ipcop-devel Mailing List for IPCop Firewall

Le Friday 29 June 2007 20:06:21 Williams Philip H Ctr HQ Det 2 26 NOG/DOO, 
vous avez écrit :
> I have tried this on 1.4.10 and 1.4.11.  The QoS package installed by
> default and the 3rd party add-on provided by mhaddons both have the same
> problem.  So, I am assuming it is in the underlying architecture of the
> system.  I have made sure that my network cards are all running in full
> duples 100MB.  When QoS is on my bandwidth (per tests at speedtest.net and
> atl.speakeasy.net) is cut in half roughly.  When turned off, the problem
> stops.  I normally get 10MB down without QoS enabled and I get 5-6MB down
> WITH QoS enabled.  I am not the only person experiencing this problem.  I
> have seen similar problems at ipcops.net in the forums.
>

Hello,
Now, try to find the solution. It is not reproductible easily everywhere.
Someone on sourceforge described something about false interpretation
of data entered. Read it. 
https://sourceforge.net/tracker/index.php?func=detail&aid=1550882&group_id=40604&atid=428516

Bye

Le Saturday 30 June 2007 08:35:03 Gilles Espinasse, vous avez écrit :
> Frank
>
>
> I ask you to start a topic on the changes related to add dnsmasq support on
> BLUE.
> I never say you could start to commit adding dns support on BLUE AND
> ORANGE.
>
> You really need to understand that v1.4 is not a development version.
>
> Please stop to commit unfinished work on CVS.
> I will never be able to finish changes that you start a day and let half
> finished.
>
> I must remind you :
> - get_version is not used
> - setfilters was recently wrongly changed for potentially futur changes
> that we don't know
> - snort use now 3 times more memory than before you upgrade the version on
> 1.4.14
>
> Please again, development should be made on svn tree
> And you have to ask for changes that others may not agree.
> Running dnsmask on ORANGE (and maybe on BLUE too) is against our policies,
> why did you start to commit without asking advices?
>
> Gilles

It is not done Gilles. The comment in dnsmasqupdatered are best to explain
something perhaps missued:

DHCP server servers an optionnal domain name. This name in GREEN is used
to determine the DNS namespace for IPcop.
1) what happen when DHCP is not used....
2) then why not inform DNS that two other domain are also local to IPCop?
2a) with the lines in comment....

The problem is we don't have a GUI dedicated to the DNS service. It picks up
some data where it can. Not really good.


Second, dns for blue:
I don't see where DNS service is blocked. Restartswireless don't.
rc.firewall neither....
Probably the same for DNS on orange. I'm looking again.

This investiguation showed another bad construction in 
restartwireless (for me):
No ordering in rules priority.
we have 3 cases
accept on IP
accept on MAC
accept on IP+MAC
The less restrictive rules should come first. 
especially if we add option of specifying
an IP/mask (a strong feature request).
Today they are applied in the datafile order.

Let IPCop sorts?
Let the user sorts in GUI?
Do nothing?

> I must remind you :
> - get_version is not used
you want it to be use instead of of static text?
> - setfilters was recently wrongly changed for potentially futur changes
> that we don't know
filtering rejected packets LOGS is a good candidate.
> - snort use now 3 times more memory than before you upgrade the version on
> 1.4.14
you are re-writing a GUI with base.cgi no? 90% of job is done, including sort
on columns if there is repetitives rules to display.

I will come back on 1.9 when it will have real changes.

Franck

Frank


I ask you to start a topic on the changes related to add dnsmasq support on
BLUE.
I never say you could start to commit adding dns support on BLUE AND ORANGE.

You really need to understand that v1.4 is not a development version.

Please stop to commit unfinished work on CVS.
I will never be able to finish changes that you start a day and let half
finished.

I must remind you :
- get_version is not used
- setfilters was recently wrongly changed for potentially futur changes that
we don't know
- snort use now 3 times more memory than before you upgrade the version on
1.4.14

Please again, development should be made on svn tree
And you have to ask for changes that others may not agree.
Running dnsmask on ORANGE (and maybe on BLUE too) is against our policies,
why did you start to commit without asking advices?

