help you there.
Nice BONUS: usb scanners work fine as keyboard input.
Roger E McClurg [EMAIL PROTECTED] on 05/17/2004 03:13:15 PM
To: [EMAIL PROTECTED]
cc:(bcc: Phillip Watts/austin/Nlynx)
Subject: [leaf-user] USB Keyboard
Has anyone managed to get a USB keyboard to work
Have something I can't quite figure out.
Please don't send me to the HOWTO's, they don't quite cover this.
I wish to boot from compact flash and have one ramdisk for /usr
(for performance) and another for /var (dont want to log and spool to flash).
And I really don't want to change execution
Anyone know of a GUI or HTML configurator for
FreeSWAN IPSec?
Does Webmin address this service?
---
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
I have a reason to explore a single nic route.
That is multi-homing, external and internal interface
on the same ethernet interface.
Assuming this can be done, I haven't even tested the
concept yet,
Are there glaring security reasons not to do this?
as the ISP's gateway. Maybe?
It's just interesting.
Charles Steinkuehler [EMAIL PROTECTED] on 03/04/2003 10:30:35 AM
To: Phillip Watts/austin/[EMAIL PROTECTED]
cc:
Subject: Re: [leaf-user] One nic router.
[EMAIL PROTECTED] wrote:
I have a reason to explore a single nic route
driver takes care of it by padding the buffer
with
nulls.
mii is, I believe, a pci bus scan.
David Pitts [EMAIL PROTECTED] on 02/18/2003 09:05:54 PM
To: [EMAIL PROTECTED]
cc:(bcc: Phillip Watts/austin/Nlynx)
Subject: RE: [leaf-user] rtl8139.o and Bering 1.1
I have successfully
Very informative. Thanks.
Richard Doyle [EMAIL PROTECTED] on 02/19/2003 02:37:49 PM
To: Phillip Watts/austin/Nlynx@Nlynx
cc: David Pitts [EMAIL PROTECTED], [EMAIL PROTECTED]
[EMAIL PROTECTED]
Subject: RE: [leaf-user] rtl8139.o and Bering 1.1
See http://www.scyld.com/network
thinking about in any design. I think Cisco calls thisAccess Lists.
Oh, can't speak for Perl, but after 1.5, Python gets BIG.
1.5 is fine for my purposes. Anyway, size matters.
Matt Schalit [EMAIL PROTECTED] on 02/17/2003 12:39:36 PM
To: [EMAIL PROTECTED]
cc:(bcc: Phillip
I've been using 8139too.o which I believe requires mii.o
for a long time.
I forget the issues.
Chris Hackett [EMAIL PROTECTED] on 02/18/2003 02:05:55 PM
To: '[EMAIL PROTECTED]' [EMAIL PROTECTED]
cc:(bcc: Phillip Watts/austin/Nlynx)
Subject: [leaf-user] rtl8139.o and Bering 1.1
I'm not much of a mail guru but I have noticed problems
when DROPing rather than REJECTing auth, tcp 113.
Mike Noyes [EMAIL PROTECTED] on 01/30/2003 12:32:25 PM
To: [EMAIL PROTECTED]
cc:(bcc: Phillip Watts/austin/Nlynx)
Subject: Re: [leaf-user] Leaf blocking mails?
On Thu, 2003
Is there any way to use a Linux router to block popups?
---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
respond to [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
cc:(bcc: Phillip Watts/austin/Nlynx)
Subject: Re: [leaf-user] Token ring bridging.
On Friday 17 January 2003 10:47 am, [EMAIL PROTECTED] wrote:
Any one know if a linux router can act like a token ring bridge?
Will it handle source
Thanks, I'll try it.
Lynn Avants [EMAIL PROTECTED] on 01/20/2003 09:17:29 AM
Please respond to [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
cc:(bcc: Phillip Watts/austin/Nlynx)
Subject: Re: [leaf-user] Token ring bridging.
On Monday 20 January 2003 08:40 am, [EMAIL PROTECTED] wrote
Any one know if a linux router can act like a token ring bridge?
Will it handle source routing?
Error monitoring? replacing tokens? all that token ringish stuff.
I a card working with the olympic driver, but don't know whether I
should try to spend the time to replace some old bridges we have
Did not understand, what do you mean save logs from network ?
syslogd will capture logs from other machines which support
remote syslog.
