Thread: [Fwbuilder-discussion] Help! FirewallBuilder v2.0.12 "Segmantation Fault" after upgrade to Sveasoft
Brought to you by:
mikehorn
From: Paul <pgn...@gm...> - 2006-08-29 19:50:25
|
Hello, I'd been successfully trying out FirewallBuilder per instructions/advice from folks at the Sveasoft Firmware forums with FWB 2.0.12 & Talisman v 1.1. After today installing the upgrade to Talisman firmware v1.2, FWB now fails to telnet to the box, giving the "Segmentation Fault" error below. I've tried the v2.1.5b, but that crashes every time I try to compile or save rules. At the moment, short of downgrading to Talisman 1.1, I'm kind of stuck here. Can someone help me get FWB to behave? Fyi, I *can* successfully ssh/telnet into the Linksys router. Thanks. Paul Summary:* firewall name : linksys_fw * user name : root * management address : 10.0.0.1 * platform : iptables * host OS : linksys * Loading configuration from file /var/firewall/linksys.fwb Copying /var/firewall/linksys_fw.fw -> 10.0.0.1:/tmp Running command 'fwbuilder2.app/Contents/MacOS/fwbuilder -X -v -l root 10.0.0.1 echo '--**--**--';cat > /tmp/linksys_fw.fw ' *+*+*+* Running sssh as : /usr/local/openssh/bin/ssh -F /etc/ssh/ssh_config -i /etc/ssh/ssh.linksys.dsa -v -l root 10.0.0.1 echo '--**--**--';cat > /tmp/linksys_fw.fw Logged in OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for 10.0.0.1 debug1: Applying options for * debug1: Connecting to 10.0.0.1 [10.0.0.1] port 22. debug1: fd 14 clearing O_NONBLOCK debug1: Connection established. debug1: identity file /etc/ssh/ssh.linksys.dsa type -1 debug1: identity file /etc/ssh/ssh.linksys.dsa type -1 debug1: Remote protocol version 2.0, remote software version dropbear_0.48 debug1: no match: dropbear_0.48 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes256-cbc hmac-md5 none debug1: kex: client->server aes256-cbc hmac-md5 none debug1: sending SSH2_MSG_KEXDH_INIT debug1: expecting SSH2_MSG_KEXDH_REPLY debug1: Host '10.0.0.1' is known and matches the DSA host key. debug1: Found key in /Users/blakers/.ssh/known_hosts:1 debug1: ssh_dss_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Trying private key: /etc/ssh/ssh.linksys.dsa debug1: read PEM private key done: type DSA debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending command: echo '--**--**--';cat > /tmp/linksys_fw.fw --**--**-- SSH session terminated, exit status: 0 Activating new policy Running command 'fwbuilder2.app/Contents/MacOS/fwbuilder -X -t -t -v -l root 10.0.0.1 echo '--**--**--'; mv /tmp/linksys_fw.fw /tmp/fwb; /usr/sbin/nvram unset rc_firewall; /usr/sbin/nvram set rc_firewall="/usr/sbin/nvram get fwb|uudecode|gzip -dc|sh"; /usr/sbin/nvram unset fwb; /usr/sbin/nvram set fwb="`cat /tmp/fwb|gzip|uuencode -`" || exit 1; rm /tmp/fwb; echo "Saving data to flash memory"; /usr/sbin/nvram commit || exit 1; echo "Flash memory:"; /usr/sbin/nvram show >/dev/null; echo "Activating policy"; /usr/sbin/nvram get fwb|uudecode|gzip -dc|sh && (killall reboot;echo 'Policy activated') ' debug1: fd 14 clearing O_NONBLOCK debug1: Connection established. debug1: identity file /etc/ssh/ssh.linksys.dsa type -1 debug1: identity file /etc/ssh/ssh.linksys.dsa type -1 debug1: Remote protocol version 2.0, remote software version dropbear_0.48 debug1: no match: dropbear_0.48 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes256-cbc hmac-md5 none debug1: kex: client->server aes256-cbc hmac-md5 none debug1: sending SSH2_MSG_KEXDH_INIT debug1: expecting SSH2_MSG_KEXDH_REPLY debug1: Host '10.0.0.1' is known and matches the DSA host key. debug1: Found key in /Users/blakers/.ssh/known_hosts:1 debug1: ssh_dss_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Trying private key: /etc/ssh/ssh.linksys.dsa debug1: read PEM private key done: type DSA debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending command: echo '--**--**--'; mv /tmp/linksys_fw.fw /tmp/fwb; /usr/sbin/nvram unset rc_firewall; /usr/sbin/nvram set rc_firewall="/usr/sbin/nvram get fwb|uudecode|gzip -dc|sh"; /usr/sbin/nvram unset fwb; /usr/sbin/nvram set fwb="`cat /tmp/fwb|gzip|uuencode -`" || exit 1; rm /tmp/fwb; echo "Saving data to flash memory"; /usr/sbin/nvram commit || exit 1; echo "Flash memory:"; /usr/sbin/nvram show >/dev/null; echo "Activating policy"; /usr/sbin/nvram get fwb|uudecode|gzip -dc|sh && (killall reboot;echo 'Policy activated') Logged in ------------------------------------------ Sveasoft Firmware for Wireless Routers Talisman USE OF THIS FIRMWARE IS AT YOUR OWN RISK http://www.sveasoft.com ------------------------------------------ --**--**-- Segmentation fault debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: channel 0: free: client-session, nchannels 1 Connection to 10.0.0.1 closed. debug1: Transferred: stdin 0, stdout 0, stderr 35 bytes in 0.7 seconds debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 48.2 debug1: Exit status 1 SSH session terminated, exit status: 1 |
