Re: [leaf-user] LRP compression
Martin Hejl wrote: Martin Hejl wrote: I doubt it, since (unless I'm totally off) the package/ prefix would be part of the pathname in the archive (check the contents of the package with tar xvft package.lrp - you will most likely see package/lib/ and package/etc/ instead of lib/ and etc/) oops, make that tar tvfz package.lrp - sorry about that Martin leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ Martin, thanks. Yes, you're right. I didn't think correctly. Your solution is better. Do you have any idea about the difference in size: modules.lrp 118954 (from mounted .bin file) My modules.lrp 123018 Using tar -c *| gzip -9 ../package.lrp : size 123007 Joep PS. I send it now also to the list. Joep leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] LRP compression
Hi Joep, Joep Blom wrote: Do you have any idea about the difference in size: modules.lrp 118954 (from mounted .bin file) My modules.lrp 123018 Using tar -c *| gzip -9 ../package.lrp : size 123007 Ok, so you're comparing gnu gzip with busybox gzip, right? (lrp from the package archive, compared to the one you created on your devel box?). Part of that may well be that the gnu gzip works a little differently than the busybox one. The real test would be to see how big your modules.lrp is after you backed it up on your leaf box. As far as I know, there's no posix or ansi standard on what exactly gzip should do when -9 is given as an argument, so there's a pretty good chance that gnu gzip and busybox gzip use (possibly slightly) different algorithms for compression - which would obviously result in different results. Sorry, I have no hard facts to back that up, other than anecdotal evidence that busybox gzip tends to be more agressive at compressing things (trading space for speed is what uclibc is all about, so it wouldn't be too surprising if the uclibc developers made different choices than the gnu gzip developers did) Martin leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] LRP compression
Martin Hejl wrote: Hi Joep, Joep Blom wrote: Do you have any idea about the difference in size: modules.lrp 118954 (from mounted .bin file) My modules.lrp 123018 Using tar -c *| gzip -9 ../package.lrp : size 123007 Ok, so you're comparing gnu gzip with busybox gzip, right? (lrp from the package archive, compared to the one you created on your devel box?). Part of that may well be that the gnu gzip works a little differently than the busybox one. The real test would be to see how big your modules.lrp is after you backed it up on your leaf box. As far as I know, there's no posix or ansi standard on what exactly gzip should do when -9 is given as an argument, so there's a pretty good chance that gnu gzip and busybox gzip use (possibly slightly) different algorithms for compression - which would obviously result in different results. Sorry, I have no hard facts to back that up, other than anecdotal evidence that busybox gzip tends to be more agressive at compressing things (trading space for speed is what uclibc is all about, so it wouldn't be too surprising if the uclibc developers made different choices than the gnu gzip developers did) Martin leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ Thanks Martin, I thought it could be the different gzip. I thought therefore it would perhaps be better to use bzip2 which is very efficient but a little trial turned out that gzip -9 gives a better compression than bzip2 -9. I need the highest compression as the leafbox is a very old winchip (90 MHz) system with an MB that was made before USB was available so I have to use floppies. Well I think I have somewhere a somewhat more modern MB (K6 500MB!) with USB to load a small system with USB support with a floppy and get the packages from an USB stick.That's more than fast enough. Joep leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] LRP compression
Hi Joep, perhaps be better to use bzip2 which is very efficient but a little trial turned out that gzip -9 gives a better compression than bzip2 -9. The results of bzip compression depend highly on the input - sometimes it's a lot better than gzip, sometimes it fails big time. There's no general rule other than trying it under the specific curcumstances you use it in, and finding out what's best. I need the highest compression as the leafbox is a very old winchip (90 MHz) system with an MB that was made before USB was available so I have to use floppies. Well, bzip generally tends to use tons of cpu power, so it may not be the obvious choice for low power boards. Well I think I have somewhere a somewhat more modern MB (K6 500MB!) with USB to load a small system with USB support with a floppy and get the packages from an USB stick.That's more than fast enough. Well, other than switching cpus, you could look at switching boot media - wether it may be two flopppies (one tends to get a lot on 2x1.6MB) or switching to CF, CDROM or DOM, or something like that. Just because your platform won't boot off USB, doesn't mean it's useless (none of the boxes I use LEAF on can boot from USB, and they all use more than just a single 1.44 floppy - Soekris, WRAP or Nexcom boxes are what I use, and they work just fine). Martin leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] LRP router failing? - the Last Chapter (STH)DSL line-quality info
Thank you, Peter. I will watch for that in the future. Dale Mirenda On Oct 18, 2004, at 10:21 AM, Peter Mueller wrote: Glad its working!! But let's go back to your ifconfig: eth0 Link encap:Ethernet HWaddr 00:10:4B:2C:90:9C inet addr:64.113.213.14 Bcast:64.113.213.15 Mask:255.255.255.252 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1800 errors:0 dropped:0 overruns:0 frame:0 TX packets:2184 errors:0 dropped:0 overruns:0 carrier:341 Collisions:0 Interrupt:9 Base address:0xff00 See the carrier errors (15.6%)? For future use, carrier errors indicate cable fault or low-layer problem related to that interface.FYI the dumpfile looks normal. --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] LRP router failing? - the Last Chapter (STH)DSL line-quality info
The replacement for the suspect FlowPoint 2200 DSL router arrived today from the ISP (an Efficient Networks 5851). I plugged it into the network sans the crutch switch between the two routers, and it worked like a charm. Hypothesis becomes history. Glad its working!! But let's go back to your ifconfig: eth0 Link encap:Ethernet HWaddr 00:10:4B:2C:90:9C inet addr:64.113.213.14 Bcast:64.113.213.15 Mask:255.255.255.252 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1800 errors:0 dropped:0 overruns:0 frame:0 TX packets:2184 errors:0 dropped:0 overruns:0 carrier:341 Collisions:0 Interrupt:9 Base address:0xff00 See the carrier errors (15.6%)? For future use, carrier errors indicate cable fault or low-layer problem related to that interface.FYI the dumpfile looks normal. Regards, P --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP router failing? - the Last Chapter (STH)DSL line-quality info
On Oct 14, 2004, at 8:13 AM, [EMAIL PROTECTED] wrote: snip So the idea that different gear may be stronger or more tolerant is not off-the-wall at all. Thanks for letting us know how it all turned out. scott; canada Thanks for the validation, Scott. I'm staying here another day in Boise because the ISP is sending a replacement DSL router (tomorrow) to see if that solves the problem (logical, since it is the only critical component in the whole network that I have not replaced!). That will tell us whether this theory is right or not. Dale Mirenda The replacement for the suspect FlowPoint 2200 DSL router arrived today from the ISP (an Efficient Networks 5851). I plugged it into the network sans the crutch switch between the two routers, and it worked like a charm. Hypothesis becomes history. Thanks again to all who helped me with this problem, with a special nod of course to Ray who put me on the fast track to the solution. I also learned a lot about troubleshooting these issues from all of you who responded, and that is just as valuable as, if not more than, fixing this one. This entire incident also goes quite a ways with my superiors, who once again have seen first-hand the reliability of the LEAF routers, and the support system that has grown around them. Case closed, lessons learned. Dale Mirenda --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] LRP router failing? - Alcatel SpeedTouchHome (STH)DSL line-quality info
Dale, If I am understanding correctly, you've confirmed: 1. The Win98 box doesn't drop packets ever (ie. their equipment works) 2. Your equipment works (connected the laptop to the DachBox via a crossover cable and dropped no packets from the laptop to the LEAF router or from the LEAF router to the laptop.) This smells like an autonegotiation problem between their equipment and yours. What NICs are in your machine? After you try another NIC, I would give another type of NIC a shot. - Bob Coffman --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP router failing? - Alcatel SpeedTouchHome (STH)DSL line-quality info
About your 'strongest' comment... This is by no means far-fetched, IMO. We're all probably more accustomed to hardware being either working or non-working and are infrequently confronted with a situation of degradation or 'dying' gear. A story from my past: I was working in telecom - PC-based voice systems. We had an installation where we could plug a regular telephone into a jack and all was well, but when we plugged into the PC it couldn't 'see' the line. Checked with different ports, another PC, none could see the line but dang it, a set plugged in directly would work fine. We finally got around to testing the loop resistance and it was just outside of spec. The phone set was more 'tolerant' and the PC-boards were by-the-book. So the idea that different gear may be stronger or more tolerant is not off-the-wall at all. Thanks for letting us know how it all turned out. scott; canada [EMAIL PROTECTED] wrote: snip What if the Windows machine has the strongest NIC(I don't know what that means, but humor me)? It would drop no packets. Let's say the laptop is not as strong as the Win98 box, but better than the LEAF boxes (which use identical NICs, btw). The laptop therefore drops 2% to 50%, and the DachBoxen rarely lose fewer than 50%. That would also explain why the problem has been steadily worsening for the past month. --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] LRP router failing? - Alcatel SpeedTouchHome (STH)DSL line-quality info
Dale, If I am understanding correctly, you've confirmed: 1. The Win98 box doesn't drop packets ever (ie. their equipment works) 2. Your equipment works (connected the laptop to the DachBox via a crossover cable and dropped no packets from the laptop to the LEAF router or from the LEAF router to the laptop.) That's all correct. Also, last night on Ray Olszewski's recommendation I connected a 10/100BT switch between the DachBox and the Flowpoint DSL router. Lazarus rose from the dead. I ran internet backups between the file servers all night long without loing a single packet. In fact, an fping from the Seattle file server to the Boise server _during_ the backup did not drop a packet, although latency jumped to about 500 ms. This smells like an autonegotiation problem between their equipment and yours. What NICs are in your machine? After you try another NIC, I would give another type of NIC a shot. The NICs are Linksys LNE100TX. I do intend to swap another NIC into the DachBox today as an experiment, and I have a 3Com card I can try as well. But I'm not sure what that would prove. If the LAN switch circuity in the DSL router is failing in such a way as to cause this problem, and the switch I cobbled in there is just compensating for that, putting in a different NIC (with a stronger outgoing signal strength, if that is the right concept) could just mask the problem. After all, the NIC in the Win98 box worked just fine connected directly to the DSL router. Let's say I cannibalized that NIC, put it in the DachBox, and it works just fine. This problem has been deteriorating gradually for the last month. If it is the DSL router LAN side that is in a death spiral, I could find that in a week or two it has degraded to the point that even the stronger NIC can't compensate any more. I'm beginning to think that the only way I'll find out for sure is if in replacing the DSL router, the problem goes away entirely. Or not. Dale Mirenda --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP router failing? - Alcatel SpeedTouchHome (STH)DSL line-quality info
snip So the idea that different gear may be stronger or more tolerant is not off-the-wall at all. Thanks for letting us know how it all turned out. scott; canada Thanks for the validation, Scott. I'm staying here another day in Boise because the ISP is sending a replacement DSL router (tomorrow) to see if that solves the problem (logical, since it is the only critical component in the whole network that I have not replaced!). That will tell us whether this theory is right or not. Dale Mirenda --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP router failing? - Alcatel SpeedTouchHome (STH)DSL line-quality info
Charles Steinkuehler wrote: Thinking about this some more, I'm beginning to suspect the DSL line. If I may, would this possibility not have been obviated when Dale connected a Win98 box to the line and had no loss in pings? Thank you, Scott. I've downloaded the software and I'll give it a try momentarily. Update: I'm in Boise, more confused than ever. Pings from the Win98 box (which is directly connected to the 4-port hub on the FlowPoint 2200 DSL router) on which I'm composing this message to anywhere never drop. When I connect the DachBox to the same DSL LAN port packets are dropped at a rate of anywhere from 20% to 100%. Connecting my Apple laptop (OS 10.3) in the same way packets are dropped anywhere from 0% to 50%. From the laptop, I got results of 2%, 4%, 14%, 30%, and 50% (not in that order) when I sent 50 packets to the DSL router or to my webserver in Seattle. Also, I connected the laptop to the DachBox via a crossover cable and dropped no packets from the laptop to the LEAF router or from the LEAF router to the laptop. Before I did this testing, I completely disabled ipsec to remove that variable. I installed and ran tcpdump -i eth0 (the public address) not port ssh as Peter Mueller suggested, and got a flood of results that in no way resembled his example. I was not able to tell anything from that. I called the ISP and a tech ran through some tests with me. He logged in to the DSL router and sent pings to this computer when I had it connected, and to the LEAF public address (64.113.213.14) after I hooked it back up. Pings from the DSL router to this computer were perfect. Pings to the DachBox dropped at a rate of 30%. All of which told him that the problem was the LEAF router. He could not explain why the PowerBook dropped packets as well. As he pointed out (accurately, as far as I know) the DSL router can't tell the difference between a packet from a *nix client and one from a Windows client. Still, something strange is going on there. While I was on the phone with ISP tech support, the replacement DachBox2 arrived from Seattle. I terminated that call (we'd done just about all we could think of anyway) and I hooked up the new box. Same results. Dropped packets all over the place. Unless we want to postulate a very untimely double fault, I don't know what to make of that. The bottom line to all of the above is that I'm more stumped than ever and don't know what to do next. I suppose I'll try to replace the eth0 NIC in the DachBox2 to try to eliminate the double fault possibility. I actually tried to do that earlier today as well, but neither of the NICS worked after that. When I restored the NIC I'd removed, they worked again. I don't know how to get the ISP to seriously consider the possibility that their connection could be at fault. They simply don't see any problem from their end. If possible, I'm more open than ever to any suggestion. Dale Mirenda --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP router failing? - Alcatel SpeedTouchHome (STH)DSL line-quality info
[EMAIL PROTECTED] wrote: If possible, I'm more open than ever to any suggestion. You mentioned the DSL modem has a 4-port switch on it. Are you using the same port for testing all machines (ie: 'doze box, firewall, and laptop)? You problem still smells like bad infrastructure (ie: cable or port), so I'd start by trying to isolate the DSL modem as the problem. If you get the same results on all ports (ie: windows works wherever you plug it in, and linux/Mac fail on all ports), see if you can get tomorrow's stock prices through the space-time wormhole surrounding your office, so at least we can all make some money day-trading. :-) -- Charles Steinkuehler [EMAIL PROTECTED] --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP router failing? - Alcatel SpeedTouchHome (STH)DSL line-quality info
[EMAIL PROTECTED] wrote: If possible, I'm more open than ever to any suggestion. You mentioned the DSL modem has a 4-port switch on it. Are you using the same port for testing all machines (ie: 'doze box, firewall, and laptop)? You problem still smells like bad infrastructure (ie: cable or port), so I'd start by trying to isolate the DSL modem as the problem. If you get the same results on all ports (ie: windows works wherever you plug it in, and linux/Mac fail on all ports), see if you can get tomorrow's stock prices through the space-time wormhole surrounding your office, so at least we can all make some money day-trading. :-) -- Charles Steinkuehler [EMAIL PROTECTED] I'm on hold with the ISP tech support right now. I'm trying to get them to explain the following: I tried another set of ping tests from the LEAF router (the replacement from Seattle). This time, I disconnected the DSL line from the FP2200. The first set of 40 packets lost 5%, the second lost 10%. I waited about a minute before sending a third set of 40 packets, and the loss rate went up to 27%. A fourth set sent soon after lost 30%. I reconnected the DSL line and sent another set of 40 packets. 50% loss. Subsequent tests indicated that the connection continued to degrade until it topped out at about 85% loss. --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] LRP router failing? - Alcatel SpeedTouchHome (STH)DSL line-quality info
The bottom line to all of the above is that I'm more stumped than ever and don't know what to do next. I suppose I'll try to replace the eth0 NIC in the DachBox2 to try to eliminate the double fault possibility. I actually tried to do that earlier today as well, but neither of the NICS worked after that. When I restored the NIC I'd removed, they worked again. How are you doing the test with the Linux router? Are you using a server behind it? Are you connecting the private interface at all? Please make sure the private end is disconnected and try again if it was connected. If the private end was disconnected, run tcpdump on the public interface and post the results here. You can email me directly if the results are a file too large to post on a mailing list. I don't know how to get the ISP to seriously consider the possibility that their connection could be at fault. They simply don't see any problem from their end. That's not surprising. It's hard enough to get most ISPs to do anything when you can tell them exactly what's wrong. If Apple is supported, call again and open a new ticket. Tell them you have tried two Macintoshes (make the LEAF results Apple results). If possible, I'm more open than ever to any suggestion. Can you post the results of ifconfig after some packet loss? Also, if you could post an ASCII map of your network that might tell us something. IPs are not necessary but it wouldn't hurt to double-check all these settings on your own. (This has bit me a few times with all sorts of strange results). E.g., -- | DSL router | - IP x.y.z.a -- | -- - eth0 x.y.z.b |LEAF| -- - eth1 a.b.c.z | -- |xSWITCHx| - 16 port linksys (or whatever) -- | -- | Clients | -- Regards, P --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP router failing?
