Re: [leaf-user] Bering UClibc 2.3.1 problems
Charles Steinkuehler wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Eric Spakman wrote: | Hello Jim, | On your windows box, try the following at a prompt: Or, if you really want your windows box to get a consistent IP, just add a stanza for it in the dhcpd config file: ~host mywinbox { ~ hardware ethernet 00:ab:cd:ef:12:34; ~ fixed-address 1.2.3.4; ~} I have been using this kind of config in my Leaf box (in etc/dnsmasq.conf ) dhcp-range=192.168.1.1,192.168.1.199,12h dhcp-host=00:50:BF:D9:EC:90,hannibal,192.168.1.30 dhcp-host=00:50:8B:74:B4:7D,192.168.1.50 dhcp-host=00:0D:60:7B:A5:99,192.168.1.80 dhcp-host=00:40:63:DD:80:27,media,192.168.1.70 dhcp-host=00:0f:ea:38:90:33,amd64,192.168.1.60 I want to be in controll of my IP's. Setting the IP based on MAC kind of forces the address. -M --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
RE: [leaf-user] Bering UClibc 2.3.1 problems
The only piece of the jigsaw that needs sorting out now is a NAT problem with my Azereus bittorrent client. I guess it needs a line in /etc/shorewall/rules to allow UDP connections on port 6881 (but I might change the port). Jim, If using the bittorent client on an internal machine, the rule looks something like: DNAT net loc:192.168.1.2 tcp 6881:6888 - all If running it from your firewall, you would use an ACCEPT rule rather than DNAT. I never used Dachstein, having started with Bering 1.2, however I don't think you'll regret taking the time to become comfortable with Bering uClibc. - Bob --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Bering UClibc 2.3.1 problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Eric Spakman wrote: | Hello Jim, | | It worked! But an oddity is that even though I uncommented the range of | IP addresses | to allocate starting at 192.168.1.1, my Win XP machine gets allocated | 192.168.1.65. | When I plug my Linux laptop in (with the Win XP machine still connected), | it gets 192.168.1.2. So why doesn't my Win XP box get 192.168.1.1? | | Probably your XP machine had that dhcp address before and asked the dhcp | daemon to provide him with 192.168.1.65. If that address is free, it will | be granted. | So it has nothing to do with your setup, but with the XP dhcp cache. On your windows box, try the following at a prompt: # ipconfig /release fiddle with dhcp server # ipconfig /renew That may make windows forget it's previous IP address. NOTE: You'll have to stop the dhcp server on your firewall and delete the state file (/var/state/dhcpd/leases, IIRC), then restart dhcpd or the server will try to re-assign the same IP. Or, if you really want your windows box to get a consistent IP, just add a stanza for it in the dhcpd config file: ~host mywinbox { ~ hardware ethernet 00:ab:cd:ef:12:34; ~ fixed-address 1.2.3.4; ~} ...restart your dhcp server and do the ipconfig release renew bit on your windows machine. You can get the hardware ethernet address for your windows machine from the dhcpd leases file or the output of ipconfig /all at a command prompt on the 'doze machine. - -- Charles Steinkuehler [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFDi5TtLywbqEHdNFwRAhnTAKDvQYCwtaj2hwMoKyOqruHBh+Ld2ACcDNwi VbDMDAzvMMsVHroJqo3Y0do= =JPox -END PGP SIGNATURE- --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Bering UClibc 2.3.1 problems
Jim, Did you read the dnsmasq documentation in the Bering-uClibc section: http://leaf.sourceforge.net/doc/guide/bucu-dnsmasq.html I think the problem is that the provider's DNS servers are not passed to dnsmasq (read the section Using dnsmasq with dhcpcd). Eric Thanks Eric. I've looked at the above guide but noticed that it instructs that the resolv-file should point to /etc/dhcpc/resolv.conf. There isn't a dhcpc directory in my /etc! Should I create one and add an empty resolv.conf file in it? I tried pointing resolv-file=/etc/resolv.conf, but it didn't make any difference. The paragraph 3.8.2 in the doc says to uncomment a line in the /etc/shorewall/rules file. There's no line like the one described in my dist. Also as I've mentioned previously, I'm still uneasy about the actions in the /etc/shorewall/rules (eg AllowDNS, AllowSSH etc.) that aren't defined in the /etc/shorewall/actions file. It's inconsistencies like the above that don't give me much confidence that I'll readily get Bering working without a lot more work. Until I learn more about the workings of Bering and feel like a challenge, I'll stick with Dachstein - which truly does 'work out of the box' (after the modules are sorted). Jim Ford --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Bering UClibc 2.3.1 problems