From: <va...@vk...> - 2006-08-29 21:01:48
|
On Aug 29, 2006, at 12:50 PM, Paul wrote: > Hello, > > I'd been successfully trying out FirewallBuilder per instructions/ > advice from folks at the Sveasoft Firmware forums with FWB 2.0.12 & > Talisman v 1.1. > > After today installing the upgrade to Talisman firmware v1.2, FWB > now fails to telnet to the box, giving the "Segmentation Fault" > error below. > > I've tried the v2.1.5b, but that crashes every time I try to > compile or save rules. > > At the moment, short of downgrading to Talisman 1.1, I'm kind of > stuck here. > > Can someone help me get FWB to behave? > > Fyi, I *can* successfully ssh/telnet into the Linksys router. > so, looking at the log ... > debug1: Sending command: echo '--**--**--'; mv /tmp/linksys_fw.fw / > tmp/fwb; /usr/sbin/nvram unset rc_firewall; /usr/sbin/nvram set > rc_firewall="/usr/sbin/nvram get fwb|uudecode|gzip -dc|sh"; /usr/ > sbin/nvram unset fwb; /usr/sbin/nvram set fwb="`cat /tmp/fwb|gzip| > uuencode -`" || exit 1; rm /tmp/fwb; echo "Saving data to flash > memory"; /usr/sbin/nvram commit || exit 1; echo "Flash memory:"; / > usr/sbin/nvram show >/dev/null; echo "Activating policy"; /usr/sbin/ > nvram get fwb|uudecode|gzip -dc|sh && (killall reboot;echo 'Policy > activated') > Logged in > ------------------------------------------ > > Sveasoft Firmware for Wireless Routers > > Talisman > > USE OF THIS FIRMWARE IS AT YOUR OWN RISK > > http://www.sveasoft.com > > ------------------------------------------ > --**--**-- > Segmentation fault > debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 > debug1: channel 0: free: client-session, nchannels 1 as you can see, the "special" prompt "--**--**--" comes out, that is how fwbuilder tells itself that it successfully logged in. Next after that it moves iptables script /tmp/linksys_fw,fw to /tmp/fwb, this apparently worked since there were no error messages related to 'mv'. Next it tries to unset NVRAM variable rc_firewall by calling "/usr/ sbin/nvram unset rc_firewall" and then assigns new value to this variable. Apparently /usr/sbin/nvram crashes during one of these operations, or during manipulation of the nvram variable fwb which is done right after that. I guess you could try to find out which one it is by executing the same commands manually; you can get the list of commands from the "Sending command:" log line. Anyway, looks like the problem caused by the crash of one of Sveasoft's tools, most likely / usr/sbin/nvram. --vk > Thanks. > > Paul > > > Summary:* firewall name : linksys_fw > * user name : root > * management address : 10.0.0.1 > * platform : iptables > * host OS : linksys > * Loading configuration from file /var/firewall/linksys.fwb > Copying /var/firewall/linksys_fw.fw -> 10.0.0.1:/tmp > Running command 'fwbuilder2.app/Contents/MacOS/fwbuilder -X -v -l > root 10.0.0.1 echo '--**--**--';cat > /tmp/linksys_fw.fw ' > *+*+*+* Running sssh as : /usr/local/openssh/bin/ssh -F /etc/ssh/ > ssh_config -i /etc/ssh/ssh.linksys.dsa -v -l root 10.0.0.1 echo '-- > **--**--';cat > /tmp/linksys_fw.fw > Logged in > OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for 10.0.0.1 > debug1: Applying options for * > debug1: Connecting to 10.0.0.1 [10.0.0.1] port 22. > debug1: fd 14 clearing O_NONBLOCK > debug1: Connection established. > debug1: identity file /etc/ssh/ssh.linksys.dsa type -1 > debug1: identity file /etc/ssh/ssh.linksys.dsa type -1 > debug1: Remote protocol version 2.0, remote software version > dropbear_0.48 > debug1: no match: dropbear_0.48 > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_4.3 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client aes256-cbc hmac-md5 none > debug1: kex: client->server aes256-cbc hmac-md5 none > debug1: sending SSH2_MSG_KEXDH_INIT > debug1: expecting SSH2_MSG_KEXDH_REPLY > debug1: Host '10.0.0.1' is known and matches the DSA host key. > debug1: Found key in /Users/blakers/.ssh/known_hosts:1 > debug1: ssh_dss_verify: signature correct > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug1: Authentications that can continue: publickey > debug1: Next authentication method: publickey > debug1: Trying private key: /etc/ssh/ssh.linksys.dsa > debug1: read PEM private key done: type DSA > debug1: Authentication succeeded (publickey). > debug1: channel 0: new [client-session] > debug1: Entering interactive session. > debug1: Sending command: echo '--**--**--';cat > /tmp/linksys_fw.fw > --**--**-- > SSH session terminated, exit status: 0 > Activating new policy > Running command 'fwbuilder2.app/Contents/MacOS/fwbuilder -X -t -t - > v -l root 10.0.0.1 echo '--**--**--'; mv /tmp/linksys_fw.fw /tmp/ > fwb; /usr/sbin/nvram unset rc_firewall; /usr/sbin/nvram set > rc_firewall="/usr/sbin/nvram get fwb|uudecode|gzip -dc|sh"; /usr/ > sbin/nvram unset fwb; /usr/sbin/nvram set fwb="`cat /tmp/fwb|gzip| > uuencode -`" || exit 1; rm /tmp/fwb; echo "Saving data to flash > memory"; /usr/sbin/nvram commit || exit 1; echo "Flash memory:"; / > usr/sbin/nvram show >/dev/null; echo "Activating policy"; /usr/sbin/ > nvram get fwb|uudecode|gzip -dc|sh && (killall reboot;echo 'Policy > activated') ' > debug1: fd 14 clearing O_NONBLOCK > debug1: Connection established. > debug1: identity file /etc/ssh/ssh.linksys.dsa type -1 > debug1: identity file /etc/ssh/ssh.linksys.dsa type -1 > debug1: Remote protocol version 2.0, remote software version > dropbear_0.48 > debug1: no match: dropbear_0.48 > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_4.3 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client aes256-cbc hmac-md5 none > debug1: kex: client->server aes256-cbc hmac-md5 none > debug1: sending SSH2_MSG_KEXDH_INIT > debug1: expecting SSH2_MSG_KEXDH_REPLY > debug1: Host '10.0.0.1' is known and matches the DSA host key. > debug1: Found key in /Users/blakers/.ssh/known_hosts:1 > debug1: ssh_dss_verify: signature correct > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug1: Authentications that can continue: publickey > debug1: Next authentication method: publickey > debug1: Trying private key: /etc/ssh/ssh.linksys.dsa > debug1: read PEM private key done: type DSA > debug1: Authentication succeeded (publickey). > debug1: channel 0: new [client-session] > debug1: Entering interactive session. > debug1: Sending command: echo '--**--**--'; mv /tmp/linksys_fw.fw / > tmp/fwb; /usr/sbin/nvram unset rc_firewall; /usr/sbin/nvram set > rc_firewall="/usr/sbin/nvram get fwb|uudecode|gzip -dc|sh"; /usr/ > sbin/nvram unset fwb; /usr/sbin/nvram set fwb="`cat /tmp/fwb|gzip| > uuencode -`" || exit 1; rm /tmp/fwb; echo "Saving data to flash > memory"; /usr/sbin/nvram commit || exit 1; echo "Flash memory:"; / > usr/sbin/nvram show >/dev/null; echo "Activating policy"; /usr/sbin/ > nvram get fwb|uudecode|gzip -dc|sh && (killall reboot;echo 'Policy > activated') > Logged in > ------------------------------------------ > > Sveasoft Firmware for Wireless Routers > > Talisman > > USE OF THIS FIRMWARE IS AT YOUR OWN RISK > > http://www.sveasoft.com > > ------------------------------------------ > --**--**-- > Segmentation fault > debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 > debug1: channel 0: free: client-session, nchannels 1 > Connection to 10.0.0.1 closed. > debug1: Transferred: stdin 0, stdout 0, stderr 35 bytes in 0.7 seconds > debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 48.2 > debug1: Exit status 1 > SSH session terminated, exit status: 1 > ---------------------------------------------------------------------- > --- > Using Tomcat but need to do more? Need to support web services, > security? > Get stuff done quickly with pre-integrated technology to make your > job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache > Geronimo > http://sel.as-us.falkag.net/sel? > cmd=lnk&kid=120709&bid=263057&dat=121642 > > !DSPAM:44f49b2b194372106666491! > _______________________________________________ > Fwbuilder-discussion mailing list > Fwb...@li... > https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion > > > !DSPAM:44f49b2b194372106666491! |
From: Chris M. <ch...@ma...> - 2006-08-30 05:37:03
|
Paul The nvram utility writes parameters in to a configuration area of flash memory separate from the firmware and filesystem The entire fw script is being stored in one parameter. There are limits on the size. Most likely the script is too big to fit in a single nvram parameter. If this is the case, use a basic linux install and save the fw script to the file system. Then modify talisman to run the script from the filesystem rather than from the nvram paramater --------------------------------------------------------------------------- Chris Martin m: 0419 812 371 e: ch...@ma... --------------------------------------------------------------------------- _____ From: fwb...@li... [mailto:fwb...@li...] On Behalf Of Vadim Kurland ? Sent: Wednesday, 30 August 2006 6:59 AM To: Paul Cc: fwb...