Freesco 035

[Barsick]

http://freesco.org

 

Changes from 0.3.4 to 0.3.5

 

Removed the ip_masq_cuseeme.o module. This module has never been configured or

used in any version of FREESCO, so there was no reason to leave it installed.

 

Repaired bug in the setup for adding extra SSH options.

 

Repaired useradd script to chown the users web page correctly.

 

Repaired carriage return needed in the /etc/group file for FTP users.

 

Repaired rc_masq DHCP server problem when local networks are not trusted and

the DHCP client is not enabled and also allow ping responses through the router

for PPPoE and PPtP users in some machines.

 

Repaired fd leak when using SSH with the -L and -R flags at the same time.

 

Repaired the pppoe binary to remove some compiling errors, thanks to justdave.

 

Repaired the pptp binary to remove some compiling errors, thanks to justdave.

 

Repaired security problem for dialout control users in the FTP server.

 

Repaired ifconfig to no longer report a 10Mb connection.

 

Repaired bug in the Dropbear ssh client, so that unknown hosts can be added

automatically to the trusted hosts file.

 

Repaired a bug in the control panel when trying to remove a single entry that

included a subnet "/", which caused the restrict.cfg file to be erased.

 

Repaired memory fault when trying to view a very large restriction list in the

control panel.

 

Repaired "ps" command to work with non root users

 

Changed the rc_net script so that aliased interfaces can be enabled in the

advanced network the same as normal interfaces and added aliased interfaces

into the list of options in the setup as well as the "dummy" interface which

can be used when no network cards are installed on a strictly RAS dialin server.

 

Changed the snarf binary to repair the dyndns client so that all usernames and

passwords should function correctly.

 

Changed the DNS server to give out the correct IP address for the interface

it is requested on as well as for local dyndns URL's if they are enabled.

Thanks to justdave for modifying the dnsmasq source code to accomplish this

as well as optimizing for size by removing unneeded options.

 

Changed the built in web server to be more CGI friendly. So it will now execute

all .cgi files and not just limited to the /www/cgi directory. Also changed the

directory listings so they can be customized with a style.css file and added the

custom error pages option to the default server so that if you create a

/www/errors directory and put error files in it such as err500.html it will

be displayed when error 500 is sent from the server rather than the built in

page. Some optimization for size, thanks to justdave for his help.

 

Changed the dyndns updates to every fifteen days rather than once a month which would

caused a warning email from dyndns about "your account will expire, if not

updated". Also changed the default crond entry to check for updates every day

rather than just at the beginning of the month.

 

Changed the default color scheme of the control panel.

 

Changed the FTP syslog facility for logins so they are now recorded under "auth"

rather than "info". Also optomized the FTP server for size, thanks to justdave.

 

Changed rc_ras to be able to be restarted when the primary configuration is

set to any kind of PPP connection without stopping the primary connection.

 

Changed ile command line history from version 2.01 to version 2.7-Freesco.

This change was to reduce the code size by removing unused options as well as to

repair the code so that tab completion works and double tab shows all

available command options was added. Also repaired the delete key so that it

functions properly as well as the HOME move cursur to the beginning of the line

and the END move cursor to the end of the line heys. Thanks to justdave for

modifying and correcting the source code.

 

Changed the lpd server to version 1.4-Freesco and customized the binary

specifically for FREESCO. The new lpd server runs on one port (515 default) and

has multiple queues that can be assigned for different printers. Up to ten raw

queues and ten feed queues can be assigned. These queues can either just be

different names for the same printer or they can be for separate printers. The

new lpd server resolves the problems with NT/2K/XP systems being able to use

more than just one printer. Thanks to justdave for his assistance modifying the

source code.

 

Changed the logrotate script into a binary. This change reduces the standard CPU

usage by 65% which greatly increases performance on minimum hardware over all

previous versions of FREESCO. Thanks to justdave for his help creating the new

binary

 

Changed the advanced network setup auto configure option to recognize existing

subnets and not duplicate them for the network being configured as well as

asking for the DHCP range desired.

 

Changed the /etc/profile so that if the root user is disabled then the user who

has root privileges is still treated the same as the original root user

 

Recompiled pppd and removed IPX support as well as some extra superfluous words

in error messages to optimize for size.

 

Added scripting in the rc_masq to prevent the firewall from running more than

one restart at a time. This prevents automatic as well as manual restarts from

causing networking problems.

