Re: [Vyatta-users] I feel very 'lost' & forgotten

2008-03-07 Thread Wink 
Nevermind.

I apparently blacked out and didn't see the other ethernet interface.

Ignore that post.

Keith Steensma wrote:
> Third octet of 192.168.1.1?  It does work as planed with John's 
> correction.  Did I miss something else?  Keith
>
> Wink wrote:
>> Also the next-hop is in a different subnet than the ethernet 
>> interface.  Look at the third octet.
>>
>> John Gong wrote:
>>> Hi Keith,
>>>
>>> After a quick glance, I see that your default route needs to be 
>>> corrected:
>>>
>>> delete protocols static route 0.0.0.0/24
>>> set protocols static route 0.0.0.0/0 next-hop 192.168.1.1
>>>
>>> Give that a try and please let us know if it worked.
>>>
>>> Regards,
>>>
>>> John
>>>
>>> Keith Steensma wrote:
>>>  
>>>> I have been trying to get  VC3 to work as a firewall in our office 
>>>> (and I have monitoring the mailing list for some months) but have 
>>>> come up against a problem that I can't figure out.  The 
>>>> 'production' VC3 (by following the Vyatta Eval Guide exactly) does 
>>>> not communicate out on the web (no matter what I try to do).  
>>>> Finally, I went back to the training video on 'Vyatta Routing 
>>>> Basics' and followed along with that video (step by single step).  
>>>> That does not work either.  I can't ping the internet.
>>>>
>>>> The situation is -
>>>> I have an online web server (a Debian box handling 4 web sites) 
>>>> attached (through a switch) to a Comcast (SMC 8014) business 
>>>> gateway (that's what they call it; I call it a 
>>>> modem/firewall/router) that supplies the office with 5 static 
>>>> incoming IPs and 1 outgoing IP.  I have other Windows (wired and 
>>>> wireless) and Linux systems attached through a 16 port (unmanaged) 
>>>> switch (same as above).  All the Windows and Linux boxes work just 
>>>> fine except for the Vyatta box.
>>>>
>>>> Doing it 'by the video', I configure eth1 (of the VC3 box) for a 
>>>> static IP (192.168.1.150/24), designate the next-hop to be 
>>>> 192.168.1.1 (the SMC router), and setup a dns entry pointing at our 
>>>> dns server (192.168.1.253), Vyatta cannot ping the internet. It can 
>>>> ping every other box on the 192.168.0.0 network (including the 
>>>> gateway @ IP of 192.168.1.1).  If I ping (from the Vyatta vox) to 
>>>> Google as a IP address or a http name, it returns 'Network is 
>>>> unreachable'.  When I 'dig host.internal.lan' (an internal name) or 
>>>> 'dig www.google.com', I get the correct results (dns is working?).  
>>>> When I ping (or browse the web) from any other machine, everything 
>>>> works fine.
>>>>
>>>> The problem seems to be in the Comcast gateway but I don't see 
>>>> anything wrong anywhere.
>>>>
>>>> Here's the basic setup config (eth0 would go to a separate subnet 
>>>> eventually).
>>>>
>>>> Keith Steensma
>>>>
>>>> protocols {
>>>> static {
>>>> disable: false
>>>> route 0.0.0.0/24 {
>>>> next-hop: 192.168.1.1
>>>> metric: 1
>>>> }
>>>> }
>>>> }
>>>> policy {
>>>> }
>>>> interfaces {
>>>> restore: false
>>>> loopback lo {
>>>> description: ""
>>>> }
>>>> ethernet eth0 {
>>>> disable: false
>>>> discard: false
>>>> description: ""
>>>> hw-id: 00:50:04:ae:70:26
>>>> duplex: "auto"
>>>> speed: "auto"
>>>> address 192.168.0.150 {
>>>> prefix-length: 24
>>>> disable: false
>>>> }
>>>> }
>>>> ethernet eth1 {
>>>> disable: false
>>>> discard: false
>>>> description: ""
>>>> hw-id: 00:48:54:8a:63:00
>>>> duplex: "auto"
>>>> speed: "auto"
>>>> address 192.168.1.150 {
>>>> prefix-length: 24
>>>> disable: false
>>>> }
>>>> }
>>>> }
>>>> service {
>>>> ssh {
>>>> port: 22
>>>> protocol-version: "v2"
>>>> }
>>>> webgui {
>>>> http-port: 80
>>>> https-port: 443
>>>> }
>>>> }
>>>> firewall {
>>>> log-martians: "enable"
>>>> send-redirects: "disable"
>>>> receive-redirects: "disable"
>>>> ip-src-route: "disable"
>>>> broadcast-ping: "disable"
>>>> syn-cookies: "enable"
>>>> }
>>>>
>>>> ___
>>>> Vyatta-users mailing list
>>>> Vyatta-users@mailman.vyatta.com
>>>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>>>>   
>>>
>>> ___
>>> Vyatta-users mailing list
>>> Vyatta-users@mailman.vyatta.com
>>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>>>
>>>
>>>   
>>
>
>
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Re: [Vyatta-users] I feel very 'lost' & forgotten

2008-03-07 Thread Wink 
Also the next-hop is in a different subnet than the ethernet interface.  
Look at the third octet.