Gilles

I have tried this on 1.4.10 and 1.4.11.  The QoS package installed by defau=
lt and the 3rd party add-on provided by mhaddons both have the same problem=
.  So, I am assuming it is in the underlying architecture of the system.  I=
 have made sure that my network cards are all running in full duples 100MB.=
  When QoS is on my bandwidth (per tests at speedtest.net and atl.speakeasy=
.net) is cut in half roughly.  When turned off, the problem stops.  I norma=
lly get 10MB down without QoS enabled and I get 5-6MB down WITH QoS enabled=
.  I am not the only person experiencing this problem.  I have seen similar=
 problems at ipcops.net in the forums.

When the QoS is enabled I have about 30MB free of 256MB total.  The memory =
usage is close to the same without QoS enabled.

Feature Requests item #1742680, was opened at 2007-06-25 08:57
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=428519&aid=1742680&group_id=40604

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Priority: 5
Private: No
Submitted By: Rob J Meijer (ghede)
Assigned to: Nobody/Anonymous (nobody)
Summary: ipv6 contraq support

Initial Comment:
If you guys are moving to 2.6 any time soon,
proper IPv6 support (with contraq) and configurability would be great. Ipcop is a great IPv4 firewall, but its
continuing lack of proper IPv6 support is becoming
really inconvenient.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=428519&aid=1742680&group_id=40604

Feature Requests item #1742679, was opened at 2007-06-25 08:54
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=428519&aid=1742679&group_id=40604

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Priority: 5
Private: No
Submitted By: Rob J Meijer (ghede)
Assigned to: Nobody/Anonymous (nobody)
Summary: IPv6 tunnel support

Initial Comment:
It would be extremely usefull if ipcop would support
configuring an IPv6 tunnel to some tunnel broker.


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=428519&aid=1742679&group_id=40604

As sending to those list is restricted (to fight spam), I have set an
explicit Reply-to to ipcop-devel list for those lists.

So if you feel the need to reply to a message addressed to one of those
three lists, ipcop-devel will be preselected for the reply.

For ipcop-announce, I could have set ipcop-user as the default reply but I
may miss one message to ipcop-user that I should see in ipcop-devel.

Gilles

Bugs item #1741134, was opened at 2007-06-21 20:45
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=428516&aid=1741134&group_id=40604

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Installation
Group: 1.4.15
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: martin52 (martin52)
Assigned to: Nobody/Anonymous (nobody)
Summary: installation halts on: Probing SCSI devices...

Initial Comment:
Hello,

When I try to install IPCop 1.4.2 or IPCop 1.4.15, it is just that. Installation halts on: Probing SCSI devices...
My pc is a HP Vectra PII 233Mhz, 128mb ram, 4G hd, cdrom, floppy and no scsi devices.
This pc runs happely for several years now IPCop 1.3.9. and previous versions. I never had this problem.
I gambled and did try to start the installation with a noscsi option but that is not avaliable. 
Is this a bug? Or did I miss a line in some documentation. I did try to find information on this or my problem. Read documentation, checked FAQ's, checked the known bugs.

I need some help on this.

martin

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=428516&aid=1741134&group_id=40604

Bugs item #1740605, was opened at 2007-06-20 16:37
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=428516&aid=1740605&group_id=40604

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: VPN
Group: 1.4.15
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Spock (jjspacca)
Assigned to: Nobody/Anonymous (nobody)
Summary: NAT on NET2NET VPN Connection

Initial Comment:
I currently have a NET2NET VPN configured that connects to a remote office. I also have a second PIX NET2NET VPN at our main office that connects to a client. The remote office also needs to connect to our client through the PIX VPN connection. Our client requires all connections to have a source IP of our main office subnet. 

 The pix is configured with nonat so if I wanted to nat at the pix I would have to change of main office subnet and I was trying to avoid that. The linksys does not have any option to nat through the vpn.

Is there a way in IPCOP to nat the traffic that comes in from our remote office?