Dale Mirenda wrote: On Oct 11, 2004, at 10:31 AM, Peter Mueller wrote: I can do that on the one in Seattle, and on the remote router when I get to Boise, Erich. I'll read up on tcpdump (never used it before) and give it a go. Thanks for the idea; I'm getting lots of input on tools I've never had to think about before, and that is why I came to this forum for help. E.g., tcpdump -i eth0 (or eth1) not port ssh tcpdump -i eth0 net 192.168.0/24 and not proto \\icmp tcpdump -i eth0 host 1.2.3.4 or host 5.6.7.8 and not port ssh Protocols require double-escaping, for example ICMP above. Windump is the windows equivelant. I think Ray is on the right track with spyware. Be sure to check ifconfig for transmission errors, too. eth0 Link encap:Ethernet HWaddr 00:C0:9F:3F:44:42 inet addr:1.2.3.21 Bcast:1.2.3.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 ** This is what you are looking for ** RX packets:54447768 errors:2 dropped:0 overruns:0 frame:1 ^^ TX packets:52184055 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 ** RX bytes:854678430 (815.0 Mb) TX bytes:2033727102 (1939.5 Mb) Base address:0xece0 Memory:fe1e-fe20 A few errors - 1 every million or so is usually fine. P Thanks for the tutorial, Peter. I'll put it to good use. This incident has taught me that I need to focus on this kind of tool to prepare for emergencies. I don't have a lot to add, as it looks like you've already gotten excellent responses from others in the group, but I do have a few quick points and questions: - I like to use the -n switch to tcpdump, which prevents it from trying to resolve IP addresses into domain names (especially if your network isn't working right). - You'll find tcpdump and the required libpcap on the Dachstein CD (if you're running one of my images). Just mount and cd to the CD (packages have to be installed from the current directory), then: lrpkg -i libpcap lrpkg -i tcpdump - What kind of hardware are you running? Older pentium (and especially 486 boxen) can fairly easily be overloaded by 100 MBit NICs if ad/spy/mal-ware is spewing full bore. - I doubt your IPSec setup is to blame, even if you still have the old office in the config files, although I'd still check to make sure. I have several Dachstein boxen at multiple sites in a partial mesh VPN, and don't notice any problems when any of the sites go down (which happens fairly freqently, as a number of the sites are homes, not offices). - Have you been using anything like MRTG to monitor bandwidth usage via snmp? The traffic graphs can often quickly tell you where to start looking for problems (ie: inbound traffic is pegged...go find the rouge kazza user and get them to play nice; outbound traffic pegged...look for an infected system; traffic looks normal...start verifying your configurations and infrastructure). - My 'gut reaction' is to suspect either infrastructure (ie: bad cable, switch, hub, NIC, etc) or an unidentified host generating lots of traffic. - Remember to look for rouge wireless APs! Good luck! -- Charles Steinkuehler [EMAIL PROTECTED] --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP router failing?
Thank you, Charles. I've addressed your questions to the measure of my ability below: On Oct 12, 2004, at 7:59 AM, Charles Steinkuehler wrote: Dale Mirenda wrote: On Oct 11, 2004, at 10:31 AM, Peter Mueller wrote: I can do that on the one in Seattle, and on the remote router when I get to Boise, Erich. I'll read up on tcpdump (never used it before) and give it a go. Thanks for the idea; I'm getting lots of input on tools I've never had to think about before, and that is why I came to this forum for help. E.g., tcpdump -i eth0 (or eth1) not port ssh tcpdump -i eth0 net 192.168.0/24 and not proto \\icmp tcpdump -i eth0 host 1.2.3.4 or host 5.6.7.8 and not port ssh Protocols require double-escaping, for example ICMP above. Windump is the windows equivelant. I think Ray is on the right track with spyware. Be sure to check ifconfig for transmission errors, too. eth0 Link encap:Ethernet HWaddr 00:C0:9F:3F:44:42 inet addr:1.2.3.21 Bcast:1.2.3.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 ** This is what you are looking for ** RX packets:54447768 errors:2 dropped:0 overruns:0 frame:1 ^^ TX packets:52184055 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 ** RX bytes:854678430 (815.0 Mb) TX bytes:2033727102 (1939.5 Mb) Base address:0xece0 Memory:fe1e-fe20 A few errors - 1 every million or so is usually fine. P Thanks for the tutorial, Peter. I'll put it to good use. This incident has taught me that I need to focus on this kind of tool to prepare for emergencies. I don't have a lot to add, as it looks like you've already gotten excellent responses from others in the group, They've been wonderful. Some of the suggestions have been a bit over my head, but that won't last for long. I'll read up on the tools mentioned and be able to use them in short order. but I do have a few quick points and questions: - I like to use the -n switch to tcpdump, which prevents it from trying to resolve IP addresses into domain names (especially if your network isn't working right). - You'll find tcpdump and the required libpcap on the Dachstein CD (if you're running one of my images). Just mount and cd to the CD (packages have to be installed from the current directory), then: lrpkg -i libpcap lrpkg -i tcpdump - What kind of hardware are you running? Older pentium (and especially 486 boxen) can fairly easily be overloaded by 100 MBit NICs if ad/spy/mal-ware is spewing full bore. Very interesting point. All of my DachBoxen are retired P1 or P2 desktops. The original Boise LEAF router was a very old (but sturdy) P2. I replaced it with a spare P! that I had here in Seattle, and tested before I sent it down. Since then the Boise problem has worsened considerably. Hmmm... - I doubt your IPSec setup is to blame, even if you still have the old office in the config files, although I'd still check to make sure. I have several Dachstein boxen at multiple sites in a partial mesh VPN, and don't notice any problems when any of the sites go down (which happens fairly freqently, as a number of the sites are homes, not offices). That has been my observation in the past, as well, although I intend to double-check when I arrive in Boise tomorrow. - Have you been using anything like MRTG to monitor bandwidth usage via snmp? The traffic graphs can often quickly tell you where to start looking for problems (ie: inbound traffic is pegged...go find the rouge kazza user and get them to play nice; outbound traffic pegged...look for an infected system; traffic looks normal...start verifying your configurations and infrastructure). My, that is timely. My #1 project for today was to check my SuSE distro for a network traffic monitor that I can run on Linux, with output that my untrained eye can comprehend. I will look for MRTG. Does it only work with snmp enabled devices? I know my HP ProCurve switches can be configured to provide snmp data, and I'm sure that my Linux fileservers can be somehow, and the HP networked printers probably. But how about the Win98 desktops? And does Dachstein-CD-1.0.2 provide snmp data by default, or do I need to implement that as well? I know I can find this out for myself with a bit of research, but I'm getting short of time and I'd like to play with this stuff on my healthy net in Seattle before I try to get it running in Boise, so please forgive the newbie whining. I'm not really a newbie, but this crisis has made me feel like one. - My 'gut reaction' is to suspect either infrastructure (ie: bad cable, switch, hub, NIC, etc) or an unidentified host generating lots of traffic. I'm kind of leaning toward infrastructure myself, although I tried to address that early on. I would like to ask a question about
Re: [leaf-user] LRP router failing?
Dale Mirenda wrote: snip - Have you been using anything like MRTG to monitor bandwidth usage via snmp? The traffic graphs can often quickly tell you where to start looking for problems (ie: inbound traffic is pegged...go find the rouge kazza user and get them to play nice; outbound traffic pegged...look for an infected system; traffic looks normal...start verifying your configurations and infrastructure). My, that is timely. My #1 project for today was to check my SuSE distro for a network traffic monitor that I can run on Linux, with output that my untrained eye can comprehend. I will look for MRTG. Does it only work with snmp enabled devices? I know my HP ProCurve switches can be configured to provide snmp data, and I'm sure that my Linux fileservers can be somehow, and the HP networked printers probably. But how about the Win98 desktops? And does Dachstein-CD-1.0.2 provide snmp data by default, or do I need to implement that as well? I know I can find this out for myself with a bit of research, but I'm getting short of time and I'd like to play with this stuff on my healthy net in Seattle before I try to get it running in Boise, so please forgive the newbie whining. I'm not really a newbie, but this crisis has made me feel like one. There are a couple of snmp packages on the Dachstein CD: snmp - cmu snmp Ver:3.6b7 netsnmpd - net-snmp (aka ucd-snmp) from Andrew Hoying (repackaged) The cmu snmp is older, and I think both packages have known issues, but I only allow access via specific IP's, typically over a VPN, so I haven't worried about it. IIRC, you can setup both in fairly short order to serve up simple read-only statistics for gathering data on bandwidth, cpu-load, etc. - My 'gut reaction' is to suspect either infrastructure (ie: bad cable, switch, hub, NIC, etc) or an unidentified host generating lots of traffic. I'm kind of leaning toward infrastructure myself, although I tried to address that early on. I would like to ask a question about spyware: I have to admit that spyware is high on my list of suspects because that office has had problems with it before, slowing and crashing computers. On a previous visit I found it on every machine and cleaned it up with the Lavasoft product. Assuming for the moment that my technically-challenged crew in Boise really did turn off all of the client machines on their network, is there any way the spyware traffic could continue to tie up the router? I thought that when the computers on the network were down, the problem should go away. Is it possible that whatever is on the other end of the spyware connection is still bombarding the network with requests and continuing to overwhelm the LEAFbox? Typically, it's only local connections that would be capable of overwhelming your firewall. Most high-speed connections (ie: DSL, cable-modem, T1, and similar) top out at a few MBits/s, which can easily be handled by an early Pentium class machine. My low-end P1-166 machines (with SDRAM) can handle about 30 MB/s before 'choking', and I have a P2-366 that passes 90+ MBits/s (hooked to a 100 MB/s at a co-lo). When your on-site helper pulled the plug to the internal network and the firewall box was still being overloaded, either something very wierd is going on with your firewall and/or upstream link or your helper didn't really get the right cable... Random thought: One thing to check for might be running out of masquerade ports. This can happen if you have a lot of local activity getting masqueraded (how many users are at this facility?): net ipfilter list masq | wc -l Of course, making sure you're not running low on RAM or other system resources (CPU cycles has already been mentioned) would be a good idea as well. - Remember to look for rouge wireless APs! Well, those folks can't even spell WAP, but then the most clueless users are the most dangerous, aren't they? These days, setting up a WAP is as simple as spending $50 (or less) at someplace like Best Buy. I'm not saying that's your problem, but it's one thing that I think could explain all observed behavior except the oddity of packet loss when the internal network cable was unplugged. Even that might be explained (without assuming the worst of your on-site help) if the WAP was connected upstream of the firewall (ie: perhaps your DSL modem is one of those that has a built-in 4-port switch, and your unknown network 'helper' was carefully following the 1-page installation graphic that showed the WAP plugged directly into the cable/dsl-modem?). Keep us posted on what you find! -- Charles Steinkuehler [EMAIL PROTECTED] --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl
Re: [leaf-user] LRP router failing?
On Oct 12, 2004, at 12:37 PM, Charles Steinkuehler wrote: snip There are a couple of snmp packages on the Dachstein CD: snmp - cmu snmp Ver:3.6b7 netsnmpd - net-snmp (aka ucd-snmp) from Andrew Hoying (repackaged) The cmu snmp is older, and I think both packages have known issues, but I only allow access via specific IP's, typically over a VPN, so I haven't worried about it. IIRC, you can setup both in fairly short order to serve up simple read-only statistics for gathering data on bandwidth, cpu-load, etc. I'll read up on the packages and give it a go. - My 'gut reaction' is to suspect either infrastructure (ie: bad cable, switch, hub, NIC, etc) or an unidentified host generating lots of traffic. I'm kind of leaning toward infrastructure myself, although I tried to address that early on. I would like to ask a question about spyware: I have to admit that spyware is high on my list of suspects because that office has had problems with it before, slowing and crashing computers. On a previous visit I found it on every machine and cleaned it up with the Lavasoft product. Assuming for the moment that my technically-challenged crew in Boise really did turn off all of the client machines on their network, is there any way the spyware traffic could continue to tie up the router? I thought that when the computers on the network were down, the problem should go away. Is it possible that whatever is on the other end of the spyware connection is still bombarding the network with requests and continuing to overwhelm the LEAFbox? Typically, it's only local connections that would be capable of overwhelming your firewall. Most high-speed connections (ie: DSL, cable-modem, T1, and similar) top out at a few MBits/s, which can easily be handled by an early Pentium class machine. My low-end P1-166 machines (with SDRAM) can handle about 30 MB/s before 'choking', and I have a P2-366 that passes 90+ MBits/s (hooked to a 100 MB/s at a co-lo). That was my thought, but over time the packet loss on the _outside_ LEAF connection has degraded to be unusable: rarely under 50%, even with (supposedly) no inside clients up, so I had to ask. When your on-site helper pulled the plug to the internal network and the firewall box was still being overloaded, either something very wierd is going on with your firewall and/or upstream link or your helper didn't really get the right cable... The firewall is also a primary suspect, even though I replaced it. Random thought: One thing to check for might be running out of masquerade ports. This can happen if you have a lot of local activity getting masqueraded (how many users are at this facility?): One fileserver, a switch, five desktops (only three users), two networked printers, The switch had me going for a while until I remembered that it had it's own ip address. They turned off all the computers and printers and nmap still showed a host up! My fault that time, not theirs. net ipfilter list masq | wc -l Of course, making sure you're not running low on RAM or other system resources (CPU cycles has already been mentioned) would be a good idea as well. I've already shipped _another_ DachBox down there so I can eliminate LEAF hardware issues. - Remember to look for rouge wireless APs! Well, those folks can't even spell WAP, but then the most clueless users are the most dangerous, aren't they? These days, setting up a WAP is as simple as spending $50 (or less) at someplace like Best Buy. I'm not saying that's your problem, but it's one thing that I think could explain all observed behavior except the oddity of packet loss when the internal network cable was unplugged. Even that might be explained (without assuming the worst of your on-site help) if the WAP was connected upstream of the firewall (ie: perhaps your DSL modem is one of those that has a built-in 4-port switch, and your unknown network 'helper' was carefully following the 1-page installation graphic that showed the WAP plugged directly into the cable/dsl-modem?). The Flowpoint 2200 DSL router does indeed have a built-in 4-port switch. Keep us posted on what you find! I definitely will, Charles. Hopefully, I'll discover something that will help someone with a similar problem in the future. That's the best outcome I can imagine for this fiasco. BTW, please accept my heartfelt thanks not only for your advice with this incident, but for providing the Dachstein system in the first place. Since I installed these machines (all running on antiquated hardware) several years ago, they have run 24/365 with the longest uptime and lowest maintenance of any electronic device I've ever used, let alone built by hand on a zero budget with almost no prior experience. In my 30+ years maintaining and using technical systems from mining equipment to nuclear power plants to data networks, I've never seen or heard of any machine that does so much and requires so little in return. You and
Re: [leaf-user] LRP router failing?
Dale Mirenda wrote: Random thought: One thing to check for might be running out of masquerade ports. This can happen if you have a lot of local activity getting masqueraded (how many users are at this facility?): One fileserver, a switch, five desktops (only three users), two networked printers, The switch had me going for a while until I remembered that it had it's own ip address. They turned off all the computers and printers and nmap still showed a host up! My fault that time, not theirs. OK, it's highly unlikely you're running out of masquerade ports with 3 users. Thinking about this some more, I'm beginning to suspect the DSL line. I know you've tried pinging the modem with success, but it's easy to be unclear about exactly *WHERE* that IP resides (especially when you're off-site). When I had Transedge service, the first thing I had to do was take the modem out of it's default transparent bridging mode and set it up for the routed IP range that they were actually providing me (somehow, there was a dis-connect between my network setup and the modem they sent, so I got the default 'soho' setup). In the default bridging mode, the first IP you could ping past the firewall was actually the DSLAM at the phone-company co-lo. Phone lines (especially those running DSL) are notorious for intermittent noise problems, and can do some very odd things when they get wet or connections start to corrode (including spooky time-based problems or outages as heat from the sun hits the aerial wires and everything stretches and slides around in the cable sheath). If you've got 'standard' DSL service and are not getting a block of IP's routed to you (ie: your DSL modem is in 'bridge' mode), I'm almost willing to bet the problem is actually the DSL line quality, likely caused by some recent ham-fisted tech playing with connections somewhere near your office (or sharing facilities with the pair you're running DSL on). It could even be something as simple as another DSL pair being activated that's causing cross-talk on your circuit. I had about 10% packet loss due to DSL line quality going south after several years of good service, and I can vouch for the fact that it was unplesent. I don't even want to think about what 50%+ packet loss would be like. As before, keep us posted! -- Charles Steinkuehler [EMAIL PROTECTED] --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP router failing? - Alcatel SpeedTouchHome (STH) DSL line-quality info
Charles Steinkuehler wrote: Thinking about this some more, I'm beginning to suspect the DSL line. If I may, would this possibility not have been obviated when Dale connected a Win98 box to the line and had no loss in pings? But taking that bad-copper theory further I'll make mention of the value of a Alcatel SpeedTouchHome DSL Modem. Someone once posted elsewhere that they'd never bother to buy a DSL line tester because the STH has such great diagnostics built-in. I'll first make mention of a great GUI for eyeballing the STH stats, without navigating the crude command-line interface: Nubz Alcatool. It can be downloaded here (for Win, Mac OS 8, 9, X): http://www.nubz.org/alcatool/Download.html To see the stats that are probably relevant for you you'll want to fire up the Alcatool, login with the 'telnet' password for your STH, then in the bottom right corner, click Line Stats, then in the new window click Line Info. This will give you (by default) download-only stats. To activate the upload stats click on ResetLine, wait a few secs, and you'll have the info. What to look for: Instead of my repeating, just eyeball this page: http://www.dslreports.com/faq/6728 (ignore the stuff about 'Expert' password - the Alcatool handles all that invisibly). Me, I'm on a 3.0 MB service, but have been downgraded (by the techs at my local central office) to a 1.5MB 'profile' because I'm 'measured' as 5 km from the CO (as the copper flows, so to speak). FWIW I run happily and merrily at 98-101% 'capacity occupation', 5-6db noise margin so take the suggestions of limits mentioned the dslreports as suggestions and not as carved in stone. If you do want to have a change to your DSL profile and are currently on Fast Used ATM rate (you can tell because those fields are 0 and the 'interleaved' fields are = 0) and are pushing the limits (i.e. = 6db noise, 97% capacity occupation) you could ask the CO to change you to interleaved ATM rate. The effect is an increase (IIRC: 5-10ms) in latency but throughput remains basically unchanged. Or you could have then just change you to a slower profile, staying as Fast ATM rate. Or both. I've also observed that a newer STH modem (i.e. 'G' series) gives me a higher speed connection than an older, K-series STH modem. Good luck. scott; canada --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] LRP router failing?
