDD partition table. What does fdisk -l /dev/hda show (dash ell, not dash one)? I too am trying to boot off a CF card in an IDE adapters. My problems are happening much earlier. My system will not even boot. I suspect it has to do the with the format on CF card. Unfortunetly I do not have a real unix envirnoment just a simulated Red Hat 7.2 using VMWare. I am accessing my CF card under Red Hat using a SanDisk SDDR-31 USB card reader. And used syslinux 1.52 from linux. When I do fdisk -l /dev/sdb Disk /dev/sdb: 1 heads, 16 sectors, 980 cylinders Units = cylinders of 16 * 512 bytes Device BootStart EndBlocks Id System /dev/sdb1 * 2 980 78321 FAT12 Why is the start sector 2 and not 1 ? Could that be the problem ? __ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com --- This sf.net email is sponsored by:ThinkGeek Oh, it's good to be a geek. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] (no subject)
With me, the start sector is 2 too! And works fine, but for work i have to put the partition with FAT 32mb And put CHS instead of LBA in BIOS! =) Samuel Abreu [EMAIL PROTECTED] I too am trying to boot off a CF card in an IDE adapters. My problems are happening much earlier. My system will not even boot. I suspect it has to do the with the format on CF card. Unfortunetly I do not have a real unix envirnoment just a simulated Red Hat 7.2 using VMWare. I am accessing my CF card under Red Hat using a SanDisk SDDR-31 USB card reader. And used syslinux 1.52 from linux. When I do fdisk -l /dev/sdb Disk /dev/sdb: 1 heads, 16 sectors, 980 cylinders Units = cylinders of 16 * 512 bytes Device BootStart EndBlocks Id System /dev/sdb1 * 2 980 78321 FAT12 Why is the start sector 2 and not 1 ? Could that be the problem ? --- This sf.net email is sponsored by:ThinkGeek Oh, it's good to be a geek. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
I have a compact flash to ide converter board and would like to put a copy of Oxygen on a CF card and use the board to boot but I am not exactly sure how. I have connected my compact flash to my linux system via a SanDisk usb writer (SDDR-31) and the system sees it as /dev/sdb. I downloaded the latest Oxygen .bin file and I tried using dd to write it dd if=oxygen.bin of=/dev/sdb When I print the partition table with fdisk it doesn't look right; fdisk complains about different physical and logical endings and about partitions not ending on a cylinder boundry. What am I doing wrong ? Is it even possible to get the image to a cf card ? __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
This might or might not be a bit off topic, but the machine I have been working on with my Bering setup is connected to a Belkin KVM switch. Fairly often when I switch to another machine and then back to the Bering machine it looses the keyboard. I have tried many things to get it back but always have to reboot (and as you may have guessed, I have been caught a couple of times with some un-backed up work!) Any ideas? Iâm not sure if this has anything in particular to do with the LRP setup, Linux in general, or maybe just hardware. Thanks! Richard Amerman ©¢{(ç[É8bAzFÛiÿü0Á8bAzG(ù^iû¬z¹X§X¬¶W~ë®X¬¶Ë(º·~àzwÛi³ÿåËl²«qç讧zßåËlþX¬¶)ߣù^iû¬z´!¶ÚþW~èç-¢¸?¦æÿv?vjv z¿Ý¡È×ÏuÙ¥
Re: [leaf-user] (no subject)
This might or might not be a bit off topic, but the machine I have been working on with my Bering setup is connected to a Belkin KVM switch. Fairly often when I switch to another machine and then back to the Bering machine it looses the keyboard. I have tried many things to get it back but always have to reboot (and as you may have guessed, I have been caught a couple of times with some un-backed up work!) Any ideas? I’m not sure if this has anything in particular to do with the LRP setup, Linux in general, or maybe just hardware. Do you have the mouse hooked up? I had problems like this with the mouse hooked to the KVM when the mouse port was connected to the KVM as well as the KB. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] (no subject) (actualy -KVM-Bering-lost keyboard)
I do indead as this was formerly (sigh) a W2K dev box. I will give it a try, though I will be backing up before each switch. Thanks! Richard Amerman -Original Message- From: Charles Steinkuehler [mailto:[EMAIL PROTECTED]] Sent: Wed 6/12/2002 10:33 AM To: Richard Amerman; [EMAIL PROTECTED] Cc: Subject: Re: [leaf-user] (no subject) This might or might not be a bit off topic, but the machine I have been working on with my Bering setup is connected to a Belkin KVM switch. Fairly often when I switch to another machine and then back to the Bering machine it looses the keyboard. I have tried many things to get it back but always have to reboot (and as you may have guessed, I have been caught a couple of times with some un-backed up work!) Any ideas? Iâm not sure if this has anything in particular to do with the LRP setup, Linux in general, or maybe just hardware. Do you have the mouse hooked up? I had problems like this with the mouse hooked to the KVM when the mouse port was connected to the KVM as well as the KB. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ©¢{(ç[É8bAzFÛiÿü0Á8bAzG(ù^iû¬z¹X§X¬¶W~ë®X¬¶Ë(º·~àzwÛi³ÿåËl²«qç讧zßåËlþX¬¶)ߣù^iû¬z´!¶ÚþW~èç-¢¸?¦æÿv?vjv z¿Ý¡È×ÏuÙ¥