@li... Subject: Re: [Fwbuilder-discussion] Help! FirewallBuilder v2.0.12"Segmantation Fault" after upgrade to Sveasoft Talisman 1.2 On Aug 29, 2006, at 12:50 PM, Paul wrote: Hello, I'd been successfully trying out FirewallBuilder per instructions/advice from folks at the Sveasoft Firmware forums with FWB 2.0.12 & Talisman v 1.1. After today installing the upgrade to Talisman firmware v1.2, FWB now fails to telnet to the box, giving the "Segmentation Fault" error below. I've tried the v2.1.5b, but that crashes every time I try to compile or save rules. At the moment, short of downgrading to Talisman 1.1, I'm kind of stuck here. Can someone help me get FWB to behave? Fyi, I *can* successfully ssh/telnet into the Linksys router. so, looking at the log ... debug1: Sending command: echo '--**--**--'; mv /tmp/linksys_fw.fw /tmp/fwb; /usr/sbin/nvram unset rc_firewall; /usr/sbin/nvram set rc_firewall="/usr/sbin/nvram get fwb|uudecode|gzip -dc|sh"; /usr/sbin/nvram unset fwb; /usr/sbin/nvram set fwb="`cat /tmp/fwb|gzip|uuencode -`" || exit 1; rm /tmp/fwb; echo "Saving data to flash memory"; /usr/sbin/nvram commit || exit 1; echo "Flash memory:"; /usr/sbin/nvram show >/dev/null; echo "Activating policy"; /usr/sbin/nvram get fwb|uudecode|gzip -dc|sh && (killall reboot;echo 'Policy activated') Logged in ------------------------------------------ Sveasoft Firmware for Wireless Routers Talisman USE OF THIS FIRMWARE IS AT YOUR OWN RISK <http://www.sveasoft.com/> http://www.sveasoft.com ------------------------------------------ --**--**-- Segmentation fault debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: channel 0: free: client-session, nchannels 1 as you can see, the "special" prompt "--**--**--" comes out, that is how fwbuilder tells itself that it successfully logged in. Next after that it moves iptables script /tmp/linksys_fw,fw to /tmp/fwb, this apparently worked since there were no error messages related to 'mv'. Next it tries to unset NVRAM variable rc_firewall by calling "/usr/sbin/nvram unset rc_firewall" and then assigns new value to this variable. Apparently /usr/sbin/nvram crashes during one of these operations, or during manipulation of the nvram variable fwb which is done right after that. I guess you could try to find out which one it is by executing the same commands manually; you can get the list of commands from the "Sending command:" log line. Anyway, looks like the problem caused by the crash of one of Sveasoft's tools, most likely /usr/sbin/nvram. --vk Thanks. Paul Summary:* firewall name : linksys_fw * user name : root * management address : 10.0.0.1 * platform : iptables * host OS : linksys * Loading configuration from file /var/firewall/linksys.fwb Copying /var/firewall/linksys_fw.fw -> 10.0.0.1:/tmp Running command 'fwbuilder2.app/Contents/MacOS/fwbuilder -X -v -l root 10.0.0.1 echo '--**--**--';cat > /tmp/linksys_fw.fw ' *+*+*+* Running sssh as : /usr/local/openssh/bin/ssh -F /etc/ssh/ssh_config -i /etc/ssh/ssh.linksys.dsa -v -l root 10.0.0.1 echo '--**--**--';cat > /tmp/linksys_fw.fw Logged in OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for 10.0.0.1 debug1: Applying options for * debug1: Connecting to 10.0.0.1 [10.0.0.1] port 22. debug1: fd 14 clearing O_NONBLOCK debug1: Connection established. debug1: identity file /etc/ssh/ssh.linksys.dsa type -1 debug1: identity file /etc/ssh/ssh.linksys.dsa type -1 debug1: Remote protocol version 2.0, remote software version dropbear_0.48 debug1: no match: dropbear_0.48 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes256-cbc hmac-md5 none debug1: kex: client->server aes256-cbc hmac-md5 none debug1: sending SSH2_MSG_KEXDH_INIT debug1: expecting SSH2_MSG_KEXDH_REPLY debug1: Host '10.0.0.1' is known and matches the DSA host key. debug1: Found key in /Users/blakers/.ssh/known_hosts:1 debug1: ssh_dss_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Trying private key: /etc/ssh/ssh.linksys.dsa debug1: read PEM private key done: type DSA debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending command: echo '--**--**--';cat > /tmp/linksys_fw.fw --**--**-- SSH session terminated, exit status: 0 Activating new policy Running command 'fwbuilder2.app/Contents/MacOS/fwbuilder -X -t -t -v -l root 10.0.0.1 echo '--**--**--'; mv /tmp/linksys_fw.fw /tmp/fwb; /usr/sbin/nvram unset rc_firewall; /usr/sbin/nvram set rc_firewall="/usr/sbin/nvram get fwb|uudecode|gzip -dc|sh"; /usr/sbin/nvram unset fwb; /usr/sbin/nvram set fwb="`cat /tmp/fwb|gzip|uuencode -`" || exit 1; rm /tmp/fwb; echo "Saving data to flash memory"; /usr/sbin/nvram commit || exit 