Re: [Leaf-user] OT: 3c5x9 nic on Redhat 7.2

Tim Hicks wrote: > [ snip ] > > I have a Compaq Deskpro 2000 that I am trying to install RH7.2 onto. It has > no CD drive, so I am attempting to do a network (http) install from my winME > box running Apache (temporarily). I used the bootnet.img and I booted up > the Deskpro. Unfortunately,

Re: [Leaf-user] Openssh 2.9.9p2 available -- Dachstein-CD ???

Jacques Nilo wrote: > > I have updated openssh packages to their latest 2.9.9p2 version. > They are compiled statically against openssl-0.9.6b and dynamically > against zlib-1.1.3 > See: > http://leaf.sourceforge.net/devel/jnilo Excellent! Charles, is this that version that you are adding to D

Re: [Leaf-user] Announcing official release of Dachstein-CD

Charles Steinkuehler wrote: > > > As always, this is truly superb stuff! Bravo, Charles !!! > > > > Couple questions, even though these items appeared in RC5: > > > > [1] What is the purpose of the ``leaf'' user? > > It was in Jacques' example passwd file...I added it mainly as a 'stub' entry

Re: [Leaf-user] Announcing Dachstein CD RC5

Charles Steinkuehler wrote: > [ snip ] > > Rebuilt log.tgz (part of ramlog.lrp) using busybox tar in hopes of > eliminating "broken pipe" messages appering on some systems. Did I tell you that that fixes the problem? Of course, in my modified instance, it took me quite sometime to figure ou

Re: [Leaf-user] Dachstein-CD-rc3 available: bash.lrp error

Charles Steinkuehler wrote: > > > > > > I haven't tried bash.lrp since pre-release. There used to be two > (2) > > > > > bash-related problems; now, I find one (1): > > > > > > > > > > Mounting local filesystems... > > > > > ramdisk.pkg: Uncompressing archives - > log.tgz/etc/rcS.d/S36ramdisk.p

Re: [Leaf-user] Dachstein-CD-rc3 available: bash.lrp error

Charles Steinkuehler wrote: > > The third release-candidate version of Dachstein-CD is now available. This > version feels like it's getting pretty close to done. Lots of minor > chagnges, none of them show-stoppers, just getting everything working the > way it should. This version is the fir

Re: [Leaf-user] Dachstein-CD-rc3 available: bash.lrp error

"Michael D. Schleif" wrote: > > Charles Steinkuehler wrote: > > > > The third release-candidate version of Dachstein-CD is now available. This > > version feels like it's getting pretty close to done. Lots of minor > > chagnges, none of them show-

Re: [Leaf-user] Dachstein-CD-rc3 available: bash.lrp error

Charles Steinkuehler wrote: > > > > > > I haven't tried bash.lrp since pre-release. There used to be two > (2) > > > > > bash-related problems; now, I find one (1): > > > > > > > > > > Mounting local filesystems... > > > > > ramdisk.pkg: Uncompressing archives - > log.tgz/etc/rcS.d/S36ramdisk.p

Re: [Leaf-user] Dachstein

Hilton Travis wrote: > > Rocks. I just changed from Tel$tra cable to Optus@home cable, downloaded > Dachstein RC2, and installed it fine. works a treat. > > I'll be making images for Tel$tra BigPond and Optus users, and replacing my > earlier images on http://quarkau.cjb.net when I get back f

Re: [Leaf-user] Announcing official release of Dachstein-CD

Charles Steinkuehler wrote: > > The official release (v1.0.1) of Dachstein-CD is now available for download > from the usual places: > slow: > http://lrp.steinkuehler.net/files/diskimages/dachstein-CD/ > fast: > http://lrp1.steinkuehler.net/files/diskimages/dachstein-CD/ > http://lrp2.steinkuehl

Re: [Leaf-user] Announcing official release of Dachstein-CD

"Michael D. Schleif" wrote: > > Charles Steinkuehler wrote: > > > > The official release (v1.0.1) of Dachstein-CD is now available for download > > from the usual places: > > slow: > > http://lrp.steinkuehler.net/files/diskimages/dachstein-CD/ &g

Re: [Leaf-user] Announcing official release of Dachstein-CD

Charles Steinkuehler wrote: > > > Interestingly enough, logged in as leaf, I *cannot* su - root > > su: Incorrect password > > > > What gives? Trust me, I know the root password ;> But, I cannot > > eliminate root login if I cannot su to root . . . > > Hmm...does su have the setuid bit set?

