is only for MYSQL.so.
It sounds as if your shared libraries are compiled for a path that are NOT
where the libraries are actually stored at on the LEAF box. This is likely
a compile time option.
--
~Lynn Avants
Linux Embedded Firewall Project developer
http://leaf.sourceforge.net
On Tuesday 04 February 2003 06:56 pm, Ping Kwong wrote:
I'm running Bering-uClibc 1.1 and having some minor problems. First of
all, I do have a request. Does anyone have a packaged udhcp.lrp for
this distribution? I'm only aware of Lynn Avants' for LEAF in general
and for specifically
On Wednesday 05 February 2003 03:30 pm, Ping Kwong wrote:
I tried to use a package made by K.-P. Kirchdörfer based on your
original package and I haven't had any luck on the client or the server
end. The default configs weren't configured for Bering or even LEAF but
after making some
is harmless to you since it's blocked and the concern with SNMP on
your internal machine lies in why it's running SNMP (and to where???).
To stop logging these packets, find (all) the applicable places where these
are DENY'ed are get rid of the -l (for logging) in the rule(s).
--
~Lynn Avants
.
http://leaf.sourceforge.net/devel/guitarlynn/ipsec.txt
--
~Lynn Avants
Linux Embedded Firewall Project developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2
?
Not if the service is port-forwarded through the firewall to your desktop.
Your admin will see it as your box is connected directly to the internet
for the ipsec service/protocol. They only need to change if you are using
a 'gw'to-gw' connection.
--
~Lynn Avants
Linux Embedded Firewall Project developer
http
On Monday 03 February 2003 07:56 am, James Neave wrote:
Hi,
Is there a Win32 ssh client available?
I just can't find even a hint of one.
Preferably free? :P
Putty.
--
~Lynn Avants
Linux Embedded Firewall Project developer
http://leaf.sourceforge.net
:
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Use 'scp' through ssh.
--
~Lynn Avants
Linux Embedded Firewall Project developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored by:
SourceForge Enterprise
is not seeing syslinux
at all.
--
~Lynn Avants
Linux Embedded Firewall Project developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http
glibc
environment as described in the LEAF FAQ section and the
LEAF developer's guide. As far as the static linking goes, have
you met _all_ of the dependancies on the LEAF box???
--
~Lynn Avants
Linux Embedded Firewall Project developer
http://leaf.sourceforge.net
/kwarchive/fdisk.lrp
--
~Lynn Avants
Linux Embedded Firewall Project developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
://leaf.sourceforge.net/devel/cstein/files/packages/network.txt.
IPFILTER_SWITCH=router~~NONE
IPFWDING_KERNEL = NO
It sounds like this should be turned off.
IPALWAYSDEFRAG_KERNEL = NO
--
~Lynn Avants
Linux Embedded Firewall Project developer
http://leaf.sourceforge.net
'
connection.
--
~Lynn Avants
Linux Embedded Firewall Project developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
overhead. You wouldn't see this load
under a non-pppoe connection running ipsec, which verifies your experience
with your other VPN nodes.
I hope this helps,
--
~Lynn Avants
Linux Embedded Firewall Project developer
http://leaf.sourceforge.net
eth1_MASKLEN=24
eth1_BROADCAST=10.10.10.255
Internal Interface
INTERN_IF=eth1
INTERN_NET=10.10.10.0/24
INTERN_IP=10.10.10.254
--
~Lynn Avants
Linux Embedded Firewall Project developer
http://leaf.sourceforge.net
, the kernel is by far the easy
part to get done.
--
~Lynn Avants
Linux Embedded Firewall Project developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http
routing between the two interfaces.
--
~Lynn Avants
Linux Embedded Firewall Project developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http
in any future updates to Dachstein in /etc/network.conf.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2
On Wednesday 29 January 2003 10:45 am, Todd Pearsall wrote:
Is /tmp for backing up packages?
Yes it is.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored
floating around somewhere (as one has already
been noted). Does anyone have any other and/or better suggestions for
accomplishing this???
