Re: "transparent" firewall possible?
On Mon, 2002-02-04 at 22:13, Joel Michael wrote: > I got this information off a web site that's bookmarked on my work > computer, if you want I'll dig up the URL tomorrow. > well, the URL is http://www.sjdjweis.com/linux/proxyarp/ for those that are interested. Cheers, -- Joel Michael Systems Administrator Worldhosting.org Pty. Ltd. Ph: +61 7 3367 3555 Fax: +61 7 3367 3544 Mobile: +61 408 336 728
Re: exim maildir
Michael Merritt <[EMAIL PROTECTED]> writes: > It seems that exim is by default set up to deliver to standard mbox format. > What steps do I need to complete to make it use Maildir so I can use > Courier-IMAP and Courier-POP with exim? Is there a how-to or similar > somewhere? If not, I'll write one once I get this figured out. There seems > to be a dearth of information online on the subject in an understandable > format. There aren't any howto's that I know of. By default, exim will use procmail as the MDA if a ~/.procmailrc exists. So, if you set up your ~/.procmailrc to deliver to a maildir, your mail will end up in a maildir. Exim can deliver to a maildir natively as well, though that would require modifications to /etc/exim/exim.conf . -- Brian Nelson <[EMAIL PROTECTED]>
Re: OT: *****SPAM***** Re: unstable is "unstable"; stable is "outdated"]
On Mon, 4 Feb 2002 12:41, Jason Lim wrote: > > ORDB (ordb.ORG) lists open relays, SPEWS lists spammers. Using ORDB is > > very effective for blocking spammers who abuse open relays, but SPEWS > > can stop the direct spammers and their hosts. > > How are the spammers going to get their emails out? Most, if not all must > use open relays to send them out. Nowadays I think nearly all ISPs block They also use the mail servers of their ISPs and the PCs that they connect to the Internet as regular ISP customers. ISPs in Asia are notorious for allowing spammers to use their services. I have been seriously considering blocking my servers from receiving any mail from China and Taiwan as I seem to only receive spam from those countries. > direct sending of email from their IPs (that is, they cannot send "direct > to MX" email anymore, they must use either their ISP's email servers, or > an open relay somewhere). I think this is a good move by ISPs as it is > effective and is technically easy to do (simple port blocking) so even the > smallest of ISPs can implement this. > > Following that logic, it makes sense that if you block the method spammers > use to send out emails, then no spam will be sent out. Yes. Unfortunately most asian ISPs appear to like hosting spammers. > Exactly.. when they block an innocent network to pressure a major > corporation > thay have crossed the line from being a good blacklist to being a tool for > extortion and libel. I read the summaries of email blocked by the blacklists from the ISPs I run. The vast majority of email blocked by the spews list is obviously spam (the From: addresses are obviously bogus or spam addresses), so for me it is provably working well! -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page
exim maildir
It seems that exim is by default set up to deliver to standard mbox format. What steps do I need to complete to make it use Maildir so I can use Courier-IMAP and Courier-POP with exim? Is there a how-to or similar somewhere? If not, I'll write one once I get this figured out. There seems to be a dearth of information online on the subject in an understandable format. Thanks, -- Michael MerrittO2/CO2 Conversion Specialist [w] [EMAIL PROTECTED] | www.miklm.com | (931) 205-1392 | AIM/MSN miklm "Piracy is not a technological issue. It's a behavior issue." --Steve Jobs
Re: dns to ldap
On Mon Feb 04 2002 at 09:50:01PM -0500 'Thedore Knab' <[EMAIL PROTECTED]> wrote: > I was wondering if anyone has their DNS in an LDAP directory. LDAP to DNS gateway [http://ldap2dns.tiscover.com/]. From the site: ldap2dns is a program to create DNS (Domain Name Service) records directly from a LDAP directory. It can and should be be used to replace the secondary name-server by a second primary one. ldap2dns reduces all kind of administration overhead: No more flat file editing, no more zone file editing. After having installed ldap2dns, the administrator only has to access the LDAP directory. Optionally she can add access control for each zone, create a GUI and add all other kind of zone and resource record information without interfering with the DNS server. ldap2dns is designed to write ASCII data files used by tinydns from the djbdns package, but also may be used to write .db-files used by named as found in the BIND package. Ciao Charl __ As far as the laws of mathematics refer to reality, they are not certain, and as far as they are certain, they do not refer to reality. --Albert Einstein __ [ Charl Matthee ] [ +27-11-721-3800 ] [ Entropic Reality Facilitator] [ +27-11-405-6508 ] __ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Company Merger
Title: eNewsletter 2 YOU ARE RECEIVING THIS EMAIL BECAUSE YOU HAVE EXPRESSED INTEREST IN PRODUCTS THAT WE CAN SAVE YOU MONEY ON. IF YOU WOULD LIKE TO BE REMOVED FROM OUR MAILING LIST PLEASE CLICK THE UNSUBSCRIBE LINK AT THE BOTTOM OF THIS EMAIL. WE CAN ASSURE YOU THAT YOU WILL BE REMOVED IMMEDIATELY. IImportant Announcement from J.C. Morris & Company For the past few years, our customers have enjoyed the ability to purchase computers and related products from manufacturers like Sony, Apple, IBM, Toshiba and Compaq at prices below wholesale.Now, J.C. Morris & Company has teamed up with an additional distributor, Allied Interactive Micro-Systems, a company that specializes in the world-wide distribution of computer hardware, software and electronics, from manufacturers like Bose, Pioneer and Canon.Heres your chance to get to know us, and from now until February 10, 2002 if you visit us on-line or in person and make a purchase, we will give you an additional 25% off our current price. This is our way of saying thank you for taking the time to visit our company.Sincerely,Jim MorrisVice PresidentJ.C. Morris & CompanyCome visit us today! Apple iMac$899.95Visit our Company on-line! Tower Place Center Suite 1800, 3340 Peachtree Road NEAtlanta, GA 303261-800-845-6215 Click here to unsubscribe from our mailing list. Or reply to this message with the word unsubscribe in the subject line.
Re: "transparent" firewall possible?
