Menu
▾
▴
Re: [leaf-user] leaf-user Digest, Vol 204, Issue 4
|
From: Sławek A. <sa...@wa...> - 2025-11-26 18:40:46
|
He Erich Sorry for my poor English. I'm not artificial. And I'm a bit intelligent, I think. The config was changed by me. Only by me. I'm not using AI. I'm to old for that. I'm programmer. Retired. When I was working the AI was absent. My work was simple - databases and ERP. Initially, it was DOS, and later Windows. I've never worked with Linux. In 1998, a friend of mine showed me how to build a firewall for the company I worked for. It was a small company—seven employees, including the owners. It was Leaf Bering. Made on CD. At home, on my old computer, I also installed a firewall. For security reasons. That friend of mine is no longer alive – SM. But nine years ago, unfortunately, without his help, I configured Leaf Berin uClibc version 5.2.6. Also on CD. And I used it until recently. Now I decided to make a new one firewall. On USB. In version 5.2.6, I could log into the firewall from a local Windows computer. I usually use Firefox. I copied the settings to Windows, file by file. I logged into the new firewall using its keyboard. Logging in from Windows doesn't work for me. That was version 7.0.0. But now there's an upgrade command. And I have version 7.5.1. Great. After logging in, I looked at all the files in lrcfg and changed them based on the configuration I was reading from the second monitor, the one running Windows. I think I was successful. It works. I have internet. But I missed something. I can't access it from Windows, and all local IPs are accepted. W dniu 26.11.2025 o 00:22, lea...@li... pisze: > Message: 2 > Date: Wed, 26 Nov 2025 00:06:27 +0100 > From: Erich Titl<eri...@th...> > To:lea...@li... > Subject: Re: [leaf-user] leaf-user Digest, Vol 204, Issue 3 > Message-ID:<c58...@th...> > Content-Type: text/plain; charset="utf-8"; Format="flowed" > > Hi Folks > > If I understand this issue correctly it started with a AI built config, > not with something set in either the shorewall documentation or with a > simple config as distributed with LEAF. Please correct me if this is not > the case. > > It appears to me that the OP does not have a strong conceptual > understanding of his network topology. > > I would suggest to lay down the concept of this installation instead of > explaining what alledgedly is not working, e.g. the logical and physical > layout of the network(s). Based on this I am positive that the group can > suggest solutions. > > I understand that the shorewall documentation by Tom is complex. It > shows at what high abstraction level Tom was able to think when he > designed, wrote and documented shorewall. I understand also that many if > not all of us will not easily absorb this, at least I need to reread often. > > My 2 cents. > > cheers > > ET > > Am 25.11.2025 um 22:01 schrieb S?awek Adamski via leaf-user: >> Big thanks. It's very nice that you want to help me. But your solution >> doesn't work. For clarity, I added the IP numbers I approved to >> ?/etc/shorewall/rules as you wrote. And /etc/shorewall/policy was >> (I added line numbers): >> >> ?1? ? # >> ?2? ? # Shorewall -- /etc/shorewall/policy >> ?3? ? # >> ?4? ? # For information about entries in this file, type "man >> shorewall-policy" >> ?5? ? # >> ?6? ? # The manpage is also online at >> ?7? ? #http://www.shorewall.net/manpages/shorewall-policy.html >> ?8? ? # >> ?9 >> ############################################################################### >> 10? ? #SOURCE? ? ? ? DEST? ? ? ? POLICY? ? LOGLEVEL? ? LIMIT CONNLIMIT >> 11? ? #loc? ? net? ? ACCEPT >> 12? ? loc? ? fw? ? REJECT >> 13? ? net? ? all? ? DROP >> 14? ? # If you want open access to the Internet from your Firewall >> 15? ? # remowe the comment from the following line. >> 16? ? #fw? ? ? ? net? ? ? ? ACCEPT >> 17? ? # THE FOLLOWING POLICY MUST BE LAST >> 18? ? # >> 19? ? all? ? all? ? REJECT? ? ? ? ? ? NFLOG(4,0,4) >> >> I commented out line 11 and added line 12. And it doesn't work. >> No local IP has internet. I uncommented line 11 without sucses. >> Still no net. So I commented line 12. And every local IP has access >> again. Probably the problem is in other place. >> >> W dniu 25.11.2025 o?13:19,lea...