I can do that on the one in Seattle, and on the remote router when I get to Boise, Erich. I'll read up on tcpdump (never used it before) and give it a go. Thanks for the idea; I'm getting lots of input on tools I've never had to think about before, and that is why I came to this forum for help. E.g., tcpdump -i eth0 (or eth1) not port ssh tcpdump -i eth0 net 192.168.0/24 and not proto \\icmp tcpdump -i eth0 host 1.2.3.4 or host 5.6.7.8 and not port ssh Protocols require double-escaping, for example ICMP above. Windump is the windows equivelant. I think Ray is on the right track with spyware. Be sure to check ifconfig for transmission errors, too. eth0 Link encap:Ethernet HWaddr 00:C0:9F:3F:44:42 inet addr:1.2.3.21 Bcast:1.2.3.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 ** This is what you are looking for ** RX packets:54447768 errors:2 dropped:0 overruns:0 frame:1 ^^ TX packets:52184055 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 ** RX bytes:854678430 (815.0 Mb) TX bytes:2033727102 (1939.5 Mb) Base address:0xece0 Memory:fe1e-fe20 A few errors - 1 every million or so is usually fine. P --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP router failing?
On Oct 11, 2004, at 10:31 AM, Peter Mueller wrote: I can do that on the one in Seattle, and on the remote router when I get to Boise, Erich. I'll read up on tcpdump (never used it before) and give it a go. Thanks for the idea; I'm getting lots of input on tools I've never had to think about before, and that is why I came to this forum for help. E.g., tcpdump -i eth0 (or eth1) not port ssh tcpdump -i eth0 net 192.168.0/24 and not proto \\icmp tcpdump -i eth0 host 1.2.3.4 or host 5.6.7.8 and not port ssh Protocols require double-escaping, for example ICMP above. Windump is the windows equivelant. I think Ray is on the right track with spyware. Be sure to check ifconfig for transmission errors, too. eth0 Link encap:Ethernet HWaddr 00:C0:9F:3F:44:42 inet addr:1.2.3.21 Bcast:1.2.3.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 ** This is what you are looking for ** RX packets:54447768 errors:2 dropped:0 overruns:0 frame:1 ^^ TX packets:52184055 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 ** RX bytes:854678430 (815.0 Mb) TX bytes:2033727102 (1939.5 Mb) Base address:0xece0 Memory:fe1e-fe20 A few errors - 1 every million or so is usually fine. P Thanks for the tutorial, Peter. I'll put it to good use. This incident has taught me that I need to focus on this kind of tool to prepare for emergencies. Dale Mirenda --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP router failing?
On Oct 10, 2004, at 2:36 AM, Erich Titl wrote: M are 80 ms fine for you? Is this your normal service? Yes, it is, Erich. The Seattle to Portland link enjoyed a latency of about 25 ms, much nicer for internet backups and so on, but that was though a major carrier with a latency guarantee and involved just a few hops. Traceroute has shown as many as 17 hops between Seattle and Boise (same with the Portland to Boise link when it existed). It's not fast but it has been reliable up to now. Dale Mirenda --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP router failing?
On Oct 10, 2004, at 11:10 AM, Lynn Avants wrote: An 'ipsec barf' will give you virtually every detail concerning the VPN authentication and connection process. Probably the first test I'll run when I'm at the Boise console. Assuming you are running both ends for subnet sharing, you will not be able to ping the internal gateway address through the tunnel.. this test should be performed by pinging an internal client on one subnet from an internal client on the other subnet. That is typically how I do the ping tests. I hit the outside address of the LEAF router from inside the Seattle private network to compare with the DSL router (which never drops packets) and the inside Boise network, which in the beginning was dropping a lot of traffic when the outside address was dropping few or none. Now, the situation has degenerated to the point that the Do not use either of the gateways to test this connectivity. The only way the router can participate through the tunnel is if the connection allows it to be a host instead of a gateway. Many of us use the gw-to-gw tunnel for typical filesharing and also run a host-to-host tunnel to allow for connectivity ping checking on an interval. Setup an stunnel connection, say, between the Linux fileservers, through the LEAF ipsec tunnel? This allows you to run a script that reloads both tunnels if the host-to-host tunnel goes down for x-seconds and expediates manual intervention by the maintainer and makes testing far easier. I might ask for more details about how you set up and use those scripts. I admit that I am woefully short of tools (hardware, software, and brainware) for dealing with this sort of problem. That's what comes of not having enough network crises to learn from. It may be that the routers are continually attempting to connect to the Portland office that doesn't exist anymore if this office is still in the configuration file(s). I thought I had been careful about that, but I'm not taking anything for granted. Possibly any nice XP boxes are attempting to connect to shares at Portland that no longer exist and flooding the router with garbage traffic as well. No XP at this firm: MacOS9, MacOSX, Win98, WinNT, and the Linux servers. But your point is valid, none the less. It is not just XP that can spew garbage. But, the problem persists even with every Boise host turned off. That is what is so confusing about this whole thing. I can only conclude at this point that I've made some gross error assumption because I missed something in the remote troubleshooting I've done so far. The results just don't make sense. Thank you for your help, Lynn. Dale Mirenda --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP router failing?
Dale can you install tcpdump on those Bering boxes and monitor the traffic on their interfaces. You might see what happens when you try to connect. Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP router failing?
I can do that on the one in Seattle, and on the remote router when I get to Boise, Erich. I'll read up on tcpdump (never used it before) and give it a go. Thanks for the idea; I'm getting lots of input on tools I've never had to think about before, and that is why I came to this forum for help. Dale On Oct 10, 2004, at 2:40 PM, Erich Titl wrote: Dale can you install tcpdump on those Bering boxes and monitor the traffic on their interfaces. You might see what happens when you try to connect. Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl --- - leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP router failing?
Dale -- This is a tough one to pin down. So far, you've been doing the right things, and your approach is about as systematic as mine would have been in the same place. So these comments are best read as things for you to look into when you are in Boise and can access the router either through a console or locally. 1. When you closed the Portland office, did you remove the VPN links to it from Seattle and Boise? If not, might the Boise router be spinning its wheels trying to establish a VPN connection to a vanished other end? This is one problem that I can see easily surviving an equipment change, since you used the same floppy and CD, so the same configuration. 2. The comment that the problem goes away on the weekend catches my eye, and it makes me wonder if the problem is not in the router but instead in some device on the LAN ... something is generating a huge pile of packets that get processed and blocked by the router ... enough traffic that it burns CPU cycles to the point where even light traffic like pings get dropped. Could be a virus-infected host, or a bad port on a switch, or something I'm not thinking of, since I don't know your network. (I know you say you disconnected everything from the LAN side ... but *you* didn't really do that, since you weren't in Boise. This is enough of a possibility to make it worth checking that whoever was onsite didn't miss something unimportant. And anyway, your description makes it sound like you did not disconenct the switches or hubs, and one of them might be the problem.) 3. From what you wrote, I (finally) realized it is not clear if this problem is occurring ONLY on the VPN links or with all traffic to/from Boise. For example, the test you did where you try (from Seattle, presumably) to ping the Boise router's internal address makes sense only in a VPN context ... but I don't know if your other tests were limited to this context as well. 4. You do'n't report the results of any connctivity tests done from the LAN side in Boise (or I don't think you do). From a host on that LAN, can one consistently ping the LEAF router's internal address? External address? The DSL router's address? Anyway, if the load gets low enough that you can ssh in, see what you see from running top ... is there significant CPU load on the system (you want load as measused by top, NOT as measured by uptime, for this calculation). Check the ipchains rulesets (ipchains -nvL, I think ... it's been awhile since I worked with a 2.2.x kernel) and see if any rule has blocked, or otherwise processed, very large numbers of packets. Finally, in a tes where only the LEAF router and the DSL router are connected, can each ping the other with no loss of packets? (Did the changed every cable piece include replacing the cable between them? Put a hub or switch between them and see if the interface on the DSL router is chattering.) At 04:47 PM 10/9/2004 -0700, Dale Mirenda wrote: I've been using a set of identical Dachstein CD v.1.0.2 routers (2.2.19-3-LEAF-RAID) with ipsec VPN to link three small offices for several years. They have run literally flawlessly in all that time, and I've never had a problem from intrusion from the internet or virus attack from the private side. The network is very simple: three interconnected private networks, no DMZ: 192.168.1.0/24 in Seattle via T1 (384K data bandwidth) (that's where I am) 192.168.2.0/24 in Portland via T1 (768K data bandwidth) 192.168.3.0/24 in Boise via DSL (768K data bandwidth) Two weeks ago, we had to close the Portland office so that router is no longer part of the network. About three weeks ago, the Boise network (three users, five desktops, two networked printers, a Linux fileserver, and a 12-port HP ProCurve 2424 switch) started dropping packets, no big deal to start with but the users noticed that in the mornings it took a long time to access the Seattle fileserver (identical to the one in Boise) and sometimes they could not send emails or access websites. Most afternoons, the problem would clear up by itself. Pings to the DSL router (Flowpoint 2200, 64.113.213.13) showed no dropped packets at all. Pings to the LEAF router outside address (64.113.213.14) would drop 3% to 5% in the mornings, and 0% to 5% in the afternoons. Pings to the inside network would drop 10% to 60% in the mornings, and 0% to 10% in the afternoons. Within a few days the problem worsened, with as much as 85% dropped packets to the inside addresses in the mornings, but still clearing up most days by afternoon. On the weekend, the problem all but disappeared but returned Monday morning. I verified with the ISP (Transedge, great customer service, highly reccmmend) that there was not problem up to the DSL router. I had the Boise staff temporarily replace the LEAF router with a Win98 box set to the router outside address (64.113.213.14) and dropped no packets at all. We replaced all network cables attached to
Re: [leaf-user] LRP build
Hi Sebastian, i'm using uClibc on RedHat9 and it's work. regards Felix __ Gesendet von Yahoo! Mail - http://mail.yahoo.de Logos und Klingeltöne fürs Handy bei http://sms.yahoo.de --- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP build
On Tue, 2003-12-02 at 09:18, Sebastian A. Aresca wrote: Hi ... only want to know wich distribution must i used to compile program to work on bering 1.2 kernel 2.4.20. The problem is with the library (of course). In the development page tell something to user redhat 5 or debian slink but this is for kernel 2.4.18. So wich must i use? Sebastian, I think you'll find the information you're looking for in the Bering Developer's Guide linked below. LEAF Guide Collection http://leaf-project.org/doc/guide/ -- Mike Noyes mhnoyes at users.sourceforge.net http://sourceforge.net/users/mhnoyes/ SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs --- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP apache http setup
Kevin Kato wrote: i uncommented to INTERN_WWW_SERVER and added the private ip numbers for the server but port 80 is closed on eigerstein box. when i nmap the eigerstein box, http is not listed at all. i'm lost...here! Please keep the leaf-user list in the reply-to. You have to make sure you allow port 80 requests through the external firewall rules, or the port-forwarding doesn't do any good (although internal clients should still be able to see the web server). You can easily do this with the EXTERN_TCP_PORTS setting: EXTERN_TCP_PORTS=0/0_80 or the EXTERN_TCP_PORTn indexed list (n starts at 1 and goes up to whatever is required). -- Charles Steinkuehler [EMAIL PROTECTED] --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP apache http setup
kevin wrote: a little background information: i am in the process of configuring and running a linux apache http webserver from my house and i had a few questions concerning my LRP. (eigerstein, basic configuration) the web server will host my web pages for public viewing for now, and i will install a ftp server in the future. right now my webserver is running apache, (slackware 9.0, with upgraded apache http 2.0) the server can access it self: http://127.0.0.1(i get the apache default page) http://localhost(i get the apache default page) http://localhost/test.html (i get a web test page i created) a windows client cannot access the serverat all. Sounds like you've got something messed up in your apache configuration. Run 'netstat -lnp' on the webserver, and make sure apache is listening on port 80 of the network interface, and not just the loopback interface. question, does the eigerstein hide all of the ports to the outside world? i think it does, so is it possible to configure eigerstein to allow people to access my webserver? Yes, using port-forwarding. Simply uncomment the INTERN_WWW_SERVER setting, and set the IP address to the private IP assigned to your web-server machine. People outside your network can then connect using the IP of your firewall (assuming you get apache fixed :). -- Charles Steinkuehler [EMAIL PROTECTED] --- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] *.lrp(nf!) - when packages are loaded
Hi Dominik On Tue, 22 Jul 2003 06:01:42 +0200, Dominik Strnad [EMAIL PROTECTED] wrote: Hello I am using Bearing 1.2, booting from flash. That's Bering, not Bearing. Sorry for being picky : ) I add few *.lrp packages to be loaded. Last one - and doesn't matter which - its everytime the last one, is shown with (nf!) mark and it isn't loaded to the system. There's a 255 character limit to the length of each line in syslinux.cfg, any characters after that are ignored. Don't worry though - there's an easy workaround for this. 1. remove everything after LRP= in syslinux.cfg 2. make a new file at the root of your CF called lrpkg.cfg that has a single line naming all the packages you need, something like: root,etc,local,modules,iptables,ppp,keyboard,shorwall,ulogd,wireless,wireutil,netutils,dhcpd,maradns,libz,sshd,sftp,weblet,ntpsimpl,ntpdate (the mail program might display this on two lines, but you should type it out all on one in a text editor) and that should do what you want. cheers Julian --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] *.lrp(nf!) - when packages are loaded
I do not run with flash but seems that it is the limitation of syslinux.cfg size for one line (255 chars or something like that). I run from CD and I use 'lrpkg.cfg' for the packages to load instead of syslinux.cfg. Look at the documentation for details. I hope that helps. M Lu. From: Dominik Strnad [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [leaf-user] *.lrp(nf!) - when packages are loaded Date: Tue, 22 Jul 2003 06:01:42 +0200 Hello I am using Bearing 1.2, booting from flash. I add few *.lrp packages to be loaded. Last one - and doesn't matter which - its everytime the last one, is shown with (nf!) mark and it isn't loaded to the system. I thought that this was due to small syst_size so I extend it in syslinux.cfg: display syslinux.dpy timeout 0 default linux initrd=initrd.lrp syst_size=32M log_size=8M init=/linuxrc rw root=/dev/ram0 boot=/dev/hda1 PKGPATH=/dev/hda1 LRP=root,etc,local,modules,iptables,ppp,keyboard,shorwall,ulogd,wireless,wir eutil,netutils,dhcpd,maradns,libz,sshd,sftp,weblet,ntpsimpl,ntpdate But I stil getting same error when loading - in this case - package ntpdate. _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP
Am 21:39 2003-06-23 +0200 hat K.-P. Kirchdörfer geschrieben: The main argument was that Dave misused a technical and project site for a political statement - the comment itself has been treated more carefully in terms of free speach - very american - I appreciated that. Unfortunately the archives of LRP aren't accessible anymore. Hello, Because I was since 03/1999 on the mailinglist of http://www.linuxrouter.org/ I have a private archive. I will try to get a cheep 128/64KBit ADSL with dyn-DNS running and put my Archive online. Michelle --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP
On Mon, 2003-06-23 at 10:19, Lee wrote: Dave Cinege has written some comments at http://www.linuxrouter.org Just a heads up. For those that wish to chat about this: confrence.jabber.org Room: leaf -- Mike Noyes mhnoyes at users.sourceforge.net http://sourceforge.net/users/mhnoyes/ SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] LRP
i'll say he had some things to say. makes me almost feel bad for using it without paying a red cent.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Lee Sent: Monday, June 23, 2003 11:19 AM To: [EMAIL PROTECTED] Subject: [leaf-user] LRP Dave Cinege has written some comments at http://www.linuxrouter.org Just a heads up. --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] LRP
pn] I think June 11, 2001 had more to do with LRP's fade into oblivion than anything else. Funny that he didn't acknowledge that in his comments... --- Matt Russell [EMAIL PROTECTED] wrote: i'll say he had some things to say. makes me almost feel bad for using it without paying a red cent.. = - Peter Nosko ([EMAIL PROTECTED]) This is a good place for a tagline. __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP
Hi Peter, I joined this mailing list quite late and do not know about those things. Could you let us know a little bit more? Thanks. M Lu. - Original Message - From: Peter Nosko [EMAIL PROTECTED] To: leaf [EMAIL PROTECTED] Sent: Monday, June 23, 2003 11:05 AM Subject: RE: [leaf-user] LRP pn] I think June 11, 2001 had more to do with LRP's fade into oblivion than anything else. Funny that he didn't acknowledge that in his comments... --- Matt Russell [EMAIL PROTECTED] wrote: i'll say he had some things to say. makes me almost feel bad for using it without paying a red cent.. = - Peter Nosko ([EMAIL PROTECTED]) This is a good place for a tagline. __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP
On Mon, 2003-06-23 at 11:34, M Lu wrote: I joined this mailing list quite late and do not know about those things. Could you let us know a little bit more? Everyone, Here is a short history: Date: 2000-05-22 First draft of the Troubleshooting Request HOWTO is posted on the linux-router mailing list. Date: 2000-0?-?? LRP Doc work starts on SourceForge hosted project linuxrouter (group_id=776). Sometime between June and Oct a group of people try to write a user guide for LRP. The group consists of: Brian Boonstra, Mike Noyes, Ray Olszewski, Rick Onanian, Morgan Reed, and Charles Steinkuehler. The project is coordinated on SF project 776 using CVS. It ultimately fails. Most of the content generated during this attempt, is eventually placed in the LEAF project's DocManager. Date: 2000-10-11 Mike Noyes is given project admin rights by Ray Olszewski for SourceForge hosted project linuxrouter (group_id=776). Mike Noyes starts to update site with current files and information. Date: 2000-10-18 Mike Noyes receives a warning from Dave Cinege that he may try to convince VA Linux to (re)move any unofficial LRP work Mike Noyes is doing on SourceForge hosted project linuxrouter (group_id=776). Date: 2000-10-29 SourceForge staff approves LEAF project application. Initial project members are: Charles Steinkuehler, David Douthitt, Mike Noyes, Ray Olszewski, and Rick Onanian. All are given project admin rights. Date: 2000-11-09 SourceForge support request 307837 opened to archive project 776. Date: 2000-12-13 SourceForge Virtual Hosting? support request 309881 submitted. Date 2001-01-?? lrp.c0wz.com and lrp.steinkuehler.net are mirrored on SourceForge. The majority of current content is now available on the LEAF site. Date: 2001-06-11 Dave Cinege uses the linuxrouter.org domain for a idealogical statement. Most LRP developers move to LEAF. http://www.mail-archive.com/[EMAIL PROTECTED]/msg02631.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg02632.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg02653.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg02657.html Date: 2002-03-01 Evolution as a project development model defined. http://www.mail-archive.com/leaf-devel%40lists.sourceforge.net/msg04541.html Date: 2002-07-?? LEAF project mirrors at leaf.steinkuehler.net and leaf.monkeynoodle.org open. Date: 2002-07-15 LEAF domain donated to the project by Steven Peck. New domain is leaf-project.org. -- Mike Noyes mhnoyes at users.sourceforge.net http://sourceforge.net/users/mhnoyes/ SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP
Guess Peter referred to the day the death penalty for the man who was found guilty for the bombing in Oklahoma City has been executed. On that day the web page for linuxrouter.org owned by Dave Cinege had been blacked and a questionable comment about the issue. In the following days most of the active mailing list members and LRP/LEAF programmers choosed to leave LRP and concentrate themself on LEAF. The main argument was that Dave misused a technical and project site for a political statement - the comment itself has been treated more carefully in terms of free speach - very american - I appreciated that. Unfortunately the archives of LRP aren't accessible anymore. Hope to made a correct summarize. kp Am Montag, 23. Juni 2003 20:34 schrieb M Lu: Hi Peter, I joined this mailing list quite late and do not know about those things. Could you let us know a little bit more? Thanks. M Lu. - Original Message - From: Peter Nosko [EMAIL PROTECTED] To: leaf [EMAIL PROTECTED] Sent: Monday, June 23, 2003 11:05 AM Subject: RE: [leaf-user] LRP pn] I think June 11, 2001 had more to do with LRP's fade into oblivion than anything else. Funny that he didn't acknowledge that in his comments... --- Matt Russell [EMAIL PROTECTED] wrote: i'll say he had some things to say. makes me almost feel bad for using it without paying a red cent.. = - Peter Nosko ([EMAIL PROTECTED]) This is a good place for a tagline. __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP
On Mon, 2003-06-23 at 12:39, K.-P. Kirchdrfer wrote: Unfortunately the archives of LRP aren't accessible anymore. Message from Dave C. stating the linuxrouter.org site would be down on the 11th. http://marc.theaimsgroup.com/?l=linux-routerm=99217136117457w=2 Threads on the 11th and 12th. http://marc.theaimsgroup.com/?l=linux-routerr=4b=200106w=2 http://marc.theaimsgroup.com/?l=linux-routerr=3b=200106w=2 Hope to made a correct summarize. You did a very good job. :-) -- Mike Noyes mhnoyes at users.sourceforge.net http://sourceforge.net/users/mhnoyes/ SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP
--- K.-P. Kirchdörfer [EMAIL PROTECTED] wrote: Guess Peter referred to the day the death penalty for the man who was found guilty for the bombing in Oklahoma City has been executed. On that day the web page for linuxrouter.org owned by Dave Cinege had been blacked and a questionable comment about the issue. In the following days most of the active mailing list members and LRP/LEAF programmers choosed to leave LRP and concentrate themself on LEAF. The main argument was that Dave misused a technical and project site for a political statement - the comment itself has been treated more carefully in terms of free speach - very american - I appreciated that. pn] Hey, I'm all for freedom of speech. He had every right to do what he did on his domain. With that freedom comes responsibility and accountability. I also appreciated the freedom others exercised that day or shortly thereafter. ;) = - Peter Nosko ([EMAIL PROTECTED]) This is a good place for a tagline. __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP
On Monday 23 June 2003 12:19 pm, Lee wrote: Dave Cinege has written some comments at http://www.linuxrouter.org Dave has also replied on Slashdot-comments under the name 'Diesel_Dave'. I made a reply to his post where the comments pertain to LEAF. http://developers.slashdot.org/comments.pl?sid=68562threshold=-1commentsort=0tid=106mode=threadpid=6271817#6274577 -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://guitarlynn.homelinux.org:81 --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP
Am Montag, 23. Juni 2003 21:36 schrieb Peter Nosko: --- K.-P. Kirchdörfer [EMAIL PROTECTED] wrote: Guess Peter referred to the day the death penalty for the man who was found guilty for the bombing in Oklahoma City has been executed. On that day the web page for linuxrouter.org owned by Dave Cinege had been blacked and a questionable comment about the issue. In the following days most of the active mailing list members and LRP/LEAF programmers choosed to leave LRP and concentrate themself on LEAF. The main argument was that Dave misused a technical and project site for a political statement - the comment itself has been treated more carefully in terms of free speach - very american - I appreciated that. pn] Hey, I'm all for freedom of speech. He had every right to do what he did on his domain. With that freedom comes responsibility and accountability. I also appreciated the freedom others exercised that day or shortly thereafter. ;) qoud erat demonstrandum kp --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP
Dave has also replied on Slashdot-comments under the name 'Diesel_Dave'. I made a reply to his post where the comments pertain to LEAF. Yep. Very good, and well-needed responses. And I just happened to have mod points. I think it's up to +3 now. It's too bad it's so far down the page, though... Wyatt -- Wyatt Draggoo --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP
On Mon, 2003-06-23 at 10:47, Mike Noyes wrote: On Mon, 2003-06-23 at 10:19, Lee wrote: Dave Cinege has written some comments at http://www.linuxrouter.org Just a heads up. For those that wish to chat about this: confrence.jabber.org Room: leaf Everyone, Jabber didn't work well for a chat room, so I just registered an IRC channel for us on SlashNET. This channel will be for project member discussion. All support requests will be redirected to our user list. irc.slashnet.org #leaf -- Mike Noyes mhnoyes at users.sourceforge.net http://sourceforge.net/users/mhnoyes/ SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] LRP
political statement - the comment itself has been treated more carefully in terms of free speach - very american - I appreciated that. pn] Hey, I'm all for freedom of speech. He had every right to do what he did on his domain. With that freedom comes responsibility and accountability. I also appreciated the freedom others exercised that day or shortly thereafter. ;) And your right to Freedom of Association. As did I. Tony --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] LRP Bering / change nic mac address
Ok, we can add the intel pro 100 to that list. It is an half height PCI card and the chip is the i82559. -Original Message- From: Ray Olszewski [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 12, 2002 6:38 PM To: [EMAIL PROTECTED] Subject: RE: [leaf-user] LRP Bering / change nic mac address At 05:30 PM 9/12/02 +0100, Luis.F.Correia wrote: Ray, you are right in most of your affirmation. I had done it ONCE using EigerStein and an 3Com Etherlink 3 ISA (I think...) The command I used to change the MAC was: ip link set eth0 address ff:ff:ff:ff:ff:ff You will need to change the FF... to the correct MAC that you want to fake. [...] Thanks for the prompt feedback, Luis. Yes, this is the ip command involved. The corresponding ifconfig command is ifconfig hw ether ff:ff:ff:ff:ff:ff Now we just need a decent list of which NICs will act on the MAC-address change thus made, at the firmware level. (This assumes that the module will accept the command; not all do.) Luis has nominated one candidate, the 3Com Etherlink 3 ISA. Others, anyone? -- ---Never tell me the odds! Ray Olszewski -- Han Solo Palo Alto, California, USA[EMAIL PROTECTED] --- --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP Bering / change nic mac address
Blaise, the mac address is in the Nic, there is no way to change a mac address. so you can't fix or change the mac address. hope that this is what you meant. Lenn' On Thu, 2002-09-12 at 11:53, Blaise Lab wrote: Hello, I'm using LRP Bering 1.0 rc 3. My firewall is connected to internet through a cable modem. My cable modem internet provider has to link a static ip address with the nic mac address... if I have a problem with the nic and must change it, I must give the new mac address to my cable modem internet provider. Is there a way to fix a mac address with a nic ? Thanks. Blaise Lab --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] LRP Bering / change nic mac address
Depending on the NIC you're using, you can in fact fake an MAC address. I am not sure how you do this on Bering, just got back from vacation... Search the list! -Original Message- From: Blaise Lab [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 12, 2002 10:53 AM To: Liste de distribution sur LEAF (Adresse de messagerie) Subject: [leaf-user] LRP Bering / change nic mac address Hello, I'm using LRP Bering 1.0 rc 3. My firewall is connected to internet through a cable modem. My cable modem internet provider has to link a static ip address with the nic mac address... if I have a problem with the nic and must change it, I must give the new mac address to my cable modem internet provider. Is there a way to fix a mac address with a nic ? Thanks. Blaise Lab --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP Bering / change nic mac address
On Thursday 12 September 2002 03:05 am, Lennard de Hoog wrote: Blaise, the mac address is in the Nic, there is no way to change a mac address. so you can't fix or change the mac address. Not so -- most drivers allow overriding the manufacture-provided MAC address. -Tom -- Tom Eastep\ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP Bering / change nic mac address
At 08:23 AM 9/12/02 -0700, Tom Eastep wrote: On Thursday 12 September 2002 03:05 am, Lennard de Hoog wrote: Blaise, the mac address is in the Nic, there is no way to change a mac address. so you can't fix or change the mac address. Not so -- most drivers allow overriding the manufacture-provided MAC address. Some Linux NIC drivers (modules) do, and some don't. For the ones that do, some NICs are said to honor the change (at the firmware level), while others don't (that is, the NIC itself needs to be set promisc, and the kernel/driver sorts things out). It would be quite valuable (to cable-modem users, and perhaps others) if we could, collectively, create a listing of which NICs do allow reseting of the MAC address at the firmware level. I personally do not know of *any* NICs that do this (that is why I wrote said to above) ... but since I've never had a connection that used MAC-address authentication, it has never been a priority for me. So how about it, folks? Would anyone who has actually made MAC-address spoofing work at the firmware level (that is, without using promisc) tell us about it -- what NIC, what module (driver), and what tricky details to make it actually work? And what LEAF version, if that matters to success. -- ---Never tell me the odds! Ray Olszewski -- Han Solo Palo Alto, California, USA[EMAIL PROTECTED] --- --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] LRP Bering / change nic mac address
Ray, you are right in most of your affirmation. I had done it ONCE using EigerStein and an 3Com Etherlink 3 ISA (I think...) The command I used to change the MAC was: ip link set eth0 address ff:ff:ff:ff:ff:ff You will need to change the FF... to the correct MAC that you want to fake. Next, you need add this to one of the startup scripts, can't recall which... Maybe from this info you can extrapolate other scenarios :) -Original Message- From: Ray Olszewski [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 12, 2002 5:22 PM To: [EMAIL PROTECTED] Subject: Re: [leaf-user] LRP Bering / change nic mac address At 08:23 AM 9/12/02 -0700, Tom Eastep wrote: On Thursday 12 September 2002 03:05 am, Lennard de Hoog wrote: Blaise, the mac address is in the Nic, there is no way to change a mac address. so you can't fix or change the mac address. Not so -- most drivers allow overriding the manufacture-provided MAC address. Some Linux NIC drivers (modules) do, and some don't. For the ones that do, some NICs are said to honor the change (at the firmware level), while others don't (that is, the NIC itself needs to be set promisc, and the kernel/driver sorts things out). It would be quite valuable (to cable-modem users, and perhaps others) if we could, collectively, create a listing of which NICs do allow reseting of the MAC address at the firmware level. I personally do not know of *any* NICs that do this (that is why I wrote said to above) ... but since I've never had a connection that used MAC-address authentication, it has never been a priority for me. So how about it, folks? Would anyone who has actually made MAC-address spoofing work at the firmware level (that is, without using promisc) tell us about it -- what NIC, what module (driver), and what tricky details to make it actually work? And what LEAF version, if that matters to success. -- ---Never tell me the odds! Ray Olszewski -- Han Solo Palo Alto, California, USA[EMAIL PROTECTED] --- --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] LRP Bering / change nic mac address
At 05:30 PM 9/12/02 +0100, Luis.F.Correia wrote: Ray, you are right in most of your affirmation. I had done it ONCE using EigerStein and an 3Com Etherlink 3 ISA (I think...) The command I used to change the MAC was: ip link set eth0 address ff:ff:ff:ff:ff:ff You will need to change the FF... to the correct MAC that you want to fake. [...] Thanks for the prompt feedback, Luis. Yes, this is the ip command involved. The corresponding ifconfig command is ifconfig hw ether ff:ff:ff:ff:ff:ff Now we just need a decent list of which NICs will act on the MAC-address change thus made, at the firmware level. (This assumes that the module will accept the command; not all do.) Luis has nominated one candidate, the 3Com Etherlink 3 ISA. Others, anyone? -- ---Never tell me the odds! Ray Olszewski -- Han Solo Palo Alto, California, USA[EMAIL PROTECTED] --- --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP Bering / change nic mac address
On Thursday 12 September 2002 11:30, Luis.F.Correia wrote: Ray, you are right in most of your affirmation. I had done it ONCE using EigerStein and an 3Com Etherlink 3 ISA (I think...) The command I used to change the MAC was: ip link set eth0 address ff:ff:ff:ff:ff:ff You will need to change the FF... to the correct MAC that you want to fake. Next, you need add this to one of the startup scripts, can't recall which... Maybe from this info you can extrapolate other scenarios Add this (or use the added command) to /etc/modules: # Spoof a mac address on an interface. This can make life easier with some ISP's. # ! mac interface mac address Add this to /etc/init.d/modutils: # Loop over every line in /etc/modules. echo 'Loading modules: ' while read module args do case $module in \#*|) continue ;; !) set -- $args case $1 in mount) [ -n $MOUNT ] umount $MOUNT mount -r -t $2 $3 $MNT MOUNT=$MNT ;; umount) [ -n $MOUNT ] umount $MOUNT MOUNT= ;; dir)DIR=$2 ;; mac)ip link set $2 address $3 ;; This will be included in the Dachstein update. I hope this helps -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] LRP Bering / change nic mac address
I'll try later today on my Intel Pro100 PCI, just for a sanity check. -Original Message- From: Ray Olszewski [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 12, 2002 6:38 PM To: [EMAIL PROTECTED] Subject: RE: [leaf-user] LRP Bering / change nic mac address At 05:30 PM 9/12/02 +0100, Luis.F.Correia wrote: Ray, you are right in most of your affirmation. I had done it ONCE using EigerStein and an 3Com Etherlink 3 ISA (I think...) The command I used to change the MAC was: ip link set eth0 address ff:ff:ff:ff:ff:ff You will need to change the FF... to the correct MAC that you want to fake. [...] Thanks for the prompt feedback, Luis. Yes, this is the ip command involved. The corresponding ifconfig command is ifconfig hw ether ff:ff:ff:ff:ff:ff Now we just need a decent list of which NICs will act on the MAC-address change thus made, at the firmware level. (This assumes that the module will accept the command; not all do.) Luis has nominated one candidate, the 3Com Etherlink 3 ISA. Others, anyone? -- ---Never tell me the odds! Ray Olszewski -- Han Solo Palo Alto, California, USA[EMAIL PROTECTED] --- --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] LRP with Modem
--On Wednesday, May 22, 2002 4:15 PM -0500 Omar D. Samuels [EMAIL PROTECTED] wrote: Can my LRP box make use of dial-up in any way if I have an ISA telephone modem in there? This is how I use my Oxygen installation the most - it is configured for dialup any of three Internet connections (ISP, work, and ISP Out-of-town Access). Works well - considering its only 56k... ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [Leaf-user] LRP and MS Messenger
Probably because you don't have certain ports forwarded. Take a look at any denied packets in /var/log/messages that coincide with the attempts to transmit info. Thats all I or quite possibly anyone else can offer as your question was way too vague. Helpful info would include what program are you using to send files, what is your firewall setup / type etc are you seeing any denied packets and the like. S From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] (leaf) Subject: [Leaf-user] LRP and MS Messenger Date: Fri, 12 Apr 2002 17:21:00 + Why is i cant send thru file transfer but can recieve. Using DCD with one ip and masq internal network. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] LRP behind Cisco Router, FTP?, DMZ?