On Mon, 2002-02-04 at 22:13, Joel Michael wrote: > I got this information off a web site that's bookmarked on my work > computer, if you want I'll dig up the URL tomorrow. > well, the URL is http://www.sjdjweis.com/linux/proxyarp/ for those that are interested. Cheers, -- Joel Michael Systems Administrator Worldhosting.org Pty. Ltd. Ph: +61 7 3367 3555 Fax: +61 7 3367 3544 Mobile: +61 408 336 728 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: exim maildir
Michael Merritt <[EMAIL PROTECTED]> writes: > It seems that exim is by default set up to deliver to standard mbox format. > What steps do I need to complete to make it use Maildir so I can use > Courier-IMAP and Courier-POP with exim? Is there a how-to or similar > somewhere? If not, I'll write one once I get this figured out. There seems > to be a dearth of information online on the subject in an understandable > format. There aren't any howto's that I know of. By default, exim will use procmail as the MDA if a ~/.procmailrc exists. So, if you set up your ~/.procmailrc to deliver to a maildir, your mail will end up in a maildir. Exim can deliver to a maildir natively as well, though that would require modifications to /etc/exim/exim.conf . -- Brian Nelson <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Company Merger
Title: eNewsletter 2 YOU ARE RECEIVING THIS EMAIL BECAUSE YOU HAVE EXPRESSED INTEREST IN PRODUCTS THAT WE CAN SAVE YOU MONEY ON. IF YOU WOULD LIKE TO BE REMOVED FROM OUR MAILING LIST PLEASE CLICK THE UNSUBSCRIBE LINK AT THE BOTTOM OF THIS EMAIL. WE CAN ASSURE YOU THAT YOU WILL BE REMOVED IMMEDIATELY. IImportant Announcement from J.C. Morris & Company For the past few years, our customers have enjoyed the ability to purchase computers and related products from manufacturers like Sony, Apple, IBM, Toshiba and Compaq at prices below wholesale. J.C. Morris & Company has been able to accomplish this because of our direct relationship with distributors that use our Advertising & Marketing Services.Now, J.C. Morris & Company has teamed up with and additional distributor, Allied Interactive Micro-Systems, a company that specializes in the world-wide distribution of computer hardware, software and electronics, from manufacturers like Bose, Pioneer and Canon.Heres your chance to get to know us, and from now until February 8, 2002 if you visit us on-line or in person and would like to make a purchase, we will give you an additional 30% off our current selling price.This is our way of saying thank you for taking the time to visit our company.Should you have any questions please feel free to call us at 1-800-845-6215 or direct at 404-521-3624. If you would like to be remove from our mailing list just click on the link below. Sincerely,Jim MorrisVice PresidentJ.C. Morris & CompanyCome visit us today! Apple iMac$1099.00Visit our Company on-line! Tower Place Center Suite 1800, 3340 Peachtree Road NEAtlanta, GA 303261-888-567-2444 Click here to unsubscribe from our mailing list. Or reply to this message with the word unsubscribe in the subject line.
Re: OT: *****SPAM***** Re: unstable is "unstable"; stable is "outdated"]
On Mon, 4 Feb 2002 12:41, Jason Lim wrote: > > ORDB (ordb.ORG) lists open relays, SPEWS lists spammers. Using ORDB is > > very effective for blocking spammers who abuse open relays, but SPEWS > > can stop the direct spammers and their hosts. > > How are the spammers going to get their emails out? Most, if not all must > use open relays to send them out. Nowadays I think nearly all ISPs block They also use the mail servers of their ISPs and the PCs that they connect to the Internet as regular ISP customers. ISPs in Asia are notorious for allowing spammers to use their services. I have been seriously considering blocking my servers from receiving any mail from China and Taiwan as I seem to only receive spam from those countries. > direct sending of email from their IPs (that is, they cannot send "direct > to MX" email anymore, they must use either their ISP's email servers, or > an open relay somewhere). I think this is a good move by ISPs as it is > effective and is technically easy to do (simple port blocking) so even the > smallest of ISPs can implement this. > > Following that logic, it makes sense that if you block the method spammers > use to send out emails, then no spam will be sent out. Yes. Unfortunately most asian ISPs appear to like hosting spammers. > Exactly.. when they block an innocent network to pressure a major > corporation > thay have crossed the line from being a good blacklist to being a tool for > extortion and libel. I read the summaries of email blocked by the blacklists from the ISPs I run. The vast majority of email blocked by the spews list is obviously spam (the From: addresses are obviously bogus or spam addresses), so for me it is provably working well! -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
dns to ldap
I was wondering if anyone has their DNS in an LDAP directory. For the people that have, does this cut down on adminstration time ? Are there any books, how-tos, or projects that you could recommend for this ? -Ted
exim maildir
It seems that exim is by default set up to deliver to standard mbox format. What steps do I need to complete to make it use Maildir so I can use Courier-IMAP and Courier-POP with exim? Is there a how-to or similar somewhere? If not, I'll write one once I get this figured out. There seems to be a dearth of information online on the subject in an understandable format. Thanks, -- Michael MerrittO2/CO2 Conversion Specialist [w] [EMAIL PROTECTED] | www.miklm.com | (931) 205-1392 | AIM/MSN miklm "Piracy is not a technological issue. It's a behavior issue." --Steve Jobs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Multi-domain POP/IMAP server
hi ya if you were to use sendmail... ( i think it'd work with exim too?? donno ) have fun mailing alvin http://www.Linux-1U.net ... 1U stuff for p4/amd toys ... for virtual domains pop/imap servers... /etc/mail/local-host-names ( sendmail.cw ) domain_1.com pop.domain_1.com mail.domain_1.com domain_two.com pop.domain_two.com mail.domain-two.com # this is the "real" machine name primary.com pop.primary.com mail.primary.com pinging those domain names should have the same ip# if oyu wnat to use just one server... ( fix your dns till it works right ) /etc/mail/virtusertable [EMAIL PROTECTED] webmaster,[EMAIL PROTECTED] [EMAIL PROTECTED] webmaster,[EMAIL PROTECTED] [EMAIL PROTECTED] webmaster who can send email thru your server ( arriving at the recepeint as coming from [EMAIL PROTECTED] /etc/mail/relay-domains /etc/mail/relay_allow if you wanna stop some spam... ( the hard way ) /etc/mail/access -->> -->> make the new db in /etc/mail && dont forget to restart sendmail -->> now setting up pop/imap ( use secure pop3s or imaps instead ) .. standard issue... ... /etc/hosts.allow /etc/hosts.deny .. test it telnet pop.domain_1.com 110 ( regular pop ) telnet pop.domain_1.com 995 ( might fail - checks protocol ) - use a SSL enable client to do secure pop3/secure imaps IE, netscape, eudora, etc..etc.. stunnel, ssh, etc... Secure pop3 ( howto info ) http://www.Linux-Sec.net/Mail/secure_pop3.txt On Mon, 4 Feb 2002, Michael Merritt wrote: > I need a POP & IMAP server that support multiple (virtual) domains on a > single IP address. > > Suggestions?
