RE: [leaf-user] Please be kind to the Newbie!!
Hi Andrew, I think I can help you with the additional IP addresses. I struggled with trying to figure that out, but with some help from the group...I got mine working. I had 5 static IP addresses assigned to me too, so in the /etc/network/interfaces file (Option 1, and then 1 again from the main lrcfg menu), I made the following entries (after commenting out the iface eth0 inet dhcp entry) : auto eth0 iface eth0 inet static address 46.60.172.201 netmask 255.255.255.0 broadcast 46.60.172.255 gateway 46.60.172.254 # Additional static IP addresses up ip addr add 46.60.172.202/24 brd 46.60.172.255 dev eth0 label eth0:0 up ip addr add 46.60.172.203/24 brd 46.60.172.255 dev eth0 label eth0:1 up ip addr add 46.60.172.204/24 brd 46.60.172.255 dev eth0 label eth0:2 Just substitute your IP addresses for my entries and that should work. Then, back up the etc package from the main menu and reboot. When Bering is back up and running, issue the ip addr command from the command line, and you should see your original IP address and the additional ones you've assigned as well. Hopefully, this makes sense. If not just let me know. Good luck, Craig -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, July 01, 2004 2:51 PM To: [EMAIL PROTECTED] Subject: [leaf-user] Please be kind to the Newbie!! Hi everyone, I was trying to setup a very simple firewall and then build up from there. I am using Bering uClibc 2.1.2 my setup is a cable modem with a static IP (I actually have 5 ip's but i'm trying to keep it simple to start) going to the firewall in the first nic port, then from the firewall's second nic port to a switch (because i don't own a crossover cable), then to a laptop. I have been messing around with Network configurations: interfaces file. From step 1 I have tried to setup option 1.2 but i don't understand the settings completely since they look a little different from my standard Linksys router. What do I fill in for address, broadcast, and gateway? My Isp gave me a subnet mask of 255.255.255.248 with my static ips. I used to input dns1 and dns2 in my Linksys Router, do i still have to do this? Then for step 2 I left it alone (default settings looked ok to me) for eth 1. I thought i would first try to get on the internet with the laptop but it doesn't get to the internet. Is there a simple setting I need to change to fix this? I don't even know if the nics are talking to the LEAF? How do I know which is Eth1 and Eth0? Is there a way to determine if leaf has installed the nic cards properly or at all? I didn't load any special drivers because it looked like maybe they will work if the nics are common enough. I haven't messed with anything else in the system. do i need to change some settings in shorewall in order for the laptop to access the internet? Then of course there are the laptop settings, I am running Windows XP Pro. I have given it the following fixed ip settings: ip address: 192.168.1.5 seb net mask: 255.255.255.0 default gateway: 192.168.1.1 DNS1 and DNS2: the supplied info from my ISP btw, how do I change the login and password when LEAF boots up? Please be kind to the noob, I really want to learn this and I really appreciate all the detail and over-simplification you can stand to type. I know a very little about Routing, less about firewalls, and absolutely nothing about Linux. I have been sucking on the Microsoft tit forever. Thank you in advance, Andrew The best thing to hit the Internet in years - Juno SpeedBand! Surf the Web up to FIVE TIMES FASTER! Only $14.95/ month - visit www.juno.com to sign up today! --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Please be kind to the Newbie!!
For the external NIC, there is an rtl8139.o kernel module you can add. There is also an 8139too.o module. I forget which of these Bering-uClibc uses. For the internal NIC, I'm not certain ... there is not a module specific to it. I **think** the ne2k-pci module supports this one, but I'm not sure. Perhaps someone else can jump in here? The ne2k-pci module supports the rtl8029 chipset. Don't forget also the load the mii.o module. Good luck Chera --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Please be kind to the Newbie!!
