Hi And
and hansen wrote:
--- Eric Spakman [EMAIL PROTECTED] wrote:
...
Thanks and ups... ;)
Then... is openvpn available for 1.2
I can give you my package, but please consider my advice, moving to a
recent Bering-uClibc is worth the while, considering the development in
the OpenSSL
Hi And
and hansen wrote:
--- Erich Titl [EMAIL PROTECTED] wrote:
...
cheers
Erich
Thanks guys!
Is support that fast at [EMAIL PROTECTED] too? ;)
I stopped dealing with them long time ago :-(
But I think I give the new bering dist. a try.
then im scared... what vulnerabilities do
Andrew Nance wrote:
Hey guys,
What is the text to add multiple external static ip's to eth0 in the
interfaces file (Bering uClibc 3.0)?
ip addr add xx.xx.xx.xx/nn dev whatever
-
Take Surveys. Earn Cash. Influence
Hi Andrew
Andrew Nance wrote:
I don't really know how to use the dos2unix program but I used a text editor
in ubuntu to edit leaf.cfg and syslinux.cfg
That is OK, ubuntu does not suffer from the wicked dos CRLF
I changed the fd0u1680 part to hda1 in both files.
I also added hdsupp in the
Hi
Andrew Nance wrote:
Hi all,
I am trying get my 2.4.2 Bering uClibc firewall to boot from a 32 MB flash
ide module.
The computer is a DELL Pentium 3 machine with 3 nics.
I have been trying to follow theses directions:
http://leaf.sourceforge.net/doc/bk02ch11s03.html
and
Sayang Oin wrote:
Hi Erich,
yes I'm sure..
because my ssh windows says...
Broadcast message from root
The system is going down for reboot NOW !!
:-(
Ok I have a number of 1.2
# m h dom mon dow user command
42 6* * * rootrun-parts --report /etc/cron.daily
47 6
Hi
M Lu wrote:
When I try to reboot the WRAP running BU 3.0, it just shutdown all services
and I saw the message Restarting but it never actually restarted, just
hung there. I needed to unplug and plug the power.
Is the wd1100 module loaded ? Without it you won't have any luck.
The wd1100
Hi
Bob von Knobloch wrote:
Hi M Lu,
My work with PXEInstall up to now has used VMWare as a client (my WRAP
is my Internet connection and I don't like to take myself offline for
long periods). I looked at the WRAP itself and cannot see a way to
resolve this. But. I think Erich Titl has
Hi Folks
Bering uClibc 2.4.1
When I try to start ndp using
/etc/init.d/ntpd start, the ntp daemon appears to run for a very short
while, then disappears from the process table without apparent reasons.
/var/log/ntp remains empty
/var/lib/ntp has no driftfile
/var/log/daemon.log shows the
Hi Folks
All this refers to BU 3.4.1
Probably a simple question, has anyone tried mini-httpds? The
documentation of acme labs sucks in many aspects.
Where to put the key? Just concatenate with the certificate?
WWWDIR is set to /var/webconf/www, but in /var/lib/lrpkg/mhttpds.list
the location
Hi everybody
I know it's bad karma, but here a few new findings to the httpds issue
Hi Folks
All this refers to BU 3.4.1
Probably a simple question, has anyone tried mini-httpds? The
documentation of acme labs sucks in many aspects.
Where to put the key? Just concatenate with the
Hi Folks
sorry for chiming in just like that.
Please consider that the implementation of *swan 1.x vs. *swan 2.x has
major differences, especially in the field of oportunistic encryption.
One would expect that the major components of freeswan remained the same
especially the time consuming
smorilla wrote:
Hi,
I've managed to install bering and configured Madwifi as an access point
using a Dlink DWL-G520.
The wireless link is up and running. My laptop gets an IP addres within the
range associated 192.168.3.x.
The problem I have and I'm sure I'm doing something really
Hi Sergio
[EMAIL PROTECTED] wrote:
Erich,
That was my first shot. I can´t find anything meaninful on them.