1; echo "Flash memory:"; /usr/sbin/nvram show >/dev/null; echo "Activating policy"; /usr/sbin/nvram get fwb|uudecode|gzip -dc|sh && (killall reboot;echo 'Policy activated') ' debug1: fd 14 clearing O_NONBLOCK debug1: Connection established. debug1: identity file /etc/ssh/ssh.linksys.dsa type -1 debug1: identity file /etc/ssh/ssh.linksys.dsa type -1 debug1: Remote protocol version 2.0, remote software version dropbear_0.48 debug1: no match: dropbear_0.48 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes256-cbc hmac-md5 none debug1: kex: client->server aes256-cbc hmac-md5 none debug1: sending SSH2_MSG_KEXDH_INIT debug1: expecting SSH2_MSG_KEXDH_REPLY debug1: Host '10.0.0.1' is known and matches the DSA host key. debug1: Found key in /Users/blakers/.ssh/known_hosts:1 debug1: ssh_dss_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Trying private key: /etc/ssh/ssh.linksys.dsa debug1: read PEM private key done: type DSA debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending command: echo '--**--**--'; mv /tmp/linksys_fw.fw /tmp/fwb; /usr/sbin/nvram unset rc_firewall; /usr/sbin/nvram set rc_firewall="/usr/sbin/nvram get fwb|uudecode|gzip -dc|sh"; /usr/sbin/nvram unset fwb; /usr/sbin/nvram set fwb="`cat /tmp/fwb|gzip|uuencode -`" || exit 1; rm /tmp/fwb; echo "Saving data to flash memory"; /usr/sbin/nvram commit || exit 1; echo "Flash memory:"; /usr/sbin/nvram show >/dev/null; echo "Activating policy"; /usr/sbin/nvram get fwb|uudecode|gzip -dc|sh && (killall reboot;echo 'Policy activated') Logged in ------------------------------------------ Sveasoft Firmware for Wireless Routers Talisman USE OF THIS FIRMWARE IS AT YOUR OWN RISK http://www.sveasoft.com ------------------------------------------ --**--**-- Segmentation fault debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: channel 0: free: client-session, nchannels 1 Connection to 10.0.0.1 closed. debug1: Transferred: stdin 0, stdout 0, stderr 35 bytes in 0.7 seconds debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 48.2 debug1: Exit status 1 SSH session terminated, exit status: 1 ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk <http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642> &kid=120709&bid=263057&dat=121642 !DSPAM:44f49b2b194372106666491! _______________________________________________ Fwbuilder-discussion mailing list Fwb...@li... https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion !DSPAM:44f49b2b194372106666491! |
From: Paul <pgn...@gm...> - 2006-08-30 17:27:21
|
Hello Chris & Robert, On 8/29/06, Robert Kahl <R....@em...> wrote: > > I posted a solution for DD-WRT a while ago. Maybe it's also working with > sveasoft, as a lot of linksys software relays on sveasoft. Please have a > look here: > > http://www.dd-wrt.com/wiki/index.php/Firewall_Builder > > *From:* Chris Martin [mailto:ch...@ma...] > *Sent:* Wednesday, August 30, 2006 7:37 AM > > The nvram utility writes parameters in to a configuration area of flash > memory separate from the firmware and filesystem > > The entire fw script is being stored in one parameter. There are limits > on the size. > > Most likely the script is too big to fit in a single nvram parameter. > > > > If this is the case, use a basic linux install and save the fw script to > the file system. > > Then modify talisman to run the script from the filesystem rather than > from the nvram paramater > This is a bit over my head at the moment, but it does seem to make sense. If not too much trouble, could one of you two -- who clearly know more about this -- comment on/at the sveasoft boards (assuming you're even members, that is ...)? It would be probably helpful to have them know about it and/or address the problem which, if I understand correctly, *IS* an issue on "their" end. In the meantime, I'll try to get this behaving on my end. Thanks! Paul |
From: Paul <pgn...@gm...> - 2006-08-30 18:29:20
|
Hello Again. While exploring your suggestions, I've learned that the FWB installer, when targeted at an Sveasoft firmware-based router, correctly configs to place the firewall in a nvram variable. Per your point, above. I've discovered an option in FWB in the firewall's seeting -> Installer dialog: "Directory on the firewall where script should be installed" which looked promising to place the firewall in the R/W partition (or JFFS, I believe) on the router. BUT, it is greyed-out/inactive. Is this a FWB lmitation, feature or bug? In other words, can I "Make it work" using FWB? Thanks. Paul |
From: Tom D. <td...@ro...> - 2006-08-30 19:26:51
|