Ales Curk [EMAIL PROTECTED] on 01/10/2003 09:00:10 AM
To: [EMAIL PROTECTED]
cc:(bcc: Phillip Watts/austin/Nlynx)
Subject: [leaf-user] STATISTICS
Any one know the ip(route2) command to block forwarding
or forward to a blackhole by matching mac address?
Thanks.
---
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
The hostap package talks extensively about this,
I haven't tried it, but everything else about hostap has been
a smooth pleasure.
Mike Hahn [EMAIL PROTECTED] on 12/19/2002 12:49:04 PM
To: [EMAIL PROTECTED]
cc:(bcc: Phillip Watts/austin/Nlynx)
Subject: [leaf-user] Leaf wired
/2002 09:19:14 PM
To: [EMAIL PROTECTED]
cc:(bcc: Phillip Watts/austin/Nlynx)
Subject: Re: [leaf-user] netfiltering in user space.
--On Tuesday, December 03, 2002 06:47:04 PM -0800 Chad Carr
[EMAIL PROTECTED] wrote:
Under Debian I did apt-get install iptables-dev. Then do man libipq
Using the libipq library I am capturing DNS packets
for the purpose of url blocking.
In the packet data, weird:
everywhere there should be a dot, there is a random low character
like:
wwwackgoogleeotcom
Anyone know anything about this?
I am using A DLink DWL 520 PCI card with
hostap_pci.o as the driver.
I am running in managed mode, that it as an
adapter, NOT an access point.
Kernel is 2.4.18.
I am getting 350 to 380 k bitspersecond thru the router.
On the same network and same hardware runiing Windows
and using a DLink Air
There is a lot of allusion to iptables allowing you to do some
filtering in user space, but I can't seem to get started.
Like how to specify the target and to reject, accept. etc.
I DO NOT want a complex solution like Snort or a proxy, I just want
to see certain packets, and make a simple
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# accepts all established connections
# e.g. those initiated inside the firewall.
Troy Aden [EMAIL PROTECTED] on 11/26/2002 02:02:44 PM
To: Leaf-User (E-mail) [EMAIL PROTECTED]
cc:(bcc: Phillip Watts/austin/Nlynx
Whoops, I didn't read the whole thing.
You would want to add:-s 192.168.1.67 to the outbound permit.
Troy Aden [EMAIL PROTECTED] on 11/26/2002 02:02:44 PM
To: Leaf-User (E-mail) [EMAIL PROTECTED]
cc:(bcc: Phillip Watts/austin/Nlynx)
Subject: [leaf-user] IP Tables question
, RELATED line to accept the responses.
Troy Aden [EMAIL PROTECTED] on 11/26/2002 02:40:42 PM
To: Phillip Watts/austin/Nlynx@Nlynx
cc: Leaf-User (E-mail) [EMAIL PROTECTED]
Subject: RE: [leaf-user] IP Tables question
Can you please show me where I need to add -s 192.168.1.67? I am assuming
Everything working now using hostap drivers and
DLink DWL 520 (minus the +).
My main problem was not having the kernel congig that
includes support for /proc/net/wireless.
Thanks to all.
And special thanks to wisp. Very cool leaf distro.
Bacon [EMAIL PROTECTED] on 11/25/2002 12:17:49 PM
To: [EMAIL PROTECTED]
cc:(bcc: Phillip Watts/austin/Nlynx)
Subject: [leaf-user] tcpdump of blocked packets?
I'm using port sentry on my LRP box. The otherday it blocked someone
attempting to access port 1080 (not used), then port 25
Thanks, cool technique.
Vladimir I. [EMAIL PROTECTED] on 11/22/2002 08:42:43 AM
To: Phillip Watts/austin/Nlynx@Nlynx
cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] what is a cfs file?
That's CramFS image. You do not unpack it, you mount it :-)
You can use WISP-Dist's scripts
I'm kinda struggling here to get going.
I got a DLink DWL 520 802.11b card and
the hostap_pci.o modules likes it.
It gives me a wlan0 in /proc/net/dev.
I could even assign, ip addr add, an
address to it.
but iwconfig wlan0 gives me no wireless extensions.
( wisp scripts indicate this
need. ??
[EMAIL PROTECTED] on 11/20/2002 04:29:05 PM
To: Phillip Watts/austin/Nlynx@Nlynx
cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] wireless/PCI
I use the linksys PCI card (WMP11?).
I had a problem using the DLink card as the system I was installing it in
wasn't PCI2.2
SUCCESS! at least as far as the hostap_pci driver loading.