 

Added a new script "remotelog" this script is capable of sending real-time

logs through a SSH session so that logs can be viewed remotely in real time

the same as screen 3. Just login to a remote console and type "remotelog"

to activate it.

 

Added the shaper module and shaperctl to control local bandwidth. This module

is capable of being configured to limit download bandwidth for all or just

some clients. Upload bandwidth can be controlled on a site by site basis.

Allowed control speeds are from 9660bps to 250000bps. This option is still

experimental and not all of the problems or quirks have been worked out yet.

So even though it is included it is not recommended to enable it for general use.

 

Added PPtP multi-client support to the default kernel and removed the log errors

when a PPP primary connection is used. Also removed the loose_udp option which

was causing some connection stability problems with certain applications.

 

Added getting the external IP address remotely into the dyndns script. This

solves all problems when FREESCO is running behind another firewall, or through

a DSL modem and anytime FREESCO has a local IP on the external interface it

can retrieve the true external IP address for an update.

 

Added color enhancements to the setup script.

 

Added MAC address translation into the access control so that MAC addresses

can be used the same as IP addresses.

 

Added a MAC address monitor, so that FREESCO can watch the local network for

any new machines connected and if a new machine connects it accesses the

restrict.cfg and resets the firewall if that MAC address is in the file so

that restricted or allowed MAC addresses are added to the firewall rules with

there true IP address. This feature is automatically enabled when MAC addresses

are used in the /etc/restrict.cfg file instead of IP addresses.

 

Added a "Connected clients" button to the control panel. This uses the arpf

binary and will show all of the clients on all subnets connected to FREESCO.

arpf is a customized and stripped version of arp 1.84

 

Added viewing system saved logs in the control panel.

 

Added individual allowed login times for all RAS users, so that each user can

be restricted at different times. Also added a connection time limit for

RAS users so that a maximum connection time can be set on an idividual basis.

 

Added a PPP monitor that is capable of monitoring ethernet PPP connections and

restarting the connection if it fails.

 

Added the ability to choose whether to try and stealth or reject ports in the

firewall. Rejected ports create less network traffic, but stealth may be

desired in some cases. The new firewall defaults to "reject".

 

Added scp "Secure Copy Protocol" binary, and optimized Dropbear for size

with the help of justdave. Also added multiple patches to fix various minor

bugs in Dropbear as well as some minor modifications to show logins in the

correct location with the log facility. Also added the most recent security

patches.

 

Added the ability to customize the color scheme of the control panel in the

advanced setup.

 

Added an option to disable the modem speaker for RAS connections.

 

Added ile command line history to always be enabled in setup mode.

 

Added statistical information into the login log for RAS users so that the

received and sent bytes are logged as well as the total connection time.

 

Added hardware information into the advanced setup that displays the detected

CPU and PCI network cards as well as memory and IO ports.

 

Added enabling and disabling package firewall rules from within the advanced

package setup.

 

Added an option in the DHCP server to configure a WINS server in DHCP leases

that is installed and configured directly on the router (such as Samba).

 

Added a network statistics monitor to screen 5. This monitor displays real

time statistics for all network devices. This monitor is enabled by default

but it can be disabled in the advanced setup.

 

Added a test into the setup to hopefully reduce the number of users who use

a fully qualified domains on there routers.

 

Added an option into the FTP server to adjust the number of connections from

a single IP address rather than the previously hard coded maximum of two.

 

Added FTP bandwidth control.

 

Added a test into the advanced network DHCP range setup so that incorrect

entries are no longer accepted.

 

Added a new mode to the DNS server ,"e" mode which means (secure exclusive).

This new mode forces clients to exclusively use the built in caching DNS server

as there only DNS server. The new mode is intended for use with the DNS

configuration file so that if specific URLs are defined with a IP in that file ,

the clients can not use another DNS server to resolve the name differently.

This mode is very useful for unwanted URLs and or parental control.

 

Added bringing up a "dummy" interface when a DHCPOFFER fails on the external

interface. This allows the entire internal network to function correctly and

continue to try for a lease in the background. Once a lease is obtained the

"dummy" interface is removed and the system starts using the normal Internet

interface with full functionality at all times.

 

Added a security warning if the web control panel is enabled world wide visible.

 

Added a security warning if the DNS is enabled world wide visible.

 

Added the ability to change the web control "admin" user-name to any user-name

of your choice in the advanced setup.

 

Added the ability to disable the console super user "root" and create a new

super user with the user-name of your choice in the advanced setup.