It´s been a long time since my last LEAF setup and troubleshoot (I hink it
was Dachstein or the first version of Bering not uClibc). Where and how can I
configure the debug or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tom
Tom Eastep wrote:
Erich Titl wrote:
Hi Folks
Does anyone know, what netfilter module is needed for the limit match.
ipt_limit
I should have known :-( looking in my kernel config I found limit
support was compiled into the kernel
Hi Steve
S Done wrote:
I understand that syslinux is the preferred boot loader for Bering uClibc.
I am booting from a compact flash card.
At the moment, I am having to 'lilo' the CF card on another PC whenever I
need to make a change to the modules loaded on boot, since
I don't have lilo
Hi gents
I finally decided to jump the uClibc bandwagon and got 2.4.1 running as
secondary system on my nexgate NSA 1125 platform (flash boot, lots of
interfaces ...).
Taking the long way I decided to explore the more or less seamless
upgrade possibilities with such a device. I try to avoid
Hi
Doug Sampson wrote:
Hi all,
I'm seeing these messages in my logs:
..snip..
Apr 25 14:07:30 firewall Shorewall:all2all:REJECT: IN=tun0 OUT= MAC=
SRC=10.8.0.14 DST=192.168.1.254 LEN=89 TOS=18 PREC=0x00 TTL=255 ID=41848 CE
PROTO=UDP SPT=5353 DPT=53 LEN=69
This is vpn to fw traffic
Doug Sampson wrote:
Can one run a TUN and a TAP connection using OpenVPN on Bering uClibc
firewall successfully at the same time using different ports- i.e. 1194 for
TUN and 1195 for TAP?
Yes, you can run multiple openvpn instances. Unless you really need
bridging I would stick with routing.
Ricardo Kleemann wrote:
Thanks for the suggestion.
The primary dns server is on another network, another location. And the leaf
system is on a separate location where there aren't any full blown linux
boxes
So why the need for a secondary server in that location? You might as
well place it
Ricardo
Ricardo Kleemann wrote:
Hi guys,
Anyone have a version of bind (named) for bering-uClibc?
I want to run a secondary nameserver on my leaf box. The only options I
know of are axfr-get and named. Except axfr-get also needs tcpclient. I
have not found any of these (other than
James
James Neave wrote:
Thanks Eric Erich!
This is definitely a contender for cool-thing-of-the-month.
I installed smnpd and it at least seems to spit out default bps values
as it is, but it does need config.
I got MRTG working and I've temporarily just bodged a scheduled task to
James Neave wrote:
Looks good,
I don't suppose you know where a Bering-SNMP for dummies HOWTO is? :)
That's not really Bering specific, any net-snmp HOWTO will do. Although
I must admit, i did only minimal adjustments like community name and such.
cheers
Erich
Andrew
Andrew Gray (Gil) wrote:
Andrew Gray (Gil) wrote:
..
Yes the modem connects and nats to 192.168.1.0 network then the firewall sits
behind that. Everything else works fine this way and the modem takes care of
the connection to the ISP for me. The firewall is in the dmz of the
Andrew
Andrew Gray (Gil) wrote:
...
After some fiddling and more research into the configuration I can now ping from
either firewall to the opposite end of the tunnel on the 10.8.0.0 network. I
can ping from firewall 2 to the 192.168.2.0 network (server and internal
interface) but not
Hi Andrew
Andrew Gray (Gil) wrote:
Hello all,
I am requesting help with the setup of 2 leaf ucib boxes which I wish to
connect
using the openvpn package. I have both on the internet and functioning as
firewalls and have installed the openvpn package as per the instructions.
They
Hi M
M Lu wrote:
Hi Erich,
That's excellent idea. I will definitely try. Is there anyway to test
the CF on a full Linux box? I have FC3 and I used that box to prepare
the CF but I do not know how to test that CF to make sure it boots
correctly etc. In the old day with CD/floppy Bering, I
Hi
M Lu wrote:
Hi Erich,
I prefer this method over the other Eric said yesterday as the change is
less and you can have a backup in case something goes wrong and you do
not have the time to fix it. With PXE, I do not know if you always need
another machine to boot WRAP or you just use
Lars
Lars wrote:
V2.2.3 uClibc kernel 2.4.26
openvpnz 2.0.5 Rev 1
I connect from a Windows system to the Leaf box with
OpenVPN. Without compression everything works as
expected. With compression turned on applications that
transferes large amount of data stops responding after
a while
Lars wrote:
Hmm, I see that the liblzo package is quite old,
version 1.08-2. A newer version is available on the
lzo homepage (2.02). Anyone with experience from a
more recent version of lzo?
