See below. I have made some corections to my earlier post. I guess the game took most of my attention last night.
Thanks, Armando ----- Original Message ----- From: "Ray Olszewski" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 16, 2003 3:50 PM Subject: Re: [leaf-user] Fw: host.allow questions > At 02:21 PM 10/16/2003 -0400, ALParada wrote: > >Hello, > > > >I am having a problem connecting to weblet. If I leave the hosts.allow > >file at ALL: 192.168.63.0/255.255.255.0 it will work. If I change it to > >just a host and not a subnet it fails. > > How do you make this change? As I recall, the only form that hosts.allow > and hosts.deny will work with reliably is (for example) > > ALL: 192.168.63.11/255.255.255.255 > > (not either 192.168.63.11 by itself or 192.168.63.11/32). Per the Bering installation guide for the host.allow:: If you want that only 192.168.1.1 from your internal network can access to the firewall through ssh and weblet, you will have: ssh: 192.168.1.1/255.255.255.255 www: 192.168.1.1/255.255.255.255 stat: 192.168.1.1/255.255.255.255 of course my IP address is 192.168.63.11/255.255.255.255 which will not work for weblet but will work for ssh, or at least I think it works for ssh. I get a connecting to host and then starting session. It fails after that though. Next thread I'll tackle that one. > > >The smallest subnet I have been > >able to use successfully is a /28. Everything smaller fails. > > Once again, how are you trying to do this? A /29 netmask is only 8 IP > addresses, so .1 and .11 (the addresses you are using for router and > client) can't be on the same 29 network. So > > ALL: 192.168.63.11/255.255.255.248 > > should NOT work. You are only limiting the host that can connect, not routing. I don't think it should make a difference. > > They can be on the same /28 (or smaller netmask value) network, and they > are both on 192.168.63.0/28 (which may explain why /28 and smaller values > work). But have you tried (with or without success) > > ALL: 192.168.63.8/255.255.255.248 What I meant to say was that it works with anything larger that a /28. That would obviously give me 14 useable host but I was hoping to limit it to a /32. I also found out that it works as long as I enter the network address but will not work with a host address. In other words: ALL: 192.168.63.8/255.255.255.248 will work for weblet and ssh ALL: 192.168.63.11/255.255.255.255 will not work for weblet but will work for ssh ssh: 192.168.63.11/255.255.255.255 will work www: 192.168.63.0/255.255.255.0 will not work > > >I have > >changed the weblet config file with the right IP address, I have added > >the rules for shorewall to allow port 80 from loc, and inetd is > >uncommented for www. Like I said with a /24 subnet it works. SSH is > >working correctly from a single host and the config for www is the same. > > Someone else should comment on this one. It is *possible* that sshd on > Bering does not use hosts.allow or hosts.deny for access control ... I > don't actually recall. (BTW, when you say the config is "the same", do you > mean that you are running sshd through inetd, not standalone? If not, in > what sense are the it and www ... and telnet ... "the same"?) I meant the syntax is the same for both and I have added them all to the files host.allow and the shorewall rules ...etc. I did notice that the shorewall rules don't influence the connection. I deleted both entries for port 80 and 22 and I still connected. > > >Telnet is also not working, period. Again the config is the same for > >SSH. Is there something I'm missing? > > The telnetd daemon, perhaps? I'd be surprised if stock Bering shipped with > it, and I don't see a telnet.lrp or telnetd.lrp package anywhere in > Jacques' archives. Not really important I was just wanted to test something else. > > >I also read something about bandwidth meter of sorts but can't find it. > >Is this something that is not included in the default package? > > > >I am using Bering v 1.2 > >eth1 is loc 192.168.63.1 > >loc host is 192.168.63.11 > > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: SF.net Giveback Program. > SourceForge.net hosts over 70,000 Open Source Projects. > See the people who have HELPED US provide better services: > Click here: http://sourceforge.net/supporters.php > ---------------------------------------------------------------------- -- > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