Got a DLink DWL-520, minus the plus.
Thanks.
[EMAIL PROTECTED] on 11/21/2002 04:41:47 PM
To: Phillip Watts/austin/Nlynx@Nlynx
cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] wireless/PCI
I have the pci-scan.o
Anyone using an 802.11b PCI ( NOT PCMCIA) card with
Linux drivers and Linux setup utilities which you like
very much?
Thanks.
---
This sf.net email is sponsored by: To learn the basics of securing
your web site with SSL, click here to get
go get a syslink
or SMC.
Thanx.
Lars Kneschke [EMAIL PROTECTED] on 11/20/2002 10:02:44 AM
To: Phillip Watts/austin/Nlynx@Nlynx
cc:
Subject: Re: [leaf-user] wireless/PCI
on* Wed, 20 Nov 2002 09:31:05 -0600, you wrote*:
Anyone using an 802.11b PCI ( NOT PCMCIA) card with
Linux drivers
Interesting, what is PCI2.2? Maybe that is the problem,
I am using a BIOSTAR Mainboard, purchased about 6 months ago.
[EMAIL PROTECTED] on 11/20/2002 04:29:05 PM
To: Phillip Watts/austin/Nlynx@Nlynx
cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] wireless/PCI
I use the linksys PCI
Thanx, very cool.
Chad Carr [EMAIL PROTECTED] on 11/06/2002 10:43:57 PM
To: [EMAIL PROTECTED]
cc:(bcc: Phillip Watts/austin/Nlynx)
Subject: Re: [leaf-user] X.509 certificates
On Wed, 06 Nov 2002 12:18:12 -0800
[EMAIL PROTECTED] wrote:
Message: 9
From: [EMAIL PROTECTED
The coolest thing to do is use a syslog host (syslogd.conf)
A linux host would be cool for writing log analysis tools,
but there is, somewhere, a syslog host for windows.
If you use a linux host, on the host use the -x option in syslogd
to suppress a mountain of reverse dns.
Anyone using X.509 ?
I have some questions.
Is it like RSA , a public and private key pair?
Does the patch include a key generation utility?
Does the patch build smoothly?
Are the keys inserted in ipsec.conf and ipsec.secrets?
Does the patch appear to be solid?
Is it gonna work with
Ray, I finally got time to do this 'right'.
If you want to take the time to look at it, cool,
there is certainly no urgency on my part.
I rearranged the firewall script a little, partly because
of one of your suggestions and it seems to be performing
very well. Now I have no idea where the
Anyone care to look at this?
I am seeing something really weird in my log about every
40 seconds:
Nov 4 13:30:24 NLynxGW kernel: IP LOG: IN=eth0 OUT=
MAC=00:04:e2:10:4a:68:00:e0:1e:5f:f4:69:08:00 SRC=63.121.22.5
DST=66.118.15.69 LEN=56 TOS=0x00 PREC=0x00 TTL=117 ID=44044 PROTO=ICMP
TYPE=3
I'm trying to understand what's going on here
My goal is log everything that hits the external
interface, except the body of file transfers and
lengthy web sites.
Here's what I THINK I'm doing:
Step 1 accepts everything previously established.
Step 2 logs and drops NEW non connections, those
Ray Olszewski [EMAIL PROTECTED] on 11/01/2002 02:03:13 PM
To: [EMAIL PROTECTED]
cc:(bcc: Phillip Watts/austin/Nlynx)
Subject: Re: [leaf-user] Need logging help.
At 12:55 PM 11/1/02 -0600, [EMAIL PROTECTED] wrote:
whenever? How many different sites did you test
I can't figure out how to handle this:
My external interface,eth0, has two addresses:
(all addresses fake.)
2.2.2.5 - The true public address as seen by the Internet.
3.3.3.50 - An address on an intranet lan
The default gateway is 2.2.2.1, the Cisco router -T1-ISP
The gateway for the
Figured it out, iproute2 docs rather vague.
ip addr add 3.3.3.5/24 dev eth0 label eth0:0
SO: I can use -o eth0:0 as a match to NAT? cool.
Ray Olszewski [EMAIL PROTECTED] on 10/31/2002 12:56:56 PM
To: Phillip Watts/austin/Nlynx@Nlynx
cc: [EMAIL PROTECTED]
Subject: Re: [leaf
WELL, this raises a question:
I have, for a year, been adding address to eth0
without creating an alias/virtual device.
