Menu
▾
▴
Re: [leaf-user] leaf-user Digest, Vol 205, Issue 19
|
From: Sławek A. <sa...@wa...> - 2025-12-25 20:41:07
|
W dniu 24.12.2025 o 13:16, lea...@li... pisze: > Send leaf-user mailing list submissions to > lea...@li... > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.sourceforge.net/lists/listinfo/leaf-user > or, via email, send a message with subject or body 'help' to > lea...@li... > > You can reach the person managing the list at > lea...@li... > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of leaf-user digest..." > > > Today's Topics: > > 1. Re: leaf-user Digest, Vol 205, Issue 17 (Erich Titl) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 23 Dec 2025 23:49:07 +0100 > From: Erich Titl<eri...@th...> > To:lea...@li... > Subject: Re: [leaf-user] leaf-user Digest, Vol 205, Issue 17 > Message-ID:<83e...@th...> > Content-Type: text/plain; charset="utf-8"; Format="flowed" > > Hi Slavek > > Am 23.12.2025 um 23:25 schrieb S?awek Adamski via leaf-user: >> Merry Christmas to everyone, >> > ....> >> auth.backend? ? ? ? ? ? ? ? ?= "htpasswd" >> auth.backend.htpasswd.userfile? = "/var/webconf/www/.htpasswd" >> #auth.backend.plain.userfile? = "/etc/lighttpd/lighttpd.user" >> #auth.backend.plain.groupfile = "/etc/lighttpd/lighttpd.group" >> >> #auth.backend.ldap.hostname = "localhost" >> #auth.backend.ldap.base-dn? = "dc=my-domain,dc=com" >> #auth.backend.ldap.filter? ?= "(uid=$)" >> server.modules += ( "mod_auth" ) >> auth.require? ? ? ? ? ? ? ?= ( "/" => >> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?( >> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?"method"? => "basic", >> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?"realm"? ?=> "Login", >> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?"require" => "valid-user" >> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?), >> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?) >> >> ## >> ####################################################################### >> I restarted leaf but this change doesn't help. > Which means that this is probably not the problem. > >> But I have other news. It's good news for me. As I mentioned earlier, I >> have two flash drives. Both have Leaf on them. The first was made using >> Raspberry Pi Imager from image of version 7_0_0. I made upgrade to 7_5_1 >> and configured it. It's very possible that I set this password and don't >> remember it. Nine years break from making next leaf - a lot of new >> stuff. This leaf works. I just don't have webconf and there's no list of >> acceptable IPs. I don't know how to create this list. > What makes you think that there is such a list? I personally would not > know where to look for it. Did you ever have such a list? Yes. I had. In my previous leaf. I configured it nine years ago. It was version 5.2.6. > > Something's not >> working. But I made a second flash drive. Syslinux for made it bootable. >> Unpack and copy Bering-uClibc_7.5.1_i686_syslinux_vga.tar.gz? to >> pendrive. And configure in my way. The second leaf has working webconf. > Ok so you managed to get webconf working > >> But he had no access to the Internet. Means the leaf had (ping 8.8.8.8) >> but connected to it local PC not. > So that means either routing is not correct or you blocked the route > with shorewall. > > So, using PuTTy, I copied all >> configuration files from lrcfg to my Windows PC. All from first and all >> from second. For compare them. I will tell you right away that despite >> the same number (7_5_1) these are slightly different configurations. > Because you posssibly modified them. What were the differences? > >> These are without my changes. Probably upgrade wasn't correct. > Upgrade cannot always handle big differences which often stem from > uplink. It keeps the files in /tmp with the extensions .old .new and > .current for inspection and manual intervention. It issues warnings > about those. > > But >> cofiguring the second leaf I made stupid mistake. I made a mistake when >> writing the IP number in the file /etc/shorewall/snat. And that's why I >> didn't have internet. > So that was your glitch. > > But I would still like to have a list of accepted >> local IPs. What I did doesn't work and I don't know how to do it. > Again, what makes you think such a list exists? Typically you would > accept an entire subnet and then make exceptions in the file > /etc/shorewall/rules. Yes. Exactly. In /etc/shorewall/rules I had: DNAT net loc:xxx.yyy.zzz.loc1 tcp 28111 DNAT net loc:xxx.yyy.zzz.loc1 udp 28111 DNAT net loc:xxx.yyy.zzz.loc2 tcp 28112 DNAT net loc:xxx.yyy.zzz.loc2 udp 28112 DNAT net loc:xxx.yyy.zzz.loc3 tcp 28113 DNAT net loc:xxx.yyy.zzz.loc3 udp 28113 DNAT net loc:xxx.yyy.zzz.loc4 tcp 28114 DNAT net loc:xxx.yyy.zzz.loc4 udp 28114 DNAT net loc:xxx.yyy.zzz.loc5 tcp 28115 DNAT net loc:xxx.yyy.zzz.loc5 udp 28115 DNAT net loc:xxx.yyy.zzz.loc6 tcp 28116 DNAT net loc:xxx.yyy.zzz.loc6 udp 28116 DNAT net loc:xxx.yyy.zzz.loc7 tcp 28117 DNAT net loc:xxx.yyy.zzz.loc7 udp 28117 DNAT net loc:xxx.yyy.zzz.loc8 tcp 28118 DNAT net loc:xxx.yyy.zzz.loc8 udp 28118 DNAT net loc:xxx.yyy.zzz.loc9 tcp 28119 DNAT net loc:xxx.yyy.zzz.loc9 udp 28119 and it works to today. In version 5.2.6. But in version 7.5.1 not. > > cheers > > ET > |