Company Merger
Title: eNewsletter 2 YOU ARE RECEIVING THIS EMAIL BECAUSE YOU HAVE EXPRESSED INTEREST IN PRODUCTS THAT WE CAN SAVE YOU MONEY ON. IF YOU WOULD LIKE TO BE REMOVED FROM OUR MAILING LIST PLEASE CLICK THE UNSUBSCRIBE LINK AT THE BOTTOM OF THIS EMAIL. WE CAN ASSURE YOU THAT YOU WILL BE REMOVED IMMEDIATELY. IImportant Announcement from J.C. Morris & Company For the past few years, our customers have enjoyed the ability to purchase computers and related products from manufacturers like Sony, Apple, IBM, Toshiba and Compaq at prices below wholesale.Now, J.C. Morris & Company has teamed up with an additional distributor, Allied Interactive Micro-Systems, a company that specializes in the world-wide distribution of computer hardware, software and electronics, from manufacturers like Bose, Pioneer and Canon.Heres your chance to get to know us, and from now until February 10, 2002 if you visit us on-line or in person and make a purchase, we will give you an additional 25% off our current price. This is our way of saying thank you for taking the time to visit our company.Sincerely,Jim MorrisVice PresidentJ.C. Morris & CompanyCome visit us today! Apple iMac$899.95Visit our Company on-line! Tower Place Center Suite 1800, 3340 Peachtree Road NEAtlanta, GA 303261-800-845-6215 Click here to unsubscribe from our mailing list. Or reply to this message with the word unsubscribe in the subject line.
Company Merger
Title: eNewsletter 2 YOU ARE RECEIVING THIS EMAIL BECAUSE YOU HAVE EXPRESSED INTEREST IN PRODUCTS THAT WE CAN SAVE YOU MONEY ON. IF YOU WOULD LIKE TO BE REMOVED FROM OUR MAILING LIST PLEASE CLICK THE UNSUBSCRIBE LINK AT THE BOTTOM OF THIS EMAIL. WE CAN ASSURE YOU THAT YOU WILL BE REMOVED IMMEDIATELY. IImportant Announcement from J.C. Morris & Company For the past few years, our customers have enjoyed the ability to purchase computers and related products from manufacturers like Sony, Apple, IBM, Toshiba and Compaq at prices below wholesale. J.C. Morris & Company has been able to accomplish this because of our direct relationship with distributors that use our Advertising & Marketing Services.Now, J.C. Morris & Company has teamed up with and additional distributor, Allied Interactive Micro-Systems, a company that specializes in the world-wide distribution of computer hardware, software and electronics, from manufacturers like Bose, Pioneer and Canon.Heres your chance to get to know us, and from now until February 8, 2002 if you visit us on-line or in person and would like to make a purchase, we will give you an additional 30% off our current selling price.This is our way of saying thank you for taking the time to visit our company.Should you have any questions please feel free to call us at 1-800-845-6215 or direct at 404-521-3624. If you would like to be remove from our mailing list just click on the link below. Sincerely,Jim MorrisVice PresidentJ.C. Morris & CompanyCome visit us today! Apple iMac$1099.00Visit our Company on-line! Tower Place Center Suite 1800, 3340 Peachtree Road NEAtlanta, GA 303261-888-567-2444 Click here to unsubscribe from our mailing list. Or reply to this message with the word unsubscribe in the subject line.
dns to ldap
I was wondering if anyone has their DNS in an LDAP directory. For the people that have, does this cut down on adminstration time ? Are there any books, how-tos, or projects that you could recommend for this ? -Ted -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Multi-domain POP/IMAP server
hi ya if you were to use sendmail... ( i think it'd work with exim too?? donno ) have fun mailing alvin http://www.Linux-1U.net ... 1U stuff for p4/amd toys ... for virtual domains pop/imap servers... /etc/mail/local-host-names ( sendmail.cw ) domain_1.com pop.domain_1.com mail.domain_1.com domain_two.com pop.domain_two.com mail.domain-two.com # this is the "real" machine name primary.com pop.primary.com mail.primary.com pinging those domain names should have the same ip# if oyu wnat to use just one server... ( fix your dns till it works right ) /etc/mail/virtusertable [EMAIL PROTECTED] webmaster,[EMAIL PROTECTED] [EMAIL PROTECTED] webmaster,[EMAIL PROTECTED] [EMAIL PROTECTED] webmaster who can send email thru your server ( arriving at the recepeint as coming from [EMAIL PROTECTED] /etc/mail/relay-domains /etc/mail/relay_allow if you wanna stop some spam... ( the hard way ) /etc/mail/access -->> -->> make the new db in /etc/mail && dont forget to restart sendmail -->> now setting up pop/imap ( use secure pop3s or imaps instead ) .. standard issue... ... /etc/hosts.allow /etc/hosts.deny .. test it telnet pop.domain_1.com 110 ( regular pop ) telnet pop.domain_1.com 995 ( might fail - checks protocol ) - use a SSL enable client to do secure pop3/secure imaps IE, netscape, eudora, etc..etc.. stunnel, ssh, etc... Secure pop3 ( howto info ) http://www.Linux-Sec.net/Mail/secure_pop3.txt On Mon, 4 Feb 2002, Michael Merritt wrote: > I need a POP & IMAP server that support multiple (virtual) domains on a > single IP address. > > Suggestions? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Multi-domain POP/IMAP server
le 4/02/02 21:50, Michael Merritt (by way of Michael Merritt <[EMAIL PROTECTED]>) à [EMAIL PROTECTED] a écrit : > I need a POP & IMAP server that support multiple (virtual) domains on a > single IP address. > > Suggestions? courier-pop + courier-imap works like a charme Ghislain.