On Wed, 30 Aug 2006, Paul wrote: > Hello Again. > > While exploring your suggestions, I've learned that the FWB installer, when > targeted at an Sveasoft firmware-based router, correctly configs to place > the firewall in a nvram variable. > > Per your point, above. > > I've discovered an option in FWB in the firewall's seeting -> Installer > dialog: > > "Directory on the firewall where script should be installed" > > which looked promising to place the firewall in the R/W partition (or JFFS, > I believe) on the > router. > > BUT, it is greyed-out/inactive. That is because you chose Sveasoft in the firewall config. I use fwbuilder on openwrt but I tell it iptables and it works really well!! > Is this a FWB lmitation, feature or bug? In other words, can I "Make it > work" using FWB? Nope it is your configuration. :-)) Regards, -- Tom Diehl td...@ro... Spamtrap address mt...@ro... |
From: Chris M. <ch...@ma...> - 2006-08-30 22:23:57
|
When you stared configuring your firewall in Fwbuilder you selected the sveasoft template. This is what causes the installer to place the script in NVRAM. If you configure your firewall using a std linux 2.4 / iptables template you will be able to install to the JFFS filesystem. Don't delete the firewall you configured in Fwbuilder, just create a second firewall based on a linux template I started out using talisman, but found it too restrictive, and I was not able to do everything I wanted with it I moved to openWrt, and haven't looked back, but if you are NOT familiar with linux I wouldn't recommend it --------------------------------------------------------------------------- Chris Martin m: 0419 812 371 e: ch...@ma... --------------------------------------------------------------------------- _____ From: fwb...@li... [mailto:fwb...@li...] On Behalf Of Paul Sent: Thursday, 31 August 2006 4:29 AM To: fwbuilder-discussion Cc: R....@em... Subject: Re: [Fwbuilder-discussion] Help! FirewallBuilderv2.0.12"Segmantation Fault" after upgrade to Sveasoft Talisman 1.2 Hello Again. While exploring your suggestions, I've learned that the FWB installer, when targeted at an Sveasoft firmware-based router, correctly configs to place the firewall in a nvram variable. Per your point, above. I've discovered an option in FWB in the firewall's seeting -> Installer dialog: "Directory on the firewall where script should be installed" which looked promising to place the firewall in the R/W partition (or JFFS, I believe) on the router. BUT, it is greyed-out/inactive. Is this a FWB lmitation, feature or bug? In other words, can I "Make it work" using FWB? Thanks. Paul |
From: <va...@vk...> - 2006-08-30 23:13:36
|
On Aug 30, 2006, at 3:23 PM, Chris Martin wrote: > When you stared configuring your firewall in Fwbuilder you selected =20= > the sveasoft template. > > > This is what causes the installer to place the script in NVRAM. > > > If you configure your firewall using a std linux 2.4 / iptables =20 > template you will be able to install to the JFFS filesystem. > > > Don=92t delete the firewall you configured in Fwbuilder, just create =20= > a second firewall based on a linux template > > actually, you can just change platform in the firewall settings from =20 Sveasoft to Linux24. You do not have to recreate firewall object from =20= scratch. --vk > > I started out using talisman, but found it too restrictive, and I =20 > was not able to do everything I wanted with it > > I moved to openWrt, and haven=92t looked back, but if you are NOT =20 > familiar with linux I wouldn=92t recommend it > > > > ----------------------------------------------------------------------=20= > ----- > > Chris Martin > > m: 0419 812 371 > > e: ch...@ma... > > ----------------------------------------------------------------------=20= > ----- > > From: fwb...@li... =20 > [mailto:fwb...@li...] On =20 > Behalf Of Paul > Sent: Thursday, 31 August 2006 4:29 AM > To: fwbuilder-discussion > Cc: R....@em... > Subject: Re: [Fwbuilder-discussion] Help! =20 > FirewallBuilderv2.0.12"Segmantation Fault" after upgrade to =20 > Sveasoft Talisman 1.2 > > > Hello Again. > > While exploring your suggestions, I've learned that the FWB =20 > installer, when targeted at an Sveasoft firmware-based router, =20 > correctly configs to place the firewall in a nvram variable. > > Per your point, above. > > I've discovered an option in FWB in the firewall's seeting -> =20 > Installer dialog: > > "Directory on the firewall where script should be installed" > > which looked promising to place the firewall in the R/W partition =20 > (or JFFS, I believe) on the > router. > > BUT, it is greyed-out/inactive. > > Is this a FWB lmitation, feature or bug? In other words, can I =20 > "Make it work" using FWB? > > Thanks. > > Paul > > ----------------------------------------------------------------------=20= > --- > Using Tomcat but need to do more? Need to support web services, =20 > security? > Get stuff done quickly with pre-integrated technology to make your =20 > job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache =20 > Geronimo > http://sel.as-us.falkag.net/sel?