Re: [leaf-user] leaf-user Digest, Vol 205, Issue 17

[Erich T. <eri...@th...>]

Hi Slavek

Am 23.12.2025 um 23:25 schrieb Sławek Adamski via leaf-user:
> Merry Christmas to everyone,
> 
....>
> auth.backend                 = "htpasswd"
> auth.backend.htpasswd.userfile  = "/var/webconf/www/.htpasswd"
> #auth.backend.plain.userfile  = "/etc/lighttpd/lighttpd.user"
> #auth.backend.plain.groupfile = "/etc/lighttpd/lighttpd.group"
> 
> #auth.backend.ldap.hostname = "localhost"
> #auth.backend.ldap.base-dn  = "dc=my-domain,dc=com"
> #auth.backend.ldap.filter   = "(uid=$)"
> server.modules += ( "mod_auth" )
> auth.require               = ( "/" =>
>                                 (
>                                   "method"  => "basic",
>                                   "realm"   => "Login",
>                                   "require" => "valid-user"
>                                 ),
>                               )
> 
> ##
> #######################################################################
> I restarted leaf but this change doesn't help.

Which means that this is probably not the problem.

> 
> But I have other news. It's good news for me. As I mentioned earlier, I 
> have two flash drives. Both have Leaf on them. The first was made using 
> Raspberry Pi Imager from image of version 7_0_0. I made upgrade to 7_5_1 
> and configured it. It's very possible that I set this password and don't 
> remember it. Nine years break from making next leaf - a lot of new 
> stuff. This leaf works. I just don't have webconf and there's no list of 
> acceptable IPs. I don't know how to create this list. 

What makes you think that there is such a list? I personally would not 
know where to look for it. Did you ever have such a list?

Something's not
> working. But I made a second flash drive. Syslinux for made it bootable. 
> Unpack and copy Bering-uClibc_7.5.1_i686_syslinux_vga.tar.gz  to 
> pendrive. And configure in my way. The second leaf has working webconf.

Ok so you managed to get webconf working

> But he had no access to the Internet. Means the leaf had (ping 8.8.8.8) 
> but connected to it local PC not. 

So that means either routing is not correct or you blocked the route 
with shorewall.

So, using PuTTy, I copied all
> configuration files from lrcfg to my Windows PC. All from first and all 
> from second. For compare them. I will tell you right away that despite 
> the same number (7_5_1) these are slightly different configurations.

Because you posssibly modified them. What were the differences?

> These are without my changes. Probably upgrade wasn't correct.

Upgrade cannot always handle big differences which often stem from 
uplink. It keeps the files in /tmp with the extensions .old .new and 
.current for inspection and manual intervention. It issues warnings 
about those.

  But
> cofiguring the second leaf I made stupid mistake. I made a mistake when 
> writing the IP number in the file /etc/shorewall/snat. And that's why I 
> didn't have internet.

So that was your glitch.

  But I would still like to have a list of accepted
> local IPs. What I did doesn't work and I don't know how to do it.

Again, what makes you think such a list exists? Typically you would 
accept an entire subnet and then make exceptions in the file 
/etc/shorewall/rules.

cheers

ET

-- 
„Wer von seinem Tag nicht zwei Drittel für sich hat, ist ein Sklave.“
―Friedrich Nietzsche