[Leaf-user] Who's experienced integrating WIC's into LEAF/LRP ???

We have an application that behooves us to include T-1/CSU/DSU into an LEAF/LRP box. So far, we have built several boxen that relied on Cisco routers to handle the WAN side. We are investigating products by Cyclades and Sangoma, which seem to meet our needs. However, never having done this, no

[Leaf-user] WIC's & LRP-CD ???

We have an application that behooves us to include T-1/CSU/DSU into an LEAF/LRP box. So far, we have built several boxen that relied on Cisco routers to handle the WAN side. We are investigating products by Cyclades and Sangoma, which seem to meet our needs. [1] Is LRP-CD ready to run these WI

Re: [Leaf-user] Mail and Dachstein domains

Paul Rimmer wrote: > > Thank mds, I changed the MAIL_DOMAIN in posixness.conf to match the one I > get inside the dhcp lease: > > option domain-name "cg.shawcable.net"; > > After a reboot, mailing works like a charm. Should this DHCP option > domain-name be used by Dahcstein to set its doma

Re: [Leaf-user] wanpipe

Any luck on this? I've spent much of the last two days trying to get this to work -- without success ;< As Eddie said, everything appears to work, except there is *no* interface . . . Eddie Wilson wrote: > > Has anyone configured Dachstein-CD to use a wanpipe card? > > I started with LRP 2.9

Re: [Leaf-user] wanpipe

ess, that line is all that I see, then starting the eth0 interface. Sometimes, depending on which errant configuration permutation I use, I will get three of these: Cannot find device "wanpipe1" Or, this: Error: an inet prefix is expected rather than "dev". Any

Re: [Leaf-user] @home.com to @rogers.com

Or, call them and ask them ;> I had to do that when mediaone transferred to @home. @home told me to use ``mail'' for my smtp server; but, I told them that, for whatever reason, my system did not resolve that to a host name, whereupon they gave me the fqdn for the smtp server -- I've had no prob

Re: [Leaf-user] Bash errors on Dachstein v1.0.1 system

Paul Rimmer wrote: > > I had loaded up bash (and accompanying libraries lrdline2 and lncurses) this > weekend to get the nice shell features. It was working fine for a couple of > days and I was really enjoying the bash shell's tab auto-completion. Today > I noticed that although the firewall

[Leaf-user] *real* grep for LEAF ???

Anybody compiled any *real* grep for use in LEAF? I can't say how many times that I wished I could do -i or -v . . . -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we kn

[Leaf-user] ERROR: iptraf ???

Anybody seen this error on executing iptraf? ``Error opening TCP/UDP filter file Press a key to continue'' What do you think? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional

[Leaf-user] Dachstein-CD: network.conf ???

How to configure external interface when it gets IP, et al., from ISP? /etc/network.conf has these defaults: eth0_IPADDR=1.1.1.2 eth0_MASKLEN=30 eth0_BROADCAST=+ Are these dummies that are always *overwritten* during the address subscription phase? Also, I notice ``+''

[Leaf-user] Dachstein-CD: backdisk ???

Charles ==> Yes, Charles, this is really good stuff! Thank you. One thing that I find rather annoying: ``The backup destination defaults to the last filesystem a package was loaded from'' # cat /var/lib/lrpkg/backdisk root=-t msdos /dev/fd0 etc=-t iso9660 /dev/hda local=-t iso9660 /dev/hda dh

Re: [Leaf-user] Dachstein-CD: backdisk ???

Charles Steinkuehler wrote: > > > One thing that I find rather annoying: > > > > ``The backup destination defaults to the last filesystem a package was > > loaded from'' > > > > # cat /var/lib/lrpkg/backdisk > > root=-t msdos /dev/fd0 > > etc=-t iso9660 /dev/hda > > local=-t iso9660 /dev/hda > >

[Leaf-user] Dachstein-CD vs. mailonerr ???

Charles ==> Is there a reason that your utility: mailonerr will not work on Dachstein-CD? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the mo

Re: [Leaf-user] Dachstein-CD vs. mailonerr ???

