recipients.
--
Tzafrir Cohen/\
mailto:[EMAIL PROTECTED]\ / ASCII Ribbon Campaign
Taub 229, 972-4-829-3942, X Against HTML Mail
http://www.technion.ac.il/~tzafrir / \
On Fri, 18 Jan 2002, Alexander Clouter wrote:
On Jan 17, Tzafrir Cohen wrote:
This all spells too much bleeding edge to me. I also had problems
applying those patches on kernel 2.4.17. Has anybody got this
configuration built and working for some time (with a resonably recent 2.4
On Fri, 18 Jan 2002, Tzafrir Cohen wrote:
On Fri, 18 Jan 2002, Alexander Clouter wrote:
like the one I have done? :)My patch applies to a vanilla 2.4.17 and is:
linux-2.4.17-newnat-crypto-qos-xfs.patch.bz2
where various useful bits (except for BoFH features ;) ) from the newnat
as
originating from 10.x.x.x in the entrance from the internet.
--
Tzafrir Cohen/\
mailto:[EMAIL PROTECTED]\ / ASCII Ribbon Campaign
Taub 229, 972-4-829-3942, X Against HTML Mail
http://www.technion.ac.il/~tzafrir / \
-200112/msg00054.html
I would never consider taking such actions had the list master bothered
doing anything about this.
On Mon, Jan 14, 2002 at 01:43:57PM +0200, Tzafrir Cohen wrote:
:0
* ^Subject: =?ISO-8859-2?Q?Wiadomo
* ^From: Tomek Zubilew [EMAIL PROTECTED]
[EMAIL PROTECTED
such packet.
Note that if your local network actually contains such addresses (e.g.:
your home network is a masqueraded one, and uses the range 192.168.0.x)
then you should allow packets of that range from the internal interface.
--
Tzafrir Cohen
mailto:[EMAIL PROTECTED]
http://www.technion.ac.il
?
--
Tzafrir Cohen
mailto:[EMAIL PROTECTED]
http://www.technion.ac.il/~tzafrir
a language of its own, relatively powerful, which translates either
to iptables, ipchains or ipfwadm (not fully supported iirc) commands
which are executed.
Does it produce a good iptables ruleset?
For instance: does it use basic iptables-only features such as stateful
filtering?
--
Tzafrir
unexpectedly)
Having configuration from script (in a good way) can make the script more
robust to syntax errors and such (they can be detected at the beginning,
and not half-way through execution).
Displacer: I haven't worked with ipmasq .
If you like perl, you may consider using fwctl.
--
Tzafrir
first.
But in what way does it releive your system?
The memory overhead is negligable, and I believe that the prforance
overhead is negligable with all the rules flushed (you're welcome to test
this, of course).
Will your system be running much of the time with iptables disabled?
--
Tzafrir
set them up with the subnet you suggest. (though
the term easily may not apply as I have yet to get this working).
--
Tzafrir Cohen
mailto:[EMAIL PROTECTED]
http://www.technion.ac.il/~tzafrir
?
--
Tzafrir Cohen
mailto:[EMAIL PROTECTED]
http://www.technion.ac.il/~tzafrir
FAQ).
--
Tzafrir Cohen
mailto:[EMAIL PROTECTED]
http://www.technion.ac.il/~tzafrir
server was sending
to was no longer there but you had cached the address?Just guessing.
Is there any way for me to clear this cache without taking the interface
down?
w2k has 'ipconfig /flushdns' (which is supposed to do that, but doesn't
seem to work)
--
Tzafrir Cohen
How about other types of connections? FTP? HTTP?
Where is the problem: a delay when establishing a connection or simply a
slow connection?
--
Tzafrir Cohen
mailto:[EMAIL PROTECTED]
http://www.technion.ac.il/~tzafrir
' there then you should either set up /etc/modules
(a list of mudules which are loaded automatically) or load the modules
manually with 'modprobe'
BTW: In the future, please avoid an ALL CAPS subject, unless you really
think that it is worth SHOUTING.
--
Tzafrir Cohen/\
mailto
or pointers to
useful resources would be appreciated.
