Re: [Vyatta-users] I feel very 'lost' & forgotten
Nevermind. I apparently blacked out and didn't see the other ethernet interface. Ignore that post. Keith Steensma wrote: > Third octet of 192.168.1.1? It does work as planed with John's > correction. Did I miss something else? Keith > > Wink wrote: >> Also the next-hop is in a different subnet than the ethernet >> interface. Look at the third octet. >> >> John Gong wrote: >>> Hi Keith, >>> >>> After a quick glance, I see that your default route needs to be >>> corrected: >>> >>> delete protocols static route 0.0.0.0/24 >>> set protocols static route 0.0.0.0/0 next-hop 192.168.1.1 >>> >>> Give that a try and please let us know if it worked. >>> >>> Regards, >>> >>> John >>> >>> Keith Steensma wrote: >>> >>>> I have been trying to get VC3 to work as a firewall in our office >>>> (and I have monitoring the mailing list for some months) but have >>>> come up against a problem that I can't figure out. The >>>> 'production' VC3 (by following the Vyatta Eval Guide exactly) does >>>> not communicate out on the web (no matter what I try to do). >>>> Finally, I went back to the training video on 'Vyatta Routing >>>> Basics' and followed along with that video (step by single step). >>>> That does not work either. I can't ping the internet. >>>> >>>> The situation is - >>>> I have an online web server (a Debian box handling 4 web sites) >>>> attached (through a switch) to a Comcast (SMC 8014) business >>>> gateway (that's what they call it; I call it a >>>> modem/firewall/router) that supplies the office with 5 static >>>> incoming IPs and 1 outgoing IP. I have other Windows (wired and >>>> wireless) and Linux systems attached through a 16 port (unmanaged) >>>> switch (same as above). All the Windows and Linux boxes work just >>>> fine except for the Vyatta box. >>>> >>>> Doing it 'by the video', I configure eth1 (of the VC3 box) for a >>>> static IP (192.168.1.150/24), designate the next-hop to be >>>> 192.168.1.1 (the SMC router), and setup a dns entry pointing at our >>>> dns server (192.168.1.253), Vyatta cannot ping the internet. It can >>>> ping every other box on the 192.168.0.0 network (including the >>>> gateway @ IP of 192.168.1.1). If I ping (from the Vyatta vox) to >>>> Google as a IP address or a http name, it returns 'Network is >>>> unreachable'. When I 'dig host.internal.lan' (an internal name) or >>>> 'dig www.google.com', I get the correct results (dns is working?). >>>> When I ping (or browse the web) from any other machine, everything >>>> works fine. >>>> >>>> The problem seems to be in the Comcast gateway but I don't see >>>> anything wrong anywhere. >>>> >>>> Here's the basic setup config (eth0 would go to a separate subnet >>>> eventually). >>>> >>>> Keith Steensma >>>> >>>> protocols { >>>> static { >>>> disable: false >>>> route 0.0.0.0/24 { >>>> next-hop: 192.168.1.1 >>>> metric: 1 >>>> } >>>> } >>>> } >>>> policy { >>>> } >>>> interfaces { >>>> restore: false >>>> loopback lo { >>>> description: "" >>>> } >>>> ethernet eth0 { >>>> disable: false >>>> discard: false >>>> description: "" >>>> hw-id: 00:50:04:ae:70:26 >>>> duplex: "auto" >>>> speed: "auto" >>>> address 192.168.0.150 { >>>> prefix-length: 24 >>>> disable: false >>>> } >>>> } >>>> ethernet eth1 { >>>> disable: false >>>> discard: false >>>> description: "" >>>> hw-id: 00:48:54:8a:63:00 >>>> duplex: "auto" >>>> speed: "auto" >>>> address 192.168.1.150 { >>>> prefix-length: 24 >>>> disable: false >>>> } >>>> } >>>> } >>>> service { >>>> ssh { >>>> port: 22 >>>> protocol-version: "v2" >>>> } >>>> webgui { >>>> http-port: 80 >>>> https-port: 443 >>>> } >>>> } >>>> firewall { >>>> log-martians: "enable" >>>> send-redirects: "disable" >>>> receive-redirects: "disable" >>>> ip-src-route: "disable" >>>> broadcast-ping: "disable" >>>> syn-cookies: "enable" >>>> } >>>> >>>> ___ >>>> Vyatta-users mailing list >>>> Vyatta-users@mailman.vyatta.com >>>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users >>>> >>> >>> ___ >>> Vyatta-users mailing list >>> Vyatta-users@mailman.vyatta.com >>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users >>> >>> >>> >> > > ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] I feel very 'lost' & forgotten