Brad Fritz wrote: > > On Wed, 17 Oct 2001 09:55:58 CDT [EMAIL PROTECTED] wrote: > > > Charles ==> > > > > Is there a reason that your utility: mailonerr will not work on > > Dachstein-CD? > > Not to answer for Charles, but in case he's busy with other stuff, > it's possible that you're running

[Leaf-user] bash.lrp & broken pipes ???

I like the idea behind a bash.lrp, especially since we're running Dachstein-CD and plenty of RAM. However, bash.lrp breaks two (2) other modules, complaining about ``broken pipe'': /etc/rcS.d/S36ramdisk.pkg, line 33 /etc/rcS.d/S55urandom.pkg, line 56 Notice, also, that those li

[Leaf-user] syslinux.cfg: *maximum* line length ???

Trying to load many modules at the LRP= point in syslinux.cfg in Dachstein-CD. It appears that when the third line, beginning ``default linux . . .'' exceeds 253 characters, all items _after_ this point are ignored. Is the only workaround adding an lrpkg.cfg to floppy? What do you think? --

[Leaf-user] EIGRP (88) protocol ???

We just connected Dachstein-CD to a T-1 via Sangoma panpipe pci card. We are receiving a plethora of these: kernel: Packet log: input DENY wan PROTO=88 x.y.z.158:65535 224.0.0.10:65535 L=60 S=0xC0 I=0 F=0x T=2 (#39) Yes, we know that protocol 88 is EIGRP. No, Ethernet

[Leaf-user] Dachstein-CD & Sangoma wanpipe

There have been several people on this List who have mentioned problems with Sangoma's wanpipe since upgrading to Dachstein. We have worked closely with Sangoma and have a solution, which we will be releasing early next week -- after a long weekend of testing. Suffice it to say, existing wanpip

[Leaf-user] DMZ considerations ???

We have a couple sites connected by T-1 to the Internet and the ISP's have allocated /26 and /28 public networks for our customers' domains. As you know, typically T-1's use a public /30 network to connect the external wan port to its peer address on the ISP side. This network belongs to the IS

Re: [Leaf-user] EIGRP (88) protocol ???

Charles, thank you! Charles Steinkuehler wrote: > > > kernel: Packet log: input DENY wan PROTO=88 x.y.z.158:65535 > > 224.0.0.10:65535 L=60 S=0xC0 I=0 F=0x T=2 (#39) > > > > Yes, we know that protocol 88 is EIGRP. > > > > No, Ethernet does not > >

Re: [Leaf-user] DMZ considerations ???

Charles Steinkuehler wrote: > > > We have a couple sites connected by T-1 to the Internet and the ISP's > > have allocated /26 and /28 public networks for our customers' domains. > > > > As you know, typically T-1's use a public /30 network to connect the > > external wan port to its peer addres

Re: [Leaf-user] DMZ considerations ???

Charles Steinkuehler wrote: > > > > > So, in Dachstein, we do something like this: > > > > > > > > wan1_IP_EXTRA_ADDRS="x.y.z.64/26" > > > > > > This is not what you really want to do...see below > > > > Yes, but what about the NAT'ed internal network? Does it need a public > > ip address on th

Re: [Leaf-user] EIGRP (88) protocol ???

"Scott C. Best" wrote: > > Heya. Thanks for the packet log, am updating fwlog.pl > to include an awareness of protocol 88. It knew about regular > IGRP (IP protocol 9) but not this one. :) > > Regarding silent deny's...you can block the whole > 224.0.0.0/4 range (RFC-1112 Class-

[Leaf-user] IPTraf vs. wan ???

Is there away to get IPTraf to show ip traffic over a wan link? Is this something related to *not* using an interface of the form ??? eth -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportio

Re: [Leaf-user] DMZ considerations ???

Charles Steinkuehler wrote: > > > Here's the issue: > > > > a.b.c.156/30 wan network (domain: ISP.com) > > a.b.c.157 local wan address (wan1) > > a.b.c.158 remote wan address (peer) > > x.y.z.64/26 public ip block (domain: customer.com) > > x.y.z.64/26 dmz network > > This is a normal 'routed'

[Leaf-user] Delays in updating wanpipe.lrp

We are very sorry for any delays we may incur; but, we are among the unlucky @Home victims. Notwithstanding AT&T's six weeks of assurances that we would experience no interruptions, apparently the dear judge judged the case at least one week quicker than AT&T anticipated and transition us to the

Re: [Leaf-user] DMZ considerations ???

