RELEASE NOTES

Changes from 0.3.4 to 0.3.5

Removed the ip_masq_cuseeme.o module. This module has never been configured or used in any version of FREESCO, so there was no reason to leave it installed.

Repaired bug in the setup for adding extra SSH options.

Repaired useradd script to chown the users web page correctly.

Repaired carriage return needed in the /etc/group file for FTP users.

Repaired rc_masq DHCP server problem when local networks are not trusted and the DHCP client is not enabled and also allow ping responses through the router for PPPoE and PPtP users in some machines.

Repaired fd leak when using SSH with the -L and -R flags at the same time.

Repaired the pppoe binary to remove some compiling errors, thanks to justdave.

Repaired the pptp binary to remove some compiling errors, thanks to justdave.

Repaired security problem for dialout control users in the FTP server.

Repaired ifconfig to no longer report a 10Mb connection.

Repaired bug in the Dropbear ssh client, so that unknown hosts can be added automatically to the trusted hosts file.

Repaired a bug in the control panel when trying to remove a single entry that included a subnet "/", which caused the restrict.cfg file to be erased.

Repaired memory fault when trying to view a very large restriction list in the control panel.

Repaired "ps" command to work with non root users.

Changed the rc_net script so that aliased interfaces can be enabled in the advanced network the same as normal interfaces and added aliased interfaces into the list of options in the setup as well as the "dummy" interface which can be used when no network cards are installed on a strictly RAS dialin server.

Changed the snarf binary to repair the dyndns client so that all usernames and passwords should function correctly.

Changed the DNS server to give out the correct IP address for the interface it is requested on as well as for local dyndns URL's if they are enabled. Thanks to justdave for modifying the dnsmasq source code to accomplish this as well as optimizing for size by removing unneeded options.

Changed the built in web server to be more CGI friendly. So it will now execute all .cgi files and not just limited to the /www/cgi directory. Also changed the directory listings so they can be customized with a style.css file and added the custom error pages option to the default server so that if you create a /www/errors directory and put error files in it such as err500.html it will be displayed when error 500 is sent from the server rather than the built in page. Some optimization for size, thanks to justdave for his help.

Changed the dyndns updates to every fifteen days rather than once a month which would caused a warning email from dyndns about "your account will expire, if not updated". Also changed the default crond entry to check for updates every day rather than just at the beginning of the month.

Changed the default color scheme of the control panel.

Changed the FTP syslog facility for logins so they are now recorded under "auth" rather than "info". Also optomized the FTP server for size, thanks to justdave.

Changed rc_ras to be able to be restarted when the primary configuration is set to any kind of PPP connection without stopping the primary connection.

Changed ile command line history from version 2.01 to version 2.7-Freesco. This change was to reduce the code size by removing unused options as well as to repair the code so that tab completion works and double tab shows all available command options was added. Also repaired the delete key so that it functions properly as well as the HOME move cursur to the beginning of the line and the END move cursor to the end of the line heys. Thanks to justdave for modifying and correcting the source code.

Changed the lpd server to version 1.4-Freesco and customized the binary specifically for FREESCO. The new lpd server runs on one port (515 default) and has multiple queues that can be assigned for different printers. Up to ten raw queues and ten feed queues can be assigned. These queues can either just be different names for the same printer or they can be for separate printers. The new lpd server resolves the problems with NT/2K/XP systems being able to use more than just one printer. Thanks to justdave for his assistance modifying the source code.

Changed the logrotate script into a binary. This change reduces the standard CPU usage by 65% which greatly increases performance on minimum hardware over all previous versions of FREESCO. Thanks to justdave for his help creating the new binary.

Changed the advanced network setup auto configure option to recognize existing subnets and not duplicate them for the network being configured as well as asking for the DHCP range desired.

Changed the /etc/profile so that if the root user is disabled then the user who has root privileges is still treated the same as the original root user.

Recompiled pppd and removed IPX support as well as some extra superfluous words in error messages to optimize for size.

Added scripting in the rc_masq to prevent the firewall from running more than one restart at a time. This prevents automatic as well as manual restarts from causing networking problems.

Added a new script "remotelog" this script is capable of sending real-time logs through a SSH session so that logs can be viewed remotely in real time the same as screen 3. Just login to a remote console and type "remotelog" to activate it.