On Thu, 14 Mar 2002, Luis.F.Correia wrote: I guess you can't do a double NAT. I've also tried that to no avail... You must try to get them to configure the Cisco 1720 as Bridge with at least one public IP on your side. Then you can use LEAF to do the rest of the job. Won't happen, not in a million years. There's dozens of reasons why it won't, but for the most part it boils down to the fact that they own the Cisco, and if they change that over to a bridge-mode (not even sure if you CAN do that with a 1720; probably can, but it'd be messy) then they have absolutely no way to access the router remotely. This means that they'd have to rely on the end user (someone who freely admits he doesn't know everything) or a consultant (who REFUSES to admit that he really knows nothing) for spotty diagnostics. And for that matter, the end user or consultant would have to console into the 1720 to get the info needed, which is not precisely easy to do either. It IS possible to get them to cut a /30 out for use between the Cisco and the E2B box; whether they'll do it is another story. For the most part, they probably will but the IPs will incur another charge. Onward to the problem! I have tried to configure the LRP box directly to WWW using the fixed address provided to me. I was told it wouldn't work by my ISP (and it doesn't) - not sure why?? Assumed FTP won't work because of NAT done by the Cisco router. Any suggestions? I'm going to take a guess here, as I really can't say for sure. Login to the LEAF box, and exit to a command prompt. then run 'lsmod' and it should tell you which modules are loaded. Look and see if there's an entry in the list that says ip_masq_ftp or something to that effect. If there is, then I'm at a loss. FTP was always a particularly difficult service to implement on 2.2 series kernels behind NAT, and I never delved into it specifically. Also, you don't state whether or not you're trying to set up FTP so that other people can access FTP from your site, or whether or not you're having issues reaching FTP sites on the internet. The distinction is pretty important there. =) I would like to add a DMZ and (possibly later VPN) off the LRP box. Winstar said they will reconfigure the Cisco router if I ask them (not sure what to ask them though). Not sure where to start. Any suggestions on setup options? Most likely what you would be asking them to do is forward a port for FTP from the Cisco's external IP to the LRP's external IP. (You may in fact need to do this to solve the first problem as well.) You can then add a third Network card to the LEAF machine for the DMZ, and set that part up as you normally would. (Check the FAQs on the LEAF site.) Sorry if my terminology/explanation is poor - my occupation has nothing to do with computers and I learn by reading only. Believe me, after having worked support for high-speed internet for two years, the very fact that you know there's stuff you don't know puts you ahead of the curve. =) -- George Metz Commercial Routing Engineer [EMAIL PROTECTED] We know what deterrence was with 'mutually assured destruction' during the Cold War. But what is deterrence in information warfare? -- Brigadier General Douglas Richardson, USAF, Commander - Space Warfare Center ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] LRP behind Cisco Router, FTP?, DMZ?
I guess you can't do a double NAT. I've also tried that to no avail... You must try to get them to configure the Cisco 1720 as Bridge with at least one public IP on your side. Then you can use LEAF to do the rest of the job. -Original Message- From: Ralph Buoncristiani [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 14, 2002 4:25 PM To: [EMAIL PROTECTED] Subject: [Leaf-user] LRP behind Cisco Router, FTP?, DMZ? All, I have successfully configured two LRP boxes, one on my home network which uses DHCP and one at my office using a fixed IP address. Pretty much cookbook'ed the office setup from the great documentation provided by Richard Lohman (thanks!). My office ISP is WinStar. They installed a Cisco 1720 series router as my access point. I have configured Eiger2Beta to my office network as follows. Works seamlessly except for FTP. WWW \ | | --- | | 63.143.203.14 | | |Cisco 1720 Router| |--Provided by my ISP | 10.0.1.1 | | --- | | | SWITCH | | / - | 10.0.1.2 (eth0) | | LRP | | 192.168.100.241 (eth1)| - | SWITCH ---Workstations 1-9 | --- | 192.168.100.254 | | Server1| --- I have tried to configure the LRP box directly to WWW using the fixed address provided to me. I was told it wouldn't work by my ISP (and it doesn't) - not sure why?? Assumed FTP won't work because of NAT done by the Cisco router. Any suggestions? I would like to add a DMZ and (possibly later VPN) off the LRP box. Winstar said they will reconfigure the Cisco router if I ask them (not sure what to ask them though). Not sure where to start. Any suggestions on setup options? Thanks, Ralph Sorry if my terminology/explanation is poor - my occupation has nothing to do with computers and I learn by reading only. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] lrp format and filter config
Probably, although you don't mention what you're trying to specify source ports for. If you need to make custom rules, that's what the ipchains.input, ipchains.output, and ipchains.forward files are for in /etc. I want local users to be able to ssh into external machines, and (being fairly pedantic about firewalls) I only want to specify port 22 for external machines. If I edit those files, how do they relate to the config files (No 2 on the network config menu) The files are sourced by /etc/ipfilter.conf, so you can use any variables or procedures defined in /etc/network.conf, /etc/ipfilter.conf, or /etc/init.d/network. Look for IPCH_IN, IPCH_OUT, and IPCH_FWD in /etc/ipfilter.conf to see exactly where they are sourced in relation to the rest of the rules. You can either add rules using the -A option (probably what you want in your case), or the I option to add rules at the beginning of the list (for things like silently denying something filling up your logs). Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] lrp format and filter config
Thanks for the reply. Take a close look at your logs...sounds like you might be on a cable-mode (or other shared-network setup). The denied packets are probably being generated by one of your 'neighbors', and are coming in your external interface, otherwise they wouldn't be getting logged... I am on a shared network of windows machines. The denied packets come from various machines, source and destination are both internal. If these shouldn't be logged, then I need to have a very close look at the ipchains generated. Also, if I want to specify source ports for incoming traffic, do I have to hard code that in the filter file? Probably, although you don't mention what you're trying to specify source ports for. If you need to make custom rules, that's what the ipchains.input, ipchains.output, and ipchains.forward files are for in /etc. I want local users to be able to ssh into external machines, and (being fairly pedantic about firewalls) I only want to specify port 22 for external machines. If I edit those files, how do they relate to the config files (No 2 on the network config menu) zcat /path/to/package.lrp | tar -x Thanks, that worked fine. Finally, as a constructive suggestion, does anyone think it would be useful if all ipchains rules where built up in one place in the config, and it was all done in a more 'tabular' fashion, so that rules could be added easily, and options such as logging for some of the defaults could be easily switched off. Probably, but it would take a lot of work. Are you volunteering? Unfortunately I don't think I've got the time at the moment. I might have in a few months though. Thanks for a great product by the way. regards Dave ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LRP Dachstein Vs. Coyote.
I asked the same question of Coyote developer Joshua Jackson, and he told me [snip] Coyote Linux was split from the LRP over 2 years ago and very little, if anything is still compatible. While most .lrp packages can be retro-fitted to work with Coyote due to the fact that both distros used glibc 2.0.7, the init system for Coyote was completely rewritten. [/snip] I have been told, (and could be wrong), that Dachstein uses glibc 2.0.7. So there are similarities, but incompatibilities. -Nathaniel Jason C. Leach wrote: hi, What are some of the significant differences between Coyote and Charls' versionf of LRP? j. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LRP Dachstein Vs. Coyote.
Jason: Lynn has a pretty good comparison of the various leaf distro's out there on his web site. http://www.geocities.com/guitarlynn/lrp.html Robert Chambers Jason C. Leach wrote: hi, What are some of the significant differences between Coyote and Charls' versionf of LRP? j. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question
My box is working I would like to a few minutes to say thanks to all of you who provided me with such wonderful and unselfish assistance. Thanks Dave and Jeff Lynn and everyone else on this post. I am going to write a little step by step procedures as well. Hopefully it will help someone who is trying to do the same thing. -M From: Jeff Newmiller [EMAIL PROTECTED] To: malik menzong [EMAIL PROTECTED] CC: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question Date: Wed, 30 Jan 2002 16:35:31 -0800 (PST) On Thu, 31 Jan 2002, malik menzong wrote: Lynn: That is what I was saying. I open the resolv.conf file and wrote something like this: XXX.XXX.XXX # DNS0 XXX.XXX.XX # DNS1 That is the only thing in that file. From behind the firewall I can ping to both network card address. from the router I can ping to the gateway fine. But if I type: ping cnn.com or ping XXX.XXX.XXX (actually ip address for cnn) it wont resolve it. all packets are lost. Sounds like you don't have a default gateway specified. Note that default gateway is different than gateway... the latter can apply to any route, but the former means the route destination is 0.0.0.0. I don't use Oxygen so I dont know what variables you need to change. --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question
malik menzong wrote: The good news is that I can ping the world now from the router. Every time I think I saved my config. and I reboot it was not actually saved. The only hurdle I have now is to see the internet from my machine behind the firewall. that machine do ping to the etho network card but cant ping after that. at boot time I loaded 2 modules: ip_masq_portfw.o and ip_masq_autofw.o I thought that will do it but I still can get to internet from behind the Fw. I forgot about one more thing you need. Find the ipchains.lrp package and make sure it's on one of your diskettes so that it gets loaded. Then you can type in the rule that gets you internal networked and masq'd and gets the packets forwarded back and forth: ipchains -A forward -j MASQ -i eth1 -s eth1_network_address/eth1_netmask for me would look like ipchains -A forward -j MASQ -i eth1 -s 10.2.3.0/24 or maybe on yours it would be ipchains -A forward -j MASQ -i eth1 -s 192.168.1.0/24 you get the idea. Then, everything else being in order, you should be on your way. The portfw and autofw modules are used with the ipmasqadm command. That is used to forward port from the external interface to a server on the internal network somwhere. Not an issue for you at this time. Best, Matthew ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question
malik menzong wrote: Lynn: That is what I was saying. I open the resolv.conf file and wrote something like this: XXX.XXX.XXX # DNS0 XXX.XXX.XX # DNS1 If you put valid statements into Oxygen's resolv.conf, then you can sit down at the Oxygen terminal and type nslookup www.google.com and it will return the correct address, assuming the network is up and the default gateway is set correctly on Oxygen. A valid resolv.conf looks like this: nameserver 206.13.28.12 nameserver 206.13.31.12 search schalit.net The search line says that, if I type at the Oxygen prompt: nslookup ftp it will automatically append the .schalit.net part of the search statement and then try to look that up as in nslookup ftp.schalit.net So that's the story with /etc/resolv.conf. Now onto your internal network. To get your LAN computer functioning correctly, you need to assign them ip addresses which are on the same subnet as the internal nic. Thus the whole internal network is on the same subnet. I think you did this already, something like: 10.1.2.3/24 Internal comp 10.1.2.4/24 Internal comp 10.1.2.5/24 Internal comp ... ... 10.1.2.254/24Oxygen fireall or something like 192.168.1.1/24 Internal comp 192.168.1.2/24 Internal comp 192.168.1.3/24 Internal comp 192.168.1.4/24 Internal comp ... ... 192.168.1.254/24 Oxygen Next you have to set the Default Gateway on the LAN computers. You would set that to 10.1.2.254 if you were following my first example. Next you have to set the primary and secondary DNS on the LAN computers. You set those to be the same ip addresses as the ones you put in resolv.conf. So now all your computers have the same dns addresses listed in their network configs. Once you do that, you should be able to sit down at the LAN computers and ping 10.1.2.254 ping 63.194.213.179--- that's me :) ping 216.239.35.100--- that's www.google.com ping www.google.com--- and finally by name. Does it all work now? That is the only thing in that file. From behind the firewall I can ping to both network card address. from the router I can ping to the gateway fine. But if I type: ping cnn.com or ping XXX.XXX.XXX (actually ip address for cnn) it wont resolve it. all packets are lost. It that doesn't work on Oxygen, if you can't ping 63.194.213.179, which is my ipaddress, then Oxygen still needs work to get the default route setup, I think. Check that with ip addr show ip route show grep GATEWAY /etc/network.conf and paste the output into your reply for us to see. also does ipsec comes in the 1668 self contained floppy image or do I need to copy it there? (oxygen 1.8.0 with openwall floppy) No, I don't believe it does, but I'm not sure ot this... Ipsec does not come as part of the 1.8.0 floppy. It's an add in package, as Lynn mentioned. Good Luck, Matthew ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question
The good news is that I can ping the world now from the router. Every time I think I saved my config. and I reboot it was not actually saved. The only hurdle I have now is to see the internet from my machine behind the firewall. that machine do ping to the etho network card but cant ping after that. at boot time I loaded 2 modules: ip_masq_portfw.o and ip_masq_autofw.o I thought that will do it but I still can get to internet from behind the Fw. One more question that keeps bugging is the following. I made an 1.68 image that is self contained and a 1.44 ima as well. Everytime I boot from the cd and I make a change if I tried to back up the changes on the 1440 image it complains. so I do backup the change on the 1.68 ima. they do update fine. but when I am trying to boot from the cd and the 1.68 image (the one containing the changes) is in it the floppy disk drive, it give me an error and requires that I mount instead the 1.440 floppy which has no back up. Thanks again- -M Lynn: That is what I was saying. I open the resolv.conf file and wrote something like this: XXX.XXX.XXX # DNS0 XXX.XXX.XX # DNS1 That is the only thing in that file. From behind the firewall I can ping to both network card address. from the router I can ping to the gateway fine. But if I type: ping cnn.com or ping XXX.XXX.XXX (actually ip address for cnn) it wont resolve it. all packets are lost. Sounds like you don't have a default gateway specified. Note that default gateway is different than gateway... the latter can apply to any route, but the former means the route destination is 0.0.0.0. I don't use Oxygen so I dont know what variables you need to change. --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user _ Chat with friends online, try MSN Messenger: http://messenger.msn.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question
On 1/31/02 at 9:42 PM, malik menzong [EMAIL PROTECTED] wrote: One more question that keeps bugging is the following. I made an 1.68 image that is self contained and a 1.44 ima as well. Everytime I boot from the cd and I make a change if I tried to back up the changes on the 1440 image it complains. so I do backup the change on the 1.68 ima. they do update fine. but when I am trying to boot from the cd and the 1.68 image (the one containing the changes) is in it the floppy disk drive, it give me an error and requires that I mount instead the 1.440 floppy which has no back up. I'm not sure I followed all that, but there are some things to remember: Oxygen is not set up to use 1.44 floppies by default anywhere. By this I mean when you do a backup it uses 1.68M floppies (or tries to); the configurations (*.cfg files) all assume 1.68M floppies; etc. If you want to back up to 1.44M floppies I tend to do: mount /dev/fd0u1440 /mnt/floppy cd /tmp apkg -c whateverpkg cp whateverpkg.lrp /mnt/floppy umount /mnt/floppy ...crude (somewhat), but it works. /dev/backup is supposed to eventually be used in this capacity - so that 1.44M floppies or 1.68M floppies could be used for default backup disks by apkg and bpkg. Secondly, when you boot from floppy you can control what formats the disks are in that are requested - look at oxygen.cfg and other *.cfg files for what you want. oxygen.cfg is the default for floppy boots, and cdrom.cfg is the default for CDROM boots. Thirdly, when the CDROM boots, your configurations are fixed since they are on CDROM - if you need a 1.68M floppy, that's what you need. Fourthly, you need to format the 1.68M floppies for use beforehand - using a 1.44M floppy off the shelf doesn't work. The CDROM should come with syslinux.lrp and fdformat.lrp just for this purpose. It would also help to know what the error messages or warnings are - you didn't say - more details, please. -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] LRP Oxygen CD and floppy disk boot question
In regards to your question about using static ip's on the internal machines, there's two different dhcp-related modules... there's dhclient, which is a dhcp client for your router, enabling your router to pick up an external IP automatically. I gather from what you said that you have a static external ip, so you're not using this. HOWEVER this does not preclude you from using the other dhcp-related module, dhcpd. dhcpd is the dhcp-daemon, which acts as a dhcp server on your router allows internal machines to automatically grab their ip addresses from the router, so you don't have to pick and choose ip addresses for your internal machines. You can use dhcpd without dhclient with no problems (I do on my dachstein router). Hope this helps -david -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of malik menzong Sent: Tuesday, January 29, 2002 10:59 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question Thanks Mark and David D. I found out about the disk image formatting the hard way I guess. I also find out that once it is set up for 1.440 you really cant do much to change it. So I got some image files on the cd (oxygen) that were self contained and did not need to look for packages and services from the cd. Those images were formatted to 1.68M (actually when I look at the file size in windows explorer it says 1.62M max). They do work fine. And in order to back up any config changes that I make I load the cd first and let it back up on on the floppy. It makes things a lot quicker since the cd has a nice interface. Hope that may help someone out there. Moving on...One more thing (contribution) I have to say is that for anyone using the 3com905 nics they should look for the module 3c59x.o instead of the 3c905.o for their cards. It does not seems intuitive but I read and tried it and my oxygen box does sees both my network cards now. the new technical/philosophical issue is that: on my oxygen box I gave the eth0 card the IP address of one machine (A) and I assigned a picked IP address to the eth1 card that goes to the hub. this hub is supposed to serve many internal machines that will use the router as their port to the internet. since the original machine (A) had a fixed IP, I did not enable dhcp on the router. So I am thinking that I should pick and choose the ip address of the machines behind the router myself. Does that sound right? I will do some more research and fill you all up. Regards, -M From: Mark Plowman [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question Date: Sun, 27 Jan 2002 11:18:26 +0100 (CET) malik, From: malik menzong [EMAIL PROTECTED] Date: Sun, 27 Jan 2002 04:26:23 + snip 1)Once Im at the root I am prompted to choose b/w some options to configure the router. I found out how I can change and move out of each file that is presented to me, but when trying to save it (back up) it comes with the following error end_request, I/O error dev 02:2c(floppy), sector 19 end_request, I/O error dev 02:2c(floppy), sector 20 At first I thought it was a bad floppy but when I tried some brand new disk the error persisted and nothing got copied. Does that sound like a common thing? Is it the disk? should I make a image file from the cd first? A normal 1.4 M Bytes floppy has 18 sectors per side. Seeing mention of sectors 19 and 20 in the error message, it's probable that you forgot to format the floppy for 1.68 M Bytes (20 sectors per side) Can't help about the rest I am afraid. Greetings Mark ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user _ Send and receive Hotmail on your mobile device: http://mobile.msn.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] LRP Oxygen CD and floppy disk boot question