Hello Jim, Thanks Eric. I've looked at the above guide but noticed that it instructs that the resolv-file should point to /etc/dhcpc/resolv.conf. There isn't a dhcpc directory in my /etc! Should I create one and add an empty resolv.conf file in it? I tried pointing resolv-file=/etc/resolv.conf, but it didn't make any difference. The etc/dhcpc/resolv.conf is only created when you use the dhcpcd package. Because you didn't tell much about your setup I have to guess a bit: -You have a dynamic ip-address from your provider: You have to load dhcpcd.lrp and set dnsmasq to read /etc/dhcpc/resolv.conf to load the provided DNS nameservers. -You have a static ip-address: You don't need dhcpcd.lrp, the nameservers will be read from /etc/resolv.conf but you need to add them to /etc/resolv.conf by hand. The paragraph 3.8.2 in the doc says to uncomment a line in the /etc/shorewall/rules file. There's no line like the one described in my dist. Also as I've mentioned previously, I'm still uneasy about the actions in the /etc/shorewall/rules (eg AllowDNS, AllowSSH etc.) that aren't defined in the /etc/shorewall/actions file. This is obsolete information, the latest versions of the shorwall packages don't need this so you can ignore this part. Eric --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Bering UClibc 2.3.1 problems
Thanks again, Eric The etc/dhcpc/resolv.conf is only created when you use the dhcpcd package. Because you didn't tell much about your setup I have to guess a bit: -You have a dynamic ip-address from your provider: That's me!. My ISP assigns me a dynamic IP address. My firewall is connected to a switch, which is connected to a Win XP machine, and occasionally a Linux laptop. You have to load dhcpcd.lrp and set dnsmasq to read /etc/dhcpc/resolv.conf to load the provided DNS nameservers. It worked! But an oddity is that even though I uncommented the range of IP addresses to allocate starting at 192.168.1.1, my Win XP machine gets allocated 192.168.1.65. When I plug my Linux laptop in (with the Win XP machine still connected), it gets 192.168.1.2. So why doesn't my Win XP box get 192.168.1.1? Whilst I can ssh into the firewall (very useful) I can't access it with a browser. I've noticed that my syslog file has entries cannot execute /usr/sbin/sh-httpd: no such file or directory. I guess that it ought to be mini-httpd that should be called. I've tried starting mini-httpd by hand /etc/init.d/mini-httpd start, but with no luck - and checking with ps ax shows no mini-httpd daemon running. Jim Ford --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Bering UClibc 2.3.1 problems
Hello Jim, It worked! But an oddity is that even though I uncommented the range of IP addresses to allocate starting at 192.168.1.1, my Win XP machine gets allocated 192.168.1.65. When I plug my Linux laptop in (with the Win XP machine still connected), it gets 192.168.1.2. So why doesn't my Win XP box get 192.168.1.1? Probably your XP machine had that dhcp address before and asked the dhcp daemon to provide him with 192.168.1.65. If that address is free, it will be granted. So it has nothing to do with your setup, but with the XP dhcp cache. Whilst I can ssh into the firewall (very useful) I can't access it with a browser. I've noticed that my syslog file has entries cannot execute /usr/sbin/sh-httpd: no such file or directory. I guess that it ought to be mini-httpd that should be called. I've tried starting mini-httpd by hand /etc/init.d/mini-httpd start, but with no luck - and checking with ps ax shows no mini-httpd daemon running. Strange, which packages have you loaded (leaf.cfg)? Did you change anything in /etc/inetd.conf? The line www stream tcp should be commented out (as it is by default). Eric --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Bering UClibc 2.3.1 problems
