[interfaces + route] My new firewall doesn't forward packages
Hi there, We have an ISP: email, web, ftp, dns and radius servers. I'm trying to replace an old firewall (2.0.x kernel) with a new one (2.4.18 kernel). I am using the 'mimic' strategy, that is to say, getting the same routing table, ... etc. *The problem*: The current new firewall configuration can not forward any package. Note that iptables is stopped and all policy (INPUT, OUTPUT FORWARD) are set to ACCEPT. I think it is because of the routing table. I have eth0 and eth1. With the below /etc/network/interfaces' file I get two lines in the router table. Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 194.224.7.0 0.0.0.0 255.255.255.0 U 0 00 eth0 194.224.7.0 0.0.0.0 255.255.255.0 U 0 00 eth1 # /etc/network/interfaces -- configuration file for ifup(8), ifdown(8) # The loopback interface auto lo iface lo inet loopback # The first network card - this entry was created during the Debian installation # (network, broadcast and gateway are optional) auto eth0 iface eth0 inet static address 194.224.7.9 netmask 255.255.255.0 network 194.224.7.0 broadcast 194.224.7.255 gateway 194.224.7.1 auto eth1 iface eth1 inet static address 194.224.7.10 netmask 255.255.255.0 network 194.224.7.0 broadcast 194.224.7.255 Adding some routing rules to the previous 'interfaces' file (see attached file), to mimic the old firewall routing table I get the below: Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 10.128.114.20.0.0.0 255.255.255.255 UH0 00 eth1 194.224.7.1 0.0.0.0 255.255.255.255 UH0 00 eth0 10.128.114.40.0.0.0 255.255.255.255 UH0 00 eth1 194.224.7.9 0.0.0.0 255.255.255.255 UH0 00 eth0 194.224.7.900.0.0.0 255.255.255.255 UH0 00 eth0 127.0.0.1 0.0.0.0 255.255.255.255 UH0 00 lo 194.224.7.0 0.0.0.0 255.255.255.128 U 0 00 eth1 194.224.7.0 0.0.0.0 255.255.255.0 U 000 eth0 --- 194.224.7.0 0.0.0.0 255.255.255.0 U 000 eth1 --- 0.0.0.0 194.224.7.1 0.0.0.0 UG0 00 eth0 In the old system I have the same but without these two lines below. Is this the cause of the system not forwarding any package?. How could modigy the 'interfaces' file to remove these two lines?. See attached the '/etc/network/interfaces '. 194.224.7.0 0.0.0.0 255.255.255.0 U 0 00 eth0 194.224.7.0 0.0.0.0 255.255.255.0 U 0 00 eth1 Regards, Davi Leal -- # /etc/network/interfaces -- configuration file for ifup(8), ifdown(8) # The loopback interface auto lo iface lo inet loopback up route add 127.0.0.1 dev lo # The first network card - this entry was created during the Debian installation # (network, broadcast and gateway are optional) # eth0 goes to outside (Internet) auto eth0 iface eth0 inet static address 194.224.7.9 netmask 255.255.255.0 network 194.224.7.0 broadcast 194.224.7.255 # Default route to Internet via eth0 gateway 194.224.7.1 # Route to go to the Cisco 194.224.7.1 via eth0 up route add 194.224.7.1 dev eth0 # Route to go to Tunels Server 194.224.7.90 via eth0 up route add 194.224.7.90 dev eth0 # Route to go to internal firewall network card up route add 194.224.7.9 dev eth0 # eth1 goes to the internal network auto eth1 iface eth1 inet static address 194.224.7.10 netmask 255.255.255.0 network 194.224.7.0 broadcast 194.224.7.255 # gateway 194.224.7.1 # Route to 194.224.7.0/128 via eth1 up route add -net 194.224.7.0 netmask 255.255.255.128 dev eth1 # Route to Radius server via eth1 up route add 10.128.114.2 dev eth1 # Route to 'Telefonica Infovia' via eth1 up route add 10.128.114.4 dev eth1 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [interfaces + route] My new firewall doesn't forward packages
On Tue, Jun 04, 2002 at 03:46:42PM +0200, Davi Leal wrote: iface eth0 inet static address 194.224.7.9 iface eth1 inet static address 194.224.7.10 I dont think it is a particular good idea to do it like this with the ip address. But if you do not have a transit network from your provider, you can delete the both automatically added routed. I guess at least for eth0 you must use an netmask of 255.255.255.128? Perhaps you should describe how your network is layed out. Greetings Bernd -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
kernel quota control with LDAP
I want to use kernel level quotas with LDAP to simplify adminstration of my mailserver.
Can this be done ?
Currently, I am keeping track of uids in both an /etc/passwd on the
filesystem and an LDAP database.
What would allow me to simplify this ?
I have 2021 users on a new mail system with Courier IMAP server, with Postfix,
Squirrel Mail, and LDAP.