Re: Multi-domain POP/IMAP server
On Mon, 4 Feb 2002, Michael Merritt wrote: > I need a POP & IMAP server that support multiple (virtual) domains on a > single IP address. > > Suggestions? I dealt with this using qmail and used a home-grown checkpasswd script for its POP3 server. That script accepted a full [EMAIL PROTECTED] as the login and returned the correct maildir based on that. Very effective. Also, the authentication mechanism using an external script even allowed me to use a fully virtual setup (using only one unix uid) and to query a radius box for passwords, but of course your're free to choose any backend setup you like. Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.xs4all.nl/~evbergen/
RE: Multi-domain POP/IMAP server
Qmail with vchkpw Apt-get install qmail-src ucspi-tcp-src vchkpw Build-qmail Build ucspi-tcp That's what I like -Original Message- From: Michael Merritt (by way of Michael Merritt <[EMAIL PROTECTED]>) [mailto:[EMAIL PROTECTED] Sent: Monday, February 04, 2002 3:51 PM To: debian-isp@lists.debian.org; debian-user@lists.debian.org Subject: Multi-domain POP/IMAP server I need a POP & IMAP server that support multiple (virtual) domains on a single IP address. Suggestions? -- Michael MerrittO2/CO2 Conversion Specialist [w] [EMAIL PROTECTED] | www.miklm.com | (931) 205-1392 | AIM/MSN miklm "Piracy is not a technological issue. It's a behavior issue." --Steve Jobs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Multi-domain POP/IMAP server
I need a POP & IMAP server that support multiple (virtual) domains on a single IP address. Suggestions? -- Michael MerrittO2/CO2 Conversion Specialist [w] [EMAIL PROTECTED] | www.miklm.com | (931) 205-1392 | AIM/MSN miklm "Piracy is not a technological issue. It's a behavior issue." --Steve Jobs
Re: Multi-domain POP/IMAP server
le 4/02/02 21:50, Michael Merritt (by way of Michael Merritt <[EMAIL PROTECTED]>) à [EMAIL PROTECTED] a écrit : > I need a POP & IMAP server that support multiple (virtual) domains on a > single IP address. > > Suggestions? courier-pop + courier-imap works like a charme Ghislain. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Multi-domain POP/IMAP server
On Mon, 4 Feb 2002, Michael Merritt wrote: > I need a POP & IMAP server that support multiple (virtual) domains on a > single IP address. > > Suggestions? I dealt with this using qmail and used a home-grown checkpasswd script for its POP3 server. That script accepted a full user@domain as the login and returned the correct maildir based on that. Very effective. Also, the authentication mechanism using an external script even allowed me to use a fully virtual setup (using only one unix uid) and to query a radius box for passwords, but of course your're free to choose any backend setup you like. Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.xs4all.nl/~evbergen/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: Multi-domain POP/IMAP server
Qmail with vchkpw Apt-get install qmail-src ucspi-tcp-src vchkpw Build-qmail Build ucspi-tcp That's what I like -Original Message- From: Michael Merritt (by way of Michael Merritt <[EMAIL PROTECTED]>) [mailto:[EMAIL PROTECTED]] Sent: Monday, February 04, 2002 3:51 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Multi-domain POP/IMAP server I need a POP & IMAP server that support multiple (virtual) domains on a single IP address. Suggestions? -- Michael MerrittO2/CO2 Conversion Specialist [w] [EMAIL PROTECTED] | www.miklm.com | (931) 205-1392 | AIM/MSN miklm "Piracy is not a technological issue. It's a behavior issue." --Steve Jobs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Multi-domain POP/IMAP server
I need a POP & IMAP server that support multiple (virtual) domains on a single IP address. Suggestions? -- Michael MerrittO2/CO2 Conversion Specialist [w] [EMAIL PROTECTED] | www.miklm.com | (931) 205-1392 | AIM/MSN miklm "Piracy is not a technological issue. It's a behavior issue." --Steve Jobs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mass installation procedure for Debian?
Hello Oliver On 2 Feb 2002, at 12:33, Oliver Andrich wrote: > I have to deal in the near future with a lot of Debian machines, that I will > setup and configure for two customers. I like to develop or use some mechanism > for mass installation of these machines, and for easily setting up a spare > part machine if one crashes. We use this installation procedure. It is not really "mass" but can generate a debian stable machine tailored for our customer's requirements quite quickly. These are not identical machines - each one goes to a new customer with specific requirements. Also each machine can, and often does, have different hardware: - Boot off boot floppies - Load base.tgz over the LAN from our mirror server. - Follow prompts on debian setup to setup network, DNS, apt sources, root password, user account and password etc. - Break out of the installation process when dselect is started. - Download a "tar.gz" file which has various customized things in it. This is unpacked into /etc, /usr/local and /var/www. - Run dpkg --set-selections < /etc/deblist (deblist is one of the files in our tarball). - Run apt-get and let it install the required packages. Note the contents of our /etc/ files are typically listed as configuration files. When dpkg asks if you want to overwrite them, we say NO. - We do some global edits on /etc. For example if our tarball has customerdomain.com we search and replace it with the customer's real domain. We use mc for this and manually check each replacement just to make sure. - If there are packages required which are not on our standard list, they get installed last. This often includes a customized kernel. - Each machine is fully tested. DNS, dhcp, samba, isp dial-out, ras dial-in, mail in, mail out, proxy server etc. - Details of the setup are documented and the machine is ready for delivery. The slowest part of the job is waiting for dpkg to run all of the install scripts. With decent hardware it is not really too bad. Testing requires some application of grey matter. When we are under pressure, we can get a production ready e- mail server or webserver out in under an hour. I have done quite a lot of development with the contents of the tar.gz. We also use a detailed check list. I have tried setting up a custom "base.tgz" but that was to fiddly and to prone to bugs. I also looked at customizing the install disks, but backed off from that too. Maybe when I get a bit more time... We also have a script for backing up /etc and a few other key files and directories into a tar.gz file and rsync-ing it onto our backup server. We run the script whenever we work on a customers machine. If the machine has a disk crash we can rebuild it from scratch, using the same procedure and the backup tar.gz file instead of the generic one. Regards Ian - Ian Forbes ZSD http://www.zsd.co.za Office: +27 21 683-1388 Fax: +27 21 674-1106 Snail Mail: P.O. Box 46827, Glosderry, 7702, South Africa -
RE: dist-upgrade on remote server