Charles Steinkuehler wrote: > > > > Can you perhaps describe exactly what you're trying to get working, and > > > perhaps there's a better network architecture (ie safer & easier to > > > impliment) to do what you want. You can e-mail me directly if this is > > > sensitive info you don't want o

Re: [Leaf-user] DMZ considerations ???

Charles Steinkuehler wrote: > > > > Just port-forward the service from the public IP of the firewall (the > near > > > end IP of the T1 link). The reverse masqerade rules will do the right > > > thing, and everything should work fine. There are also hooks in place > to do > > > this already, s

[Leaf-user] dnscache & w2k servers ???

Normally, we've been setting up all systems with dhcp and assigning dns servers thusly: 192.168.1.254 # firewall, w/dnscache x.y.z.2 # ISP assigned dns server(s) x.y.z.3 ... I suppose, our theory is, if dnscache gets trashed, at least dns querie

Re: [Leaf-user] EIGRP (88) protocol ???

Charles Steinkuehler wrote: > > > > Regarding silent deny's...you can block the whole > > > 224.0.0.0/4 range (RFC-1112 Class-D multicast) without worry. > > > That catches IGMP, IGRP, EIGRP, and probably others. As you'd > > > expect, this is in the same "reduce my log noise" section of

Re: [Leaf-user] Delays in updating wanpipe.lrp

r Charles' latest kernel 2.2.19-3 -- hopefully, the errors also disappear. If you want our pre-release efforts -- they are fully functioning and performing for us -- please, let me know. > -Original Message- > From: Michael D. Schleif [SMTP:[EMAIL PROTECTED]] > Sent: Sunday,

Re: [Leaf-user] very large /var/log/wtmp

Richard Burt wrote: > > OK, I took a look at the man pages for last. With no arguments, it should > tell me all logins from the wtmp file. Here is what I get: > > # last > USER TTY PID TIMEON FROM > reboot ~ 0 48452.2.19 > > Figuring it has to do with logins, I

Re: [Leaf-user] Delays in updating wanpipe.lrp

Eddie Wilson wrote: > > I downloaded the v3.tar from Sangoma and it seems to work. I get the bootup > errors referred to. I also have to manually run wanconfig and reload the > network script. > > Any ideas on how I can get the card activated before the network script > runs during boot? OK, I

[Leaf-user] dnscache visible from DMZ ???

Is dnscache usable from the DMZ? Any special setup? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . ___

Re: [Leaf-user] Re:

Charles Steinkuehler wrote: > > > Did you see my post about net-snmp? This package requires libdb.so.2 which > > is not part of the libraries on the Dachstein CD. I found the file on the > > Debian web site in the libdb++ package. Did you include it in either of > > your net-snmp packages? If no

Re: [Leaf-user] Re:

"Michael D. Schleif" wrote: > > Charles Steinkuehler wrote: > > > > > Did you see my post about net-snmp? This package requires libdb.so.2 which > > > is not part of the libraries on the Dachstein CD. I found the file on the > > > Debian web s

Re: [Leaf-user] Re:

Am I the doofus or what? My only excuse is, when my lrpkg.cfg looks like this, it is easy to miss one: etc,local,bash,bwidth22,daemontl,djbutils,dhclient,dhcpd,dnscache,ifconfig,libdb,libm,libpcap,libz,lncurses,lrdline2,mawk,modules,netsnmpd,netsnmpu,ramlog,rsync,sftp,ssh,sshd,tcpdump,tinydns,v

Re: [Leaf-user] Testing help needed

Charles Steinkuehler wrote: > > As part of getting a final floppy version released, I have created (yet > another) new kernel tree . > > http://lrp.steinkuehler.net/files/kernels/2.2.20-1-small/ > http://lrp1.steinkuehler.net/files/kernels/2.2.20-1-small/ > http://lrp2.steinkuehler.net/files/ke

[Leaf-user] Silent_Deny by destination address ???