Thanks,
John

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=428516&aid=1740605&group_id=40604

Bugs item #1740050, was opened at 2007-06-20 10:13
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=428516&aid=1740050&group_id=40604

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Installation
Group: 1.4.15
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Poida (peter_j_c)
Assigned to: Nobody/Anonymous (nobody)
Summary: USB ADSL

Initial Comment:
Hi
I'm not sure where to ask this question, so here goes...
I have been using IPCop with 2 NIC's and have had no trouble whatsoever, but now need to change the box over to a much smaller one (HP e-Vectra) that has only one NIC and no expansion slots. I have downloaded the USB driver for D-Link DSL-502T ADSL from the site on the upload page, and set the ADSL modem field to the one that has D-Link listed, but I cannot seem to connect. As the modem contains all the conection info, I'm not sure what I have to put into all the fields on that screen, and they don't all match what my ISP has given me.

I know that this is probably not very specific, but I'm no sure what information you would need, and I'm not an expert!

Any help wuold be apreiated!

Pete

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=428516&aid=1740050&group_id=40604

----- Original Message ----- 
From: "Robert Kerr" <Lit...@xs...>
To: <ipc...@li...>
Sent: Tuesday, June 19, 2007 8:43 PM
Subject: Re: [IPCop-devel] Timing for 1.4.16


> On Fri, 2007-06-15 at 12:58 +0200, Gilles Espinasse wrote:
>
> > If any of you have some knowledge on reducing memory used by snort by
changing
> > the configuration file, I would be happy to have some explanations.
>
> > The way I know to reduce memory usage is to reduce the rules number
used. As it
> > can't made arbitrary, the way to go is to allow managing the rules from
the web
> > interface.
>
> Reducing the number of rules would work, but an easier alternative is to
> use the lowmem pattern matching algorithm. This is configurable with the
> search-method arg to the detection config directive:
>
The problem is that we already use low-mem.
That's reported at start
Detection:
Search-Method = Low-Mem

> http://www.snort.org/docs/snort_htmanuals/htmanual_2615/node32.html
>
> A summary of the speed and memory tradeoffs of the various pattern
> matchers can be found here:
>
> http://www.snort.org/docs/faq/3Q06/node86.html
>
Thank I didn't find this.
That's interesting but could be partially outdated on 2.6.1.x
The recommended search-method on RELEASE.NOTES for small memory footsprint
is ac-bnfa

On snort forum, one person have tested memory consumption with different
search-method
http://www.snort.org/reg-bin/forums.cgi?forum_id=2&topic_id=4287
ac-std moderate memory, high performance 800 MB
ac high memory, best performance 600 MB
ac-banded small memory, moderate performance 400 MB
ac-sparsebands small memory, high performace 250 MB
acs small memory, moderate performance 200 MB
ac-bnfa low memory, high performance 20 MB
lowmem small memory, low performance 20 MB

With low-mem, 20 MB are far less than our 60 MB before rules update and 85
MB after rules update. But I don't know with wich ruleset/configuration it
was tested.

I have removed all *.rules and applied the rules update again to check there
was not a problem with pr-2.4 rules. Same 85 Mb is reported for each
interface.


> Though I must admit I thought the more recent 2.6 versions defaulted to
> a much less memory hungry pattern matcher than the earlier ones.
>
default setting is still ac-std on 2.6.1.5

> I'm still of the opinion though that 99% of the people using snort could
> switch it off tomorrow and never know the difference. As much as it's
> nice to have for the enthusiasts most people simply don't have the time
> to tune it and absorb the info it produces.
>
I am sure you are right.
Some like to add guardian.
That could help to disable attack but could be vulnerable to DOS on
legitimate ressources you use.
If the attacker know you run guardian, he could send you attack with
spooffed addresses on those ressources and you no more will be able to
connect unless you define those ressources in guardian.ignore.

Gilles

On Fri, 2007-06-15 at 12:58 +0200, Gilles Espinasse wrote:

> If any of you have some knowledge on reducing memory used by snort by changing
> the configuration file, I would be happy to have some explanations.

> The way I know to reduce memory usage is to reduce the rules number used. As it
> can't made arbitrary, the way to go is to allow managing the rules from the web
> interface.

Reducing the number of rules would work, but an easier alternative is to
use the lowmem pattern matching algorithm. This is configurable with the
search-method arg to the detection config directive:

http://www.snort.org/docs/snort_htmanuals/htmanual_2615/node32.html

A summary of the speed and memory tradeoffs of the various pattern
matchers can be found here:

http://www.snort.org/docs/faq/3Q06/node86.html

Though I must admit I thought the more recent 2.6 versions defaulted to
a much less memory hungry pattern matcher than the earlier ones.