The purpose for the extra addresses has been to
forward them to DMZ servers, and it seems to work fine.
---
This
have decided it doesn't really matter.
But thanks, as always, for the help.
P.S. If you are really curious about what I'm doing, I will
attempt to illustrate it better.
Ray Olszewski [EMAIL PROTECTED] on 10/31/2002 02:17:09 PM
To: Phillip Watts/austin/Nlynx@Nlynx
cc: [EMAIL PROTECTED
Emailed the ISP what I saw, then talked to him.
He was confused and couldn't get a terminal emulator to work
to see for himself.
So I said, Dude, the thing is not putting out login:
Is there a chance auth is CHAP or PAP?
Oh yeah, I think it is. ( Jeez)
Well, Chap or PAP?
Uh, I'm not sure,
Thanks, I've never seen an LCP dialogue before.
That could be a big help.
Eric Wolzak [EMAIL PROTECTED] on 10/22/2002 09:15:20 AM
To: Phillip Watts/austin/Nlynx@Nlynx, [EMAIL PROTECTED]
cc:
Subject: Re: [leaf-user] help with ISDN?
Hello Phillip
some comments inline.
Emailed
, I will investigate the high speed wireless access in our little
town. Might as well exchange one uncooperative ISP for another.
Ray Olszewski [EMAIL PROTECTED] on 10/16/2002 11:30:57 AM
To: Phillip Watts/austin/Nlynx@Nlynx
cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] help with ISDN
Ray Olszewski [EMAIL PROTECTED] on 10/15/2002 10:53:16 AM
To: Phillip Watts/austin/Nlynx@Nlynx, [EMAIL PROTECTED]
cc:
Subject: Re: [leaf-user] help with ISDN?
To get meaninful help, you are going to have to improve the quality of your
reporting. Telling us you got some errors
IPSec seems to be working fine, I make connections.
But in the log i see a message like:
pluto_adns: lib/resolv.so.2 version GLIBC2.2 not found.
Any ideas?
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
I'm not using the snmp.lrp package,
I downloaded net-snmp 5.03 and built my own
on a Debian system.
net-snmp daemon seems to be working great
with several managers as far as inquiry.
When a manager makes a change to a rw variable
such as system.contact.0, I cant find anywhere that
change is
I want to turn on an LED if any vpn connection is up.
I'd like to minitor every couple seconds, 5 at most.
I can:ipsec auto --status and grep for an up connection
but that's a lot of overhead every few seconds.
Does anyone know if IPSec puts anything in /proc that signifies the status
If I am allowing no NEW connections from the outside
except -all- ESTABLISHED, RELATED.
Then I am doing connection tracking. right?
So if I allow in the FORWARD chain, tcp 20 and 21 for Active FTP
and21 and 1025:65535 for Passive FTP,
FROM INSIDE TO OUTSIDE,
then I am doing
PROTECTED] on 08/15/2002 02:56:38 PM
Please respond to [EMAIL PROTECTED]
To: LRP Support [EMAIL PROTECTED]
cc:(bcc: Phillip Watts/austin/Nlynx)
Subject: [leaf-user] allowing internal connections w/o IPSec
In my situation, I have to allow someone in from an outside source. I
already have
I can now get dual ISDN, way out in the country,
no DSL, no cable, don't wantta satellite.
I have an old, never used ISDN modem, 3Com Impact IQ, for FREE.
This gets me outa my ISP's router and I can use a Linux router and
do my kinda VPN, firewall, dmz, etc. YEAH!
But I don't know how.
1)
Very helpful, thanks.
I will forge ahead and call the phone co.
Ray Olszewski [EMAIL PROTECTED] on 08/01/2002 03:12:01 PM
To: Phillip Watts/austin/Nlynx@Nlynx, [EMAIL PROTECTED]
cc:
Subject: Re: [leaf-user] isdn help needed
Responses inline.
At 02:53 PM 8/1/02 -0500, [EMAIL
are allowing access to
and a shared secret.
You will set up Sentinel to 'match' this and voila.
5. Write back here for help.
Craig [EMAIL PROTECTED] on 07/30/2002 09:23:24 AM
To: LEAF [EMAIL PROTECTED]
cc:(bcc: Phillip Watts/austin/Nlynx)
Subject
in your firewall.