 

Added a new animated boot logo to the main boot process screen as well as some

format changes to the starting screen.

 

Added exporting the network/subnet in the firewall as a variable named $NET#,

where # is a number between 0 and 9 and represents the network#. This allows

for very specific firewall rules to be placed in any rc_? script easily.

 

Currently 64K free on the floppy.

[npokypop]

а что по русскому ты скажешь о этой вещи ?

[ram_scan]

По русскому можно сказать что хорошая штука и йузать ее стоит там где ей место.

[Barsick]

Changes fron 035 to 036

 

Repaired comma syntax in the setup.

 

Repaired routing problem to PPPoE modems when the "route" option is enabled so that direct access to the modem control page is allowed for all trusted internal networks. Which also means that setting a single network as untrusted removes that networks access to the modems control panel even when the route is enabled.

 

Repaired pppmon to function correctly, also integrated it into the rc_net script so that the entire network is not restarted when it is called from pppmon and it only kills the pppd process. This also keeps all of the network statistics intact for all of the interfaces. The rc_net has also been changed so that it does not not kill the pppmon process when it shuts down when called from pppmon. Changed the timeouts in pppmon so that pppd has control over most connection issues except when it is unable to recover the connection itself. Added an lcp-echo-interval and lcp-echo-failure time limit into the pppd options for PPPoE connections. The new intergration and changes should make ethernet PPP connections much more stable as well as reliable even on systems with less than reliable service.

 

Repaired -b flag error in the pkg script when installing a ramdisk package.

 

Repaired the WLDC= variable in the dyndns script so that wildcard=on can be enabled through the client. Also repaired a small bug in the dyndns script which caused an error the first time it is ran. Some scripting changes to reduce the total script size.

 

Repaired the web server to execute CGI scipts when user web pages are disabled. This repair adds a new flag to thttpd, the -W command line flag now has control over enabling user web pages. Thanks to justdave for the code changes.

 

Repaired the "userdel" script to delete FTP users rather than reporting the user does not exist.

 

Changed the default IP and network range for all Ethernet PPP connections as well as added a modem IP section into the setup anytime a Ethernet PPP connection is enabled with the "add route" option. This is due to larger numbers of modems defaulting to the 192.168.0.1/24 IP/subnet from the factory.

 

Changed the update file for the dyndns client so that it uses a separate file for storing current update information. This resolves a problem if the machine runs out of disk space and can not store the update information. The primary configuration hard copy for the dyndns client is still intact, the update information is current in the ramdisk but lost from being stored permanently. The client is still usable from within the ramdisk and can be used by the system until a reboot which would reset the update information when there is no disk space availible for permenent storage of the data.

 

Changed the ip-up and ip-down into a single script to reduce code as well as some minor changes to integrate pppmon.

 

Changed the way modules are loaded in rc_boot which increases boot speed on all routers with PCI network cards and will not decrease it for ISA cards.

 

Changed the useradd script to show the category a user is in rather than all users in one category.

 

Added the /pkg/bin directory back onto the floppy to resolve problems with some packages that need the directory.

 

Added DHCP client support for network #0 when running as a dial-up or leased line router.

 

Added an option into the setup to enable or disable port forwarding completely rather than having to remove the port forwarding entries in the configuration file.

 

Added a safety check into the setup so that when using "q"(quit), if there has actually been any changes to the configuration you are prompted and told there has been changes and gives the option to save the changes or not. This prevents forgetting you changed something and makes the setup more reliable especially in the first time setup mode.

 

Added an animated penguin into the boot logo screen. Definately not a critical addition, but it looks pretty neat and as long as space constraints don't get to high it will stay.

 

Added the "nice" binary to reduce CPU usage for scripts that would normally use 99% when they are activated. This is primarily used for the clock screen saver but it is also used when pppmon is running. It also can be used for any client aplications when CPU usage is to high or you just want to reduce that aplications CPU usage in general.

 

Added a clock screen saver, the new clock has both 12 and 24 hour display options in the advanced "savers" section of the setup.

 

Added a "shutdown)" option into the /rc/rc_user script. This addresses problems when mounting another drive or partition in in the boot) section and provides a location for unmounting it. As with the boot) option being the first thing that is executed at startup, the shutdown) section is the last thing executed at shutdown time.

 

Added the usleep binary so that specific wait times can be timed in milliseconds instead of just seconds.

 

Currently 56K free on the floppy.