I want to silently deny all traffic with destination 255.255.255.255, regardless of source. This is in response to: input DENY eth0 PROTO=17 12.242.20.34:67 255.255.255.255:68 Is there any protocol or destination port for which these should *not* be denied? Yes, I can write the ipchai

Re: [Leaf-user] What is This

Matthew Schalit wrote: > [ snip ] > All these are blocked by rule #42. What is that rule? > These log messages are from strange hosts. 80% of them don't > resolve to a real hostname. All the packets you listed are > tcp packets with no SYN flag, meaning they are theoretically > responses to

Re: [Leaf-user] Silent_Deny by destination address ???

Ray Olszewski wrote: > > At 01:03 PM 12/9/01 -0600, Michael D. Schleif wrote: > > > >I want to silently deny all traffic with destination 255.255.255.255, > >regardless of source. > > > >This is in response to: > > > > input DENY eth0 PROTO

Re: [Leaf-user] logging

Brian Camp wrote: > > How can I keep denied packes with the 255.255.255.255 destination address > from being logged? If you are using Dachstein, or some other distribution that understands this supplemental file, this entry in /etc/ipchains.input appears to do as you need: $IPCH -I input -j DE

[Leaf-user] LEAF development box, 2.2.19 kernel & cannot use old ide hdd ???

I am building a development box with slink. The system is up and functioning; but, now, I need to implement a 2.2.19 kernel. It builds successfully; but, has problems at bootup. The system: Pentium 150 64MB RAM /dev/sda1 - swap /dev/sda2 - / /dev/scd0 -

Re: [Leaf-user] LEAF development box, 2.2.19 kernel & cannot use old ide hdd ???

Charles Steinkuehler wrote: > > > Under the original slink, *ALL* of this functions properly! > > > > My new (2.2.19) kernel properly recognizes everything *except* > > /dev/hdb1: > > > > ``Checking all file systems . . . > > Parallelizing fsck version 1.12 (9-Jul-98) > > fsck.ext2: Operation no

Re: [Leaf-user] LEAF development box, 2.2.19 kernel & cannot use old ide hdd ???

Charles Steinkuehler wrote: > > > > Looks like everything but IDE is working properly...are you sure you've > got > > > the kernel configured properly for IDE support? > > > > It's an older ide hdd (quantum lps270), if that matters. > > > > Here are what I believe to be pertinent .config section

Re: [Leaf-user] LEAF development box, 2.2.19 kernel & cannotuse old ide hdd ???

Ray Olszewski wrote: > > At 05:37 PM 12/14/01 -0600, Michael D. Schleif wrote: > ... > >Interestingly, under the kernel that is functioning properly, there is > >*NO* /proc/ide !?!? > > > ... > > > >So, how is this handling the IDE hdd? Is it using

Re: [Leaf-user] LEAF development box, 2.2.19 kernel &cannotuse old ide hdd ???

Ray Olszewski wrote: > > At 06:11 PM 12/14/01 -0600, Michael D. Schleif wrote: > [...] > [irrelevancies about 2.0.x kernels and "ogriginal Slink" deleted] > >Nevertheless, the problem remains -- the system does *not* recognize > >/dev/hdb1. > > > &g

Re: [Leaf-user] AT&T transition woes

Gary and Cindy Cote wrote: > > --- Matt Schalit <[EMAIL PROTECTED]> wrote: > > gc wrote: > > > > > > > > > Describe exactly what you did and what you saw, if > > it's > > still happeing and the DNS advice you got doesn't > > fix it. > > o Downloaded Dachstein 1.0.2 distribution > o Loaded it on

Re: [Leaf-user] FW: Dachstien Documentation Idiosyncrasies

Ken wrote: > [ snip ] > > Second on the dachstien-CD-v1.0.2.iso image it indicated > from the contents that both the OpenSSH and Koon's older > (!!-Depricated-!!) version was on the CD but in reality only > the OpenSSH version was on the CD which didn't seem to be a > problem at first until I t

Re: [Leaf-user] standalone dachstein cd

guitarlynn wrote: > [ snip ] > Q: The 'bootdisk.bin' image is (after much playing) a dos image of > some type, mountable through a msdos loop. I tried at the start to > use Winimage and mkisofs to make my own image with no avail. > Exactly what are you (Charles) using to make the msdos image?

[Leaf-user] RESOLVED: LEAF development box, 2.2.19 kernel & cannot use old ide hdd???