On Fri, 2004-07-02 at 07:57, Ray Olszewski wrote: At 01:21 AM 7/2/2004 +, [EMAIL PROTECTED] wrote: First of all Ray, Thank you s much. I appreciate your help. That's what we're here for. I'm trimming out most of your reply, to get to the parts that identify your problem more quickly. I'm writing all of this from memory. I don't have a working Bering system of any flavor at hand to check against, so there's a risk I'm giving you advice that is incorrect in some details ... most likely some quirk peculiar to Bering that makes it a bit different from stock Linux. Someone running Bering should read this through to spot and correct any blatant stupidities I commit. [...] My ISP gave me 24.224.166.194 through 24.224.166.198 for the 5 static IP's My Isp gave me a subnet mask of 255.255.255.248 My Isp gave me a default gateway address of 24.224.166.193 So tell me if this looks right: address: 24.224.166.196 netmask: 255.255.255.248 broadcast: 24.224.166.255 gateway: 24.224.166.193 The only thing I'm not sure about is the broadcast entry (the 255 part). I don't htink I ever had this particular info on my Linksys router. If you supply an address and a netmask, that should let a device compute the broadcast address. I'm not sure why Linux configurations routinely ask for it separately. In any case, the one you've set should work. A better one, consistent with your /29 (.248) network, would be 24.224.166.199. This isn't your immediate problem, however. Moving on ... [...] can the LEAF router ping the WinXP host? can the LEAF router ping the ISP's default gateway? can the LEAF router ping the DNS servers? can the LEAF router ping a known-good Internet address? all pinging results: ping: sendto: Network is unreachable Translated: the router does not have a route to the network that the requested host is on. Why not? see next item. Next time, please tell us what makes and models of NICs you are using. Some wook out of the box, while others require add-in modules we can't guess which kind you have, and as a beginner, you shouldn't be guessing on your own. The nic that is connected to the cable modem is a [Realtek RTL8139 Family PCI Fast Ethernet NIC] The nic that is connected to the switch (which goes to the laptop) is a [Realtek RTL8029(AS) based Ethernet Adaptor (Generic)] Th info in the [...] is exactly what windows XP calls the cards when xp is running. And this is your problem. The Bering kernel internally supports only a few of the most common NIC types used in routers, and I believe the two RealTeks are NOT on the built-in list of supported ones. You'll need to add modules. For the external NIC, there is an rtl8139.o kernel module you can add. There is also an 8139too.o module. I forget which of these Bering-uClibc uses. For the internal NIC, I'm not certain ... there is not a module specific to it. I **think** the ne2k-pci module supports this one, but I'm not sure. Perhaps someone else can jump in here? I have used maybe variants of rtl chips both onboard and pci. and unless it's old i'v found that the 8139too.o module workes. so try that first. also keep in mind that the 8139too.o module depends on the crc32.0 and mii.o module so copy over those too. and remember to uncomment them in the modules config So, get the modules appropriate to the kernel you are running (probably 2.4.26, from what I see on the project's Downloads list), add them to your LEAF floppy, and put their names in /etc/modules. The Installation Guide provides the details (http://leaf.sourceforge.net/doc/guide/biaddrm.html). The order of the modules in this file will dictate which NIC is assigned eth0, which eth1 (first come, first served). Check what interfaces have been created with the command ip link show It will also tell you if they have been initialized (that is, assigned IP addresses). ip link show results::: 1: lo: LOOPBACK mtu 16436 qdisc noop link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff Since the interfaces were not created, they are not initialized, and the routing table doesn't get routes assigned ... hence the ping error above. [...] I have a new question. Does it matter if I am logged into the firewall (LEAF Configuation Menu on the screen) or not logged in (Firewall# prompt on the screen) for the firewall to operate properlly when I have all the settings correct? No. Do I have to reboot after I make and backup system changes for them to be in effect? No. what he means is that you never have to restart, but you changes wont take effect until you restart the system affected example /etc/init.d/networking restart if you have
[leaf-user] Please be kind to the Newbie!!