Added the shaper module and shaperctl to control local bandwidth. This module is capable of being configured to limit download bandwidth for all or just some clients. Upload bandwidth can be controlled on a site by site basis. Allowed control speeds are from 9660bps to 250000bps. This option is still experimental and not all of the problems or quirks have been worked out yet. So even though it is included it is not recommended to enable it for general use.

Added PPtP multi-client support to the default kernel and removed the log errors when a PPP primary connection is used. Also removed the loose_udp option which was causing some connection stability problems with certain applications.

Added getting the external IP address remotely into the dyndns script. This solves all problems when FREESCO is running behind another firewall, or through a DSL modem and anytime FREESCO has a local IP on the external interface it can retrieve the true external IP address for an update.

Added color enhancements to the setup script.

Added MAC address translation into the access control so that MAC addresses can be used the same as IP addresses.

Added a MAC address monitor, so that FREESCO can watch the local network for any new machines connected and if a new machine connects it accesses the restrict.cfg and resets the firewall if that MAC address is in the file so that restricted or allowed MAC addresses are added to the firewall rules with there true IP address. This feature is automatically enabled when MAC addresses are used in the /etc/restrict.cfg file instead of IP addresses.

Added a "Connected clients" button to the control panel. This uses the arpf binary and will show all of the clients on all subnets connected to FREESCO. arpf is a customized and stripped version of arp 1.84

Added viewing system saved logs in the control panel.

Added individual allowed login times for all RAS users, so that each user can be restricted at different times. Also added a connection time limit for RAS users so that a maximum connection time can be set on an idividual basis.

Added a PPP monitor that is capable of monitoring ethernet PPP connections and restarting the connection if it fails.

Added the ability to choose whether to try and stealth or reject ports in the firewall. Rejected ports create less network traffic, but stealth may be desired in some cases. The new firewall defaults to "reject".

Added scp "Secure Copy Protocol" binary, and optimized Dropbear for size with the help of justdave. Also added multiple patches to fix various minor bugs in Dropbear as well as some minor modifications to show logins in the correct location with the log facility. Also added the most recent security patches.

Added the ability to customize the color scheme of the control panel in the advanced setup.

Added an option to disable the modem speaker for RAS connections.

Added ile command line history to always be enabled in setup mode.

Added statistical information into the login log for RAS users so that the received and sent bytes are logged as well as the total connection time.

Added hardware information into the advanced setup that displays the detected CPU and PCI network cards as well as memory and IO ports.

Added enabling and disabling package firewall rules from within the advanced package setup.

Added an option in the DHCP server to configure a WINS server in DHCP leases that is installed and configured directly on the router (such as Samba).

Added a network statistics monitor to screen 5. This monitor displays real time statistics for all network devices. This monitor is enabled by default but it can be disabled in the advanced setup.

Added a test into the setup to hopefully reduce the number of users who use a fully qualified domains on there routers.

Added an option into the FTP server to adjust the number of connections from a single IP address rather than the previously hard coded maximum of two.

Added FTP bandwidth control.

Added a test into the advanced network DHCP range setup so that incorrect entries are no longer accepted.

Added a new mode to the DNS server ,"e" mode which means (secure exclusive). This new mode forces clients to exclusively use the built in caching DNS server as there only DNS server. The new mode is intended for use with the DNS configuration file so that if specific URLs are defined with a IP in that file ,the clients can not use another DNS server to resolve the name differently. This mode is very useful for unwanted URLs and or parental control.

Added bringing up a "dummy" interface when a DHCPOFFER fails on the external interface. This allows the entire internal network to function correctly and continue to try for a lease in the background. Once a lease is obtained the "dummy" interface is removed and the system starts using the normal Internet interface with full functionality at all times.

Added a security warning if the web control panel is enabled world wide visible.

Added a security warning if the DNS is enabled world wide visible.

Added the ability to change the web control "admin" user-name to any user-name of your choice in the advanced setup.

Added the ability to disable the console super user "root" and create a new super user with the user-name of your choice in the advanced setup.

Added a new animated boot logo to the main boot process screen as well as some format changes to the starting screen.

Added exporting the network/subnet in the firewall as a variable named $NET#, where # is a number between 0 and 9 and represents the network#. This allows for very specific firewall rules to be placed in any rc_? script easily.

Currently 64K free on the floppy.