My OpenVPN executable is statically linked against lzo-1.08
runs fine...
btw. it's 2.0.2
cheers
remains that is LEAF orientated: The
boot-up process starts OpenVPN too soon, ntpsimpl needs to be started
first. This acn be fixed but ntpsimpl, although modified with a script
from Erich Titl does not actually set the system date for quite some
time after it has fetched the time from the Internet
Bob
can't restrain myself from pouring salt ... :-)
Bob von Knobloch wrote:
...
Thanks Erich and Martin, you had the right idea, it was a lost process.
I believed
I don't know about your religious preferences but that is definitely
where believing belongs to. Don't worry though, happened
Bob
Bob von Knobloch wrote:
Thank you Gianni, the text was not clear that this should be run first.
My next stumbling block (referring to the HOW-TO) is in 7.5.1.
An entry like:
route 192.168.25.0 255.255.255.0 vpn_gateway
or similar must be made, but where is this to be made (there is no
Bob von Knobloch wrote:
Erich Titl schrieb:
...
Of course I was there but I must disagree, I find the documentation not
so good.
OK, I built a number of openvpn connections for my wrap boxes. I must
admit, I am still using a derivative of Bering glibc and I compiled the
openvpn package
Bob von Knobloch wrote:
Does anyone know what this error message from OpenVPN in (daemon.log)
might actually mean?
Wed Jan 18 22:30:07 2006 TCP/UDP: Socket bind failed on local address
[undef]:1194: Address already in use
I have not specified a specific address and certainly have nothing
Bob von Knobloch wrote:
Dear List, especially WRAP/CF experts,
Does anyone know how to partition a CF using a PCMCIA adaptor?
Most programs I have tried don't see the card as a fixed (but rather as
a removable) disk and don't allow formatting or image creating/writing.
I can do it with an
Bob von Knobloch wrote:
Erich Titl schrieb:
Bob von Knobloch wrote:
...
My laptop won't run Linux sadly (too many MS-dependant BIOS features).
So it's XP or DOS or any mini-Linux on CD that supports PCMCIA - do you
know any
Try Knoppix, it worked for me :-)
On Bering-uclibc
Bob von Knobloch wrote:
...
Thanks for the information Erich, I have now removed ntpdate (as it is
deprecated by ntp.org), but I suppose your solution might well be just
as appropriate to ntsimpl. I can't find the mails about this, could you
please send me your solution (or a pointer as to
Bob
Bob von Knobloch schrieb:
...
Upon booting, the LEAF-WRAP box loads it's kernel, mounts drives
(Compact Flash here) and gets the packages.
These are then started according to priorities in /etc/init.d/ , as
you rightly pointed out. Sadly my internet provider (t-online) seems
to
Hi folks
has anyone used a LEAF box as a bandwidth limiter (possibly in bridge
mode). I am digging in the LARTC but must admit it is pretty cryptic.
This is probably not LEAF limited but I felt I might ask anyway.
Thanks
Erich
---
This
Eric Spakman schrieb:
Hello Erich,
You may take a look at http://leaf.sourceforge.net/doc/guide/bubridge.html
and
http://leaf.sourceforge.net/doc/guide/buhtb-qos.html
I think it describes what you need.
Thanks, just what I needed
Erich
Hi folks
does anyone know how to resize /var/log _without_ rebooting the LEAF
box. I stopped ksyslogd, ntp and ulogd, rmoved all files from the
/var/log directory but still cannot umount it.
# /etc/init.d/sysklogd stop
Stopping system log daemon: klogd syslogd.
telecom: -root-
#
Sylvain
Sylvain Pelletier wrote:
Hi,
I would like to get the feedback of people who have succesfully
installed/tested openvpn with bering.