Whilst I can ssh into the firewall (very useful) I can't access it with a browser. I've noticed that my syslog file has entries cannot execute /usr/sbin/sh-httpd: no such file or directory. I guess that it ought to be mini-httpd that should be called. I've tried starting mini-httpd by hand /etc/init.d/mini-httpd start, but with no luck - and checking with ps ax shows no mini-httpd daemon running. Strange, which packages have you loaded (leaf.cfg)? Did you change anything in /etc/inetd.conf? The line www stream tcp should be commented out (as it is by default). Thanks again Eric. You're spot on with the /etc/inetd.conf www stream tcp ... line needing to be commented out! Earlier in my trawling through the conf. files I'd uncommented it thinking I needed it for the WWW. Now I've re-commented it, it's all working fine. I can now get the firewall web page (and very slick it is too!) The only piece of the jigsaw that needs sorting out now is a NAT problem with my Azereus bittorrent client. I guess it needs a line in /etc/shorewall/rules to allow UDP connections on port 6881 (but I might change the port). At my novice stage of understanding Shorewall, I'm hesitant to take a guess at the rule, as I don't want to throw the door open, negating the point of having a firewall. Thanks again for holding my hand through this, Eric! Jim Ford --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Bering UClibc 2.3.1 problems
I'm still struggling with Bering UClibc 2.3.1. There are long gouges down the learning curve where I've dug my nails in, but slipped back! I've not got a fancy set-up: a cable modem to the net, the firewall, switch to a windows machine and occasional laptop. I would have thought that (as with Dachstein) the defaults would suit. I can't access the WWW (or less importantly the firewall using the mini web server). However, I can now log in using ssh. I've been poring over the config files and am highly suspicious of /etc/shorewall/rules. Lines 375,376,379,384,385 and 393 list actions - but the /etc/shorewall/actions file doesn't declare them. I don't know wether this is the seat of my problem, but if it is, surely others would have also come up against it? I don't want to start thrashing around changing configs without really knowing what I'm doing - so I though I'd seek advice here. Jim Ford --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Bering UClibc 2.3.1 problems
Jim, My Bering installs have always been pretty much out of the box as far as Shorewall rules. I really doubt your basic setup is in conflict with them. The first place I would look is at ip addressing. Are you using the firewall as a dhcp server? In the past this was a default. Now I think you have to explicitly set it up. I think dnsmasq is the place to look. My point is that it sounds like maybe your machines are using Windows default ip's and so are not on the same network or doi not have the proper gateway set. In a command window,(NT, 2K or XP) run ipconfig /all and see if that offers a clue. Kory Krofft Jim Ford wrote: I'm still struggling with Bering UClibc 2.3.1. There are long gouges down the learning curve where I've dug my nails in, but slipped back! I've not got a fancy set-up: a cable modem to the net, the firewall, switch to a windows machine and occasional laptop. I would have thought that (as with Dachstein) the defaults would suit. I can't access the WWW (or less importantly the firewall using the mini web server). However, I can now log in using ssh. I've been poring over the config files and am highly suspicious of /etc/shorewall/rules. Lines 375,376,379,384,385 and 393 list actions - but the /etc/shorewall/actions file doesn't declare them. I don't know wether this is the seat of my problem, but if it is, surely others would have also come up against it? I don't want to start thrashing around changing configs without really knowing what I'm doing - so I though I'd seek advice here. Jim Ford --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Bering UClibc 2.3.1 problems
Jim, My Bering installs have always been pretty much out of the box as far as Shorewall rules. I really doubt your basic setup is in conflict with them. The first place I would look is at ip addressing. Are you using the firewall as a dhcp server? In the past this was a default. Now I think you have to explicitly set it up. I think dnsmasq is the place to look. My point is that it sounds like maybe your machines are using Windows default ip's and so are not on the same network or doi not have the proper gateway set. In a command window,(NT, 2K or XP) run ipconfig /all and see if that offers a clue. Thanks Kory. The Windows machine is getting the right IP and the gateway's set, so the firewall is serving IPs. I checked the /etc/dnsmasq file (300+ lines!) and found the dhcp server line (114) commented out. I uncommented and saved it, but it made no difference. I dunno what box you got your Berings from, but it certainly wasn't the same one as mine! I'm going back to Dachstein until my head stops hurting! Jim Ford --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/