Hi everyone, I was trying to setup a very simple firewall and then build up from there. I am using Bering uClibc 2.1.2 my setup is a cable modem with a static IP (I actually have 5 ip's but i'm trying to keep it simple to start) going to the firewall in the first nic port, then from the firewall's second nic port to a switch (because i don't own a crossover cable), then to a laptop. I have been messing around with Network configurations: interfaces file. From step 1 I have tried to setup option 1.2 but i don't understand the settings completely since they look a little different from my standard Linksys router. What do I fill in for address, broadcast, and gateway? My Isp gave me a subnet mask of 255.255.255.248 with my static ips. I used to input dns1 and dns2 in my Linksys Router, do i still have to do this? Then for step 2 I left it alone (default settings looked ok to me) for eth 1. I thought i would first try to get on the internet with the laptop but it doesn't get to the internet. Is there a simple setting I need to change to fix this? I don't even know if the nics are talking to the LEAF? How do I know which is Eth1 and Eth0? Is there a way to determine if leaf has installed the nic cards properly or at all? I didn't load any special drivers because it looked like maybe they will work if the nics are common enough. I haven't messed with anything else in the system. do i need to change some settings in shorewall in order for the laptop to access the internet? Then of course there are the laptop settings, I am running Windows XP Pro. I have given it the following fixed ip settings: ip address: 192.168.1.5 seb net mask: 255.255.255.0 default gateway: 192.168.1.1 DNS1 and DNS2: the supplied info from my ISP btw, how do I change the login and password when LEAF boots up? Please be kind to the noob, I really want to learn this and I really appreciate all the detail and over-simplification you can stand to type. I know a very little about Routing, less about firewalls, and absolutely nothing about Linux. I have been sucking on the Microsoft tit forever. Thank you in advance, Andrew The best thing to hit the Internet in years - Juno SpeedBand! Surf the Web up to FIVE TIMES FASTER! Only $14.95/ month - visit www.juno.com to sign up today! --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Please be kind to the Newbie!!
First of all Ray, Thank you s much. I appreciate your help. I don't quite understand this physical description. The LEAF router's external interface needs to connect to the cable modem, either directly or through a switch. Offhand, I think a direct connection, in this instance, does NOT use a crossover cable, but a connection of a cable modem to a switch requires either a crossover cable or an uplink port on the switch ... but that may vary. (My actual experience is with DSL modems, which do work this way.) The LEAF router's internal interface should connect either to a normal (not uplink) port on a switch or hub, using a regular cable, -OR- directly to another host using a crossover cable. Using a switch or hub is better, because sometimes NIN-to-NIC connections have trouble settling on a data rate, and you have enough to worry about without adding that uncertainty. Ok, I did a poor job in explaining my setup. I think I have it setup the way you just mentioned. From my cable modem I have a normal cat5 cable going into one of two nic cards on my firewall. Not sure if it is eth0 or eth1 (as defined by LEAF). Then, from the second of two nic cards on my firewall I have a normal cat5 cable running to a Linksys SD208 switch. This switch automatically does crossover when needed. From the switch, I have a normal cat5 cable running to my laptop. I would have run a crossover cable from the firewall to the laptop but I don't have one yet. It sounds like my current setup is fine anyway. I hope that is clearer. Address = the IP address you want the external interface (the one you'll connect to the cable modem, either directly or through a switch) to listen on. For now, call it a.b.c.d. Broadcast = depends a bit on the address, since the netmask ends in .248. In practice, a.b.c.255 will usually work. For the excat value, see the parenthetical in the next item. Gateway = the IP address of the ISP's router (at the other end of the cable-modem link). Your ISP should have provided you with this. Exact practice varies, but in your situation ( 5 static IP addresses), it is usually the one remaining unused address of the block of 8 (where the lowest is the network address, the highest the real broadcast address, and you are using 5 of the 6 intermediate addresses). For example, if your address range were a.b.c.2-6, your values would be: network: a.b.c.0 gateway: a.b.c.1 broadcast: a.b.c.7 I'm actually a bit puzzled as to how you got your Linksys to work without knowing all of this part.The small routers I've set up, from D-LInk and netgear, require this info for a static-address connection. My ISP gave me 24.224.166.194 through 24.224.166.198 for the 5 static IP's My Isp gave me a subnet mask of 255.255.255.248 My Isp gave me a default gateway address of 24.224.166.193 So tell me if this looks right: address: 24.224.166.196 netmask: 255.255.255.248 broadcast: 24.224.166.255 gateway: 24.224.166.193 The only thing I'm not sure about is the broadcast entry (the 255 part). I don't htink I ever had this particular info on my Linksys router. If your LAN clients use the ISP's nameservers directly, you only need to tell the LEAF router itself to use them too; do this by adding them to /etc/resolv.conf . If the LAN clients expect to use the LEAF router as a forwarder, you'll need to configure dnscache to use them; someone else will have to explain that part, since I don't use it. I'll try the first DNS thing you mentioned. That seemed easy enough to change. Then for step 2 I left it alone (default settings looked ok to me) for eth 1. I thought i would first try to get on the internet with the laptop but it doesn't get to the internet. Is there a simple setting I need to change to fix this? Who knows? To answer that, we would need a much more complete description of the setup. Refer to the SR FAQ -- referenced at the end of all list e-mails -- to see what we need. You also need to be more specific than it doesn't get to the internet. What do you actually try and how does it fail? (Quote any error messages exactly.) What I try is opening Microsoft Internet Explorer and wait for the homepage to load. When it fails to load it shows a standard error page saying The page cannot be displayed The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings. Finally, it would help if you did some intermediate tests, like ... can the WinXP host ping the LEAF router? can the WinXP host ping the ISP's default gateway? can the WinXP host ping the DNS servers? can the WinXP host ping a known-good Internet address? All pinging from laptop (winxp) timed out with 100% loss can the LEAF router ping the WinXP host? can the LEAF router ping the ISP's default
Re: [leaf-user] Please be kind to the Newbie!!