I'm still of the opinion though that 99% of the people using snort could
switch it off tomorrow and never know the difference. As much as it's
nice to have for the enthusiasts most people simply don't have the time
to tune it and absorb the info it produces.

-- 
 Robert Kerr

Bugs item #1739330, was opened at 2007-06-18 14:27
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=428516&aid=1739330&group_id=40604

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Installation
Group: 1.4.15
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Spock (jjspacca)
Assigned to: Nobody/Anonymous (nobody)
Summary: Multiple Alias Issue

Initial Comment:
I am currently running into an issue with multiple aliases. I have a pool of 5 external addresses supplied from my ISP. One address is being used by my Red interface and I am using 2 others setup as aliases. So the setup is as follows:

208.XXX.XXX.24 Red Interface
208.XXX.XXX.26 Alias 1 pointed to internal address 192.168.x.99
208.XXX.XXX.29 Alias 2 pointed to internal address 192.168.x.100

Alias 1 is an IIS web server setup for development.

Alias2 is an Apache web server running on linux setup with multiple name virtual hosts. It is used for development purposes as well.

I have setup up port forwarding for Alias 1 (TCP, Port 80 to Port 80) and it will always work. 
The port forwarding for Alias 2 (TCP, Port 80 to Port 80 and Port 22 to Port 22) will work for a short period of time then I start getting connection refused messages from the SSH client and IE will stop displaying the website.  If I reboot IPCOP everything will work ok for a while and then the cycle starts again.

I have checked all the logs in the system and I cannot see where the rejection is coming from.  I have also checked all the logs on the linux server and I am not seeing the errors there as well. 

Any help would be appreciated.

Thanks,
John
j_s...@ho...



----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=428516&aid=1739330&group_id=40604

Feature Requests item #1738484, was opened at 2007-06-16 17:34
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=428519&aid=1738484&group_id=40604

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Interface Improvements (example)
Group: None
Status: Open
Priority: 5
Private: No
Submitted By: JaleXNet (jalexnet)
Assigned to: Nobody/Anonymous (nobody)
Summary: User mode for access GUI Ipcop (Only Read)

Initial Comment:
create User-mode account for GUI Ipcop access (Only Read), for the "boss" for example...

PD : Sorry my english

PD2 : is understood the idea?

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=428519&aid=1738484&group_id=40604

Le Saturday 16 June 2007 12:09:53 Gilles Espinasse, vous avez écrit :
> Looking for the smallest page (in term of code size) to extend ids.cgi, I
> find a not so consistent behavior on xtaccess.cgi.
>
> The reason is in this small part
> if ($cgiparams{'ACTION'} eq '') {
>  $cgiparams{'PROTOCOL'} = 'tcp';
>  $cgiparams{'DEST'} = '0.0.0.0';
>  $cgiparams{'ENABLED'} = 'on';
> }
>
> PROTOCOL and DEST are only preset to default value when no action is
> required.
> So when you display the page the first time, PROTOCOL is preset to TCP.
> But when you remove one line already registrer, ACTION is not empty and
> PROTOCOL appear preset to UDP.
>
> For ENABLED, I think this is the only solution to preset 'on' there,but why
> DEST and PROTOCOL could not preset to default values at the beginning of
> the page?
> This would too fix warnings 'Use of uninitialized value in concatenation'
> for PROTOCOL and DEST not defined during 'remove' action.
>
> I don't find a reason to undef %cgihash on 'add' action.
> It just add more warnings because ACTION is no more defined.
>
> $selected{} was not properly constructed with aliases adresses.
> This produce this sort of warning on log when run with warning enabled:
> Use of uninitialized value in concatenation (.) or string at
> /home/httpd/cgi-bin/xtaccess.cgi line 207, <ALIASES> line 1.
>
> I replace the dummy workaround with use warnings; no warnings 'once'
>
> This patch should fix all those problems. Any remarks?
>
> Gilles

The solution for those small simple cgi is to convert them to the 'base.cgi'.
Ok, the last one uses a mechanism to isolate the cgi from manipulating
directly ipcop data files. Use previous version.