Also the next-hop is in a different subnet than the ethernet interface. Look at the third octet. John Gong wrote: > Hi Keith, > > After a quick glance, I see that your default route needs to be corrected: > > delete protocols static route 0.0.0.0/24 > set protocols static route 0.0.0.0/0 next-hop 192.168.1.1 > > Give that a try and please let us know if it worked. > > Regards, > > John > > Keith Steensma wrote: > >> I have been trying to get VC3 to work as a firewall in our office (and >> I have monitoring the mailing list for some months) but have come up >> against a problem that I can't figure out. The 'production' VC3 (by >> following the Vyatta Eval Guide exactly) does not communicate out on the >> web (no matter what I try to do). Finally, I went back to the training >> video on 'Vyatta Routing Basics' and followed along with that video >> (step by single step). That does not work either. I can't ping the >> internet. >> >> The situation is - >> I have an online web server (a Debian box handling 4 web sites) attached >> (through a switch) to a Comcast (SMC 8014) business gateway (that's what >> they call it; I call it a modem/firewall/router) that supplies the >> office with 5 static incoming IPs and 1 outgoing IP. I have other >> Windows (wired and wireless) and Linux systems attached through a 16 >> port (unmanaged) switch (same as above). All the Windows and Linux >> boxes work just fine except for the Vyatta box. >> >> Doing it 'by the video', I configure eth1 (of the VC3 box) for a static >> IP (192.168.1.150/24), designate the next-hop to be 192.168.1.1 (the SMC >> router), and setup a dns entry pointing at our dns server >> (192.168.1.253), Vyatta cannot ping the internet. It can ping every >> other box on the 192.168.0.0 network (including the gateway @ IP of >> 192.168.1.1). If I ping (from the Vyatta vox) to Google as a IP address >> or a http name, it returns 'Network is unreachable'. When I 'dig >> host.internal.lan' (an internal name) or 'dig www.google.com', I get the >> correct results (dns is working?). When I ping (or browse the web) from >> any other machine, everything works fine. >> >> The problem seems to be in the Comcast gateway but I don't see anything >> wrong anywhere. >> >> Here's the basic setup config (eth0 would go to a separate subnet >> eventually). >> >> Keith Steensma >> >> protocols { >> static { >> disable: false >> route 0.0.0.0/24 { >> next-hop: 192.168.1.1 >> metric: 1 >> } >> } >> } >> policy { >> } >> interfaces { >> restore: false >> loopback lo { >> description: "" >> } >> ethernet eth0 { >> disable: false >> discard: false >> description: "" >> hw-id: 00:50:04:ae:70:26 >> duplex: "auto" >> speed: "auto" >> address 192.168.0.150 { >> prefix-length: 24 >> disable: false >> } >> } >> ethernet eth1 { >> disable: false >> discard: false >> description: "" >> hw-id: 00:48:54:8a:63:00 >> duplex: "auto" >> speed: "auto" >> address 192.168.1.150 { >> prefix-length: 24 >> disable: false >> } >> } >> } >> service { >> ssh { >> port: 22 >> protocol-version: "v2" >> } >> webgui { >> http-port: 80 >> https-port: 443 >> } >> } >> firewall { >> log-martians: "enable" >> send-redirects: "disable" >> receive-redirects: "disable" >> ip-src-route: "disable" >> broadcast-ping: "disable" >> syn-cookies: "enable" >> } >> >> ___ >> Vyatta-users mailing list >> Vyatta-users@mailman.vyatta.com >> http://mailman.vyatta.com/mailman/listinfo/vyatta-users >> >> > > ___ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > > ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] jdocs anything like this for vyatta
JDocs are man-pages for commands. There are also general technical tutorials available. Its like having a book about JunOS available on the router. Justin Fletcher wrote: > Not sure what "like this" means, but there's full documentation > available at vyatta.com, and on-line CLI help; just use the '?' key. > > Best, > Justin > > On Jan 2, 2008 2:55 PM, Ken Felix (C) <[EMAIL PROTECTED]> wrote: > >> >> >> Do we have any future support for something similar in vyatta? Cli online >> help. >> >> >> ___ >> Vyatta-users mailing list >> Vyatta-users@mailman.vyatta.com >> http://mailman.vyatta.com/mailman/listinfo/vyatta-users >> >> >> > ___ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > > ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Allowing FTP Connections
Packet captures? Perhaps the forwarding function is working. I'd run wireshark and see if the FTP packets are being forwarded out of the router... - Original Message - From: "Daren Tay" <[EMAIL PROTECTED]> To: Sent: Tuesday, August 28, 2007 6:09 AM Subject: [Vyatta-users] Allowing FTP Connections > Hi guys, > > I realise after setting all the static routes, and what not, I can SSH but > I > can't FTP. weird... > > basically the public ip is at my router which directs to my private server > (192.168.40.x) via routing. > The 2 key NAT rules are: > >rule 1 { >type: "source" >translation-type: "masquerade" >outbound-interface: "eth0" >protocols: "all" >source { >network: 192.168.40.0/24 >} >destination { >network: 0.0.0.0/0 >} >} > > >rule 12 { >type: "destination" >translation-type: "static" >inbound-interface: "eth0" >protocols: "all" >source { >network: 0.0.0.0/0 >} >destination { >address: >} >inside-address { >address: 192.168.40.73 >} >} > > > > Can SSH, HTTP etc, but I can't do FTP weirdly do I need to do more > NAT? > > Thanks! > Daren > > ___ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.5.484 / Virus Database: 269.12.10/976 - Release Date: 8/27/2007 > 6:20 PM > > ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users