"Michael D. Schleif" wrote: > > I am building a development box with slink. > > The system is up and functioning; but, now, I need to implement a 2.2.19 > kernel. It builds successfully; but, has problems at bootup. > > The system: > > Pentium

Re: [Leaf-user] Timelag in Dachstein 1.0.2

Maxim Heijndijk wrote: > > I run Dachstein 1.0.2 and the time is one hour earlier than it should be. How can I >change this ? I run 'rdate -p -s some.time.server && hwclock --systohc', but still >one hour earlier. This link contains good timezone information, although much of it no longer app

Re: [Leaf-user] Timelag in Dachstein 1.0.2

Sorry, the link: <http://c0wz.steinkuehler.net/dox/ntp.txt> "Michael D. Schleif" wrote: > > Maxim Heijndijk wrote: > > > > I run Dachstein 1.0.2 and the time is one hour earlier than it should be. How can >I change this ? I run 'rdate -p -s s

[Leaf-user] tinydns vs. dmz ???

How should tinydns deal with a dmz? One of our Dachstein-CD firewalls was up for several days, functioning as we expected. mailonerr is configured to use our mail server that sits on the dmz -- and we were getting our periodic notices, until sometime after 2200 last night. tinydns/public is se

[Leaf-user] Dachstein-CD, symlinks vs bootup ???

OK, I have a package which contains a symlink: /var/log/iptraf -> /var/log Also, I am using ramlog.lrp and ram1 for /var/log . During bootup and initial package install, that symlink does *NOT* get created! However, if I load that same package a second (2nd) time -- after bootup is co

Re: [Leaf-user] Update: AT&T Transition Woes

gc wrote: > > It looks like Charles and Dan nailed it. > > My ISP seemed to be keying off of the MAC address. > When I spoofed the router's MAC address (as per Charles' > instructions below), it was able to get a good IP address. > It still bugs me, though, that the ISP WAS giving me an IP > ad

Re: [Leaf-user] Starting from scratch to build a high capacity VPN tunnel appliance, part 2

Dan Schwartz wrote: > > Dear Charles: > > Thank you *very* much for the offer. Right now they are in the process of > getting the T-1 line provisioned (still 30+ days away, courtesy of Verizon); > and as they get closer to deciding on whether they want a VPN channel between > th

[Leaf-user] Dachstein-CD: port forward w/dmz & proxy_arp ???

I'm not sure where the problem is. Here are the facts: external interface wan1 a.b.C.157 a.b.C.156/30 -- public proxy_arp=yes internal interface eth0 192.168.1.254 192.168.1.0/24 -- private proxy_arp=no dmz interface et

Re: [Leaf-user] Is this newbie even in the right ballpark with LEAF?

Dan Schwartz wrote: > > Over the past few days I've received some very helpful guidance about > assembling LEAF VPN appliances to handle multi-megabit 3DES encryption > throughput rates; and I really appreciate the guidance given this Mac & NT > geek (& linux newbie). > > Howeve

Re: [Leaf-user] Is this newbie even in the right ballpark with LEAF?

Matthew Schalit wrote: > > Dan Schwartz wrote: > > > > Good evening, folks! > > > > Over the past few days I've received some very helpful guidance about > > assembling LEAF VPN appliances to handle multi-megabit 3DES encryption > > throughput rates; and I really appreciate the g

Re: [Leaf-user] Dachstein-CD: port forward w/dmz & proxy_arp ???

No ideas? "Michael D. Schleif" wrote: > > I'm not sure where the problem is. Here are the facts: > > external interface > wan1 > a.b.C.157 > a.b.C.156/30 -- public > proxy_arp=yes > > internal int

Re: [Leaf-user] Dachstein-CD V1.0.2 Available

Tony wrote: > > I have a question Charles, how/where is the /dev/cdrom symlink created? I took a >stock version of your 1.0.2 image and modified it to fit my needs (i.e. set a root >passwd, included some other packages like psentry, setup network config for my net, >stuff like that). I then

Re: [Leaf-user] Dachstein-CD: port forward w/dmz & proxy_arp ???