It takes one hours or less to transfer the logic of any to base.cgi

Looking for the smallest page (in term of code size) to extend ids.cgi, I
find a not so consistent behavior on xtaccess.cgi.

The reason is in this small part
if ($cgiparams{'ACTION'} eq '') {
 $cgiparams{'PROTOCOL'} = 'tcp';
 $cgiparams{'DEST'} = '0.0.0.0';
 $cgiparams{'ENABLED'} = 'on';
}

PROTOCOL and DEST are only preset to default value when no action is
required.
So when you display the page the first time, PROTOCOL is preset to TCP.
But when you remove one line already registrer, ACTION is not empty and
PROTOCOL appear preset to UDP.

For ENABLED, I think this is the only solution to preset 'on' there,but why
DEST and PROTOCOL could not preset to default values at the beginning of the
page?
This would too fix warnings 'Use of uninitialized value in concatenation'
for PROTOCOL and DEST not defined during 'remove' action.

I don't find a reason to undef %cgihash on 'add' action.
It just add more warnings because ACTION is no more defined.

$selected{} was not properly constructed with aliases adresses.
This produce this sort of warning on log when run with warning enabled:
Use of uninitialized value in concatenation (.) or string at
/home/httpd/cgi-bin/xtaccess.cgi line 207, <ALIASES> line 1.

I replace the dummy workaround with use warnings; no warnings 'once'

This patch should fix all those problems. Any remarks?

Gilles

Selecting rules by major groups, ok;
Also choosing 'detection engine' enables
or not is a good choice.

For 1.4.17

I have been far long than intented on snort modifications and find new issues
that should be solved before releasing 1.4.16.

First with Frank, we fix some failures causes on stop/start.

But the way we run snort has become very memory hungry after 1.4.13.
On 1.4.13, snort-2.3.3 use 18 MB at start per interface.
On 1.4.14, after snort upgrade to 2.6.1.3 :
- with pr-2.4 rules supplied on 1.4.14, it use 60 MB per interface.
- after updating the ruleset to CURRENT version, snort use 85 MB per interface.
I have to look if some .rules include in pr-2.4 ruleset could be
removed/disabled after the ruleset update to CURRENT.

If any of you have some knowledge on reducing memory used by snort by changing
the configuration file, I would be happy to have some explanations.

The way I know to reduce memory usage is to reduce the rules number used. As it
can't made arbitrary, the way to go is to allow managing the rules from the web
interface.

I have first changed the way we manage rules update.
A new way to manage rules update in place:
- load of a ruleset from snort.org is separated from installation of the rules.
- a ruleset loaded is keept on /var/log/snort.
This allow to apply changes to a ruleset during installation.
Ruleset installation can be repeated every time needed with the same ruleset.
Keeping the ruleset (1.5MB) on /var/log may be a problem on FLASH configuration
but I don't think FLASH configuration would use snort a lot.
Some strings have been added that translators could already work on.

This change was a first step to support a simple rules management system :
- disable/enable an entire .rules file on selected interfaces
- disable/enable an individual sid on selected interfaces
The rules editor part is not yet commited. I hope to finish in two days.
I would need to add two new strings for that.

After I would:
- let a few days to translators for the new strings,
- release a test version for one week
- then release 1.4.16.

There is a few works that will be done during the time let to translators before
releasing the test version:
- fix mounting usb key on a raid configuration (device letter could be shifted
by one in raid case)
- finish noscsi option on install
- a few little details I notice in my todo list but do not remember
- bugs reported on sourceforge

What will probably not be addressed in 1.4.16
- dhcpd-3.0.5 warn for duplicate when a static IP is defined (at least on a
windows client)
an ip from the pool is first given, then the static ip (out of the pool range)
is given with the duplicate message
That could be fixed by a newer dhcp version but 3.1 is only at rc1 stage from
yesterday.

Gilles

Bugs item #1736796, was opened at 2007-06-13 17:35
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=428516&aid=1736796&group_id=40604

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Kernel
Group: 1.4.15
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Martin Radvany (mradvany)
Assigned to: Nobody/Anonymous (nobody)
Summary: Kernel panic during blue interface modules

Initial Comment:
With 1.4.14 and 1.4.15 when installing a Green, Orange, Red and Blue or Green, Red, Blue on my hardware (realtek 3 port gigabit) with intel single port as green there is a kernel panic it comes to setting up the blue interface after MASQ modules. I dropped back to 1.4.13 and the install went just fine. When I originally installed 1.4.11 there was also no problem.  