Thanks dave. That helps. I made some progress from yesterday actually. Now I can ping from the the machine behind the router to the router. I can also ping from the router to the external gateways. But I cant ping to sites on the web (www.yahoo.com) and it wont resolve the domain name to the corresponding ip. So I thought maybe I need to look into the inet.conf file and uncomment the tcp deamon to be active at boot. but it did not do it. I also updated the dns list in the file for nameserver. I know I am closed but there is something missing. also does ipsec comes in the 1668 self contained floppy image or do I need to copy it there? (oxygen 1.8.0 with openwall floppy) regards -M From: david goodrich [EMAIL PROTECTED] To: 'malik menzong' [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: [Leaf-user] LRP Oxygen CD and floppy disk boot question Date: Wed, 30 Jan 2002 10:00:43 -0600 In regards to your question about using static ip's on the internal machines, there's two different dhcp-related modules... there's dhclient, which is a dhcp client for your router, enabling your router to pick up an external IP automatically. I gather from what you said that you have a static external ip, so you're not using this. HOWEVER this does not preclude you from using the other dhcp-related module, dhcpd. dhcpd is the dhcp-daemon, which acts as a dhcp server on your router allows internal machines to automatically grab their ip addresses from the router, so you don't have to pick and choose ip addresses for your internal machines. You can use dhcpd without dhclient with no problems (I do on my dachstein router). Hope this helps -david -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of malik menzong Sent: Tuesday, January 29, 2002 10:59 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question Thanks Mark and David D. I found out about the disk image formatting the hard way I guess. I also find out that once it is set up for 1.440 you really cant do much to change it. So I got some image files on the cd (oxygen) that were self contained and did not need to look for packages and services from the cd. Those images were formatted to 1.68M (actually when I look at the file size in windows explorer it says 1.62M max). They do work fine. And in order to back up any config changes that I make I load the cd first and let it back up on on the floppy. It makes things a lot quicker since the cd has a nice interface. Hope that may help someone out there. Moving on...One more thing (contribution) I have to say is that for anyone using the 3com905 nics they should look for the module 3c59x.o instead of the 3c905.o for their cards. It does not seems intuitive but I read and tried it and my oxygen box does sees both my network cards now. the new technical/philosophical issue is that: on my oxygen box I gave the eth0 card the IP address of one machine (A) and I assigned a picked IP address to the eth1 card that goes to the hub. this hub is supposed to serve many internal machines that will use the router as their port to the internet. since the original machine (A) had a fixed IP, I did not enable dhcp on the router. So I am thinking that I should pick and choose the ip address of the machines behind the router myself. Does that sound right? I will do some more research and fill you all up. Regards, -M From: Mark Plowman [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question Date: Sun, 27 Jan 2002 11:18:26 +0100 (CET) malik, From: malik menzong [EMAIL PROTECTED] Date: Sun, 27 Jan 2002 04:26:23 + snip 1)Once Im at the root I am prompted to choose b/w some options to configure the router. I found out how I can change and move out of each file that is presented to me, but when trying to save it (back up) it comes with the following error end_request, I/O error dev 02:2c(floppy), sector 19 end_request, I/O error dev 02:2c(floppy), sector 20 At first I thought it was a bad floppy but when I tried some brand new disk the error persisted and nothing got copied. Does that sound like a common thing? Is it the disk? should I make a image file from the cd first? A normal 1.4 M Bytes floppy has 18 sectors per side. Seeing mention of sectors 19 and 20 in the error message, it's probable that you forgot to format the floppy for 1.68 M Bytes (20 sectors per side) Can't help about the rest I am afraid. Greetings Mark ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user _ Send and receive Hotmail on your mobile device: http://mobile.msn.com ___ Leaf-user mailing list
Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question
On Wednesday 30 January 2002 15:34, malik menzong wrote: Thanks dave. That helps. I made some progress from yesterday actually. Now I can ping from the the machine behind the router to the router. I can also ping from the router to the external gateways. But I cant ping to sites on the web (www.yahoo.com) and it wont resolve the domain name to the corresponding ip. So I thought maybe I need to look into the inet.conf file and uncomment the tcp deamon to be active at boot. but it did not do it. I also updated the dns list in the file for nameserver. I know I am closed but there is something missing. Add your DNS servers to /etc/resolv.conf also does ipsec comes in the 1668 self contained floppy image or do I need to copy it there? (oxygen 1.8.0 with openwall floppy) No, I don't believe it does, but I'm not sure ot this... -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question
On Thu, 31 Jan 2002, malik menzong wrote: Lynn: That is what I was saying. I open the resolv.conf file and wrote something like this: XXX.XXX.XXX # DNS0 XXX.XXX.XX # DNS1 That is the only thing in that file. From behind the firewall I can ping to both network card address. from the router I can ping to the gateway fine. But if I type: ping cnn.com or ping XXX.XXX.XXX (actually ip address for cnn) it wont resolve it. all packets are lost. Sounds like you don't have a default gateway specified. Note that default gateway is different than gateway... the latter can apply to any route, but the former means the route destination is 0.0.0.0. I don't use Oxygen so I dont know what variables you need to change. --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] LRP and DOC
Yes, I believe it has IDE in it. -Original Message- From: Patrick Nixon [mailto:[EMAIL PROTECTED]] Sent: Monday, January 28, 2002 9:20 PM To: John Mullan Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [Leaf-user] LRP and DOC John, Does your Kernel have IDE/CDRom support in it, or is it just a modified floppy kernel? --Pat On Mon, 28 Jan 2002, Patrick Nixon wrote: John, Let me be the first to congratulate you on a fine procedure and excellent work in doing this! I now have my websurfer proo running without a hard drive! Next project will be PCMCIA for wireless support, then USB ethernet plugged ( I know this works already). Suggestion: On your dos boot, create an autoexec.bat that contains simply '@echo off' so it doesn't ask you for the date/time each time you boot. I had to go about it a bit differnetly since I didn't have a floppy drive, but the same basic steps worked for me. --Pat On Sun, 27 Jan 2002, John Mullan wrote: Patrick (and all): I have created a page to help you on your quest. Please go to my web page at: http://mullan.dns2go.com/ Click on the 'Internet' link on the left panel. Keep in mind that I still consider myself quite a 'beginner' with Linux. However, if your system is similar to mine (IBM clone type with DiskOnChip2000) then I think following my page will result in a working system. I included all files I used to get a working flash based router. I have followed all the advice and included the DOC.O module separate in my distribution (ie; not compiled into the kernal). I look forward to all comments (good and bad) so I may improve my first psuedo-HOWTO. Cheers, John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Patrick Nixon Sent: Saturday, January 26, 2002 1:51 PM To: John Mullan Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: FW: [Leaf-user] LRP and DOC John, Congrats on getting this working. I'm currently spending most of my weekend attempting to get it working and like charles mentioned, I'm running into a 'insufficent low memory error'. How did you get around that? When I attempted to syslinux the DOC using 1.66 it whined about exclusive access. Perhaps you can do a small write up on the steps you took to complete it? Thanks, Patrick On Sat, 26 Jan 2002, John Mullan wrote: Sorry, forgot to leave the link for the file... http://mullan.dns2go.com/files/MullanStein.zip -Original Message- From: John Mullan [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 26, 2002 8:51 AM To: 'Charles Steinkuehler'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' Subject: RE: [Leaf-user] LRP and DOC Charles FINALLY! It works. And it works great. I think the latest and greates SYSLINUX (version 1.66) did it for me. Once I re-did the boot loader with that, it worked. For informational purposes ONLY, if you or any list member would like to see what it took, I have made a ZIP of all files currently on my embedded board. Because of the licence thing about M-SYS (and the fact that I used your sample kernal with DOC in it), this is not a distribution. The board was purchased from ARISE computers, is a PIII 433mhz with DiskOnChip 2000 (80meg), 32meg RAM, Intel 82559 ethernet on board, and DE-538 in the only on-board PCI slot. Obviously this is over-kill for the job at hand, but since it was made available to me :) John PS: I like the WEBLET thing. First time for me and it's a nice feature. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Charles Steinkuehler Sent: Friday, January 25, 2002 2:59 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Leaf-user] LRP and DOC This results in an immediate 'boot fail' message. Note that I have tried minor:1 and minor:0 both with same result. Could there be a problem with the boot sector information? Does 'syslinux' work properly on D.O.C.? I don't know...I have yet to play with syslinux and DOC in an embedded environment. I did get a ZF Linux eval board with a DOC, but when I tried to run syslinux, I never got past the not enough low memory problem (but syslinux *was* running). I'm not sure how the other folks who have used DOC's boot their systems. I suppose you could always fall back to booting dos, and using ldlinux. I also think there are versions of lilo and grub that know how to boot from a DOC... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing
RE: [Leaf-user] LRP and DOC
Patrick, I do believe it has IDE support in the kernal. However, I don't use it. It kinda defeats the purpose of having DiskOnChip. John Patrick Nixon gart@starwolf To: John Mullan [EMAIL PROTECTED] .orgcc: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: [Leaf-user] LRP and DOC 01/28/02 09:19 PM John, Does your Kernel have IDE/CDRom support in it, or is it just a modified floppy kernel? --Pat On Mon, 28 Jan 2002, Patrick Nixon wrote: John, Let me be the first to congratulate you on a fine procedure and excellent work in doing this! I now have my websurfer proo running without a hard drive! Next project will be PCMCIA for wireless support, then USB ethernet plugged ( I know this works already). Suggestion: On your dos boot, create an autoexec.bat that contains simply '@echo off' so it doesn't ask you for the date/time each time you boot. I had to go about it a bit differnetly since I didn't have a floppy drive, but the same basic steps worked for me. --Pat On Sun, 27 Jan 2002, John Mullan wrote: Patrick (and all): I have created a page to help you on your quest. Please go to my web page at: http://mullan.dns2go.com/ Click on the 'Internet' link on the left panel. Keep in mind that I still consider myself quite a 'beginner' with Linux. However, if your system is similar to mine (IBM clone type with DiskOnChip2000) then I think following my page will result in a working system. I included all files I used to get a working flash based router. I have followed all the advice and included the DOC.O module separate in my distribution (ie; not compiled into the kernal). I look forward to all comments (good and bad) so I may improve my first psuedo-HOWTO. Cheers, John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Patrick Nixon Sent: Saturday, January 26, 2002 1:51 PM To: John Mullan Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: FW: [Leaf-user] LRP and DOC John, Congrats on getting this working. I'm currently spending most of my weekend attempting to get it working and like charles mentioned, I'm running into a 'insufficent low memory error'. How did you get around that? When I attempted to syslinux the DOC using 1.66 it whined about exclusive access. Perhaps you can do a small write up on the steps you took to complete it? Thanks, Patrick On Sat, 26 Jan 2002, John Mullan wrote: Sorry, forgot to leave the link for the file... http://mullan.dns2go.com/files/MullanStein.zip -Original Message- From: John Mullan [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 26, 2002 8:51 AM To: 'Charles Steinkuehler'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' Subject: RE: [Leaf-user] LRP and DOC Charles FINALLY! It works. And it works great. I think the latest and greates SYSLINUX (version 1.66) did it for me. Once I re-did the boot loader with that, it worked. For informational purposes ONLY, if you or any list member would like to see what it took, I have made a ZIP of all files currently on my embedded board. Because of the licence thing about M-SYS (and the fact that I used your sample kernal with DOC in it), this is not a distribution. The board was purchased from ARISE computers, is a PIII 433mhz with DiskOnChip 2000 (80meg), 32meg RAM, Intel 82559 ethernet on board, and DE-538 in the only on-board PCI slot. Obviously this is over-kill for the job at hand, but since it was made available to me :) John PS: I like the WEBLET thing. First time for me and it's a nice feature. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Charles Steinkuehler Sent: Friday, January 25, 2002 2:59 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Leaf-user] LRP and DOC This results in an immediate 'boot fail' message. Note that I have
Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question
Thanks Mark and David D. I found out about the disk image formatting the hard way I guess. I also find out that once it is set up for 1.440 you really cant do much to change it. So I got some image files on the cd (oxygen) that were self contained and did not need to look for packages and services from the cd. Those images were formatted to 1.68M (actually when I look at the file size in windows explorer it says 1.62M max). They do work fine. And in order to back up any config changes that I make I load the cd first and let it back up on on the floppy. It makes things a lot quicker since the cd has a nice interface. Hope that may help someone out there. Moving on...One more thing (contribution) I have to say is that for anyone using the 3com905 nics they should look for the module 3c59x.o instead of the 3c905.o for their cards. It does not seems intuitive but I read and tried it and my oxygen box does sees both my network cards now. the new technical/philosophical issue is that: on my oxygen box I gave the eth0 card the IP address of one machine (A) and I assigned a picked IP address to the eth1 card that goes to the hub. this hub is supposed to serve many internal machines that will use the router as their port to the internet. since the original machine (A) had a fixed IP, I did not enable dhcp on the router. So I am thinking that I should pick and choose the ip address of the machines behind the router myself. Does that sound right? I will do some more research and fill you all up. Regards, -M From: Mark Plowman [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question Date: Sun, 27 Jan 2002 11:18:26 +0100 (CET) malik, From: malik menzong [EMAIL PROTECTED] Date: Sun, 27 Jan 2002 04:26:23 + snip 1)Once Im at the root I am prompted to choose b/w some options to configure the router. I found out how I can change and move out of each file that is presented to me, but when trying to save it (back up) it comes with the following error end_request, I/O error dev 02:2c(floppy), sector 19 end_request, I/O error dev 02:2c(floppy), sector 20 At first I thought it was a bad floppy but when I tried some brand new disk the error persisted and nothing got copied. Does that sound like a common thing? Is it the disk? should I make a image file from the cd first? A normal 1.4 M Bytes floppy has 18 sectors per side. Seeing mention of sectors 19 and 20 in the error message, it's probable that you forgot to format the floppy for 1.68 M Bytes (20 sectors per side) Can't help about the rest I am afraid. Greetings Mark ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user _ Send and receive Hotmail on your mobile device: http://mobile.msn.com ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] LRP and DOC
John, Let me be the first to congratulate you on a fine procedure and excellent work in doing this! I now have my websurfer proo running without a hard drive! Next project will be PCMCIA for wireless support, then USB ethernet plugged ( I know this works already). Suggestion: On your dos boot, create an autoexec.bat that contains simply '@echo off' so it doesn't ask you for the date/time each time you boot. I had to go about it a bit differnetly since I didn't have a floppy drive, but the same basic steps worked for me. --Pat On Sun, 27 Jan 2002, John Mullan wrote: Patrick (and all): I have created a page to help you on your quest. Please go to my web page at: http://mullan.dns2go.com/ Click on the 'Internet' link on the left panel. Keep in mind that I still consider myself quite a 'beginner' with Linux. However, if your system is similar to mine (IBM clone type with DiskOnChip2000) then I think following my page will result in a working system. I included all files I used to get a working flash based router. I have followed all the advice and included the DOC.O module separate in my distribution (ie; not compiled into the kernal). I look forward to all comments (good and bad) so I may improve my first psuedo-HOWTO. Cheers, John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Patrick Nixon Sent: Saturday, January 26, 2002 1:51 PM To: John Mullan Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: FW: [Leaf-user] LRP and DOC John, Congrats on getting this working. I'm currently spending most of my weekend attempting to get it working and like charles mentioned, I'm running into a 'insufficent low memory error'. How did you get around that? When I attempted to syslinux the DOC using 1.66 it whined about exclusive access. Perhaps you can do a small write up on the steps you took to complete it? Thanks, Patrick On Sat, 26 Jan 2002, John Mullan wrote: Sorry, forgot to leave the link for the file... http://mullan.dns2go.com/files/MullanStein.zip -Original Message- From: John Mullan [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 26, 2002 8:51 AM To: 'Charles Steinkuehler'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' Subject: RE: [Leaf-user] LRP and DOC Charles FINALLY! It works. And it works great. I think the latest and greates SYSLINUX (version 1.66) did it for me. Once I re-did the boot loader with that, it worked. For informational purposes ONLY, if you or any list member would like to see what it took, I have made a ZIP of all files currently on my embedded board. Because of the licence thing about M-SYS (and the fact that I used your sample kernal with DOC in it), this is not a distribution. The board was purchased from ARISE computers, is a PIII 433mhz with DiskOnChip 2000 (80meg), 32meg RAM, Intel 82559 ethernet on board, and DE-538 in the only on-board PCI slot. Obviously this is over-kill for the job at hand, but since it was made available to me :) John PS: I like the WEBLET thing. First time for me and it's a nice feature. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Charles Steinkuehler Sent: Friday, January 25, 2002 2:59 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Leaf-user] LRP and DOC This results in an immediate 'boot fail' message. Note that I have tried minor:1 and minor:0 both with same result. Could there be a problem with the boot sector information? Does 'syslinux' work properly on D.O.C.? I don't know...I have yet to play with syslinux and DOC in an embedded environment. I did get a ZF Linux eval board with a DOC, but when I tried to run syslinux, I never got past the not enough low memory problem (but syslinux *was* running). I'm not sure how the other folks who have used DOC's boot their systems. I suppose you could always fall back to booting dos, and using ldlinux. I also think there are versions of lilo and grub that know how to boot from a DOC... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] LRP and DOC