Re: [leaf-user] (no subject)
Have you tried pressing the Scroll Lock key to see if it unlocks the keyboard? At 10:22 AM 6/12/02 -0700, Richard Amerman wrote: This might or might not be a bit off topic, but the machine I have been working on with my Bering setup is connected to a Belkin KVM switch. Fairly often when I switch to another machine and then back to the Bering machine it looses the keyboard. I have tried many things to get it back but always have to reboot (and as you may have guessed, I have been caught a couple of times with some un-backed up work!) Any ideas? Iâm not sure if this has anything in particular to do with the LRP setup, Linux in general, or maybe just hardware. Thanks! Richard Amerman ©¢{(ç[É8bAzFÛiÿü0Á8bAzG(ù^iû¬z¹X§X¬¶W~ë®X¬¶Ë(º·~àzwÛi³ÿåËl² «qç讧zßåËlþX¬¶)ߣù^iû¬z´!¶ÚþW~èç-¢¸?¦æÿv?vjv z¿Ý¡È×ÏuÙ¥ ___ Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] (no subject)
Fcc: +sent Subject: Re: [leaf-user] Using HOSTS file In-reply-to: Your message of Thu, 06 Jun 2002 22:40:16 CDT. [EMAIL PROTECTED] On Thu, 06 Jun 2002 22:40:16 CDT mds wrote: John Mullan wrote: To recap: The plan is to force internal network to resolve MULLAN.DNS2GO.COM to 192.168.1.128. External requests of course will already find their way to 192.168.1.128 via the INTERN_SERVERS in network.conf So any ideas? [snip] Now, if you really want to do what you say and if you do *NOT* care about resolving anything else in the domain dns2go.com, you can try adding this: private.network to this: /etc/tinydns-private/env/DOMAINS and then: svi tinydns restart svi dnscache restart To clarify--and hopefully I'm not mis-speaking--this will tell tinydns to tell dnscache that it is authoritative for the domain private.network. Seems like John probably wants mullan.dns2go.com and 1.168.192.in-addr.arpa, possibly in addition to private.network. I cannot guarantee the results; but, it seems likely that you will be telling dnscache that, indeed, you do have bailiwick for the domain dns2go.com -- instead of that domain's rightful nameservers -- and you maybe able to fool some of the people some of the time . . . The result should be that dnscache will forward requests for DOMAINS to tinydns listening on /etc/tinydns-private/env/IP. That's only half the battle; tinydns will also need to be configured properly to reply for hosts in DOMAINS. I agree that putting dns2go.com in DOMAINS would be a bad idea because John would lose resolution for subdomain.dns2go.com where subdomain!=mullan. Putting mullan.dns2go.com in there to create a split horizon seems reasonable to me though; it prevents having separate public and private names that refer to the same resource. I do _NOT_ recommend this approach, since I cannot know whether or not this tomfoolery will lead to other, less impressive results. Instead, I recommend that you tell your internal boxen to look for whatever 192.168.1.128's legitimate .private.network name really is . . . Agreed you could use different names for all internal hosts, but why? Having two names for the same resource can lead to a lot of confusion, especially if you have hosts that move from the public to the private network, e.g. roadwarrior notebooks. Granted, tinydns can be tricky to setup and an incorrect config can cause plenty of name resolution problems for internal hosts. Once it is setup properly though, it should accomplish exactly what John was trying to do--at least as I understand it. --Brad ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[Leaf-user] (no subject)
confirm 185373 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] (no subject)
test ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] (no subject)
Hi all, I´m havin a lot of dnyed packets on port 53, like this one: Mar 14 13:46:13 tptrtr kernel: Packet log: input DENY eth0 PROTO=6 202.139.133.129:46069 200.45.110.178:53 L=44 S=0x00 I=0 F=0x T=237 (#65) When I check them on http://www.echogent.com/cgi-bin/fwlog.pl I got no advice on it. The results of lising the rule are # ipchains -nvL --line-numbers 65 520 24564 DENY all l- 0xFF 0x00 eth0 0.0.0.0/00.0.0.0/0 n/a Can anyone help figuring out what's wrong (or may be right) and why are these packets being blocked. Sergio D. Morilla Sistemas Tipoiti SATIC San Martín 647 Piso 2 Tel. : +54 11 4314-4482 C1004AAM - Buenos Aires Fax : +54 11 4508-6425 Argentina e-mail [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] (no subject)