I am running it on multiple systems without a hitch using Bering glibc
cheers
Erich
---
This
Darcy
Darcy Parker (Home) wrote:
Good day all,
..
Here is what I get when I run ntpdate from the command line.
imagerocfw# ntpdate -u timelord.uregina.ca
1 Dec 20:02:19 ntpdate[30561]: adjust time server 142.3.100.15 offset
-0.069286 sec
Which seems to work.
Am I missing something?
Julie S. Lin wrote:
Hi All,
I'm still having trouble with the DHCP, and I'm hoping someone can point
me in the right direction
I'm running a dhcp server on my 192.168.30.0/wireless network out of
dhcpd.lrp. If I have
a wireless card, everything works fine.
I then added a wireless
Kwon wrote:
Hello,
I had a situation yesterday after a reboot (uClibc 2.2.0) and Shorewall
did not start properly?
In the /var/log/message log:
snip
Nov 21 14:00:28 ns1 root: Shorewall Stopped
EOF
I did a manual `/etc/init.d/shorewall restart` and everything was fine!
I think my DSL
Tom
Tom Eastep wrote:
On Tuesday 22 November 2005 01:34, Erich Titl wrote:
Kwon wrote:
The question is how can I or what is the best way to check for the
Shorewall “Stopped” condition after an unattended reboot?
AFIK shorewall wants to know (detect) the addresse of the external
Tom
Tom Eastep wrote:
...
--
http://www1.shorewall.net/Documentation.htm#Blacklist
http://www1.shorewall.net/2.0/Documentation.htm#Blacklist
PORTS
Optional; may only be given if PROTOCOL is tcp, udp or icmp.
Bob Coffman Jr. - Info From Data wrote:
Erich,
Thanks for the reply!
I don't believe there is a shorewall problem. I would expect (maybe
incorrectly) that shorewall clear would expose that. When I tried that,
the problem persisted.
To dump traffic on eth2 - would I set a box running
Bob
Bob Coffman Jr. - Info From Data wrote:
...
24.123.47.72/30 dev eth0 proto kernel scope link src 24.123.47.74 (internet)
10.1.30.0 via 10.1.1.1 dev eth2
10.1.10.0 via 10.1.1.1 dev eth2
10.1.20.0 via 10.1.1.1 dev eth2
10.1.1.0/24 dev eth2 proto kernel scope link src 10.1.1.2 (cisco)
Ron
Ron Senykoff wrote:
Gosh guys sorry I missed this email until now. I just switched to have
all my email route to 'gmail' and it got lost in the confusion.
Here it is in all its glory!
http://content.cs.luc.edu/projects/comp412/q-box
Is this just an additional set of .lrp files or what
Ron Senykoff wrote:
Is this just an additional set of .lrp files or what else did you do to
the leaf box?
It's basically a specific combination of .lrp files (including my own
qbox.lrp) and modules such that it is a preconfigured traffic-shaping
bridge for the WRAP board. I provide a
Tom
Tom Eastep wrote:
while true; do
ip link ls dev ppp0 /dev/null 21 break
echo Waiting for ppp0 to come up...
sleep 5
done
Yes, that is more or less the thing I finally did, although this will
loop forever and without a console the poor luser might never know
Richard Saunders wrote:
Does this problem have anything to do with shorewall? Shorewall seems to
startup
without a problem and everything else runs fine. It's only ipsec that
can't find a default route.
I thought inetd may be responsible. Not that I know anything much about it.
Shorewall is
Richard Saunders wrote:
Thanks Tom and Eric
I don't know if it matters to me how long it takes to come up, so long
as everything that is supposed to work works once it's up.
When ppp0 is up its a router, until then it's lump of useless metal
chewing power.
I have put the loop here:
Richard Saunders wrote:
I managed to kick everyone off at lunchtime and reboot.
The loop paused the startup for about half a second and off it went.
Everything started up fine including ipsec.
I doubt it looped at all then.
Please ignore my previous post on the barf, I must be getting blind.