@li... pisze: >>> Message: 1 >>> Date: Mon, 24 Nov 2025 08:36:05 -0500 >>> From: "Robert K Coffman Jr. -Info From Data Corp." >>> ????<bco...@in...> >>> To:lea...@li... >>> Subject: Re: [leaf-user] leaf-user Digest, Vol 204, Issue 1 >>> Message-ID:<e43...@in...> >>> Content-Type: text/plain; charset="UTF-8" >>> >>> ??? If I am understanding you correctly, this is how I would accomplish >>> ??? that.? I'm assuming Shorewall (the default firewall on Leaf, unless >>> ??? that has changed) is running.? You can confirm by: >>> ??? shorewall status >>> ??? You should see a message including "Shorewall is running." >>> ??? If you do, edit /etc/shorewall/policy and look for the line that is >>> ??? similar to this: >>> ??? loc???????????? fw????????????? ACCEPT >>> ??? In that line, change ACCEPT to REJECT >>> ??? Then, in /etc/shorewall/rules, add these rules for the IPs you >>> want to >>> ??? allow from your lan to connect to your firewall, one line for each >>> IP: >>> ??? ACCEPT??? loc:192.168.0.5/24??? fw?? all >>> ??? The /24 assumes that your subnet mask for your firewall is >>> ??? 255.255.255.0.? If it is different, you will need to modify that, and >>> ??? of course make the IP address match your config. >>> ??? After you make that edit, run: >>> >>> ??? shorewall restart >>> >>> ??? Verify it was successful, and you should be good to go. >>> >>> ??? - Robert >>> >>> ??? On 11/22/2025 10:44:33 AM, S?awek Adamski via leaf-user wrote: >>> >>> ????? Hello Robert, >>> ????? Thanks a lot for your response. Hmm... the documentation of leaf >>> ????? Bering uClibc is unavailable again: >>> ????? " >>> ?????? Sorry! This site is experiencing technical difficulties. >>> ????? Try waiting a few minutes and reloading. >>> ????? (Cannot access the database) >>> ?????" A month ago I copied near all of that as html files. My answer for >>> you question: I haven't even tried. I don't know how. Marco >>> described another solution for me, but I'm not a Linux man. I didn't >>> understand that. So I did what I described. It works, but not >>> exactly how I wanted. W dniu 22.11.2025 o 13:14, [1]leaf-user- >>> re...@li... pisze: Message: 1 Date: Fri, 21 Nov >>> 2025 12:39:03 -0500 From: "Robert K Coffman Jr. -Info From Data Corp." >>> ????????? [2]<bco...@in...> >>> ????? [3]To:lea...@li... >>> ????? Subject: Re: [leaf-user] Problem with configuration. >>> ????? Message-ID:[4]<66b68c95- ace...@in... > >>> ????? Content-Type: text/plain; charset="UTF-8" >>> ????????? S?awek, >>> ????????? Did you overcome the problems you had with this? >>> ????????? - Robert >>> ????????? On 10/28/2025 4:50:11 PM, S?awek Adamski via leaf-user wrote: >>> ??????????? Hi, >>> ??????????? Please forgive my poor English. >>> ??????????? I have small success. My leaf bering boots from USB and >>> works. >>> ????? Near >>> ??????????? properly. Near. >>> ??????????? I have two PC. One with Windows 11 and second for leaf. Both >>> ????? have >>> ??????????? keyboards and monitors. >>> ??????????? Steps I took: >>> ??????????? 1. Using image Bering-uClibc_x86_vga.img and? Rasberry Pi >>> ????? Imager I >>> ??????????? recorded the first USB with version 7.0.0. In Rasberry Pi >>> ????? Imager I >>> ??????????? set the login and password for that leaf. >>> ??????????? 2. The partition on the USB had only 64 MB so using >>> DiskGenius >>> ????? I >>> ??????????? expanded it to 128 MB. >>> ??????????? 3.? I logged into the booted from USB and upgraded doing: >>> ????? upgrade >>> ??????????? --release 7.5.1. >>> ??????????? 