I´m havin a lot of dnyed packets on port 53, like this one: Mar 14 13:46:13 tptrtr kernel: Packet log: input DENY eth0 PROTO=6 202.139.133.129:46069 200.45.110.178:53 L=44 S=0x00 I=0 F=0x T=237 (#65) When I check them on http://www.echogent.com/cgi-bin/fwlog.pl I got no advice on it. The results of lising the rule are # ipchains -nvL --line-numbers 65 520 24564 DENY all l- 0xFF 0x00 eth0 0.0.0.0/00.0.0.0/0 n/a This is the catch all rule, which blocks any inbound traffic on the external interface that hasn't explicitly been allowed. Can anyone help figuring out what's wrong (or may be right) and why arev these packets being blocked. The packets are TCP (protocol 6) with a source port of 46069 and a destination port of 53. This is pretty wierd. Port 53 is for DNS, but typically DNS queries only use UDP. TCP packets to/from port 53 *ARE* used to do zone transfers, and occasionally to transfer particularly large DNS queries/responses. The high source port number of 46069 would lead me to believe the remote end initiated the connection. If you're not running a DNS server, I'd say the traffic is some sort of scan or probe, and should be denied. If you're actually running a DNS server, this traffic isn't so unusual...you should look into references on packet filtering and securing your DNS server...if you simply drop inbound TCP queries, you can cause delays in name resolution for your domains, but fully securing DNS is beyond the scope of this e-mail, and your original question. HTH, Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
DNS Blocked packets (was RE: [Leaf-user] (no subject))
Thanks. Very clear and informative!! More comments inline I´m havin a lot of dnyed packets on port 53, like this one: Mar 14 13:46:13 tptrtr kernel: Packet log: input DENY eth0 PROTO=6 202.139.133.129:46069 200.45.110.178:53 L=44 S=0x00 I=0 F=0x T=237 (#65) The results of lising the rule are # ipchains -nvL --line-numbers 65 520 24564 DENY all l- 0xFF 0x00 eth0 0.0.0.0/00.0.0.0/0 n/a This is the catch all rule, which blocks any inbound traffic on the external interface that hasn't explicitly been allowed. Perfect!!! Can anyone help figuring out what's wrong (or may be right) The packets are TCP (protocol 6) with a source port of 46069 and a destination port of 53. This is pretty wierd. Port 53 is for DNS, but typically DNS queries only use UDP. TCP packets to/from port 53 *ARE* used to do zone transfers, and occasionally to transfer Fun is I have a DNS server but I have disallowed zone transfers. Its an internal caching DNS (W2K) particularly large DNS queries/responses. The high source port number of 46069 would lead me to believe the remote end initiated the connection. Why should this happend?? Any threat?? If you're not running a DNS server, I'd say the traffic is some sort of scan or probe, and should be denied. If you're actually running a DNS server, I DO (see above) but I (mis?)understand that if zone transfers are not allowed (nor wanted) why will someone try to do a transfer to my system??? Looking for bind?? this traffic isn't so unusual...you should look into references on packet filtering and securing your DNS server...if you simply drop inbound TCP queries, you can cause delays in name resolution for your domains, but fully securing DNS is beyond the scope of this e-mail, and your original question. Where and how?? Some pointers (links may be?) HTH, Helped a LOT!!! Thanks Charles Sergio ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: DNS Blocked packets (was RE: [Leaf-user] (no subject))
Can anyone help figuring out what's wrong (or may be right) The packets are TCP (protocol 6) with a source port of 46069 and a destination port of 53. This is pretty wierd. Port 53 is for DNS, but typically DNS queries only use UDP. TCP packets to/from port 53 *ARE* used to do zone transfers, and occasionally to transfer Fun is I have a DNS server but I have disallowed zone transfers. Its an internal caching DNS (W2K) TCP is used for normal queries, as well as zone transfers. particularly large DNS queries/responses. The high source port number of 46069 would lead me to believe the remote end initiated the connection. Why should this happend?? Any threat?? It's part of how DNS works...to determine any threat, you'd have to look at the acutal contents of the packet and see if it's a normal query, an attempted buffer overflow, an attempted zone transfer, etc... If you're not running a DNS server, I'd say the traffic is some sort of scan or probe, and should be denied. If you're actually running a DNS server, I DO (see above) but I (mis?)understand that if zone transfers are not allowed (nor wanted) why will someone try to do a transfer to my system??? Looking for bind?? TCP is used for more than just zone reqests...again, if you really want to know exactly what these packets are, you'll have to dump them and examine the contents. It's not as simple as if I'm not doing zone transfers, all inbound TCP packets to port 53 are malicious. this traffic isn't so