Rick
Richard Saunders wrote:
Thanks Eric
Unfortunately that has had no effect, but I do think you are on the
right track
ie. ipsec is starting before ppp0 is fully up, but since I know nothing
except
being able to blindly follow instructions, I don't like my chances of
finding a
solution
Richard Saunders wrote:
Is it possible just to insert a pause somewhere in the startup scripts
to wait for ppp0
to come up before continuing?
Yes, that was my first aproach, unfortunately not a very smart one, as,
for example, ppp may take a very long time to come up.
Erich
Paul Traina wrote:
This problem has always existed for any connection type. It shows up in
a lot of different locations on all Bering versions. I saw this on ppp
connections as well as pcmcia based ethernet connections. The common
denominator of all these is, that you cannot predict reliably how
Ken Gentle wrote:
At 03:33 2005-09-22, you wrote:
Hello Ken,
snip
Looks ok, are you sure there is a driver loaded for eth0? (lsmod).
Yep, tulip is loaded.
You can try to make a fixed config (like you did for eth1) to check if
the
interface is brought up correctly.
The address is
James
James Neave wrote:
Hello,
I have a network that needs a WINS server, to be provided by Samba. But
I can't fit the Samba.lrp package on the boot floppy.
If you want to scan the archives, I did some work on network loading for
leaf packages a few years back. I had a floppy which would
Charles Steinkuehler wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
| Hi Arne,
|
| Indeed and we don't know which mount directory an user creates.
| I just mount my CF under /mnt (which also seems obvious to me) and
| never had a problem.
|
| Certainly true,
Darcy
ddparker wrote:
Hi All,
I still consider myself to be a newbie to leaf and Linux in general
and found myself corrupting files on a CF Disk.
I had to learn the hard way so I thought I would share my woes. I have
been working with Troy Aden (Thanks Troy) getting beta 4 to work on CF
Jaap Eldering wrote:
On Sat, Aug 20, 2005 at 06:16:32PM +0200, Arne Bernin wrote:
...
Isn't this already handled by the root.exclude.list? In it e.g. /mnt
/mnt? /nfs are listed, so if you'd mount another filesystem there
(which seems the obvious choice to me), then you won't have problems
[EMAIL PROTECTED] wrote:
Hello Jaap, Erich,
..
Indeed and we don't know which mount directory an user creates.
I just mount my CF under /mnt (which also seems obvious to me) and never
had a problem.
Certainly true, still I believe it is good this had some exposure,
because I believe
Jon
Jon Clausen wrote:
On Wed, 27 Jul, 2005 at 21:32:41 -0500, Charles Steinkuehler wrote:
I track bandwidth (and other stats) on several (about 8) LEAF boxes I have
in production.
I'd like to set up something like this on (currently) 10+ LEAF boxes.
I am tracking a number of LEAF
Eric Spakman wrote:
It's a general 'issue' with linux and unix, if you write something to your
storage media it's not directly written but buffered for some time. If you
remove the media or reboot before doing a sync or umount, data can get corrupt.
The lrcfg script umounts after a backup, but
Hi James
James Neave wrote:
Hi,
Can anybody tell me how I could back up a LEAF disk over the network?
I can get and put files to my LEAF boxes using SCP, but at the moment
the only way to take a backup image is to put the disk in another
machine and take an image backup.
It's probably
M Lu wrote:
Thank you for the tips.
I tried them to backup my compact flash. But the speed is very slow. I
did try both ways, dd to /tmp and then scp (Erich's way) and dd on the
fly using ssh (Charles' way). In both cases it took about 5 minutes to
either 'scp' or 'dd-over-ssh' 64M.
Be
Hi
M Lu wrote:
I think my /tmp is just about this size. diff scp-image ssh-image shows
they are the same.
Just for your information, this is a test on my WRAP (only 32MB flash
though)
This is with gzip on my server
luna time ssh -2 -l root -i .ssh/identity gatekeeper dd if=/dev/hda
|
Jaime
Thanks for the info
Jaime Nebrera wrote:
...
D) FreeBSD (actually dont know what BDS m0n0wall uses) is much more
linear and predictable on its behavior, standing for higher loads.
Did you test Linux in router configuration?
cheers
Erich
M Lu wrote:
With all help I got from the list members, I am now running the latest
and greatest Bering-U on my WRAP box. Thank you all.