John Gong wrote:
> Hi Keith,
>
> After a quick glance, I see that your default route needs to be corrected:
>
> delete protocols static route 0.0.0.0/24
> set protocols static route 0.0.0.0/0 next-hop 192.168.1.1
>
> Give that a try and please let us know if it worked.
>
> Regards,
>
> John
>
> Keith Steensma wrote:
>   
>> I have been trying to get  VC3 to work as a firewall in our office (and 
>> I have monitoring the mailing list for some months) but have come up 
>> against a problem that I can't figure out.  The 'production' VC3 (by 
>> following the Vyatta Eval Guide exactly) does not communicate out on the 
>> web (no matter what I try to do).  Finally, I went back to the training 
>> video on 'Vyatta Routing Basics' and followed along with that video 
>> (step by single step).  That does not work either.  I can't ping the 
>> internet.
>>
>> The situation is -
>> I have an online web server (a Debian box handling 4 web sites) attached 
>> (through a switch) to a Comcast (SMC 8014) business gateway (that's what 
>> they call it; I call it a modem/firewall/router) that supplies the 
>> office with 5 static incoming IPs and 1 outgoing IP.  I have other 
>> Windows (wired and wireless) and Linux systems attached through a 16 
>> port (unmanaged) switch (same as above).  All the Windows and Linux 
>> boxes work just fine except for the Vyatta box.
>>
>> Doing it 'by the video', I configure eth1 (of the VC3 box) for a static 
>> IP (192.168.1.150/24), designate the next-hop to be 192.168.1.1 (the SMC 
>> router), and setup a dns entry pointing at our dns server 
>> (192.168.1.253), Vyatta cannot ping the internet. It can ping every 
>> other box on the 192.168.0.0 network (including the gateway @ IP of 
>> 192.168.1.1).  If I ping (from the Vyatta vox) to Google as a IP address 
>> or a http name, it returns 'Network is unreachable'.  When I 'dig 
>> host.internal.lan' (an internal name) or 'dig www.google.com', I get the 
>> correct results (dns is working?).  When I ping (or browse the web) from 
>> any other machine, everything works fine.
>>
>> The problem seems to be in the Comcast gateway but I don't see anything 
>> wrong anywhere.
>>
>> Here's the basic setup config (eth0 would go to a separate subnet 
>> eventually).
>>
>> Keith Steensma
>>
>> protocols {
>> static {
>> disable: false
>> route 0.0.0.0/24 {
>> next-hop: 192.168.1.1
>> metric: 1
>> }
>> }
>> }
>> policy {
>> }
>> interfaces {
>> restore: false
>> loopback lo {
>> description: ""
>> }
>> ethernet eth0 {
>> disable: false
>> discard: false
>> description: ""
>> hw-id: 00:50:04:ae:70:26
>> duplex: "auto"
>> speed: "auto"
>> address 192.168.0.150 {
>> prefix-length: 24
>> disable: false
>> }
>> }
>> ethernet eth1 {
>> disable: false
>> discard: false
>> description: ""
>> hw-id: 00:48:54:8a:63:00
>> duplex: "auto"
>> speed: "auto"
>> address 192.168.1.150 {
>> prefix-length: 24
>> disable: false
>> }
>> }
>> }
>> service {
>> ssh {
>> port: 22
>> protocol-version: "v2"
>> }
>> webgui {
>> http-port: 80
>> https-port: 443
>> }
>> }
>> firewall {
>> log-martians: "enable"
>> send-redirects: "disable"
>> receive-redirects: "disable"
>> ip-src-route: "disable"
>> broadcast-ping: "disable"
>> syn-cookies: "enable"
>> }
>>
>> ___
>> Vyatta-users mailing list
>> Vyatta-users@mailman.vyatta.com
>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>>   
>> 
>
> ___
> Vyatta-users mailing list
> Vyatta-users@mailman.vyatta.com
> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>
>
>   
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Re: [Vyatta-users] jdocs anything like this for vyatta

2008-01-02 Thread Wink 
JDocs are man-pages for commands.  There are also general technical
tutorials available.

Its like having a book about JunOS available on the router.


Justin Fletcher wrote:
> Not sure what "like this" means, but there's full documentation
> available at vyatta.com, and on-line CLI help; just use the '?' key.
>
> Best,
> Justin
>
> On Jan 2, 2008 2:55 PM, Ken Felix (C) <[EMAIL PROTECTED]> wrote:
>   
>>
>>
>> Do we have any future  support  for something similar  in vyatta? Cli online
>> help.
>>
>>
>> ___
>> Vyatta-users mailing list
>> Vyatta-users@mailman.vyatta.com
>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>>
>>
>> 
> ___
> Vyatta-users mailing list
> Vyatta-users@mailman.vyatta.com
> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>
>
>   
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users

Re: [Vyatta-users] Allowing FTP Connections

2007-08-28 Thread Wink 
Packet captures?  Perhaps the forwarding function is working.

I'd run wireshark and see if the FTP packets are being forwarded out of the 
router...


- Original Message - 
From: "Daren Tay" <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, August 28, 2007 6:09 AM
Subject: [Vyatta-users] Allowing FTP Connections


> Hi guys,
>
> I realise after setting all the static routes, and what not, I can SSH but 
> I
> can't FTP. weird...
>
> basically the public ip is at my router which directs to my private server
> (192.168.40.x) via routing.
> The 2 key NAT rules are:
>
>rule 1 {
>type: "source"
>translation-type: "masquerade"
>outbound-interface: "eth0"
>protocols: "all"
>source {
>network: 192.168.40.0/24
>}
>destination {
>network: 0.0.0.0/0
>}
>}
>
>
>rule 12 {
>type: "destination"
>translation-type: "static"
>inbound-interface: "eth0"
>protocols: "all"
>source {
>network: 0.0.0.0/0
>}
>destination {
>address: 
>}
>inside-address {
>address: 192.168.40.73
>}
>}
>
>
>
> Can SSH, HTTP etc, but I can't do FTP weirdly do I need to do more 
> NAT?
>
> Thanks!
> Daren
>
> ___
> Vyatta-users mailing list
> Vyatta-users@mailman.vyatta.com
> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>
>
> -- 
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.484 / Virus Database: 269.12.10/976 - Release Date: 8/27/2007 
> 6:20 PM
>
> 

___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users