unusual...you should look into references on packet filtering and securing your DNS server...if you simply drop inbound TCP queries, you can cause delays in name resolution for your domains, but fully securing DNS is beyond the scope of this e-mail, and your original question. Where and how?? Some pointers (links may be?) There are lots of resources for securing bind available online. A quick google search will turn up lots of howtos. As for understanding DNS, and how/why TCP packets are used for resolver queries, see any book or online info on DNS in general...the DNS RFC's (and the source-code of your name-server) are, of course, the ultimate source of information, but for a practical discussion of packet-filtering aspects of DNS, you probably can't go wrong with O'Reilly's Building Internet Firewalls. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: DNS Blocked packets (was RE: [Leaf-user] (no subject))
This question comes up from time to time. After much research and worrying, it usually turns out to be the results of a class of tools represented by a product called Big IP. This tool is sold to companies that want to tailor the browsing experience of their visitors by positioning Web Servers around the net, and then pointing the browser to the nearest server. To do this, they flood you with a type of ping request to get a round trip time. You usually get hit by a few packets from a bunch of servers, all within a very short period of time. The quickest response wins, and you get redirected to that server. They have been using port 53 lately. If you review your logs, you'll find that these most often occur when you were browsing, and probably got one of those #$%# popup ads. Sean Thanks. Very clear and informative!! More comments inline I´m havin a lot of dnyed packets on port 53, like this one: Mar 14 13:46:13 tptrtr kernel: Packet log: input DENY eth0 PROTO=6 202.139.133.129:46069 200.45.110.178:53 L=44 S=0x00 I=0 F=0x T=237 (#65) The results of lising the rule are # ipchains -nvL --line-numbers 65 520 24564 DENY all l- 0xFF 0x00 eth0 0.0.0.0/00.0.0.0/0 n/a This is the catch all rule, which blocks any inbound traffic on the external interface that hasn't explicitly been allowed. Perfect!!! Can anyone help figuring out what's wrong (or may be right) The packets are TCP (protocol 6) with a source port of 46069 and a destination port of 53. This is pretty wierd. Port 53 is for DNS, but typically DNS queries only use UDP. TCP packets to/from port 53 *ARE* used to do zone transfers, and occasionally to transfer Fun is I have a DNS server but I have disallowed zone transfers. Its an internal caching DNS (W2K) particularly large DNS queries/responses. The high source port number of 46069 would lead me to believe the remote end initiated the connection. Why should this happend?? Any threat?? If you're not running a DNS server, I'd say the traffic is some sort of scan or probe, and should be denied. If you're actually running a DNS server, I DO (see above) but I (mis?)understand that if zone transfers are not allowed (nor wanted) why will someone try to do a transfer to my system??? Looking for bind?? this traffic isn't so unusual...you should look into references on packet filtering and securing your DNS server...if you simply drop inbound TCP queries, you can cause delays in name resolution for your domains, but fully securing DNS is beyond the scope of this e-mail, and your original question. Where and how?? Some pointers (links may be?) HTH, Helped a LOT!!! Thanks Charles Sergio ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] (no subject)
On Mon, 11 Mar 2002 21:57:36 -0600 JamesSturdevant [EMAIL PROTECTED] wrote: I want to add an email service to this machine with a 500MB disk for storage. I will be making pakages for fetchmail and procmail to retrieve the email from the ISP, but I need suggestions for smtp and pop3 services. What programs would be best to use given the space issues of typical LEAF systems? Bering has packages for both fetchmail and qmail (a very secure and small smtp server) at http://leaf.sf.net/devel/jnilo. It also seems he has included the pop3d daemon, so it is one-stop shopping! (Beware: I haven't used the package myself, only seen it on this page. I am just pointing you in A direction, not necessarily the CORRECT direction) For qmail instructions, see Jacques Nilo's user manual, http://cr.yp.to, and http://www.lifewithqmail.org -- --- Chad Carr [EMAIL PROTECTED] --- ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] (no subject)
I want to put together a LEAF system for a small nonprofit office. The system is a 486DX-100, 16MB memory with ppp and a network card, booting from a floppy. I have that much running now using Bering. I want to add an email service to this machine with a 500MB disk for storage. I will be making pakages for fetchmail and procmail to retrieve the email from the ISP, but I need suggestions for smtp and pop3 services. What programs would be best to use given the space issues of typical LEAF systems? JamesS ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] (no subject)