I had applied all the patches from 12-15 and everything ran fine until things became unstable after loading cop-filter .83 beta1 and 2. By unstable processes were randomly shutting down; IDS, web proxy, etc.  I went to reload I tried to reinstall 1.4.11 and it complained about the updates, so I downloaded a fresh CD of 1.4.15 and no joy, then 1.4.14, no joy, 1.4.13 - Yeah!

Let me know if you need more info.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=428516&aid=1736796&group_id=40604

As the translation specialist, did you remember why we do not use double
quote in every string with a 'submit' button?
I was hit by a troncated string at the quote in french
So 'read last rules installation log'  is displayed as 'Lire le dernier
historique d'
instead of 'Lire le dernier historique d\'installation des règles'
Quote is escaped to not broke perl ( this work).

String is incomplete when a simple quote is in the string <input
type='submit' name='ACTION' value='$Lang::tr{'read last rules installation
log'}' />

But using double quote work in all cases.
<input type='submit' name='ACTION' value="$Lang::tr{'read last rules
installation log'}" />

The only limitation is when using perl print directly with print "<my html
code>";

It look there has been another solution used in time.cgi (using  code &#039;
and cleanhtml after) but this look more complicated.
I find only one 039 in /var/ipcop/langs (for time.cgi)

Gilles

----- Original Message ----- 
From: Leonardo Uzcategui
To: ipc...@li...
Sent: Friday, June 08, 2007 9:53 PM
Subject: [IPCop-devel] ipcop 1.4.11 and kernel 2.6.x


> Hello
>
> It´s posibble add kernel 2.6.X to ipcop 1.4.11?
>
> If this its posibble, can any help me do this?
>
That's doable but with certain limits.
It will broke VPN, usb adsl modem and probably a bit more (other driver that
name change from 2.4 to 2.6). Except those problems, it should work.
boot floppy would be too big but boot from usb key, pxe or cdrom should
work.

I will not support that.

All you have to do is to compile the entire distribution, then add a
lfs/linux-2.6 where you would compile a linux-2.6 kernel with same iptables
version.

Gilles

Hello

It=B4s posibble add kernel 2.6.X to ipcop 1.4.11?

If this its posibble, can any help me do this?

Thanks

Leonu

Bugs item #1732777, was opened at 2007-06-07 07:40
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=428516&aid=1732777&group_id=40604

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: User Interface
Group: 1.4.15
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Mike Harris (mharris007)
Assigned to: Nobody/Anonymous (nobody)
Summary: NTP config - Doesn't allow a URL beginning with a number

Initial Comment:
When setting up the "Time Server" configuration in IPCop, it seems to not like receiving a time server which begins with a number.

For example, IPCop doesn't like it when 2.us.pool.ntp.org or 1.us.pool.ntp.org or 0.us.pool.ntp.org 

When any of those (as an example) are entered as either the primary or the secondary ntp server the following error is received:

Invalid Primary NTP server address 

or

Invalid Secondary NTP server address 

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=428516&aid=1732777&group_id=40604

Bugs item #1731992, was opened at 2007-06-06 14:30
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=428516&aid=1731992&group_id=40604

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Installation
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Vacancy (vacancy)
Assigned to: Nobody/Anonymous (nobody)
Summary: green trubbles

Initial Comment:
It's not possible to change the Green Interface once Setup is done. If you using some NIC and you must change it is not so easy to do this you must change configfiles it's not possible to do this in setup


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=428516&aid=1731992&group_id=40604

Feature Requests item #1731988, was opened at 2007-06-06 14:26
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=428519&aid=1731988&group_id=40604

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Priority: 5
Private: No
Submitted By: Vacancy (vacancy)
Assigned to: Nobody/Anonymous (nobody)
Summary: OSPF function

Initial Comment:
Full Layer 3 functionality 
OSPF functions.......
VLAN Management
just an idea 

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=428519&aid=1731988&group_id=40604