On Mon, 2004-03-22 at 10:57, Eric Spakman wrote: > Cal, > > > > > Port Knocking to trigger remote vpn/ssh access > > > ? > > > > > > > I'm referring to the method of accessing closed external ports using a > > predefined sequence of connection attempts across one or more ports. As > > described in the Jun 2003 SysAdmin article, "The log is monitored for > > specific port sequences that encode information used to modify firewall > > rules, which are changed to open or close ports for a specific IP > > address." I'm certain this will be possible using LEAF. > > > This should be possible but I never have seen specific programms for > this purpose. Maybe snort (snort.lrp) or portsentry (psentry.lrp) > will do this job.
I've written Perl scripts to monitor logs in the past. Should just be a matter of triggering the "rule-mod" event on log content, then getting the daemon to re-read the rules. > > > > Fastest available link should be chosen when redundant paths exist. > > > > > > > not currently implemented (multipath) but on the todo list for the > > > zebra (quagga) packages. > > > > It was my understanding that BGP would take care of this. Maybe I didn't > > accurately describe my parameters. When I said "fastest link" I meant > > the one with the most available bandwidth at a given point in time. > > Linux magazine recently had a pretty good article about dynamic routing > > protocols.In the Mar 2004 issue it clearly describes load balancing > > capabilities of BGP-4. > > > > If my understanding of BGP is correct, what is it that you are saying is > > not currently implemented? > > > The following compile setting is left to default (1), but will be set > to 0 with the next release. > > --enable-multipath=ARG > Enable support for Equal Cost Multipath. ARG is the maximum number of > ECMP paths to allow, set to 0 to allow unlimited number of paths. > > But that has indeed nothing todo with selecting the fastest link, if > the cost are different the fastest link will be choosen by the > routing daemon. So, to get this functionality now, I'd need to set this flag appropriately and recompile. In my example topology, 3 of the routers have 2 paths to each of the other two. I don't think I currently have more than 2 links to the same destination. However, depending upon the reliability of these, we may add an on-demand dial-up link for emergencies. We also may have access to building-to-building fiber links sometime in the future as well. Any idea when the next release will be out? So, as long as I have multi-paths set to greater than 1, the routing daemons should be able to accomplish load balancing of the links. Thanks! --Cal Webster ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