Hi all, Just installed the snort IDS package and it seems to be working. (Seems to be because I don't know anything about writing the preprocessors or filter rules yet). What I would like to do next is log to a mysql Database. And I was wondering if anyone already made a mysql.lrp. I know this is going to take quite some diskspace, but I am hoping That my 64 MB ramdisk will cope. Thanks in advance Kim ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] (no subject)
I have an Eiger 2.2.16 that's probably pretty old. Probably LRP pre LEAF. I'm totally lost in the cron/freespace/log trimming scripts. But that doesn't really matter, I want to write my own scripts with my own mail routines. It seems that I need to restart syslog. Just deleteing the messages file doesn't seem to work. When I restart syslog everything is wonderful except that it logs to the console also. Which doesn't matter a lot in a router but its kinda irritating. I tried starting from /, starting it from a subshell, kernel message level 3 ( its the ip logging that really messes up the console) stopping ip logging until syslog restarted, nothing works. I tried the same thing on my RedHat development machine and got the same results. Something here I don't understand about syslogd or klogd. Any Ideas? Thanx ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] (no subject)
It seems that I need to restart syslog. Just deleteing the messages file doesn't seem to work. When I restart syslog everything is wonderful except that it logs to the console also. Which doesn't matter a lot in a router but its kinda irritating. I tried starting from /, starting it from a subshell, kernel message level 3 ( its the ip logging that really messes up the console) stopping ip logging until syslog restarted, nothing works. I tried the same thing on my RedHat development machine and got the same results. Something here I don't understand about syslogd or klogd. syslog expects it's files to stay around, and keeps using the same file-handle to write to the file. If you move or alter the file, things are OK. If you delete the file, you need to restart syslog. Note that some log files must already be present, so you'll either have to create them by hand, or create a script to do so. The log rotation scripts found on most LRP variants works quite well...any reason you don't want to just stick with it? If you really want to delete a log file, the easiest way is to use: : /var/log/messages This clears the file without deleting it, so syslog is still happy (it's open file-handle still writes to the file). The colon command is a special command that does nothing and simply returns a true exit status. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: SSH Keepalive (was: [Leaf-user] (no subject))
On Thu, 31 Jan 2002, Michael McClure wrote: I'm running the original Eigerstein and have the sshd.lrp (v1) package on it. When left inactive, the ssh session is disconnected even though keepalive=yes in the ssh config. Does anybody know what the problem is with this? How do I configure it such that my SSH session stays connected during long periods of inactivity? The masquerade timeout (ipchains -M -L, ipchains -M -S tcp tcpfin udp) is shorter than your ssh ProtocolKeepAlives interval (see ssh man page). --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] (no subject)
On Wed, 23 Jan 2002, Erich Titl wrote: Hi Jon great someone took the time, here just my 2c [EMAIL PROTECTED] wrote the following at 14:52 23.01.2002: How do I access the Weblet from 'outside' I have my Dachstein release up and running, and I can access the weblet from the inside but... Q) I would like to access the weblet engine on the primary link. A) 1: Add a rule to the input chain which should allow access to port 80 on the external interface. In /etc/network.conf: EXTERN_TCP_PORTS=address/mask_www or EXTERN_TCP_PORTx=address/mask www If you like the indexed list better. 