Whenever I did an apt-get dist-upgrade I never had a problem with doing that. To be safe, I believe what you could do, is edit your sources.list to woody, and then do "apt-get update" to get the newest list. Then you could apt-get install ssh, and I believe it should upgrade your version if there have been updates. Then do a dist-upgrade and it won't touch ssh. I've had debian on my webserver for a year or so, and installed many times on my laptop or pc, and never had any problems with dist-upgrading. -Original Message- From: Andreas Rabus [mailto:[EMAIL PROTECTED] Sent: Monday, February 04, 2002 9:16 AM To: Debian ISP List (E-Mail) Subject: dist-upgrade on remote server Hi, there was an thread about potaota/woody on the weekend, but i didn't get an important answer: I'd like to "dist-upgrade" our potato InternetServer in production to woodo and i have only a ssh and telnet-ssl connection to that box. So, what's the best way to do it? If i lost net connection, i'm stuck. (Grab a monitor, a keyboard etc. take it to the cellar of the box at the other end of the city, reboot, wait, repait and menawhile i got a few hoers downtime...) That's s.th. i'm afaraid of so i should try to avoid it... But how can a connecten get lost whiel dist-upgrade and what can i do to avoid this? I have an other box wich ist nearly similar t that interbox in the LAN, so i can try it there first, but they dont share the network connectin and config. An i can't switch boxes, the are to different. Has anybody done s.th. like that before? With succes? Failed? ar Andreas Rabus entity38 AG Theresienstraße 29 80333 München Tel +49 (89) 286772-27 Fax +49 (89) 286772-21 ISDN +49 (89) 286772-30 ICQ #132675697 [EMAIL PROTECTED] www.entity38.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
dist-upgrade on remote server
Hi, there was an thread about potaota/woody on the weekend, but i didn't get an important answer: I'd like to "dist-upgrade" our potato InternetServer in production to woodo and i have only a ssh and telnet-ssl connection to that box. So, what's the best way to do it? If i lost net connection, i'm stuck. (Grab a monitor, a keyboard etc. take it to the cellar of the box at the other end of the city, reboot, wait, repait and menawhile i got a few hoers downtime...) That's s.th. i'm afaraid of so i should try to avoid it... But how can a connecten get lost whiel dist-upgrade and what can i do to avoid this? I have an other box wich ist nearly similar t that interbox in the LAN, so i can try it there first, but they dont share the network connectin and config. An i can't switch boxes, the are to different. Has anybody done s.th. like that before? With succes? Failed? ar Andreas Rabus entity38 AG Theresienstraße 29 80333 München Tel +49 (89) 286772-27 Fax +49 (89) 286772-21 ISDN +49 (89) 286772-30 ICQ #132675697 [EMAIL PROTECTED] www.entity38.de
Re: woody's sendmail on potato
On Mon, 04 Feb 2002 15:00:45 +0100, "Davi Leal" writes: >> > Not sure but it's safe to use Postfix, so why not use that? >> >> Let's not get into religious arguments, since that's not the question >> asked. He's got a running sendmail config; upgrading to a new version is >> less work than converting to a different mail system. > >Yes, this is the point. However, I failed at this conversion, so I'm now running the stable sendmail on a testing/unstable box... cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / pgpq9QBx7uuJa.pgp Description: PGP signature
Re: woody's sendmail on potato
> > Not sure but it's safe to use Postfix, so why not use that? > > Let's not get into religious arguments, since that's not the question > asked. He's got a running sendmail config; upgrading to a new version is > less work than converting to a different mail system. Yes, this is the point.
Re: Mass installation procedure for Debian?
Hello Oliver On 2 Feb 2002, at 12:33, Oliver Andrich wrote: > I have to deal in the near future with a lot of Debian machines, that I will > setup and configure for two customers. I like to develop or use some mechanism > for mass installation of these machines, and for easily setting up a spare > part machine if one crashes. We use this installation procedure. It is not really "mass" but can generate a debian stable machine tailored for our customer's requirements quite quickly. These are not identical machines - each one goes to a new customer with specific requirements. Also each machine can, and often does, have different hardware: - Boot off boot floppies - Load base.tgz over the LAN from our mirror server. - Follow prompts on debian setup to setup network, DNS, apt sources, root password, user account and password etc. - Break out of the installation process when dselect is started. - Download a "tar.gz" file which has various customized things in it. This is unpacked into /etc, /usr/local and /var/www. - Run dpkg --set-selections < /etc/deblist (deblist is one of the files in our tarball). - Run apt-get and let it install the required packages. Note the contents of our /etc/ files are typically listed as configuration files. When dpkg asks if you want to overwrite them, we say NO. - We do some global edits on /etc. For example if our tarball has customerdomain.com we search and replace it with the customer's real domain. We use mc for this and manually check each replacement just to make sure. - If there are packages required which are not on our standard list, they get installed last. This often includes a customized kernel. - Each machine is fully tested. DNS, dhcp, samba, isp dial-out, ras dial-in, mail in, mail out, proxy server etc. - Details of the setup are documented and the machine is ready for delivery. The slowest part of the job is waiting for dpkg to run all of the install scripts. With decent hardware it is not really too bad. Testing requires some application of grey matter. When we are under pressure, we can get a production ready e- mail server or webserver out in under an hour. I have done quite a lot of development with the contents of the tar.gz. We also use a detailed check list. I have tried setting up a custom "base.tgz" but that was to fiddly and to prone to bugs. I also looked at customizing the install disks, but backed off from that too. Maybe when I get a bit more time... We also have a script for backing up /etc and a few other key files and directories into a tar.gz file and rsync-ing it onto our backup server. We run the script whenever we work on a customers machine. If the machine has a disk crash we can rebuild it from scratch, using the same procedure and the backup tar.gz file instead of the generic one. Regards Ian - Ian Forbes ZSD http://www.zsd.co.za Office: +27 21 683-1388 Fax: +27 21 674-1106 Snail Mail: P.O. Box 46827, Glosderry, 7702, South Africa - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: woody's sendmail on potato
Davi Leal writes: > Is it safe using the woody's sendmail (sendmail 8.12.1-5) on a potato > distribution?. Note that the host is a server on production. I'm running 8.12.1, but I did a compile from the source tarball. I try to stay on top of the latest sendmail, and I don't like having to wait for soemone to make up a deb of it. > Not sure but it's safe to use Postfix, so why not use that? Let's not get into religious arguments, since that's not the question asked. He's got a running sendmail config; upgrading to a new version is less work than converting to a different mail system. -packy Packy AndersonDardan Web Assoc. 518/266-1226 CEO/Webmaster PO Box 94 www.dardan.com [EMAIL PROTECTED] Troy, NY 12181-0094 O- Small Business Websites Since 1995.