Charles ==> My bad ;> Charles Steinkuehler wrote: > > > No ideas? > > Sorry...been busy w/XMas stuff. > > > "Michael D. Schleif" wrote: > > > > > > I'm not sure where the problem is. Here are the facts: > >

Re: [Leaf-user] trouble with silent_deny in dachstein

Stewart Adey wrote: > > I get heaps of these: > > Nov 3 12:50:24 firewall kernel: Packet log: input DENY eth0 PROTO=17 > 10.43.0.1:67 255.255.255.255:68 L=344 S=0x00 I=18816 F=0x T=255 > (#9) [ snip ] > i think it's my isp, but i'm not sure. Anyway, i need to know from > this section of t

Re: [Leaf-user] Dachstein-CD: port forward w/dmz & proxy_arp ???

Doh! Of course -- again, not thinking -- addled by all of this holiday spirit ;> Thank you. Charles Steinkuehler wrote: > > > My normal attempts resulted in failed connections. Since this box uses > > wanpipe for EXTERN_IP, I couldn't troubleshoot with the normal tools > > (e.g., iptraf, tcp

[Leaf-user] portfw to *multiple* hosts ???

Quite simply, what is the simplest, secure way to forward to two (2) hosts? There are probably better ways to accomplish the end goal; but, we have an application whereby we may need to push very large files from the internet to two (or, more) locations behind a Dachstein firewall. What do you

Re: [Leaf-user] portfw to *multiple* hosts ???

Jeff Newmiller wrote: > > On Thu, 27 Dec 2001, Michael D. Schleif wrote: > > > > > Quite simply, what is the simplest, secure way to forward to two (2) > > hosts? There are probably better ways to accomplish the end goal; but, > > we have an application where

Re: [Leaf-user] portfw to *multiple* hosts ???

Charles Steinkuehler wrote: > > > > > Quite simply, what is the simplest, secure way to forward to two (2) > > > > hosts? There are probably better ways to accomplish the end goal; > but, > > > > we have an application whereby we may need to push very large files > from > > > > the internet to

Re: [Leaf-user] portfw to *multiple* hosts ???

Charles Steinkuehler wrote: > > > > ??? > > > Please explain a bit more about exactly what you're trying to > accomplish... > > > > Large medical images -- some approaching gigabyte sizes. > > > > The internal network connects multiple facilities. The images may need > > to be shared across mul

[Leaf-user] ipsec gateways & same private networks ???

This must be a common problem ;> Suppose that there are two (2) Dachstein-CD firewalls masquerading two (2) distinct internal networks that happen to use the same private subnets (e.g., 192.168.1.0/24). is pretty emphatic: ``No

[Leaf-user] Dachstein-CD, ipsec & rsasigkey ???

Why does this *never* complete? ipsec rsasigkey --verbose 2048 >mykey Is there some special source for randomness other than /dev/random? I've tried this with various lengths, including the shortest allowable: 16 It appears to hang on two (2) different machines: 486/66

Re: [Leaf-user] Sending email alerts with Dachstein CD V1.0.2

Steve Jeppesen wrote: > > Hello all, > I am trying to use the send email alerts option, and have researched thru > both the LRP and LEAF user mail lists. > > I have edited both POSIXness.conf and lrp.conf to reflect my mail settings. > > When I try the > # mail -s test [EMAIL PROTECTED] < /var

[Leaf-user] DCD, ipsec & route filtering ???

# svi ipsec --restart ipsec_setup: Stopping FreeS/WAN IPsec... ipsec_setup: stop ordered, but IPsec does not appear to be running! ipsec_setup: doing cleanup anyway... ipsec_setup: Starting FreeS/WAN IPsec 1.91... ipsec_setup: WARNING: ipsec0 has route filtering turned on, KLIPS may not work ipse

[Leaf-user] DCD & ipsec & _updown ???

[1] Am I correct that _updown script is *modified* by somebody leaf/lrp to accommodate ipchains, as opposed to the default ipfwadm? Perhaps, that script should include some brief attribution of this non-standard modification? Is there some reason to modify this, as opposed to using a custom scr

[Leaf-user] DCD, ipsec & tunnel testing ???

OK, I'm getting the hang of this -- happy new year! Anyway, I have a tunnel between two (2) Dachstein-CD firewall/gateways, seperated by the big, bad internet ;> I remain confused, however, *how* to test the encryption. Yes, I understand how, if both boxes were local and I could place a 3rd in

Re: [Leaf-user] DCD, ipsec & tunnel testing ???