2: You will probably have to add something in /etc/hosts.allow: sh-httpd: ip.add.re.ss/255.255.255.0 Q) But what if I am roaming and want access from an unknown IP 3: In /etc/sh-httpd.conf add the address range you are trying to access from: # Who can access the server? CLIENT_ADDRS=123.345.456. Q) But i don't know my address on the road. dyndns would be a good link here. I've also heard of people setting up scripts to listen for a predetermined sequence of packets at a predetermined port, then open the rule to the IP that the packets come from. This could be as simple as telnet my.router.home or something really complex requiring a script and a packet crafter. The router end is out of my depth, but this would be an interesting project to research. Q) O.K. but we have a webserver in the DMZ, so port 80 gets forwarded to that host. Now what? A) Use some other port, like 81: 1: Follow the above steps, but substitute 'www' with e.g. 81 For clarity you might add something to /etc/services wwweblet 8081/tcp# the leaf/lrp weblet port and then 2: Additionally: In /etc/sh-httpd.conf: SERVER_PORT=81 Also: The program that acually listens on a TCP port, and starts the weblet server for each connection is inetd. So you will need to edit /etc/inetd.conf, and change the line that starts sh-httpd (weblet's web server) from: www stream tcp nowait root/usr/sbin/tcpd /usr/sbin/sh-httpd to: wwweblet stream tcp nowait root/usr/sbin/tcpd /usr/sbin/sh-httpd NOTE: Only the port number (the first field) needs to change...everything else stays the same. 2.nd NOTE: If you are accessing from a single remote host, being too verbose in hosts.allow and sh-httpd.conf, by putting address/netmask (e.g. 111.222.333.444/32 or 111.222.333.444./255.255.255.255), may result in network errors, and make the 'protocol die unexpectedly'. In that case, removing the netmask might help. -- hope this does not sount too sneaky We could even set up the port in /etc/inetd.conf from the information in /etc/sh-httpd.conf. It takes only a little configuration script (which must exist anyway in the distribution) and then we'd have to maintain only one location. Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] (no subject)
This is filling up my logs. Should I be worried, is it something that I shouldn't have logged? Dec 7 01:06:34 router kernel: Packet log: input DENY eth0 PROTO=17 24.216.46.129:67 255.255.255.255:68 L=330 S=0x00 I=26282 F=0x T=255 (#42) This is a DHCP reply from your ISP. Take alook at http://www.echogent.com/cgi-bin/fwlog.pl, and paste the whole line Dec 7 01:06:34 router kernel: Packet log: input DENY eth0 PROTO=17 24.216.46.129:67 255.255.255.255:68 L=330 S=0x00 I=26282 F=0x T=255 (#42) into the field. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] (no subject)
This is filling up my logs. Should I be worried, is it something that I shouldn't have logged? Dec 7 01:06:34 router kernel: Packet log: input DENY eth0 PROTO=17 24.216.46.129:67 255.255.255.255:68 L=330 S=0x00 I=26282 F=0x T=255 (#42) smime.p7s Description: application/pkcs7-signature
Re: [Leaf-user] (no subject)
On Fri, 7 Dec 2001, Brian Camp wrote: This is filling up my logs. Should I be worried, is it something that I shouldn't have logged? Dec 7 01:06:34 router kernel: Packet log: input DENY eth0 PROTO=17 24.216.46.129:67 255.255.255.255:68 L=330 S=0x00 I=26282 F=0x T=255 (#42) The latter. --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] (no subject)
confirm 390543
Re: [Leaf-user] (no subject)
Scott, OK...I can ping the server machine from the LRP box. When I checked the log, the only thing in there even close to the time I tried to connect to the server is this: Sep 12 22:26:17 My_LRP_Friend kernel Packet Log: input DENY ppp0 PROTO=17 195.5.80.139:2739 my ext ip:27018 L=40 S=0x00 I=64313 F=0x T=109 (#55) Sep 12 22:30:22 My_LRP=Friend /USR/SBIN/CRON[1728]:(root) CMD (etc/multicron -p) It doesn't look like anything to me except that the one at 22:26 tried to connect to port 27018...strange. I know I did not try to connect to port 27018 as I tried several times from a dial-up connection. What I did is try to add the server to my favorites within CStrike. The server shows up with ?...meaning it's unavailable. I tried to connect anyway and it just times out. Also...I noticed today that my LRP package starts my adsl connection, then when echowall starts...I get a message saying There already seems to be an ASDL connection... and then echowall continues to load. Everything seems to work just fine otherwise. I don't know if that means anything at all. We are getting close...thanks again. Mark - Original Message - From: Scott C. Best [EMAIL PROTECTED] To: Mark W. Windish [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, September 12, 2001 12:39 AM Subject: Re: [Leaf-user] (no subject) Mark: Okay, so the server allocates the correct IP address, that's a start. Can I ask though: from the LEAF firewall box, can you ping this 192.0.0.0 machine successfully? Perhaps you just meant that IP address as an example, but perhaps not. Also, importantly, type this after you try to connect to your server and fail: tail /var/log/syslog. The firewall *should* be logging any packets that are not getting passed on to your game-server properly. Sure, they'll be other noise in those logs (CodeRed remnants, for instance), but every time you try to connect and fail, a repeatable patch of packet logs should be created. If you could email those along, that'd help. Lastly...don't add 27016 into echowall.conf. Rather, add it into echowall.rules. Open that file for edit, scroll down to the HLIFE section, and