Craig [EMAIL PROTECTED] on 07/30/2002 11:08:07 AM
To: LEAF [EMAIL PROTECTED]
cc:(bcc: Phillip Watts/austin/Nlynx)
Subject: [leaf-user] Newbie help for Road Warrior VPN
Thanks Phillip,
I see the Dachstein CD already has the ipsec.lrp (and ipsec509.lrp
ipsec.o files
I am curious what version of FreeSWAN you are running.
I am on 1.97 and haven't seen any drops.
thanks
---
This sf.net email is sponsored by: Jabber - The world's fastest growing
real-time communications platform! Don't just IM. Build it
Early in my foward chain I have
accept all RELATED, ESTABLISHED.
This allows anything that is part of an established connection.
Is this a security threat.?
The reason I put this rule early is also early I want to
-A FORWARD -i $EXT_DEVICE -d 192.168.10.0/24 -j DROP
that is not let any
Bering will run on 486.
Bering has netfilter and iptables. Worth
moving up to after you get your bearings. duck
---
This sf.net email is sponsored by:ThinkGeek
Two, two, TWO treats in one.
http://thinkgeek.com/sf
, so I just haven't spent any time on it.
Jonathan French [EMAIL PROTECTED] on 06/21/2002 06:08:37 PM
To: Phillip Watts/austin/Nlynx@Nlynx
cc: Eric B Kiser [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: [leaf-user] Double Private Network / FreeS/WAN problem
Hm, just for reference
if there are responses.
tcpdump would show you all packets on the 172.16.100 lan.
If you accessed a Web Server via VPN, you are routing well.
Looks like you need to get out the old toolbox.
Dragon Wood [EMAIL PROTECTED] on 06/21/2002 04:47:52 PM
To: Phillip Watts/austin/Nlynx@Nlynx
cc
DragonWood, any success?
---
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
leaf-user mailing list: [EMAIL PROTECTED]
, they say, and are working on it,
NATable, but it is really designed
as a point to point tunnel, with subnets behind the endpoints.
Jonathan French [EMAIL PROTECTED] on 06/21/2002 12:13:50 PM
To: [EMAIL PROTECTED]
cc:(bcc: Phillip Watts/austin/Nlynx)
Subject: [leaf-user] Double Private
] on 06/21/2002 01:46:21 PM
To: Phillip Watts/austin/Nlynx@Nlynx
cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] VPN Tunnel Problem
Yes it worked! Thank you very much Phillip.
By the way, I put the suggested iptables command in
/etc/shorewall/start like so:
run_iptables -t nat
.
Eric B Kiser [EMAIL PROTECTED] on 06/21/2002 03:12:27 PM
To: Phillip Watts/austin/Nlynx@Nlynx
cc:
Subject: RE: [leaf-user] Double Private Network / FreeS/WAN problem
Whoa there,
I am running a NAT'd client that connects via IPsec through my Bering
Firewall everyday.
NT4.0 box w/IPsec clnt
(dynamic) the docs tell you
how to configure for dynamic ( but public) IP. %defaultroute
Jacques Nilo [EMAIL PROTECTED] on 06/18/2002 03:45:48 PM
To: Jason Spence [EMAIL PROTECTED]
cc: [EMAIL PROTECTED] (bcc: Phillip Watts/austin/Nlynx)
Subject: [leaf-user] Re: IPSec NAT
Can Bering 1.0-rc3
: Phillip
Watts/austin/Nlynx)
Subject: [leaf-user] success w/ multiple projects
I have been using the LEAF project for over a year now, and I have found
many interesting things that can be done with the project. I have also been
very interested in working with the Linux Terminal Server
recommend building a Debian system
to develop and play around on, with Bering as your target.
Nachman Yaakov Ziskind [EMAIL PROTECTED] on 06/07/2002 08:16:40 AM
To: [EMAIL PROTECTED]
cc:(bcc: Phillip Watts/austin/Nlynx)
Subject: Re: [leaf-user] Combining NAT with PAT
| In NAT
httpds.lrp (which is aging) doesn't work with my new kernel(flaky).
Sooo I downloaded Apche and built it on Debian and it works great
but no SSL.
Sooo I downloaded mod-ssl but it need mm-1.1.x, the
Shared Memory Library.
The authors website appears to be broken or down.
Can anyone point me to a
I'm using mainly Bering stuff, except I compiled a
2.4.18 486 kernel for various reasons.