4. I configured that a little. >>> ??????????? And it works. My PC with Windows has access to net via >>> ????? firewall. My >>> ??????????? firewall ignores pings to him. And longing to him from net is >>> ??????????? impossible. And I changed the IP4 number to one I made up. >>> ??????????? But I need two things in configuration. First I want ignore >>> ????? local >>> ??????????? connections from IP doesn't accepted by me. I wrote the >>> ????? accepted >>> ??????????? list to hosts.allow. Something like that, of course with my >>> ????? IP: >>> ??????????? # Allow anything from the local net >>> ??????????? #ALL: 192.168.1.0/255.255.255.0 >>> ??????????? 192.168.1.x >>> ??????????? 192.168.1.y >>> ??????????? 192.168.1.z >>> ??????????? where 192.168.1.x, 192.168.1.y and 192.168.1.z are the >>> allowed >>> ????? IP by >>> ??????????? me. >>> ??????????? But it doesn't work. I don' understood the guide. I'm not >>> ????? linux man. >>> ??????????? Probably it must be done in other way. >>> ??????????? The second which I want is to have working webconf. Now it is >>> ????? still >>> ??????????? asking for login and password in not ending loop. From >>> ????? Firefox, >>> ??????????? Chrome and Edge. Seems something is wrong. >>> ??????????? Best Regards >>> ??????????? S?awek >>> >>> >>> -------------------------------------------------------------------- >>> ??????????? ---- >>> ??????????? leaf-user mailing list: [[5]1]lea...@li... >>> ??????????? [2][6]https://lists.sourceforge.net/lists/listinfo/leaf-user >>> ??????????? Support Request -- [3][7]http://leaf-project.org/ >>> ????? -- >>> ????? Robert K Coffman Jr. >>> ????? Info From Data Corp. >>> ????? 3307249000 >>> ????? [[8]4]su...@in... >>> ????? References >>> ????????? [9]1.mailto:lea...@li... >>> ????????? 2.https://lists.sourceforge.net/lists/listinfo/leaf-user >>> ????????? 3.http://leaf-project.org/ >>> ????????? [10]4.mailto:su...@in... >>> ????? ------------------------------ >>> ????? ------------------------------ >>> ????? Subject: Digest Footer >>> ????? _______________________________________________ >>> ????? leaf-user mailing list >>> ????? [11]lea...@li... >>> ????? [12]https://lists.sourceforge.net/lists/listinfo/leaf-user >>> ????? ------------------------------ >>> ????? End of leaf-user Digest, Vol 204, Issue 1 >>> ????? ***************************************** >>> >>> >>> -------------------------------------------------------------------- >>> ????? ---- >>> ????? leaf-user mailing list: [13]lea...@li... >>> ????? [14]https://lists.sourceforge.net/lists/listinfo/leaf-user >>> ????? Support Request -- [15]http://leaf-project.org/ >>> >>> -- >>> Robert K Coffman Jr. >>> Info From Data Corp. >>> 3307249000 >>> [16]su...@in... >>> >>> References >>> >>> ???1.mailto:lea...@li... >>> ???2.mailto:bco...@in... >>> ???3.mailto:To:lea...@li... >>> ???4.mailto:66b...@in... >>> ???5.mailto:1]lea...@li... >>> ??? 6.https://lists.sourceforge.net/lists/listinfo/leaf-user >>> ??? 7.http://leaf-project.org/ >>> ???8.mailto:4]su...@in... >>> ???9.mailto:1.mailto:lea...@li... >>> ??10.mailto:4.mailto:su...@in... >>> ??11.mailto:lea...@li... >>> ?? 12.https://lists.sourceforge.net/lists/listinfo/leaf-user >>> ??13.mailto:lea...@li... >>> ?? 14.https://lists.sourceforge.net/lists/listinfo/leaf-user >>> ?? 15.http://leaf-project.org/ >>> ??16.mailto:su...@in... >>> >>> >>> ------------------------------ >>> >>> >>> >>> ------------------------------ >>> >>> Subject: Digest Footer >>> >>> _______________________________________________ >>> leaf-user mailing list >>> lea...@li... >>> https://lists.sourceforge.net/lists/listinfo/leaf-user >>> >>> >>> ------------------------------ >>> >>> End of leaf-user Digest, Vol 204, Issue 3 >>> ***************************************** >> >> ------------------------------------------------------------------------ >> leaf-user mailing list:lea...@li... >> https://lists.sourceforge.net/lists/listinfo/leaf-user >> Support Request --http://leaf-project.org/ |