The next step would be adding wireless card and make it into the access
point. I look around and I see the a/b/g 5004 MP Atheros mPCI CM9
bundled with a
Luis.F.Correia wrote:
Hi!
(answering back to the list)
-Original Message-
...
My box is version 1E, 3 LAN and 1 mini-PCI. For now I do not
have wireless
yet. Can you help me to answer the following questions:
1. When inserting the board into the case, I need to unscrew
the
M Lu wrote:
I got my 1st WRAP box and with all help I got here and Erich's ready
image, I could boot it up and see it running. I paid more than US $200
(board, case, 64M CF, shipping) for it and that's without the wireless.
I just wonder why it is so much more expensive than the routers they
Hi
M Lu wrote:
Thank all of you very much for your useful information. So I think I
will need
- WRAP box
- corresponding enclosure case
- Power supply
- CF card
- a mini-PCI wireless card
+ Pigtail
+ Antenna
Do you recommend me any specific power supply and/or CF card? Is the
Hi folks
As the subject suggests, this is a bit off topic, but as a LEAF system
is involved please excuse me.
I am baffled by the behaviour of a M$ application (IIS) on a customer
network.
This network is a hub and spoke structure built with Bering glibc
routers. Some of the locations use
Bob
Robert K Coffman Jr - Info From Data Corporation wrote:
What version of Windows?
2003 server. I left that to the windoze guys.
The point is IMHO the Bering box sends a correct ICMP message to the
server indicating the need for fragmentation and the server just could
not care less.
Charles
Charles Steinkuehler wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
... |
| I would expect the server to reduce the packet size accordingly but
| helas it does not. Am I just naive to expect M$ to follow or is it
| compulsory only to respect ICMP?
You have to have Path MTU
M Lu wrote:
As we are encouraged to talk about anything, I just want to ask
questions regarding running LEAF on an embedded PC. I would like to move
my LEAF on an old PC to a smaller device, such as WRAP box. The good
news is that there is some documentation about how to set it up, so I
hope
Sherif
[EMAIL PROTECTED] wrote:
Hello,
I am using fwbuilder to build and download an iptables script to
Bering-uclibc. The script is downloaded to /etc.
I am downloading the fwbuilder output to /etc/firewall/firewall.fw . I
have a fwb.lrp which handles starting and stopping.
You can get my
Everyone
according to Rick the r8169 driver is working under Bering. You can find
the module at http://leaf.think.ch/styx/2.4.20/rtl8169/src/r8169.o
Beware, I had to hack it to compile cleanly, you find everything in the
src directory
cheers
Erich
Rick
Tibbs, Richard wrote:
Sorry to post twice,
but having tried the bering 1.2 intel-gige.o module,
it does not work with the Intel Pro 1000MT gigabit card.
Have you tried the e1000 driver?
See:
http://support.intel.com/support/network/sb/CS-006120.htm
For the realtek its here
Thomas Wille wrote:
Hi Matt,
at least in Bering 1.2 the /etc/init.d/rc*.d-links are not saved in etc.lrp.
Have a look at the file /var/lib/lrpkg/etc.exclude.list.
The /etc/rc*.d-links are created somewhere in the boot-sequence.
I am using Bering 1.2 with some additional selfmade packages.
Matt
Matt wrote:
Hi all, I have a strange goal.
the setup: two sites (a and b) both with linux machines running
shorewall. a machine at site 'a' needs to connect to services on a
machine at site 'b'. both sites have dsl with dynamicaly assigned ip
addresses. site 'b's ip can be
Darcy
Darcy Parker (Home) wrote:
Good day all,
I am considering replacing a bunch of old dual floppy machines with
the microtik routerboard 500 (http://www.routerboard.com/). These
boards have a CF card slot and can be configured to boot off of them. I
believe the units has a MIPS
Tibbs, Richard wrote:
Oh, yes it does log route adds/deletes...
What I was hoping for was ip route table verbosity, so that I could
see if and when bering was dropping packets silently.