Charles Steinkuehler wrote: > > > Anyway, I have a tunnel between two (2) Dachstein-CD firewall/gateways, > > seperated by the big, bad internet ;> > > > > I remain confused, however, *how* to test the encryption. Yes, I > > understand how, if both boxes were local and I could place a 3rd in >

Re: [Leaf-user] DCD, ipsec & tunnel testing ???

Charles Steinkuehler wrote: > > > Anyway, I have a tunnel between two (2) Dachstein-CD firewall/gateways, > > seperated by the big, bad internet ;> > > > > I remain confused, however, *how* to test the encryption. Yes, I > > understand how, if both boxes were local and I could place a 3rd in >

Re: [Leaf-user] DCD, ipsec & tunnel testing ???

Charles Steinkuehler wrote: > > > > Recent versions of tcpdump are smart enough to be able to dump > > > the encrypted traffic going over the physical interface without being > > > confused. You basically want to dump the raw traffic going over your > > > external 'net, and verify protocol 50 p

Re: [Leaf-user] How do you use the bootdisk.bin file???

> Craig Caughlin wrote: > > Hi folks, > I'm trying to understand how to create my own bootable CD and some of > you have been kind enough to respond. Charles relied to me by saying: > > Create a new CD image using appropriate software...make sure you use > the bootdisk.bin disk image to make th

Re: [Leaf-user] ping check not working bug resolution

Paul Rimmer wrote: > > Robert, thanks for the help. > > "/bin/hostname" reports the correct value when run from the command line. > The parameter is correctly configured automatically by network.conf. The > hostname file also exists in /etc. > > If I run "mail -s $HOSTNAME [EMAIL PROTECTED]

Re: [Leaf-user] ping check not working bug resolution

Paul Rimmer wrote: > > > Clearly, $HOSTNAME is *not* in the environment for whatever user is > > executing your cron job. > > cron is a root process (I assume this means multicron-p will be executed as > root?) and I am logged in as root when I successfully use the $HOSTNAME > global from the c

Re: [Leaf-user] Bash on LEAF

"Sean E. Covel" wrote: > > Is there a Bash shell for LEAF? Could there be? It is included in Dachstein-CD, or individually from: -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break .

Re: [Leaf-user] ping check not working bug resolution

Paul Rimmer wrote: > > > Add this to /etc/multicron-p: > > > > environment () { > > { > > echo > > echo "$(set)" > > } | mailadmin "Environment List" > > } > > > > Then, make sure that periodic contains the new function: > > > > periodic () { > > env

Re: [Leaf-user] ping check not working bug resolution

Paul Rimmer wrote: > [ snip ] > It's funny that $HOME shows as /root but whoami doesn't return "root". > Also, all of the lrp.conf environment variables appear to be visible but not > the ones from network.conf (where $HOSTNAME is defined). [ snip ] As I indicated previously, /etc/profile is

Re: [Leaf-user] difference between EXTERN_TCP_PORTS and EXTERN_TCP_PORT[0-9]{1,}

Peter Jay Salzman wrote: > > is the difference between EXTERN_TCP_PORTS and EXTERN_TCP_PORT[0-9]{1,} > that it's more pleasing to the eye to look at > > EXTERN_TCP_PORT0="0/0 ssh" > EXTERN_TCP_PORT1="0/0 www" > EXTERN_TCP_PORT2="0/0 smtp" > EXTERN_TCP_PORT3="0/0

Re: [Leaf-user] [DACHSTEIN] mail help for dachstein

Stewart Adey wrote: > > I'm on optus@home Australia, and in outlook express i access the pop3 server > with "mail". I need to access the server from the computer that's directly > connected to the internet, but now that i'm using a router, (dachstein) how > do i access it now? You need to cont

Re: [Leaf-user] closer to mail solution

> Stewart Adey wrote: > > okay,,, I have found out these specs: > > Optus@home Australian mail server: > > "mail" > > outgoing port: 25 > incoming port: 110 > > Optus@home Australian news server: > > "news" > > port: 119 > > can anyone help me, i'm trying to access my e-mail from behind

[Leaf-user] DCD, ipsec & windows networking ???

OK, we have setup two (2) ipsec gateways on two DCD firewalls across the internet. Standard tcp/ip stuff works as expected. Now, we want to get the m$oft windoze networks on each side to interact with each other, as if they are on the same network. We have setup lmhosts files on each side for

<    1   2   3   4   5   >