I got httpds.lrp of Steinkuehler site. 1999? is that good?
httpd runs and forks a couple of servers and sort of lets me
connect to the web site, but soon starts crashing.
strace -o /tmp/sthttpd -X
I am building a mostly bering system with
a 2.4.18 kernel compiled for 486.
I got httpds from the leaf site, iassume its for Dachstein.
The server loads and loads two children.
But when I access the website I the child dies
with segmentation fault.
Ideas? Thanx
:(bcc: Phillip Watts/austin/Nlynx)
Subject: [leaf-user] RE:IPsec client for windows (free)
Hi !
I did not know that w2000 had IPsec support buit in.
I am going to test it.
Thanks to all
Roberto Pereyra
Gualeguaychu
Argentina
http://www.linux-net.com.ar
GnuPG keyID: BB43E337
http://pgp.mit.edu
-- Forwarded by Phillip Watts/austin/Nlynx on 05/23/2002
01:09 PM ---
Phillip Watts
05/23/2002 01:17 PM
To: Matthew Schalit [EMAIL PROTECTED]
cc: [EMAIL PROTECTED]
Subject: Re: Order of PCI ethernet cards: (Document link: Phillip Watts
Scott Ecker [EMAIL PROTECTED] on 05/22/2002 12:20:48 PM
To: LEAF-user [EMAIL PROTECTED]
cc:(bcc: Phillip Watts/austin/Nlynx)
Subject: [leaf-user] OT: Origins of Bering and Dachstein names
Very OT...
It came up in conversation with some friends yesterday that we weren't clear
What would be the easiest way to get ipcalc for Bering?
I have a debian 2.2.16 and could compile if necessary,
but at this time haven't found the source.
TIA
___
Don't miss the 2002 Sprint PCS Application Developer's Conference
Downloaded it and what a cool tool.
Better than ipcalc.
RU the author? Its on your leaf list.
Anyway, a wrapper written in bash is a cool idea.
Believe I will and send you a copy. Thanx.
David Douthitt [EMAIL PROTECTED] on 05/22/2002 04:51:55 PM
To: Phillip Watts/austin/Nlynx@Nlynx
The user adds some addresses and I want to find
out if they're valid before running a complex series of
networking scripts. Like give him feedback if that address
is already taken.
Is there anip addr
command which will test if an addr is already taken on the network
without doing an
If that is a valid domain name and you can access a dns server
AT THE TIME the rule is run, it should work.
Reginald R. Richardson [EMAIL PROTECTED] on 05/13/2002 10:50:10 PM
To: [EMAIL PROTECTED]
cc:(bcc: Phillip Watts/austin/Nlynx)
Subject: [leaf-user] Ipchains and FQDN
Where can I get a copy of pivot_root compiled for leaf?
That for 2.0.7 glib, right?
Thanx.
___
Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: [EMAIL
I've completed my netfilter eval and would like to
go to 2.4 ( Bering ? ).
Is there a single download I can get on my Linux machine
and unzip? I have some work to do and would rather do it
on Linux.
I went to Charles' Leaf/LRP site and couldn't find it.
Thanx.
I'm trying to build a 2.4.18 for the STMicro STPC.
I compiled as 486 and got rid of a lot of exotic stuff.
The kernel uncomresses, scans pci, recognized ide interrupts
frees initrd memory, looking really good.
Then, before it can run linuxrc, it crashes with no error.
The first thing
Matt, hoping you can help with this.
My boss designed a board with two 8139 cards on board.
One is harwired to a connector intended to be eth0
the other to a switch intended to be eth1.
Naturally the reverse occurred.
If we can't fix this in BIOS he'll have to rewire.
The question is why is
Discovered that accessing block devices generates entropy.
Ran a background job to mount and umount the drive a couple
times and now rsasigkey 1024 takes about 3 seconds.
Phillip Watts
04/29/2002 03:04 PM
To: [EMAIL PROTECTED]
cc:
Subject: entropy and ipsec
experimenting with 2.4
PROTECTED]
cc:(bcc: Phillip Watts/austin/Nlynx)
Subject: RE: [Leaf-user] internal NAT question
Oh good grief, don't apologize! I didn't take offense.
I didn't realize that ipmasqadm portfw bypassed ipchains. Actually, I am
glad I know that now since I was thinking of using port
experimenting with 2.4 ( not LEAF yet )
I am mystified.
ipsec's(freeswan) rsasigkey command needs entropy ???