The system is kernel 2.2/woody
--
Tzafrir Cohen
mailto:[EMAIL PROTECTED]
http://www.technion.ac.il/~tzafrir
of
TCP/IP just to be able to set-up some basic firewalling rules.
Furthermore, those basic rules better be setup before the user first
connects to the internet, if possible.
--
Tzafrir Cohen
mailto:[EMAIL PROTECTED]
http://www.technion.ac.il/~tzafrir
configuration you make sure that (almost) no matter
how badly those daemons are configured, they still can't be accessed from
the internet.
--
Tzafrir Cohen
mailto:[EMAIL PROTECTED]
http://www.technion.ac.il/~tzafrir
On Tue, 25 Sep 2001, Robert Schweikert wrote:
Tzafrir Cohen wrote:
On Sat, 22 Sep 2001, Robert Schweikert wrote:
I would like to switch to Debian, and once this is accomplished I'd like
to helpwith the project. However, switching has been much more
difficult than I anticipated
-get update' ?
what is your /etc/apt/sources.list ?
Yo get a list of local ipchains ruls run 'ipchains -L -n' ('-n' is so you
won't waste a couple of minutes resolving names of IPs).
--
Tzafrir Cohen
mailto:[EMAIL PROTECTED]
http://www.technion.ac.il/~tzafrir
.
But apart from that it is a rather convinient program.
--
Tzafrir Cohen
mailto:[EMAIL PROTECTED]
http://www.technion.ac.il/~tzafrir
--
Tzafrir Cohen
mailto:[EMAIL PROTECTED]
http://www.technion.ac.il/~tzafrir
of the
URL http://your_machine/ ?
BTW: I would use port 81 or some other free port below 1024 , to make sure
that simple user processes won't cause any problems.
--
Tzafrir Cohen
mailto:[EMAIL PROTECTED]
http://www.technion.ac.il/~tzafrir
for some uses is to give web interface to
the imap server, and expose only that.
--
Tzafrir Cohen
mailto:[EMAIL PROTECTED]
http://www.technion.ac.il/~tzafrir
properly...
On Thu, 30 Aug 2001, Tzafrir Cohen wrote:
Hi
A third post, but I still can't make things work properly:
On Wed, 29 Aug 2001, Tzafrir Cohen wrote:
On Wed, 29 Aug 2001, Tzafrir Cohen wrote:
Hi
I'm trying to set up pptpd on a woody system to enable MS clients to
connect
Hi
A third post, but I still can't make things work properly:
On Wed, 29 Aug 2001, Tzafrir Cohen wrote:
On Wed, 29 Aug 2001, Tzafrir Cohen wrote:
Hi
I'm trying to set up pptpd on a woody system to enable MS clients to
connect. I wanted to enable the ssl-mppe patch. Generally I needed
pppd in the logs. I have
'debug' set in pptpd-options . Even if I run 'pppd debug' (as root') I get
a couple of lines of garbage, but I see nothing in this log. Yet the man
page claims that pppd debugging goes to syslog as deamon.debug . What am I
doing wrong here?
--
Tzafrir Cohen
mailto:[EMAIL
('Client') to a computer just outside the NAT
network ('Server').
in Client the settings of KeepAlive are the default (that is on
, right?)
Are those disconnections a feature of the linux NAT or is there
anything I can do about this?
--
Tzafrir Cohen
mailto:[EMAIL PROTECTED]
http
to resolve protocol number 2
to 'igmp' and vice-versa. It won't make the packets go away.
How do I make the annoying broadcast message go to /dev/null so I won't have
to see it everytime I am connected to the internet via dial-up if I cannot
delete igmp protocol?
(Not 'delete', 'ignore')
--
Tzafrir
the mirabilis ones, don't have
some exploitable/exploited buffer overflows)
--
Tzafrir Cohen
mailto:[EMAIL PROTECTED]
http://www.technion.ac.il/~tzafrir
if they only need to get spesific
files), but this is not always a replacement for an FTP proxy, if you want
to deny direct connection.
--
Tzafrir Cohen
mailto:[EMAIL PROTECTED]
http://www.technion.ac.il/~tzafrir
write ;-)
--
Tzafrir Cohen
mailto:[EMAIL PROTECTED]
http://www.technion.ac.il/~tzafrir
33 matches
Mail list logo