RE: dist-upgrade on remote server
Whenever I did an apt-get dist-upgrade I never had a problem with doing that. To be safe, I believe what you could do, is edit your sources.list to woody, and then do "apt-get update" to get the newest list. Then you could apt-get install ssh, and I believe it should upgrade your version if there have been updates. Then do a dist-upgrade and it won't touch ssh. I've had debian on my webserver for a year or so, and installed many times on my laptop or pc, and never had any problems with dist-upgrading. -Original Message- From: Andreas Rabus [mailto:[EMAIL PROTECTED]] Sent: Monday, February 04, 2002 9:16 AM To: Debian ISP List (E-Mail) Subject: dist-upgrade on remote server Hi, there was an thread about potaota/woody on the weekend, but i didn't get an important answer: I'd like to "dist-upgrade" our potato InternetServer in production to woodo and i have only a ssh and telnet-ssl connection to that box. So, what's the best way to do it? If i lost net connection, i'm stuck. (Grab a monitor, a keyboard etc. take it to the cellar of the box at the other end of the city, reboot, wait, repait and menawhile i got a few hoers downtime...) That's s.th. i'm afaraid of so i should try to avoid it... But how can a connecten get lost whiel dist-upgrade and what can i do to avoid this? I have an other box wich ist nearly similar t that interbox in the LAN, so i can try it there first, but they dont share the network connectin and config. An i can't switch boxes, the are to different. Has anybody done s.th. like that before? With succes? Failed? ar Andreas Rabus entity38 AG Theresienstraße 29 80333 München Tel +49 (89) 286772-27 Fax +49 (89) 286772-21 ISDN +49 (89) 286772-30 ICQ #132675697 [EMAIL PROTECTED] www.entity38.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: "transparent" firewall possible?
On Mon, 2002-02-04 at 20:17, Jason Lim wrote: > Probably someone has done all this in the past, and in fact I have found a > distro that *sounds* like it does this, but it is a weird heavily > customized Redhat, and I would perfer to stick with the Debian that we all > love. > I'm doing something similar to this using proxy arp and a single IP address on the network, with a Debian box running a 2.4 kernel. The steps I took are roughly as follows: configure both NICs with the same IP address. For convenience, use the highest IP address in your netblock. Assuming your netblock is 192.168.0.0/24, the firewall's IP is 192.168.0.254, and the default gateway is 192.168.0.1, run the following: echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp ip route del 192.168.0.0/24 dev eth0 ip route del 192.168.0.0/24 dev eth1 ip route add 192.168.0.1 dev eth0 ip route add 192.168.0.0/24 dev eth1 echo 1 > /proc/sys/net/ipv4/ip_forward before you do that, you'll want to do some firewalling. You'll need to use the FORWARD table for your rules going to the hosts you're protecting. I personally find it easier to make a pile of rules in your FORWARD table jumping to per-IP chains, e.g: iptables -N fw_2 iptables -A fw_2 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A fw_2 -m state --state NEW -p tcp --dport 80 -j ACCEPT iptables -A fw_2 -j LOG iptables -A fw_2 -j DROP iptables -A FORWARD -d 192.168.0.2 -j fw_2 and so on, for your firewall rules. Don't forget the INPUT and OUTPUT chains to catch things going directly to your firewall. I got this information off a web site that's bookmarked on my work computer, if you want I'll dig up the URL tomorrow. Anyway, hope that helps!
dist-upgrade on remote server
Hi, there was an thread about potaota/woody on the weekend, but i didn't get an important answer: I'd like to "dist-upgrade" our potato InternetServer in production to woodo and i have only a ssh and telnet-ssl connection to that box. So, what's the best way to do it? If i lost net connection, i'm stuck. (Grab a monitor, a keyboard etc. take it to the cellar of the box at the other end of the city, reboot, wait, repait and menawhile i got a few hoers downtime...) That's s.th. i'm afaraid of so i should try to avoid it... But how can a connecten get lost whiel dist-upgrade and what can i do to avoid this? I have an other box wich ist nearly similar t that interbox in the LAN, so i can try it there first, but they dont share the network connectin and config. An i can't switch boxes, the are to different. Has anybody done s.th. like that before? With succes? Failed? ar Andreas Rabus entity38 AG Theresienstraße 29 80333 München Tel +49 (89) 286772-27 Fax +49 (89) 286772-21 ISDN +49 (89) 286772-30 ICQ #132675697 [EMAIL PROTECTED] www.entity38.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
R: "transparent" firewall possible?
>Probably someone has done all this in the past, and in fact I have found a >distro that *sounds* like it does this, but it is a weird heavily >customized Redhat, and I would perfer to stick with the Debian that we all >love. Hi Jason, could you please post the URL of the "heavily customized" RH distro you mention above? Thanx, Seba.