So on 2.2.16 i did a bunch of find / /dev/null
( stdout supposedly generates entropy )
Reduced key gen time from 5 min. to 5 sec.
Doesn't work on 2.4.18 . Whereas just a
I have situations in which my vpn router is a peer to a proxy server.
The proxy server is the default gateway for the servers behind it.
Therefore I use NAT on the internal interface to force traffic to the servers
back through the router.
This is approximately the same thing as port
I have had similar problems.
Love to know what ipsec version you are using.
It seems that using 0.0.0.0 as an identifier in ipsec.secrets
is key but I haven't got dynamic to work yet.
[EMAIL PROTECTED] on 04/25/2002 08:28:33 AM
To: [EMAIL PROTECTED]
cc:(bcc: Phillip Watts/austin
I have to save certain configuration files separate from
the .lrp files for various reasons.
When I change a password: passwd
I copy /etc/passwd and /etc/shadow- to a hard disk.
After booting I copy those files back to ramdisk
and my old passwd is back.
Am I
sendmail,
given access to an SMTP server, Python and Perl
have simple SMTP clients. Probably someone has
written one in sh.
Simon Bolduc [EMAIL PROTECTED] on 04/24/2002 09:17:22 AM
To: Phillip Watts/austin/Nlynx@Nlynx, [EMAIL PROTECTED]
cc: [EMAIL PROTECTED]
Subject: Re: [Leaf-user
advise.
Remember, these devices are only writable about a million times,
so no logging.
brooksp5 [EMAIL PROTECTED] on 04/23/2002 07:26:26 AM
To: [EMAIL PROTECTED]
cc:(bcc: Phillip Watts/austin/Nlynx)
Subject: [Leaf-user] Compact Flash
Hello,
I have been using both Dachstein and Bering
I understand that ipsec cannot run behind nat.
But could someone explain why this is necessarily so?
Nat does not alter the dest address therefore the packet would
end up in the right place.
Then after deencapsulation, ipsec could see that the inner
packet was valid.
For that matter, I cannot
http://www.theregus.com/content/4/24611.html
It is absolutely inconceivable to me, if true, that
that is not some kind of criminal offense.
To build in to an O/S release to automatically fetch
files without your explicit knowledge and permission
and even to fetch them from a company which is
Charles, it appears you are FreeSWAN very aware. I'll appeal
to you first but if you don't want to handle I'll turn to freeswan
because technically I'm working on non LEAF right now.
And it looks like I'm going to have quite a few questions.
IPSec(1.5) works like a charm on Eiger but I
Just a general kind of observation:
I've noticed a zillion posts to this list corncerning
LEAF on CD-ROM. I curious why there seems to be so
little interest in Compact Flash.
Admittedly, 16 or 32 MB is not 700 MB but its a lot
more than 1.44, its writable ( a million times or so)
has no
My boss wants to put a linux router behind his
Road Runner(the ISP) cable modem so he can have a decent
firewall and possibly port forwarding.
RoadRunner says he can't do NAT.
Is that just smoke?
How would they know?
TIA, Phil
___
Leaf-user
stdin and stdout generate entropy
I did entropy.sh
ps ax | grep a /dev/null
sleep 1
etc, etc
this reduced an rsasigkey gen from 5min to 5 sec.
[EMAIL PROTECTED] on 04/03/2002 03:52:09 PM
To: [EMAIL PROTECTED]
cc:(bcc: Phillip Watts/austin/Nlynx)
Subject
want to solder, break into your IDE cable and run the
write enable thru a switch (don't ask me). If you're clever you might
even not bring the drive down. That would be cool.
Matt Schalit [EMAIL PROTECTED] on 04/01/2002 03:14:30 PM
To: Phillip Watts/austin/Nlynx@Nlynx
cc: [EMAIL
Matt Schalit [EMAIL PROTECTED] on 04/01/2002 06:09:47 PM
To: Phillip Watts/austin/Nlynx@Nlynx
cc: [EMAIL PROTECTED]
Subject: Re: [Leaf-user] Flash Write Protect
I thought PC-Cards could be hot swapped. I haven't messed
with them in Linux yet, though. I thought the same
Oh, yeah.
Addressing the mechanical/noise problem:
Is a software addressable (encrypted key)
switch electrically possible?
(i'm just messing around here.)
___
Leaf-user mailing list
[EMAIL PROTECTED]
1 - 100 of 129 matches
Mail list logo