copy the 2 lines that have 27015 in them, and repeat them using 27016. So the new lines would look like: #HLIFE#$IPCHAINS -A input -s 0.0.0.0/0 -d $IP_EXT/32 27016 -p udp -j ACCEPT #HLIFE#$IPMASQADM portfw -a -P udp -L $IP_EXT 27016 -R $HLIFE_HOST 27016 Try those, try the firewall check, and keep me posted. Getting close! -Scott I tried the +ip command and no go...I get a message from the server couldn't allocate dedicated server ip port. Now if I just run it without the +ip command it starts and allocates a server IP address of 192.0.0.0 which is my internal ip. I can connect to the server from my other internal machines (by pointing to the internal ip of the server) but nobody can connect from outside of the firewall. When echowall starts is says the the HLIFE service is started on 192.0.0.0 which is correct. I changed the echowall conf to allow port 27016 ( and added the command -port 27016 to the server exe) also so that I can run the server and play from the same machine if needed (the server will use 27016 while the client uses 27015). This shows up in my firewall rules so I'm assuming I did it correctly. I know there is a way to make this work...and I am sure it's all in the HLife server end. I'll keep you posted. Thanks again. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] (no subject)
Mark: Hope your HL problems are getting better. Two quick thoughts: Thanks for the replies...I believe the problem lies in the CStrike server config, since this is where the 169.254.0.0 address shows up. When try to run a server on another machine without a WAN adapter...it shows as having the Internal network IP address (192.0.0.0) of the LAN adapter. I believe the echowall config is correct...HLIFE is specified in services, the MACID is there (i even tried to specify all just for the hell of it), and I did change IF_EXT to ppp0 instead of eth0. When I use weblet to see the firewall rules, it appears as though the rules are applied, which is why I agree that I am missing something on the server end. When you echowall start, what it tells you at the end, about which services have been enabled to which IP addresses, is true. :) I guess I would want the server to show the internal LAN IP address (as opposed to the 169.254.0.0), then post the external IP address for people to connect. I will fool around with it more tonight. Right, exactly. Try using the +ip command that Alec suggested when you start the server. Then, from a different ISP altogether, point a CStrike client to your firewall's external interface. It should connect. Since it's a PPPoE setup, this IP address could change frequently, but we can talk about dynamic-DNS once you get the initial connection going. Good luck! -Scott ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] (no subject)
Also, you can use www.gametiger.com to triangulate on your server. You'll want to use their web form to list your server's current IP address, then you can go in and search for your server by name. If it is up and communicating properly with the world, the GameTiger server will see it and report its vital stats (OS type, current map, current # of players, total # of players, etc.). It's like a web-based version of GameSpy, but the stats are collected on a server in Germany, not from you local machine. I used it all the time to get an outside look at my servers. You can also get buddies in IRC to check things and tell you what they see. GL, D -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Scott C. Best Sent: Tuesday, September 11, 2001 4:59 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [Leaf-user] (no subject) Mark: Hope your HL problems are getting better. Two quick thoughts: Thanks for the replies...I believe the problem lies in the CStrike server config, since this is where the 169.254.0.0 address shows up. When try to run a server on another machine without a WAN adapter...it shows as having the Internal network IP address (192.0.0.0) of the LAN adapter. I believe the echowall config is correct...HLIFE is specified in services, the MACID is there (i even tried to specify all just for the hell of it), and I did change IF_EXT to ppp0 instead of eth0. When I use weblet to see the firewall rules, it appears as though the rules are applied, which is why I agree that I am missing something on the server end. When you echowall start, what it tells you at the end, about which services have been enabled to which IP addresses, is true. :) I guess I would want the server to show the internal LAN IP address (as opposed to the 169.254.0.0), then post the external IP address for people to connect. I will fool around with it more tonight. Right, exactly. Try using the +ip command that Alec suggested when you start the server. Then, from a different ISP altogether, point a CStrike client to your firewall's external interface. It should connect. Since it's a PPPoE setup, this IP address could change frequently, but we can talk about dynamic-DNS once you get the initial connection going. Good luck! -Scott ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] (no subject)