=20 > cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D121642 > > !DSPAM:44f6109643156970421242! > _______________________________________________ > Fwbuilder-discussion mailing list > Fwb...@li... > https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion > > > !DSPAM:44f6109643156970421242! |
From: Paul <pgn...@gm...> - 2006-08-31 00:59:55
|
SGVsbG8gVmFkbSwKCk9uIDgvMzAvMDYsIFZhZGltIEt1cmxhbmQg4pyIIDx2YWRpbUB2ay5jcm9j b2RpbGUub3JnPiB3cm90ZToKPgo+Cj4KPiBhY3R1YWxseSwgeW91IGNhbiBqdXN0IGNoYW5nZSBw bGF0Zm9ybSBpbiB0aGUgZmlyZXdhbGwgc2V0dGluZ3MgZnJvbQo+IFN2ZWFzb2Z0IHRvIExpbnV4 MjQuIFlvdSBkbyBub3QgaGF2ZSB0byByZWNyZWF0ZSBmaXJld2FsbCBvYmplY3QgZnJvbQo+IHNj cmF0Y2guCj4KClRvbSBoYWQgYWN0dWFsbHkgaW5zdHJ1Y3RlZCBtZSBpbiB0aGF0IGluIGEgcHJp dmF0ZSBjb252ZXJzYXRpb24uIFRoYW5rICB5b3UKdGhvdWdoLgoKT25lIHF1ZXN0aW9uIHRoYXQg c3RpbGwgcmVtYWlucywgaG93ZXZlci4KCldoZW4gSSAqZG8qIG1ha2UgdGhlIGNoYW5nZSB0byBM aW51eDI0LCBJIG5vdGUgdGhhdCB0aGVyZSBhIG51bWJlciBvZgonYWRkaXRpb25hbCcgb3B0aW9u cyBhdmFpbGFibGUgaW4gdGhlIExpbnh1eDI0LzI2IGRpYWxvZyhzKSwgYXMgb3Bwb3NlZCB0bwp0 aGUgcHJlc3VtZWQvZGVmYXVsdCBzZXR0aW5ncyB0aGF0IGhhdmUgYmVlbiBtYWRlIGZvciB0aGUg U3ZlYXNvZnQvTGlua3N5cwpzZXR0aW5ncy4KCklzIHRoZXJlIHNvbWUgZ3VpZGVsaW5lIGFzIHRv IGhvdyB0byBzZXQgYWxsIHRob3NlIG9wdGlvbnMgdG8gZW5zdXJlIHdvcmtpbmcKY29ycmVjdGx5 IHdpdGggdGhlIFN2ZWFzb2Z0PwoKQWdhaW4sIHRoZSBnb2FsIGhlcmUgaXMgdG8gZ2V0IEZXQiB0 byB3cml0ZSBpdHMgZmlyZXdhbGwgdG8gdGhlIFN2ZWFzb2Z0IFIvVwpQYXJ0aXRpb24gcmF0aGVy IHRoYW4gdG8gdGhlIGFwcGFyZW50bHkgcHJvYmxlbWF0aWMgTlZSQU0gdmFyIC0tIGFuZApwcm9w ZXJseSBzZXQgdXAgdGhlIHdob2xlIHRoaW5nLCBvZiBjb3Vyc2UsIHRvIGJvb3QgcHJvcGVybHkg ZnJvbSB0aGUKUi9XLXNhdmVkIGZpcmV3YWxsLgoKVGhhbmtzIGZvciB5b3VyIGhlbHAuCgpQYXVs Cg== |
From: <va...@vk...> - 2006-08-31 01:21:46
|
On Aug 30, 2006, at 5:59 PM, Paul wrote: > Hello Vadm, > > On 8/30/06, Vadim Kurland =E2=9C=88 <va...@vk...> wrote: > > > actually, you can just change platform in the firewall settings =20 > from Sveasoft to Linux24. You do not have to recreate firewall =20 > object from scratch. > > Tom had actually instructed me in that in a private conversation. =20 > Thank you though. > > One question that still remains, however. > > When I *do* make the change to Linux24, I note that there a number =20 > of 'additional' options available in the Linxux24/26 dialog(s), as =20= > opposed to the presumed/default settings that have been made for =20 > the Sveasoft/Linksys settings. > > Is there some guideline as to how to set all those options to =20 > ensure working correctly with the Sveasoft? > there is no written document on that, but I can answer specific =20 questions. I am sure others, who run fwbuilder in this mode, can help =20= too. > Again, the goal here is to get FWB to write its firewall to the =20 > Sveasoft R/W Partition rather than to the apparently problematic =20 > NVRAM var -- and properly set up the whole thing, of course, to =20 > boot properly from the R/W-saved firewall. I really do not know much about this as I do not it myself. --vk |
From: Robert K. <R....@em...> - 2006-08-31 06:19:37
|
Problem: I can=92t write to the fwbuilder list directly, because I used another account to start there. Anyway, I=92m using it successful with dd-wrt. Where is your advantage of sveasoft over dd-wrt? If you need instruction, please mail me directly, as I don=92t follow all discussions= in the list (to much spam today, and to much other work.) But definitely, fwbuilder + linksys works like a charm (at least with 2.0) =20 Best regards =20 Robert Kahl =20 ************************* Robert Kahl Sales Department EMI-tec GmbH Motzener Str. 17 12277 Berlin GERMANY Tel: +49 30 723 949 - 20 FAX: +49 30 723 949 - 19 Email: R....@em... URL: http://www.emi-tec.de _____ =20 From: Vadim Kurland _ [mailto:va...@vk...]=20 Sent: Thursday, August 31, 2006 3:19 AM To: Paul Cc: Chris Martin; fwbuilder-discussion; Robert Kahl Subject: Re: [Fwbuilder-discussion] Help! FirewallBuilderv2.0.12"Segmantation Fault" after upgrade to Sveasoft Talisman 1.2 =20 =20 On Aug 30, 2006, at 5:59 PM, Paul wrote: Hello Vadm, On 8/30/06, Vadim Kurland ? <va...@vk...