At 01:21 AM 7/2/2004 +, [EMAIL PROTECTED] wrote: First of all Ray, Thank you s much. I appreciate your help. That's what we're here for. I'm trimming out most of your reply, to get to the parts that identify your problem more quickly. I'm writing all of this from memory. I don't have a working Bering system of any flavor at hand to check against, so there's a risk I'm giving you advice that is incorrect in some details ... most likely some quirk peculiar to Bering that makes it a bit different from stock Linux. Someone running Bering should read this through to spot and correct any blatant stupidities I commit. [...] My ISP gave me 24.224.166.194 through 24.224.166.198 for the 5 static IP's My Isp gave me a subnet mask of 255.255.255.248 My Isp gave me a default gateway address of 24.224.166.193 So tell me if this looks right: address: 24.224.166.196 netmask: 255.255.255.248 broadcast: 24.224.166.255 gateway: 24.224.166.193 The only thing I'm not sure about is the broadcast entry (the 255 part). I don't htink I ever had this particular info on my Linksys router. If you supply an address and a netmask, that should let a device compute the broadcast address. I'm not sure why Linux configurations routinely ask for it separately. In any case, the one you've set should work. A better one, consistent with your /29 (.248) network, would be 24.224.166.199. This isn't your immediate problem, however. Moving on ... [...] can the LEAF router ping the WinXP host? can the LEAF router ping the ISP's default gateway? can the LEAF router ping the DNS servers? can the LEAF router ping a known-good Internet address? all pinging results: ping: sendto: Network is unreachable Translated: the router does not have a route to the network that the requested host is on. Why not? see next item. Next time, please tell us what makes and models of NICs you are using. Some wook out of the box, while others require add-in modules we can't guess which kind you have, and as a beginner, you shouldn't be guessing on your own. The nic that is connected to the cable modem is a [Realtek RTL8139 Family PCI Fast Ethernet NIC] The nic that is connected to the switch (which goes to the laptop) is a [Realtek RTL8029(AS) based Ethernet Adaptor (Generic)] Th info in the [...] is exactly what windows XP calls the cards when xp is running. And this is your problem. The Bering kernel internally supports only a few of the most common NIC types used in routers, and I believe the two RealTeks are NOT on the built-in list of supported ones. You'll need to add modules. For the external NIC, there is an rtl8139.o kernel module you can add. There is also an 8139too.o module. I forget which of these Bering-uClibc uses. For the internal NIC, I'm not certain ... there is not a module specific to it. I **think** the ne2k-pci module supports this one, but I'm not sure. Perhaps someone else can jump in here? So, get the modules appropriate to the kernel you are running (probably 2.4.26, from what I see on the project's Downloads list), add them to your LEAF floppy, and put their names in /etc/modules. The Installation Guide provides the details (http://leaf.sourceforge.net/doc/guide/biaddrm.html). The order of the modules in this file will dictate which NIC is assigned eth0, which eth1 (first come, first served). Check what interfaces have been created with the command ip link show It will also tell you if they have been initialized (that is, assigned IP addresses). ip link show results::: 1: lo: LOOPBACK mtu 16436 qdisc noop link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff Since the interfaces were not created, they are not initialized, and the routing table doesn't get routes assigned ... hence the ping error above. [...] I have a new question. Does it matter if I am logged into the firewall (LEAF Configuation Menu on the screen) or not logged in (Firewall# prompt on the screen) for the firewall to operate properlly when I have all the settings correct? No. Do I have to reboot after I make and backup system changes for them to be in effect? No. --- This SF.Net email sponsored by Black Hat Briefings Training. Attend Black Hat Briefings Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