--
~Lynn Avants
Linux Embedded Firewall Project developer
http://leaf.sourceforge.net
---
This SF.NET email
? I used default packages which have the loc
interface at 192.168.1.254 and the DMZ interface at 192.168.1.100
Yes, you can't route between 2 interfaces unless the subnets are different.
The notable exception to this is proxy-arp.
--
~Lynn Avants
Linux Embedded Firewall Project developer
http
it.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
iptables rules in
Bering? That would be fine.
Yep, remove the shorewall package from syslinux.cfg on your
actual disk. You may need to backup etc.lrp or root.lrp to save your
firewall rules.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
the PPPoE interface, not eth0.
Removing:
gateway 172.16.0.254
You'll probably have to drop the norfc setting on any interface
(eth0) filtered by Shorewall as well, since the 172.16.x.x. address
block is reserved.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http
to my
PC?
I don't know. It would depend on how the XP box would handle the
output of the proxy.
5) Any links to sites with free SOCKS packages out there?
SOCKS5.lrp
http://leaf-project.org/pub/packages-list.html
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http
-internet-leaf(ssh:22)-internal(ssh:24)-vnc
You'll either need to portfw the VNC port to the internal box or
tunnel VNC through SSH. You are portfw'eding SSH properly,
but not tunneling VNC; thus the reason it is not working.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http
, ip_conntrack_pptp.o and ip_nat_pptp.o in my Bering
Box?
pptp has nothing to do with ipsec.
While testing, I don't use iptables and shorewall.
If your using NAT, you might want to keep iptables around anyway.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http
of this post!
Best Wishes!
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http
this version of glibc are
Debain Slink, RH 5.2, and Corel Linux. There is a developers guide
for use with compiling programs for LEAF, it is available on the LEAF
site at:
http://leaf.sourceforge.net/pub/doc/guide/developer.rtf
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http
. I would highly suggest getting this to work with PSK first and
make sure everything else works rather than attempting everything
first.. there are tons of errors that can be easy to make outside of
the authentication method.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http
with an
available command.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
so.
This being said I have many routers out there running on CF and CD's.
A good test might be to open another shell and run the df command while
backing up root.lrp, this way you can see if your running out the ramdisk.
~Good luck!
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http
over the TCP/IP settings on her box _if_ you add the
route. So disabling both boxes wouldn't open either machine to this traffic.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
---
This SF.NET email
Have you used the suggestions in the Bering Users Manual to set this up?
I remember Matt S. made some suggestions to updating the doc for this
type of setup many months ago. There should be a post in the leaf-user
archives with very implicit directions if your still having problems.
--
~Lynn
On Friday 24 January 2003 11:06 am, wicak wrote:
Hello,
how to use BGP in bering box?
Use the zebra.lrp package.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored
(fairly major) details, the tunnel is working as
expected.
That would do it!
Thanks for your help.
NP, glad it's working!
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
---
This SF.NET email
you some work.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
into Win2k/XP ipsec
clients. They are generally a _huge_ PITA, so I would highly suggest
using keys instead if you have an option.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
---
This SF.NET email
which should be much better answered on the Asterisk mailing-list
since I'm sure a couple of their people have running H232 boxes behind
a firewall.
http://www.asteriskpbx.com
Maybe I'll get around to trying it myself sometime soon since I deal with
the telecom market quite frequently.
--
~Lynn
Everything looks good to me and the tunnel comes up.
Could you add the output of /var/log/syslog, /var/log/kern.log,
and /etc/network.conf after attempting to ping? I'm thinking the
kernel spoofing rules might be stopping the traffic.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
the
192.168.0.0/16 block in a couple of places in /etc/ipfilter.conf. If you will
search the leaf-user archives, there are many past threads on fixing this
problem.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
) a host-to-host tunnel must be brought up.
The output of ipsec barf would be most useful if these suggestions
don't fix things. Check the LEAF FAQ How do I request help? for
easy ways of sending logs files and config information w/o typing
it.
I hope this helps!
--
~Lynn Avants
Linux Embedded
to indicate
otherwise.)