Re: woody's sendmail on potato
On Mon, 04 Feb 2002 15:00:45 +0100, "Davi Leal" writes: >> > Not sure but it's safe to use Postfix, so why not use that? >> >> Let's not get into religious arguments, since that's not the question >> asked. He's got a running sendmail config; upgrading to a new version is >> less work than converting to a different mail system. > >Yes, this is the point. However, I failed at this conversion, so I'm now running the stable sendmail on a testing/unstable box... cheers, &rw -- / Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \ \ <[EMAIL PROTECTED]> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 / msg05218/pgp0.pgp Description: PGP signature
Re: woody's sendmail on potato
> > Not sure but it's safe to use Postfix, so why not use that? > > Let's not get into religious arguments, since that's not the question > asked. He's got a running sendmail config; upgrading to a new version is > less work than converting to a different mail system. Yes, this is the point. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: woody's sendmail on potato
Davi Leal writes: > Is it safe using the woody's sendmail (sendmail 8.12.1-5) on a potato > distribution?. Note that the host is a server on production. I'm running 8.12.1, but I did a compile from the source tarball. I try to stay on top of the latest sendmail, and I don't like having to wait for soemone to make up a deb of it. > Not sure but it's safe to use Postfix, so why not use that? Let's not get into religious arguments, since that's not the question asked. He's got a running sendmail config; upgrading to a new version is less work than converting to a different mail system. -packy Packy AndersonDardan Web Assoc. 518/266-1226 CEO/Webmaster PO Box 94 www.dardan.com [EMAIL PROTECTED] Troy, NY 12181-0094 O- Small Business Websites Since 1995. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: "transparent" firewall possible?
Thanks for directing me to that website... lots of relevent information there. Thankfully we are running 2.4 on nearly all boxes now, so everything is already there :-) - Original Message - From: "Matt Ryan" <[EMAIL PROTECTED]> To: "Jason Lim" <[EMAIL PROTECTED]>; Sent: Monday, February 04, 2002 6:29 PM Subject: Re: "transparent" firewall possible? > Its possible, in fact there has been a thread running over that last week or > so about defining rules for use in this way. The best place to start is > probably http://bridge.sourceforge.net/ as that has the relevant patches. > > > Matt. > > - Original Message - > From: "Jason Lim" <[EMAIL PROTECTED]> > To: > Sent: Monday, February 04, 2002 10:17 AM > Subject: "transparent" firewall possible? > > > > Hi, > > > > I was wondering about this... > > > > Is it possible to have a completely plug-n-play transparent firewall > > setup? For example, all that would need to be entered into the firewall's > > setup is the IP(s) that should be recognized, and the ports that should be > > recognized. > > > > The box would have 2 NIC cards... MZ (the internet) and LAN (behind > > firewall)... > > > > All the box does would be to bridge the two NICs, and perform "filtering" > > in between the bridge. > > > > I have something like that running right now (not working properly yet)... > > I am using the "bridging-utils" in Debian testing to bridge eth0 (lan) and > > eth1 (internet), and have iptables to do some filtering on incoming > > packets on eth1. But does the bridging in the kernel pass the packets > > directly from eth1 to eth0 before it hits the netfilter code? Or does the > > netfilter code (and hence iptables) act first, filter the traffic, THEN > > pass the data from eth1 to eth0? > > > > Probably someone has done all this in the past, and in fact I have found a > > distro that *sounds* like it does this, but it is a weird heavily > > customized Redhat, and I would perfer to stick with the Debian that we all > > love. > > > > Sincerely, > > Jason > > >
Re: "transparent" firewall possible?
Its possible, in fact there has been a thread running over that last week or so about defining rules for use in this way. The best place to start is probably http://bridge.sourceforge.net/ as that has the relevant patches. Matt. - Original Message - From: "Jason Lim" <[EMAIL PROTECTED]> To: Sent: Monday, February 04, 2002 10:17 AM Subject: "transparent" firewall possible? > Hi, > > I was wondering about this... > > Is it possible to have a completely plug-n-play transparent firewall > setup? For example, all that would need to be entered into the firewall's > setup is the IP(s) that should be recognized, and the ports that should be > recognized. > > The box would have 2 NIC cards... MZ (the internet) and LAN (behind > firewall)... > > All the box does would be to bridge the two NICs, and perform "filtering" > in between the bridge. > > I have something like that running right now (not working properly yet)... > I am using the "bridging-utils" in Debian testing to bridge eth0 (lan) and > eth1 (internet), and have iptables to do some filtering on incoming > packets on eth1. But does the bridging in the kernel pass the packets > directly from eth1 to eth0 before it hits the netfilter code? Or does the > netfilter code (and hence iptables) act first, filter the traffic, THEN > pass the data from eth1 to eth0? > > Probably someone has done all this in the past, and in fact I have found a > distro that *sounds* like it does this, but it is a weird heavily > customized Redhat, and I would perfer to stick with the Debian that we all > love. > > Sincerely, > Jason
"transparent" firewall possible?
Hi, I was wondering about this... Is it possible to have a completely plug-n-play transparent firewall setup? For example, all that would need to be entered into the firewall's setup is the IP(s) that should be recognized, and the ports that should be recognized. The box would have 2 NIC cards... MZ (the internet) and LAN (behind firewall)... All the box does would be to bridge the two NICs, and perform "filtering" in between the bridge. I have something like that running right now (not working properly yet)... I am using the "bridging-utils" in Debian testing to bridge eth0 (lan) and eth1 (internet), and have iptables to do some filtering on incoming packets on eth1. But does the bridging in the kernel pass the packets directly from eth1 to eth0 before it hits the netfilter code? Or does the netfilter code (and hence iptables) act first, filter the traffic, THEN pass the data from eth1 to eth0? Probably someone has done all this in the past, and in fact I have found a distro that *sounds* like it does this, but it is a weird heavily customized Redhat, and I would perfer to stick with the Debian that we all love. Sincerely, Jason
Re: woody's sendmail on potato
On Mon, Feb 04, 2002 at 11:27:41AM +0100, Davi Leal wrote: > Is it safe using the woody's sendmail (sendmail 8.12.1-5) on a potato > distribution?. Note that the host is a server on production. Not sure but it's safe to use Postfix, so why not use that? -- Jeremy Lunn Melbourne, Australia http://www.jabber.org/ - the next generation of Instant Messaging.
Re: "transparent" firewall possible?