John, Does your Kernel have IDE/CDRom support in it, or is it just a modified floppy kernel? --Pat On Mon, 28 Jan 2002, Patrick Nixon wrote: John, Let me be the first to congratulate you on a fine procedure and excellent work in doing this! I now have my websurfer proo running without a hard drive! Next project will be PCMCIA for wireless support, then USB ethernet plugged ( I know this works already). Suggestion: On your dos boot, create an autoexec.bat that contains simply '@echo off' so it doesn't ask you for the date/time each time you boot. I had to go about it a bit differnetly since I didn't have a floppy drive, but the same basic steps worked for me. --Pat On Sun, 27 Jan 2002, John Mullan wrote: Patrick (and all): I have created a page to help you on your quest. Please go to my web page at: http://mullan.dns2go.com/ Click on the 'Internet' link on the left panel. Keep in mind that I still consider myself quite a 'beginner' with Linux. However, if your system is similar to mine (IBM clone type with DiskOnChip2000) then I think following my page will result in a working system. I included all files I used to get a working flash based router. I have followed all the advice and included the DOC.O module separate in my distribution (ie; not compiled into the kernal). I look forward to all comments (good and bad) so I may improve my first psuedo-HOWTO. Cheers, John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Patrick Nixon Sent: Saturday, January 26, 2002 1:51 PM To: John Mullan Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: FW: [Leaf-user] LRP and DOC John, Congrats on getting this working. I'm currently spending most of my weekend attempting to get it working and like charles mentioned, I'm running into a 'insufficent low memory error'. How did you get around that? When I attempted to syslinux the DOC using 1.66 it whined about exclusive access. Perhaps you can do a small write up on the steps you took to complete it? Thanks, Patrick On Sat, 26 Jan 2002, John Mullan wrote: Sorry, forgot to leave the link for the file... http://mullan.dns2go.com/files/MullanStein.zip -Original Message- From: John Mullan [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 26, 2002 8:51 AM To: 'Charles Steinkuehler'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' Subject: RE: [Leaf-user] LRP and DOC Charles FINALLY! It works. And it works great. I think the latest and greates SYSLINUX (version 1.66) did it for me. Once I re-did the boot loader with that, it worked. For informational purposes ONLY, if you or any list member would like to see what it took, I have made a ZIP of all files currently on my embedded board. Because of the licence thing about M-SYS (and the fact that I used your sample kernal with DOC in it), this is not a distribution. The board was purchased from ARISE computers, is a PIII 433mhz with DiskOnChip 2000 (80meg), 32meg RAM, Intel 82559 ethernet on board, and DE-538 in the only on-board PCI slot. Obviously this is over-kill for the job at hand, but since it was made available to me :) John PS: I like the WEBLET thing. First time for me and it's a nice feature. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Charles Steinkuehler Sent: Friday, January 25, 2002 2:59 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Leaf-user] LRP and DOC This results in an immediate 'boot fail' message. Note that I have tried minor:1 and minor:0 both with same result. Could there be a problem with the boot sector information? Does 'syslinux' work properly on D.O.C.? I don't know...I have yet to play with syslinux and DOC in an embedded environment. I did get a ZF Linux eval board with a DOC, but when I tried to run syslinux, I never got past the not enough low memory problem (but syslinux *was* running). I'm not sure how the other folks who have used DOC's boot their systems. I suppose you could always fall back to booting dos, and using ldlinux. I also think there are versions of lilo and grub that know how to boot from a DOC... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question
malik, From: malik menzong [EMAIL PROTECTED] Date: Sun, 27 Jan 2002 04:26:23 + snip 1)Once Im at the root I am prompted to choose b/w some options to configure the router. I found out how I can change and move out of each file that is presented to me, but when trying to save it (back up) it comes with the following error end_request, I/O error dev 02:2c(floppy), sector 19 end_request, I/O error dev 02:2c(floppy), sector 20 At first I thought it was a bad floppy but when I tried some brand new disk the error persisted and nothing got copied. Does that sound like a common thing? Is it the disk? should I make a image file from the cd first? A normal 1.4 M Bytes floppy has 18 sectors per side. Seeing mention of sectors 19 and 20 in the error message, it's probable that you forgot to format the floppy for 1.68 M Bytes (20 sectors per side) Can't help about the rest I am afraid. Greetings Mark ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LRP Oxygen CD and floppy disk boot question
On 1/27/02 at 4:26 AM, malik menzong [EMAIL PROTECTED] wrote: 1)Once Im at the root I am prompted to choose b/w some options to configure the router. I found out how I can change and move out of each file that is presented to me, but when trying to save it (back up) it comes with the following error end_request, I/O error dev 02:2c(floppy), sector 19 end_request, I/O error dev 02:2c(floppy), sector 20 At first I thought it was a bad floppy but when I tried some brand new disk the error persisted and nothing got copied. Does that sound like a common thing? Is it the disk? should I make a image file from the cd first? This is because you are trying to use a 1.44M floppy as if it was a 1.68M floppy. You need to use a floppy that's been preformatted to 1.68M... 2)inside the /etc/ folder the file network.conf presented me with some questions: should I set eth0 as local or as external? the entries for eth0 and eth1 both requires IP, netmask and gateways setup should they be the same or different? You need to have a firewall package like rcf.lrp or seawall.lrp loaded. You also are setting up two interfaces on two different networks; the IP addresses, network addresses, and netmasks are likely to all be different. 3)I also saw two files that look kinda familiar to network.conf I am referring to networks.conf and gateways.conf. Do I need to configure those files too or should I rely only on the one first one (2)? (A UNIX manual would help :) /etc/network.conf configures your network. /etc/networks is similar to /etc/hosts: they allow you to have names for networks instead of just numbers. You should be able to ignore /etc/networks and /etc/gateways I would think... 4)inside the module option I saw three network files: pci-scan tulip and eepro 100 since I am running 2 nics 3C905 I figured I need to get some drivers for those 2 cards and mount them. Does that sound right or I have enough tools there? pci-scan is used for supporting PCI cards; the others can likely be removed. To see what modules are being used, do an 'lsmod' and see which modules are needed for your setup. -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] LRP and DOC
Patrick (and all): I have created a page to help you on your quest. Please go to my web page at: http://mullan.dns2go.com/ Click on the 'Internet' link on the left panel. Keep in mind that I still consider myself quite a 'beginner' with Linux. However, if your system is similar to mine (IBM clone type with DiskOnChip2000) then I think following my page will result in a working system. I included all files I used to get a working flash based router. I have followed all the advice and included the DOC.O module separate in my distribution (ie; not compiled into the kernal). I look forward to all comments (good and bad) so I may improve my first psuedo-HOWTO. Cheers, John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Patrick Nixon Sent: Saturday, January 26, 2002 1:51 PM To: John Mullan Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: FW: [Leaf-user] LRP and DOC John, Congrats on getting this working. I'm currently spending most of my weekend attempting to get it working and like charles mentioned, I'm running into a 'insufficent low memory error'. How did you get around that? When I attempted to syslinux the DOC using 1.66 it whined about exclusive access. Perhaps you can do a small write up on the steps you took to complete it? Thanks, Patrick On Sat, 26 Jan 2002, John Mullan wrote: Sorry, forgot to leave the link for the file... http://mullan.dns2go.com/files/MullanStein.zip -Original Message- From: John Mullan [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 26, 2002 8:51 AM To: 'Charles Steinkuehler'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' Subject: RE: [Leaf-user] LRP and DOC Charles FINALLY! It works. And it works great. I think the latest and greates SYSLINUX (version 1.66) did it for me. Once I re-did the boot loader with that, it worked. For informational purposes ONLY, if you or any list member would like to see what it took, I have made a ZIP of all files currently on my embedded board. Because of the licence thing about M-SYS (and the fact that I used your sample kernal with DOC in it), this is not a distribution. The board was purchased from ARISE computers, is a PIII 433mhz with DiskOnChip 2000 (80meg), 32meg RAM, Intel 82559 ethernet on board, and DE-538 in the only on-board PCI slot. Obviously this is over-kill for the job at hand, but since it was made available to me :) John PS: I like the WEBLET thing. First time for me and it's a nice feature. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Charles Steinkuehler Sent: Friday, January 25, 2002 2:59 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Leaf-user] LRP and DOC This results in an immediate 'boot fail' message. Note that I have tried minor:1 and minor:0 both with same result. Could there be a problem with the boot sector information? Does 'syslinux' work properly on D.O.C.? I don't know...I have yet to play with syslinux and DOC in an embedded environment. I did get a ZF Linux eval board with a DOC, but when I tried to run syslinux, I never got past the not enough low memory problem (but syslinux *was* running). I'm not sure how the other folks who have used DOC's boot their systems. I suppose you could always fall back to booting dos, and using ldlinux. I also think there are versions of lilo and grub that know how to boot from a DOC... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] LRP and DOC
Charles FINALLY! It works. And it works great. I think the latest and greates SYSLINUX (version 1.66) did it for me. Once I re-did the boot loader with that, it worked. For informational purposes ONLY, if you or any list member would like to see what it took, I have made a ZIP of all files currently on my embedded board. Because of the licence thing about M-SYS (and the fact that I used your sample kernal with DOC in it), this is not a distribution. The board was purchased from ARISE computers, is a PIII 433mhz with DiskOnChip 2000 (80meg), 32meg RAM, Intel 82559 ethernet on board, and DE-538 in the only on-board PCI slot. Obviously this is over-kill for the job at hand, but since it was made available to me :) John PS: I like the WEBLET thing. First time for me and it's a nice feature. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Charles Steinkuehler Sent: Friday, January 25, 2002 2:59 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Leaf-user] LRP and DOC This results in an immediate 'boot fail' message. Note that I have tried minor:1 and minor:0 both with same result. Could there be a problem with the boot sector information? Does 'syslinux' work properly on D.O.C.? I don't know...I have yet to play with syslinux and DOC in an embedded environment. I did get a ZF Linux eval board with a DOC, but when I tried to run syslinux, I never got past the not enough low memory problem (but syslinux *was* running). I'm not sure how the other folks who have used DOC's boot their systems. I suppose you could always fall back to booting dos, and using ldlinux. I also think there are versions of lilo and grub that know how to boot from a DOC... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LRP and DOC
FINALLY! It works. And it works great. I think the latest and greates SYSLINUX (version 1.66) did it for me. Once I re-did the boot loader with that, it worked. For informational purposes ONLY, if you or any list member would like to see what it took, I have made a ZIP of all files currently on my embedded board. Because of the licence thing about M-SYS (and the fact that I used your sample kernal with DOC in it), this is not a distribution. Now it's working you can use the existing linuxrc mechanism to load modules from root.lrp (put modules in /boot/lib/modules, and edit /boot/etc/modules just like you would /etc/modules), and make a legally distributable system... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LRP and DOC
This results in an immediate 'boot fail' message. Note that I have tried minor:1 and minor:0 both with same result. Could there be a problem with the boot sector information? Does 'syslinux' work properly on D.O.C.? I don't know...I have yet to play with syslinux and DOC in an embedded environment. I did get a ZF Linux eval board with a DOC, but when I tried to run syslinux, I never got past the not enough low memory problem (but syslinux *was* running). I'm not sure how the other folks who have used DOC's boot their systems. I suppose you could always fall back to booting dos, and using ldlinux. I also think there are versions of lilo and grub that know how to boot from a DOC... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LRP and DOC
There are special procedures for preparing a bootable DOC. I can't seem to find my copy right now. I'll keep looking. Compact flash is probably less expensive, the prices are falling faster (check out SanDisk), much more flexible, same performance and a piece of cake to work with. Consider it. [EMAIL PROTECTED] on 01/25/2002 01:47:10 PM To: [EMAIL PROTECTED] cc:(bcc: Phillip Watts/austin/Nlynx) Subject: [Leaf-user] LRP and DOC I think I've put this out to the list already but just in case.. I have been able to successfully boot a floppy version of Dachstein (thanks again Charles) so that I am able to mount the DOC. I am not able to transfer the system to the DOC and boot from it. The Dachstein LINUXRC has the recommended DiskOnChip entries, as does the root.mount file. Here are the steps I have take to attempt to transfer the system to DOC. - run syslinux against the C: drive from DOS - copy all floppy files to C: (the DiskOnChip). - edit the syslinux.cfg to boot from /dev/fla1 - run 'rdev c:linux. 100 1' to change the kernal (floppy boot indicates that 'fla' is found at major 100) - boot the PC without floppy. This results in an immediate 'boot fail' message. Note that I have tried minor:1 and minor:0 both with same result. Could there be a problem with the boot sector information? Does 'syslinux' work properly on D.O.C.? Any further input from the list would be very helpful Thanks John ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] [LRP] DSL and Cable load-balancing help
On Mon, 7 Jan 2002, David McBride wrote: Was curious if anyone has checked these sites out. I seem to remember someone saying that a full distribution like RedHat could do this,is this true? Thanks, David No. So far as I can tell the only free Unix system that can do this is BSD. Linux can do it if you don't need NAT on more than one interface, but that means you need two routers to make it come anywhere close to working. snip headers This may be a shot in the dark, but could this be used somehow to do what I was asking? http://www.xtreme-machines.com/x-systems-manual/dual-ethernet.html http://snapshot.conectiva.com/SRPMS/Networking/ifenslave.html bonds two interfaces together for the purpose of sending packets round-robin, like eql. Like VRRPd, very handy if you've got two routers with interfaces in the same subnet and you want to make them transparently back each other up; but not very helpful if you want to masquerade one network into two different networks using one or two routers. Thanks again, David snip -- Jack Coates Monkeynoodle: A Scientific Venture... ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LRP -DMZ hoses box
I have set up LRP from the Dachstein floppy-It works great. The only problem is that when I added a third NIC to set up a DMZ for a game server, the box becomes confused. I can ping the interfaces from the box, but nothing outside it-neither my LAN or public IP. At one point I had actually gotten it to see the other boxes, but not the external interface. Is there something I've been doing wrong? My internal NAT addressing is 192.168.1.x and the DMZ is 192.168.2.x. Can this be done, share one IP for two NAT networks? Yes, it can be done. From your symptoms, I'd suspect some sort of hardware in-compatibility with the newly added NIC. Are they ISA cards (with potentially conflicting I/O IRQ settings) or PCI? Some PCI cards don't gracefully support more than one of the same card in the same box. You may also simply have a problem identifying which card is which. When adding new cards, the numbering of your old network interfaces can change, so you could simply have the networks physically wired up incorrectly. Exactly which card is seen first is a complex interaction of the motherboard (PCI slot numbering), the order you load the drivers, and finally, the driver itself (which has to number multiple cards of the same type). A change in any of these can cause the ethernet device numbering to change. Short of guessing which NIC is which, the 100% accurate way to identify which NIC is eth0, eth1, etc is to look at their MAC addresses. The MAC is usually listed on the card somewhere (it's a 6 byte long number, sometimes the bytes are seperated by colons). You can see which MAC address linux has associated with each ethernet device by doing an ip addr command...the 6 bytes following link/ether are the MAC address. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] LRp multi floopy boot problem
I haven't used the multi298 package, but you should tell us what you did in detail, not just that you followed the instructions. In particular, describe how you modified syslinux.cfg. -Richard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ahmad Saeed Sent: Saturday, November 03, 2001 1:45 AM To: [EMAIL PROTECTED] Subject: [Leaf-user] LRp multi floopy boot problem i am using lrp 2.9.8 i want to add other packages so want ot make dual boot LRP i read the howto for that and followed the instructions but it is not working. I copied the mult298.lrp but nothing is happending it gives me error. not mounted _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LRP and ez-ipupdate