Scott, I tried the +ip command and no go...I get a message from the server couldn't allocate dedicated server ip port. Now if I just run it without the +ip command it starts and allocates a server IP address of 192.0.0.0 which is my internal ip. I can connect to the server from my other internal machines (by pointing to the internal ip of the server) but nobody can connect from outside of the firewall. When echowall starts is says the the HLIFE service is started on 192.0.0.0 which is correct. I changed the echowall conf to allow port 27016 ( and added the command -port 27016 to the server exe) also so that I can run the server and play from the same machine if needed (the server will use 27016 while the client uses 27015). This shows up in my firewall rules so I'm assuming I did it correctly. I know there is a way to make this work...and I am sure it's all in the HLife server end. I'll keep you posted. Thanks again. Mark - Original Message - From: Scott C. Best [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, September 11, 2001 5:59 PM Subject: [Leaf-user] (no subject) Mark: Hope your HL problems are getting better. Two quick thoughts: Thanks for the replies...I believe the problem lies in the CStrike server config, since this is where the 169.254.0.0 address shows up. When try to run a server on another machine without a WAN adapter...it shows as having the Internal network IP address (192.0.0.0) of the LAN adapter. I believe the echowall config is correct...HLIFE is specified in services, the MACID is there (i even tried to specify all just for the hell of it), and I did change IF_EXT to ppp0 instead of eth0. When I use weblet to see the firewall rules, it appears as though the rules are applied, which is why I agree that I am missing something on the server end. When you echowall start, what it tells you at the end, about which services have been enabled to which IP addresses, is true. :) I guess I would want the server to show the internal LAN IP address (as opposed to the 169.254.0.0), then post the external IP address for people to connect. I will fool around with it more tonight. Right, exactly. Try using the +ip command that Alec suggested when you start the server. Then, from a different ISP altogether, point a CStrike client to your firewall's external interface. It should connect. Since it's a PPPoE setup, this IP address could change frequently, but we can talk about dynamic-DNS once you get the initial connection going. Good luck! -Scott ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] (no subject)
Mark: Okay, so the server allocates the correct IP address, that's a start. Can I ask though: from the LEAF firewall box, can you ping this 192.0.0.0 machine successfully? Perhaps you just meant that IP address as an example, but perhaps not. Also, importantly, type this after you try to connect to your server and fail: tail /var/log/syslog. The firewall *should* be logging any packets that are not getting passed on to your game-server properly. Sure, they'll be other noise in those logs (CodeRed remnants, for instance), but every time you try to connect and fail, a repeatable patch of packet logs should be created. If you could email those along, that'd help. Lastly...don't add 27016 into echowall.conf. Rather, add it into echowall.rules. Open that file for edit, scroll down to the HLIFE section, and copy the 2 lines that have 27015 in them, and repeat them using 27016. So the new lines would look like: #HLIFE#$IPCHAINS -A input -s 0.0.0.0/0 -d $IP_EXT/32 27016 -p udp -j ACCEPT #HLIFE#$IPMASQADM portfw -a -P udp -L $IP_EXT 27016 -R $HLIFE_HOST 27016 Try those, try the firewall check, and keep me posted. Getting close! -Scott I tried the +ip command and no go...I get a message from the server couldn't allocate dedicated server ip port. Now if I just run it without the +ip command it starts and allocates a server IP address of 192.0.0.0 which is my internal ip. I can connect to the server from my other internal machines (by pointing to the internal ip of the server) but nobody can connect from outside of the firewall. When echowall starts is says the the HLIFE service is started on 192.0.0.0 which is correct. I changed the echowall conf to allow port 27016 ( and added the command -port 27016 to the server exe) also so that I can run the server and play from the same machine if needed (the server will use 27016 while the client uses 27015). This shows up in my firewall rules so I'm assuming I did it correctly. I know there is a way to make this work...and I am sure it's all in the HLife server end. I'll keep you posted. Thanks again. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user