No this module will not work, you will need the 3c509 module. You will likely
need to set up the cards manually with the DOS or Linux utility. Check the
leaf-user archive for exact information since we had 2 or 3 threads on these
cards last week. Thanks! ;-)
--
~Lynn
to the actual format size.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
---
This SF.net email is sponsored by: Scholarships for Techies!
Can't afford IT training? All 2003 ictp students receive scholarships.
Get
, so I would suspect so.
Or, yes the kernel knows how to act as a mac bridge with
two token ring cards?
That's what bridging isdo not assign ip's (routing) to the
interfaces on a bridge.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
this is not going to work. You could move your LAN to
CIPE instead of IPSec (which uses different a different port) and allow
the IPSec to be passed through CIPE is supposed to work better, especially
with NetBIOS and touchy applications, but I haven't used it myself.
--
~Lynn Avants
Linux Embedded
could likely help you more if we know which version
of LEAF you are using (exactly), if you've added a kernel to the image other
than stock, and where you got your module (exactly).
I hope this helps,
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
the 2.4.20 tree with the stock
2.4.18 kernel. Get your module from the 2.4.18 tree instead!
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored by:
SourceForge Enterprise
the right module to me.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored by: FREE SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
of the
kernel you are using (in the kernel source code). I doubt anyone is
compiling this into the leaf kernel nowadays, but you can always roll
a new kernel with the support added into it.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
footprint.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored by: FREE SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide
???
Please check the information at the SR link on the bottom of this post
for things that will help us help you much better.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored
as a stateful firewall.
If you run in w/o the stateful option conntrack is not used, and definately
not very useful with plain routing. I'm not sure whether the statefull
definition is set in the kernel, but IIRC it is an option with the iptables
ruleset.
--
~Lynn Avants
Linux Embedded Appliance
a couople of thoughts.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored by: FREE SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
these
modules. The ultra will take options with insmod, whereas the 3c509 will not.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored by: FREE SSL Guide from Thawte
are you
has much interest into changing any core
systems while he is working on his Ports system.
My other concern is that if I install too many packages I'll actually run
out of physical RAM.
Absolutely. All you can do is run a box with _much_ more RAM or un-embed
the system.
--
~Lynn Avants
Linux
used should be there.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored by: Take your first step towards giving
your online business a competitive advantage. Test-drive
to call the module
twice.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored by: Take your first step towards giving
your online business a competitive advantage. Test-drive
or Donald Becker respectively.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored by: Take your first step towards giving
your online business a competitive advantage. Test
use any other Linux distribution. LEAF is designed
to be run out of a ramdisk.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored by: FREE SSL Guide from Thawte
are you
.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
on the homepage.
I use e3 with vt100 on all my console terminals w/o any problems.
Apparently the Wyse or your keyboard is giving a constant signal
that the ctrl or alt key is being pressed.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
works for you, use it! ;-)
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http
the running system is a ramdisk. You can use the
mail option to send the logs via email and cron. There are several people
doing this, so it should be easily found in the leaf-user mailing-list
archives.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
this? or,
is there an easier way to get around this?
Dachstein can be very difficult to get running w/pcmcia, I would use Bering
that has much easier pcmcia support. The drivers should already be available.
Check the Bering installation/users manuals, there should be a section on
pcmcia devices IIRC.
--
~Lynn Avants
Linux
be documented somewhere
on the site (FAQ or HD howto) or atleast searchable via the archives.
To my knowledge several people have got LEAF to work via Grub/Lilo,
but noone has posted a menu-first (grub) or lilo.conf.
Thanks,
~Lynn
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http
is use of a . directory
so that it is hard to find even with a non-compromised box. A better idea
is to send logs to a remote printer, but this is overkill for most people.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
your system.
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http://leaf.sourceforge.net
---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
on the
exact variant you are using.
For Bering, look at the bridge section of the Users Manual.
For Dachstein, look at:
http://leaf.sourceforge.net/devel/thc/dox/bridge.txt
Starting with Section 2.2.6.2 Network Configuration
--
~Lynn Avants
Linux Embedded Appliance Firewall developer
http
would
definately take a look in your /root directory, but I would doubt your
hackeddepending on what LEAF system and add-on packages you're
using/config. In any case, I would do a thorough look at the box to make
sure, unless somebody has any better insight into this.