Does anyone has ez-ipupdate (3.0.11b5) packaged ? I need a version which supports dyndns-custom, and it seems that the latest lrp package (that I found) is 3.0.1b1. Stefaan See http://leaf.sourceforge.net/devel/jnilo/packages/ez-ipupd.lrp It's 3.0.11b5 stripped to 24K It's also on Shane Boulder page at http://leaf.sourceforge.net/devel/sboulter/ but I am not sure of the version and the package is bigger (45K - not stripped) Jacques ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LRP withoutDHCPD, Firewall, and Masq - advice
Your initial message is too cryptic to enable me to provide suggestions (I'm unclear on exactly what you want to accomplish). Your most recent message is missing any detail that would help troubleshoot what's wrong. Troubleshooting systems remotely via e-mail is never easy, especially without clear, detailed descriptions of your troubles. Please see the troubleshooting HOWTO for recomendations on the sort of information we need to be able to help you: http://lrp.c0wz.com:81/dox/lrp-list-howtos/LRP-ts-req-HowTo.html Charles Steinkuehler [EMAIL PROTECTED] I have tried to do what I thought I should do. The NIC's get IP addresses successfully. I can ping all NIC's from the lrp. I have connected a laptop directly to the LRP with a crossover cable and it can ping the LRP and vice versa. From my LRP I can not ping the DSL router that it just got an IP address from. I can not ping anything on the internet from either laptop or LRP box. What gives?? David -Original Message- From: David McBride [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 29, 2001 9:17 PM To: LEAF list (E-mail) Subject: [Leaf-user] LRP withoutDHCPD, Firewall, and Masq - advice I am trying to get a LRP router going for my work place office. Because I can not just shut down the office network to play with it I will have to deal with 192.168.1.xxx IP's for my external interface as well as the internal interface. Please keep that in mind. The external interface will get an IP addrss and all other IP info via DHCP from the DSL router (192.168.1.XXX). I have the Eigerstein disk created and NIC's going properly. I can ping all NIC's successfully. My internal NIC is 192.168.1.254 This is were I want to go from here. I want to get rid of DHCPD, all Firewalling, and Masqarading. What I think I need to do is: 1. from the disk - delete DHCPD.lrp and remove DHCPD from line in syslinux.cfg 2. in network.conf change IPFILTER_SWITCH=router and MASQ_SWITCH=NO. 3. in ipfilter.conf change comment out lines under RFC 1918/1627/1597 blocks and Rrevent RFC 1918/1627/1597 IP packets from coming in and stop outgoing RFC 1918/1627/1597 packets that have ...deny...192.168.0.0/16 If there is anything else I need to do or if I am doing things I dont need to do please let me know. Thanks so much for any and all help, David BTW: what does the bonding.o module do? ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] LRP withoutDHCPD, Firewall, and Masq - advice
I will just have to stay late and give some personal time. Can someone tell me what the modules bonding.o is for? thanks, David -Original Message- From: Jeff Newmiller [mailto:[EMAIL PROTECTED]] Sent: Monday, October 01, 2001 12:03 PM To: David McBride Cc: LEAF list (E-mail) Subject: RE: [Leaf-user] LRP withoutDHCPD, Firewall, and Masq - advice On Mon, 1 Oct 2001, David McBride wrote: Sorry for the confusing post, I hope this is more helpful. I am trying to get a LRP box going that does not use dhcpd, firewall or masqarading. This is a diagram of the network at present. I can not shutdown the office LAN, so this configuration is for testing, when I have proved I can make it work my boss will let me switch it over to putting the LRP before the hub. The router will still handle the DHCP, firewall, and masquarding. I know that it looks like the LRP is going to be doing nothing but passing along packets, but if this works I will put another NIC in the LRP and connect it to a cable modem and hopefully combine the two bandwidths. The bit about combining the bandwidths seems to have significant strings attached, and if you oversell the result then your boss is going to be doubly upset about the time that will be required for you to learn what doesn't work. Because of the situation, I have to prove each step so that my boss will let me proceed. DSL router crossover uses dhcp to eth1 192.168.1.254 cable give out hub ---LRP laptop 192.168.1.xxx eth0 192.168.1.144 manual configure DSL routerIP,DNS,and Gateway IP is 192.168.1.1 I think you have some basic misunderstandings of TCP happening here. To get from the DSL router to the laptop, a packet must go to 192.168.1.254 first. Most cheap masqing dsl routers do not allow you to add routes to their configurations like this... they expect all 253 of the host addresses to be on the same LAN. Setting up the LRP to work in this configuration involves proxy-arp or transparent bridging, both of which require quite different configurations than a box sitting in the DSL router's position would use. Thus, the two positions are not interchangeable by any stretch of the imagination getting it to work in one position will prove almost nothing about how LRP would behave in the other position. And since Eigerstein is easy to configure for the DSL modem's job, and Charles is only now getting fill-in-the-blank scripts to handle the other positions tasks set up, you will have to customize quite a bit to get your test configuration to work... and why bother? Read up on proxy-arp and transparent bridging vs. ip routing, so you can explain this fact to your boss. Then triple-check your configuration and do an in-place swapout at a low priority time (late evening?) so you can tolerate a little downtime. If you have no low priority time, then the safest thing to do is to get another DSL connection with the same type of DSL router to practice the transition with. [...] --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] LRP withoutDHCPD, Firewall, and Masq - advice
I am not a LRP guru, but to remove DHCPD you just delete DHCPD.lrp from the floppy, I did it from a windows box, and edit the syslinux.cfg with wordpad and delete DHCPD from the line append=load_ramdisk=1 initrd=root.lrp initrd_archive=minix ramdisk_size=6144 root=/dev/ram0 boot=/dev/fd0u1680,msdos PKGPATH=/dev/fd0u1680 LRP=etc,log,local,modules,dhcpd,dnscache,dhclient, I also did this on a windows box. I am pretty sure that dhclient can be done the same way. To add NIC modules (this is from the Readme.txt on the Eigerstein disk) ADDING MODULES TO YOUR LRP DISK 1) Get the Eiger LRP kernel tarball (2.2.16-1.tar.gz) 2) Extract the module(s) you need using winzip. IMPORTANT: Check the modules.dep file to see if there are any dependencies for the module you want. You will need to add these modules as well. Alternative: You can download individual kernel modules from my website: http://lrp.steinkuehler.net/kernel/Eiger/ 3) Copy the module(s) to a 1440K standard dos floppy 4) Insert the dos floppy into your LRP machine 5) Get to a command prompt on the LRP machine (login as root, if necessary, and quit from the lrcfg main menu) 6) Mount the dos floppy mount -t msdos /dev/fd0 /mnt 7) Copy the module(s) to /lib/modules cp /mnt/filename.o /lib/modules 8) Unmount the dos floppy umount /mnt 9) Modify /etc/modules to load your module. You can use ae from the command line, or lrcfg (menu 3-2-1) 10) ADVANCED: You might want to delete some of the unused network modules to save disk space. Any of the modules commented out in /etc/modules are safe to delete. 11) IMPORTANT: BACKUP YOUR CHANGES OR THEY WILL BE LOST! 12) Select LRP menu item b, then 5 to backup changes to modules HOpe this helps. If I have misstated anything I hope a guru will correct me. David -Original Message- From: Philippe Faure [mailto:[EMAIL PROTECTED]] Sent: Monday, October 01, 2001 9:19 PM To: David McBride Subject: Re: [Leaf-user] LRP withoutDHCPD, Firewall, and Masq - advice The day you came out with your request for help, I was about to ask the same thing. I have managed to get my 2 NIC work witn Dachstein 3. I was wondering if you would be able to help with through the steps to remove DHCPD and DHCPclient. I would like to be able to have a Static IP environment on the Internal and External Networks. I can't use the Static EigerStein images since they don't support my NICs. I am using the LRP box as a simple router and firewall. If there is any documentation that you know of it would be useful. Thank you Philippe David McBride wrote: I will just have to stay late and give some personal time. Can someone tell me what the modules bonding.o is for? thanks, David -Original Message- From: Jeff Newmiller [mailto:[EMAIL PROTECTED]] Sent: Monday, October 01, 2001 12:03 PM To: David McBride Cc: LEAF list (E-mail) Subject: RE: [Leaf-user] LRP withoutDHCPD, Firewall, and Masq - advice On Mon, 1 Oct 2001, David McBride wrote: Sorry for the confusing post, I hope this is more helpful. I am trying to get a LRP box going that does not use dhcpd, firewall or masqarading. This is a diagram of the network at present. I can not shutdown the office LAN, so this configuration is for testing, when I have proved I can make it work my boss will let me switch it over to putting the LRP before the hub. The router will still handle the DHCP, firewall, and masquarding. I know that it looks like the LRP is going to be doing nothing but passing along packets, but if this works I will put another NIC in the LRP and connect it to a cable modem and hopefully combine the two bandwidths. The bit about combining the bandwidths seems to have significant strings attached, and if you oversell the result then your boss is going to be doubly upset about the time that will be required for you to learn what doesn't work. Because of the situation, I have to prove each step so that my boss will let me proceed. DSL router crossover uses dhcp to eth1 192.168.1.254 cable give out hub ---LRP laptop 192.168.1.xxx eth0 192.168.1.144 manual configure DSL routerIP,DNS,and Gateway IP is 192.168.1.1 I think you have some basic misunderstandings of TCP happening here. To get from the DSL router to the laptop, a packet must go to 192.168.1.254 first. Most cheap masqing dsl routers do not allow you to add routes to their configurations like this... they expect all 253 of the host addresses to be on the same LAN. Setting up the LRP to work in this configuration involves proxy-arp or transparent bridging, both of which require quite different configurations than a box sitting in the DSL router's position would use. Thus, the two positions are not interchangeable by any stretch of the imagination getting it to work in one position
Re: [Leaf-user] LRP vs. Commercial Firewalls ??
Lance Peterson wrote: I have on of those fancy-shmancy firewall/routers that does all sorts of cool things like web administration, user login, content filtering by user, keyword lists, trusted and forbidden domains, automatic dhcp, etc I've been trying to setup an LRP box to do all that fancy stuff just to see if it was possible. Then I started wondering...hmmm...what OS were those commercial firewall/routers using like Sonicwall, Linksys, SMC Barracade. The more I looked at them, the more I started to think it was some implementation of IP_Tables from the 2.4 Kernel to allow stateful inspection. Anyone know what is in those things? From what I heard they usually are modified versions of the *BSD family, mainly FreeBSD. Ipfilter and Ipfw are usually used for implementing stateful inspection rules for these systems. Then they are modified in some manner, depending on what the vendor wants to do with them.. Also, will I be able to do web administration, content filtering or keyword filtering, stateful inspection, as well as setup trusted and/or forbidden domains under LRP? I like the idea of being able to out-do my fancy-shmancy commercial firewall with an open source OS. Especially if I can eventually dump it to an SBC and replace the comercial firewall/router all together! That's my goal anyway. I perceive a long, hard road ahead - any help would be appreciated. I'm already going blind from reading HOWTO's. If it gets too hard to do on LRP, there are many features that already exist on Eigerstein2B which just need additional tweaking with some extra packages, why not try it out on a minimal OpenBSD installation? http://www.embsd.org/ - they want to get that working on Compact Flash cards! :) -- Patrick Benson Stockholm, Sweden ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LRP Print Server LRP Xterminal
Burt Adjoodani wrote: I am really interested in SMB uses with lrp and printing. Has anybody been able to make it work with NO hard drive? Someone has set up LRP as a print server; however, this is using UNIX lpr not Samba. Samba is quite large (even extraordinarily so), thus would likely occupy an entire floppy by itself. We have 2 LRP boxes here, 1 Linux Samba Server, 1 Linux Email Proxy Intranet Web server (FAQ , Sendmail, Squid and such), 1 Web server (apache) and multiple print servers. Our main server is an AIX RS6000. We also have one stinkinNT server box. We have 40 clients running win9x that I desperately want to convert to remote Xterminals. I have noticed the Linux Samba server does a better job of file serving even though it has less ram and a slower processor. UNIX printing has a long history of being. shall we say, painful? Why not configure LRP to use lpr and create a remote lpr printer on the Samba server, and then create a Samba printer to print to that? Like this: Win95(client) - SambaServer(printer):lpr(printer) - RemoteLRP(lpr):printer Each - denotes network traffic from one host to another... I would like help on a hard drive less LRP Samba print server and LRP remote xterminals. Are both projects feasible? Where do I start? Given that you already have a Samba server, setting up LEAF so that it can act as a print server should be doable, since you don't need Samba on the LEAF system to do it. However, a remote XTerminal would be more difficult. It's likely NOT impossible, just not done. I'd like to work towards that direction; microwindows would likely not work as it is an alternative to X, not a tinyX (as comes with XFree86). Maybe I'll be able to compile tinyX to work don't know when, though - not in a big hurry... ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LRP Print Server LRP Xterminal
Dale Long wrote: I am looking at this myself. Including fax in/out. This would become a universal print/fax/gateway server. I do not know if I will have this running seperately to the firewall/gateway. The aim is to have a quiet 486 sit in some corner left on all day at home. This would make an ideal net enabled embeded home appliance. Setting up efax (or mgetty) to work on a LRP system should be fairly easy; the problem with Linux (and any Linux in general) is the current lack of good fax management or general fax programs. If you live and breathe in /bin/sh, efax may be enough; however, if you want your Gramma to use a Linux fax program, it better be much easier to use... I'm still looking for something that will fit that bill. One more reason to suffer under Microsoft oppression for a little while longer - even MacOS doesn't have any decent fax programs... I'd rather be under Steve's foolhardiness than Bill's oppression :-) but of course Linus' goodwill is even better :-) ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LRP Print Server LRP Xterminal
On Fri, 6 Jul 2001, David Douthitt wrote: I am looking at this myself. Including fax in/out. This would become a universal print/fax/gateway server. I do not know if I will have this running seperately to the firewall/gateway. The aim is to have a quiet 486 sit in some corner left on all day at home. This would make an ideal net enabled embeded home appliance. One thing I did not mention is that the LRP box will server Windows and X capable client PCs. WHFC and Cypheus are two reasonable fax clients for Windows. The upshot is that the use Hylafax which in turn uses Ghostscript. Bloat time (compared to a 1 floppy LRP). I need to take the time to play with efax and develop a similar client system. Hylafax uses a variation of the FTP protocol. Setting up efax (or mgetty) to work on a LRP system should be fairly easy; the problem with Linux (and any Linux in general) is the current lack of good fax management or general fax programs. If you live and breathe in /bin/sh, efax may be enough; however, if you want your Gramma to use a Linux fax program, it better be much easier to use... I'm still looking for something that will fit that bill. One more reason to suffer under Microsoft oppression for a little while longer - even MacOS doesn't have any decent fax programs... I'd rather be under Steve's foolhardiness than Bill's oppression :-) but of course Linus' goodwill is even better :-) I am also planning on how to have an Oxygen installation on hard disk that can also fit back on a floppy when not using things like hylafax or samba. I like the security of a write protected floppy. But I am considering having a firewall/server box using a small hard disk. With mgetty, I want to add voice and answering machine capabilites. Then I can have my own phone tree, and get some of the corporations to ring me back on it for revenge. :-) Dale. ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [lEAF-USER] LRP as four port router
Please send messages in plain text, not HTML From my last message on this subject: Since the original poster isn't firewalling, he may need to add ipchains -A forward -j ACCEPT to /etc/network_direct.conf -Richard -Original Message- From: Ahmad [mailto:[EMAIL PROTECTED]] Sent: Monday, July 02, 2001 10:59 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE:[lEAF-USER] LRP as four port router Sir i have given the default routes from each of the computers but it does not work in which file i should add the commands ipchains -I forward -j ACCEPT -b -s 192.168.1.0/24 -d 192.168.2.0/24 -b ipchains -I forward -j ACCEPT -b -s 192.168.1.0/24 -d 192.168.3.0/24 -b ipchains -I forward -j ACCEPT -b -s 192.168.1.0/24 -d 192.168.4.0/24 -b ipchains -I forward -j ACCEPT -b -s 192.168.2.0/24 -d 192.168.3.0/24 -b ipchains -I forward -j ACCEPT -b -s 192.168.2.0/24 -d 192.168.4.0/24 -b ipchains -I forward -j ACCEPT -b -s 192.168.3.0/24 -d 192.168.4.0/24 -b i am using LRP 2.9.8 ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] LRP as four port router
On Sun, 1 Jul 2001, Richard Doyle wrote: Hmm.. As I read the code in /etc/init.d/network (LRP 2.9.8; snippet below), setting IPFWDING_FW=NO blocks forwarding. if [ $IPFWDING_FW != YES ]; then ipchains -A forward -j DENY vb echo -n [Forwarding: DENY] else vb echo -n [Forwarding: ACCEPT] fi One of these days I will get this setting straight. You are right. Since the original poster isn't firewalling, he may need to add ipchains -A forward -j ACCEPT to /etc/network_direct.conf -Richard (who seems to recall having discussed this before, but who may well have it backwards this time) Probably. Nope. [...] --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] LRP-CD internal, NAT'ed network ???
[2] We are confused about usage of: INTERN_SERVERS Format is given: protocol_extern-ip_extern-port_intern-ip_intern-port Suppose that we want 192.168.0.250 ping-able by the world -- how ought this be var be constructed? INTERN_SERVERS creates port-forwarding rules. I don't think you can port-forward ICMP packets, so your example has no valid answer. If, however, you wanted to port-forward web requests, you would do something like: INTERN_SERVERS=tcp_publicIP_80_192.168.0.250_80 Or, by extern-ip, does this mean -- literally -- the external interface of the firewall? Extern-IP is a public IP assigned to the firewall. It could be the primary (or only) IP, or an IP alias assigned to the main external interface. Is there a way to make NAT'ed, internal addresses accessible from the DMZ? Yes, you port-forward them just like you would to get access from the internet. Be careful, however, as you're usually better off (from a security standpoint) making connections from your internal net to the DMZ. Any connections allowed from the DMZ (or internet) to your internal network represent potential areas to exploit security holes in the programs 'listining' to those ports. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/leaf-user