> wrote: =20 =20 actually, you can just change platform in the firewall settings from Sveasoft to Linux24. You do not have to recreate firewall object from scratch. Tom had actually instructed me in that in a private conversation. Thank=20 you though. One question that still remains, however. When I *do* make the change to Linux24, I note that there a number of 'additional' options available in the Linxux24/26 dialog(s), as opposed to the presumed/default settings that have been made for the Sveasoft/Linksys settings. Is there some guideline as to how to set all those options to ensure working correctly with the Sveasoft?=20 =20 there is no written document on that, but I can answer specific questions. I am sure others, who run fwbuilder in this mode, can help too. =20 Again, the goal here is to get FWB to write its firewall to the Sveasoft R/W Partition rather than to the apparently problematic NVRAM var -- and properly set up the whole thing, of course, to boot properly from the R/W-saved firewall.=20 =20 I really do not know much about this as I do not it myself. =20 --vk =20 |
From: Robert K. <R....@em...> - 2006-08-31 06:22:52
|
What I can do for you, is to send you my *.fwb file. But please don=92t distribute it elsewhere. You=92d see the important settings there. =20 Best regards =20 Robert Kahl =20 ************************* Robert Kahl Sales Department EMI-tec GmbH Motzener Str. 17 12277 Berlin GERMANY Tel: +49 30 723 949 - 20 FAX: +49 30 723 949 - 19 Email: R....@em... URL: http://www.emi-tec.de _____ =20 From: Vadim Kurland _ [mailto:va...@vk...]=20 Sent: Thursday, August 31, 2006 3:19 AM To: Paul Cc: Chris Martin; fwbuilder-discussion; Robert Kahl Subject: Re: [Fwbuilder-discussion] Help! FirewallBuilderv2.0.12"Segmantation Fault" after upgrade to Sveasoft Talisman 1.2 =20 =20 On Aug 30, 2006, at 5:59 PM, Paul wrote: Hello Vadm, On 8/30/06, Vadim Kurland ? <va...@vk...> wrote: =20 =20 actually, you can just change platform in the firewall settings from Sveasoft to Linux24. You do not have to recreate firewall object from scratch. Tom had actually instructed me in that in a private conversation. Thank=20 you though. One question that still remains, however. When I *do* make the change to Linux24, I note that there a number of 'additional' options available in the Linxux24/26 dialog(s), as opposed to the presumed/default settings that have been made for the Sveasoft/Linksys settings. Is there some guideline as to how to set all those options to ensure working correctly with the Sveasoft?=20 =20 there is no written document on that, but I can answer specific questions. I am sure others, who run fwbuilder in this mode, can help too. =20 Again, the goal here is to get FWB to write its firewall to the Sveasoft R/W Partition rather than to the apparently problematic NVRAM var -- and properly set up the whole thing, of course, to boot properly from the R/W-saved firewall.=20 =20 I really do not know much about this as I do not it myself. =20 --vk =20 |
From: Chris M. <ch...@ma...> - 2006-08-31 01:30:54
|
Paul =20 As I understand it, Sveasoft is based on OpenWrt So this doc (the FW bit) should help =20 http://www.martin.cc/OpenWrt/OpenWrt%20Config_RC5.pdf =20 cheers =20 -------------------------------------------------------------------------= -- Chris Martin m: 0419 812 371 e: ch...@ma... -------------------------------------------------------------------------= -- _____ =20 From: Paul [mailto:pgn...@gm...]=20 Sent: Thursday, 31 August 2006 11:00 AM To: Vadim Kurland =E2=9C=88 Cc: Chris Martin; fwbuilder-discussion; R....@em... Subject: Re: [Fwbuilder-discussion] Help! = FirewallBuilderv2.0.12"Segmantation Fault" after upgrade to Sveasoft = Talisman 1.2 =20 Hello Vadm, On 8/30/06, Vadim Kurland =E2=9C=88 <va...@vk...> wrote: =20 =20 actually, you can just change platform in the firewall settings from = Sveasoft to Linux24. You do not have to recreate firewall object from = scratch. Tom had actually instructed me in that in a private conversation. Thank = you though. One question that still remains, however. When I *do* make the change to Linux24, I note that there a number of = 'additional' options available in the Linxux24/26 dialog(s), as opposed = to the presumed/default settings that have been made for the = Sveasoft/Linksys settings. Is there some guideline as to how to set all those options to ensure = working correctly with the Sveasoft?=20 Again, the goal here is to get FWB to write its firewall to the Sveasoft = R/W Partition rather than to the apparently problematic NVRAM var -- and = properly set up the whole thing, of course, to boot properly from the = R/W-saved firewall.=20 Thanks for your help. Paul =20 |