On Mon, 2002-02-04 at 20:17, Jason Lim wrote: > Probably someone has done all this in the past, and in fact I have found a > distro that *sounds* like it does this, but it is a weird heavily > customized Redhat, and I would perfer to stick with the Debian that we all > love. > I'm doing something similar to this using proxy arp and a single IP address on the network, with a Debian box running a 2.4 kernel. The steps I took are roughly as follows: configure both NICs with the same IP address. For convenience, use the highest IP address in your netblock. Assuming your netblock is 192.168.0.0/24, the firewall's IP is 192.168.0.254, and the default gateway is 192.168.0.1, run the following: echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp ip route del 192.168.0.0/24 dev eth0 ip route del 192.168.0.0/24 dev eth1 ip route add 192.168.0.1 dev eth0 ip route add 192.168.0.0/24 dev eth1 echo 1 > /proc/sys/net/ipv4/ip_forward before you do that, you'll want to do some firewalling. You'll need to use the FORWARD table for your rules going to the hosts you're protecting. I personally find it easier to make a pile of rules in your FORWARD table jumping to per-IP chains, e.g: iptables -N fw_2 iptables -A fw_2 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A fw_2 -m state --state NEW -p tcp --dport 80 -j ACCEPT iptables -A fw_2 -j LOG iptables -A fw_2 -j DROP iptables -A FORWARD -d 192.168.0.2 -j fw_2 and so on, for your firewall rules. Don't forget the INPUT and OUTPUT chains to catch things going directly to your firewall. I got this information off a web site that's bookmarked on my work computer, if you want I'll dig up the URL tomorrow. Anyway, hope that helps! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
R: "transparent" firewall possible?
>Probably someone has done all this in the past, and in fact I have found a >distro that *sounds* like it does this, but it is a weird heavily >customized Redhat, and I would perfer to stick with the Debian that we all >love. Hi Jason, could you please post the URL of the "heavily customized" RH distro you mention above? Thanx, Seba. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
woody's sendmail on potato
Is it safe using the woody's sendmail (sendmail 8.12.1-5) on a potato distribution?. Note that the host is a server on production. Regards, Davi Leal
Re: "transparent" firewall possible?
Thanks for directing me to that website... lots of relevent information there. Thankfully we are running 2.4 on nearly all boxes now, so everything is already there :-) - Original Message - From: "Matt Ryan" <[EMAIL PROTECTED]> To: "Jason Lim" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, February 04, 2002 6:29 PM Subject: Re: "transparent" firewall possible? > Its possible, in fact there has been a thread running over that last week or > so about defining rules for use in this way. The best place to start is > probably http://bridge.sourceforge.net/ as that has the relevant patches. > > > Matt. > > - Original Message - > From: "Jason Lim" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, February 04, 2002 10:17 AM > Subject: "transparent" firewall possible? > > > > Hi, > > > > I was wondering about this... > > > > Is it possible to have a completely plug-n-play transparent firewall > > setup? For example, all that would need to be entered into the firewall's > > setup is the IP(s) that should be recognized, and the ports that should be > > recognized. > > > > The box would have 2 NIC cards... MZ (the internet) and LAN (behind > > firewall)... > > > > All the box does would be to bridge the two NICs, and perform "filtering" > > in between the bridge. > > > > I have something like that running right now (not working properly yet)... > > I am using the "bridging-utils" in Debian testing to bridge eth0 (lan) and > > eth1 (internet), and have iptables to do some filtering on incoming > > packets on eth1. But does the bridging in the kernel pass the packets > > directly from eth1 to eth0 before it hits the netfilter code? Or does the > > netfilter code (and hence iptables) act first, filter the traffic, THEN > > pass the data from eth1 to eth0? > > > > Probably someone has done all this in the past, and in fact I have found a > > distro that *sounds* like it does this, but it is a weird heavily > > customized Redhat, and I would perfer to stick with the Debian that we all > > love. > > > > Sincerely, > > Jason > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: "transparent" firewall possible?
Its possible, in fact there has been a thread running over that last week or so about defining rules for use in this way. The best place to start is probably http://bridge.sourceforge.net/ as that has the relevant patches. Matt. - Original Message - From: "Jason Lim" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, February 04, 2002 10:17 AM Subject: "transparent" firewall possible? > Hi, > > I was wondering about this... > > Is it possible to have a completely plug-n-play transparent firewall > setup? For example, all that would need to be entered into the firewall's > setup is the IP(s) that should be recognized, and the ports that should be > recognized. > > The box would have 2 NIC cards... MZ (the internet) and LAN (behind > firewall)... > > All the box does would be to bridge the two NICs, and perform "filtering" > in between the bridge. > > I have something like that running right now (not working properly yet)... > I am using the "bridging-utils" in Debian testing to bridge eth0 (lan) and > eth1 (internet), and have iptables to do some filtering on incoming > packets on eth1. But does the bridging in the kernel pass the packets > directly from eth1 to eth0 before it hits the netfilter code? Or does the > netfilter code (and hence iptables) act first, filter the traffic, THEN > pass the data from eth1 to eth0? > > Probably someone has done all this in the past, and in fact I have found a > distro that *sounds* like it does this, but it is a weird heavily > customized Redhat, and I would perfer to stick with the Debian that we all > love. > > Sincerely, > Jason -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
"transparent" firewall possible?
Hi, I was wondering about this... Is it possible to have a completely plug-n-play transparent firewall setup? For example, all that would need to be entered into the firewall's setup is the IP(s) that should be recognized, and the ports that should be recognized. The box would have 2 NIC cards... MZ (the internet) and LAN (behind firewall)... All the box does would be to bridge the two NICs, and perform "filtering" in between the bridge. I have something like that running right now (not working properly yet)... I am using the "bridging-utils" in Debian testing to bridge eth0 (lan) and eth1 (internet), and have iptables to do some filtering on incoming packets on eth1. But does the bridging in the kernel pass the packets directly from eth1 to eth0 before it hits the netfilter code? Or does the netfilter code (and hence iptables) act first, filter the traffic, THEN pass the data from eth1 to eth0? Probably someone has done all this in the past, and in fact I have found a distro that *sounds* like it does this, but it is a weird heavily customized Redhat, and I would perfer to stick with the Debian that we all love. Sincerely, Jason -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: woody's sendmail on potato
On Mon, Feb 04, 2002 at 11:27:41AM +0100, Davi Leal wrote: > Is it safe using the woody's sendmail (sendmail 8.12.1-5) on a potato > distribution?. Note that the host is a server on production. Not sure but it's safe to use Postfix, so why not use that? -- Jeremy Lunn Melbourne, Australia http://www.jabber.org/ - the next generation of Instant Messaging. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
woody's sendmail on potato
Is it safe using the woody's sendmail (sendmail 8.12.1-5) on a potato distribution?. Note that the host is a server on production. Regards, Davi Leal -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]