Situation is this: I have a Bering 1.2 firewall in my office on campus
connected to the campus network. All
Michael
Michael D Schleif wrote:
Forgive me my denseness. It is late, and I am grown old.
I have configured several openvpn v1.x shared key VPN's. Thank you.
I have a need to configure VPN's between offices using BU firewalls and
several employees' homes.
This appears to be a good
Tibbs, Richard wrote:
See other comments inline below.
Tried tcpdump on bering via the cmd
tcpdump -i eth0 icmp -q
try
tcpdump -n -i eth0 icmp
Erich
---
This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput
a
Rick
this is on a WRAP Bering 1.x
Using username root.
Authenticating with public key Jupiter Version 2
Bering gatekeeper 2.4.20-grsec #6 Fri Sep 12 10:42:33 CEST 2003
Type in help if you are really lost
gatekeeper: -root-
# ip monitor route
10.23.7.13 dev eth1 scope link
Deleted 10.23.7.13
Tibbs, Richard wrote:
Hrmmm...
All I get after an hour is
firewall: -root-
# ip monitor route
Do you really change something to the routing table? I got the output by
manually adding and deleting a route.
cheers
Erich
---
This SF.Net
Hi
[EMAIL PROTECTED] wrote:
Hello,
I have a Bering-uclibc v2.2.3 installed on DOM. I am trying to use
Fwbuilder v2.0.5 to download and activate the script.
I can find the script under /etc after installing the script through ssh.
But things goes dead after that. I do not believe it is the
[EMAIL PROTECTED] wrote:
Hello,
Here is the ourput of the loading process:
Logged in
RTNETLINK answers: File exists
cd: 153: can't cd to /lib/modules/2.4.26/kernel/net/ipv4/netfilter/
ls: *_conntrack_*: No such file or directory
ls: *_nat_*: No such file or directory
...Rule 7
Hi folks
I posted a method to check ipsec connections a while ago. I found this
was only a very temporary solution as each restart if ipsec would wipe
out all routes for the ipsec interface.
here is a small patch to /lib/ipsec/_updown (1.99.) which installs a
route to the table from.fw
Michael
Michael D Schleif wrote:
Please, somebody comment on changes required to upgrade an existing v1.x
openvpn installation to this new version?
I have read about the enhancements, c.; but, I am wondering whether or
not an existing configuration will simply work in v2.0 ???
AFAIK, no.
2.0
Hi folks
I found a problem sending large packets (e.g. large icmp echo requests)
across an ipsec tunnel. I used a ping size of 2000 bytes and found that
the remote ipsec gateway tried to reply with a fragmentation needed icmp
packet. The icmp packet though went through the default gateway,
Rick
Tibbs, Richard wrote:
Dear list:
I have a subnet-to-subnet ipsec tunnel that is not coming up, and an
ipsec barf shows several
md5sum not found messages in association with all of the secrets.
I looked through the ipsec.conf man page with no luck to find some way
to generate the md5
Calvin Webster wrote:
I'm having trouble deciding what to put in /etc/ipsec.conf, found on
the Bering-uClibc configuration menu (3)[Packages
Configuration]-(5)[ipsec]-(2)[IPSEC Main Configuration File].
...
Can someone give me an example of what settings I'd use for setups like
the ones
Michael D Schleif wrote:
Ongoing conversion of several Dachstein-CD installations have resulted
in several challenges. Please, ask if I have left out pertinent
information.
What am I missing? How can we setup the following scenarios with
Bering-uClibc/Shorewall?
Shorewall zones:
fw
loc
Rick
Tibbs, Richard wrote:
OK, this Bering 1.2 non-uclibc. I have no /etc/sysctl.conf.
Don't know if there is some package to load to get such a config file.
So that leaves me editing /proc/sys/net/ipv4/ip_conntrack_max
How would I back this up?
You can always write a script in /etc/init.d to
Martin
Martin Hejl wrote:
Hi Erich,
I am looking for the sysctl source code without much success on the
web. All I could find was the BSD stuff which might not be what I want.
On Bering uClibc sysctl is part of busybox. So, the source (at least for
that implementation) would be found inside the
501 - 600 of 1037 matches
Mail list logo