--
~Lynn Avants
Linux
this helps,
~Lynn Avants
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
leaf-user mailing list: [EMAIL PROTECTED]
https
the same was in Eigerstein
as it does Dachstein through /etc/network.conf (easier anyway).
I hope this helps,
~Lynn Avants
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
as desired!
~Lynn Avants
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
leaf-user mailing list: [EMAIL PROTECTED]
https
in a many
years (to my knowledge), so your best help may be found on the Coyote lists.
I hope this helps,
~Lynn Avants
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
.
~Lynn Avants
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
leaf-user mailing list: [EMAIL PROTECTED]
https
the
DHCP lease.
You will have this problem EVERY reboot until you either use DHCP on the
Win2k client or enter a domain-name (anything basically) in the IP setup on
the Win2k machine.
I hope this helps,
~Lynn Avants
---
This sf.net email
On Thursday 02 January 2003 10:59 pm, you wrote:
On Thu, 02 Jan 2003 22:00:17 CST Lynn Avants wrote:
snip
Not that you said they were, but the unspecified DNS suffix and
the nslookup Can't find server name... message are not related.
nslookup is complaining because the PTR lookup
On Wednesday 01 January 2003 05:27 pm, you wrote:
Everyone,
After much hair pulling, blood-pressure raising, mustache twitching
I am trying to configure Bering in a Road Warrior configuration using (
I shudder to admit ) Win2k clients.
I've gone through Chad Carr's
this helps,
~Lynn Avants
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
leaf-user mailing list: [EMAIL PROTECTED]
https
to load all the IPSec modules? I would think that
port mapping would be sufficient.
Yes, you will to pass the connection through the firewall. There is only
one ipsec.o module to load.
--
~Lynn Avants
Linux Embedded Firewall Project developer
http://leaf.sourceforge.net
by using a little more effort with the mailing-list archives.
everything but GRE (which probably has nothing to do with the VPN connection)
is a common VPN FAQ.
--
~Lynn Avants
Linux Embedded Firewall Project developer
http://leaf.sourceforge.net
and qpopper all working on a lrp-based system.
If you write it, I'm sure it could be added to the LEAF doc section.
Have a good time, lucky christmas celebrations and a good slide into the
new year.
Same to you (and everyone else) as well! ;-)
--
~Lynn Avants
Linux Embedded Firewall Project
of denies from going to this site. Many other sites use similar
scripts via many DNS servers for load balancing. To sum it up, this is not
a problem with DNScache, but rather the code of the page you are viewing.
--
~Lynn Avants
Linux Embedded Firewall Project developer
http://leaf.sourceforge.net
on this on the leaf-devel list?
I am planning to do some work on the the packaging/backup system,
as well other things after the first of the year. Maybe several of us would
be willing to work together on this project and same some time/effort
for the same end result.
--
~Lynn Avants
Linux Embedded
or an ip
that scans many ports (port-scan). These would likely be someone interested
in attempting to crack your firewall/LAN, otherwise the traffic is most likely
internet trash that comes in a huge variety.
--
~Lynn Avants
Linux Embedded Firewall Project developer
http://leaf.sourceforge.net
to be a feasible option.
I can't compare the security since FloppyFW doesn't have a
default ruleset. There's nothing wrong with this, it's just a matter
of preference.
I'd be interested if you would try it and send me your opinion of
FloppyFW.
--
~Lynn Avants
Linux Embedded Firewall Project developer
everything to work properly.
--
~Lynn Avants
Linux Embedded Firewall Project developer
http://leaf.sourceforge.net
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
ago. You can do a leaf-user archive
search, but I don't remember any specifics being included. I just remember
that it has already been done atleast once that I know of.
I hope this helps,
--
~Lynn Avants
Linux Embedded Firewall Project developer
http://leaf.sourceforge.net
201 - 288 of 288 matches
Mail list logo