My account looks like this in LDAP:
dn: uid=tknab2,ou=mailaccounts,dc=mycoll,dc=edu
uid: tknab2
cn: Theodore Knab
mail: [EMAIL PROTECTED]
mail: [EMAIL PROTECTED]
mail: [EMAIL PROTECTED]
mail: [EMAIL PROTECTED]
mail: [EMAIL PROTECTED]
mail: [EMAIL PROTECTED]
mail: [EMAIL PROTECTED]
mail: [EMAIL PROTECTED]
mail: [EMAIL PROTECTED]
uidNumber: 1100
gidNumber: 1001
mailHost: imap.mycoll.edu
homeDirectory: /var/imap/mycoll/tknab2
mailMessageStore: /var/imap/mycoll/tknab2/Maildir
mailQuota: 2S, 2C
mailbox: tknab2/Maildir/
objectClass: qmailuser
objectClass: couriermailaccount
userPassword: {cyrpt} notreal
accountStatus: active
mailForwardingAddress: [EMAIL PROTECTED]
On the IMAP server my account looks like this:
imap:/var/imap# cat /etc/passwd | grep -i knab
tknab2:x:1100:1001::/var/imap/mycoll/tknab2:/bin/false
imap:/var/imap# repquota -a | grep -i tknab
tknab2-- 60692 8 9 11699 0 0
I think that the schema I choose allows for:
loginshell: /bin/false
--
-
Ted Knab
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Xeon on Linux
Seem to work fine here. I am running three Xeon Netfinity Servers X250 series. 2 have the 2.4.18 kernel running with ext3 while one is just an almost default install of Redhat. None of them had any problems so far. But, for the price/performance the dual P-III 1G would be better. How does Linux support Xeon CPU currently? I am considering to use dual P-III 1G or single Xeon 2.2G architecture. Any suggestions appreciated. - Looking forward to the Open-Source version of the Oxford English Dictionary ? - Ted Knab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [interfaces + route] My new firewall doesn't forward packages
Do you have IP forwarding turned on? echo 1 /proc/sys/net/ipv4/ip_forward At 15:46 4/06/2002 +0200, Davi Leal wrote: Hi there, We have an ISP: email, web, ftp, dns and radius servers. I'm trying to replace an old firewall (2.0.x kernel) with a new one (2.4.18 kernel). I am using the 'mimic' strategy, that is to say, getting the same routing table, ... etc. *The problem*: The current new firewall configuration can not forward any package. Note that iptables is stopped and all policy (INPUT, OUTPUT FORWARD) are set to ACCEPT. I think it is because of the routing table. I have eth0 and eth1. With the below /etc/network/interfaces' file I get two lines in the router table. Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 194.224.7.0 0.0.0.0 255.255.255.0 U 0 00 eth0 194.224.7.0 0.0.0.0 255.255.255.0 U 0 00 eth1 # /etc/network/interfaces -- configuration file for ifup(8), ifdown(8) # The loopback interface auto lo iface lo inet loopback # The first network card - this entry was created during the Debian installation # (network, broadcast and gateway are optional) auto eth0 iface eth0 inet static address 194.224.7.9 netmask 255.255.255.0 network 194.224.7.0 broadcast 194.224.7.255 gateway 194.224.7.1 auto eth1 iface eth1 inet static address 194.224.7.10 netmask 255.255.255.0 network 194.224.7.0 broadcast 194.224.7.255 Adding some routing rules to the previous 'interfaces' file (see attached file), to mimic the old firewall routing table I get the below: Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 10.128.114.20.0.0.0 255.255.255.255 UH0 00 eth1 194.224.7.1 0.0.0.0 255.255.255.255 UH0 00 eth0 10.128.114.40.0.0.0 255.255.255.255 UH0 00 eth1 194.224.7.9 0.0.0.0 255.255.255.255 UH0 00 eth0 194.224.7.900.0.0.0 255.255.255.255 UH0 00 eth0 127.0.0.1 0.0.0.0 255.255.255.255 UH0 00 lo 194.224.7.0 0.0.0.0 255.255.255.128 U 0 00 eth1 194.224.7.0 0.0.0.0 255.255.255.0 U 000 eth0 --- 194.224.7.0 0.0.0.0 255.255.255.0 U 000 eth1 --- 0.0.0.0 194.224.7.1 0.0.0.0 UG0 00 eth0 In the old system I have the same but without these two lines below. Is this the cause of the system not forwarding any package?. How could modigy the 'interfaces' file to remove these two lines?. See attached the '/etc/network/interfaces '. 194.224.7.0 0.0.0.0 255.255.255.0 U 0 00 eth0 194.224.7.0 0.0.0.0 255.255.255.0 U 0 00 eth1 Regards, Davi Leal -- # /etc/network/interfaces -- configuration file for ifup(8), ifdown(8) # The loopback interface auto lo iface lo inet loopback up route add 127.0.0.1 dev lo # The first network card - this entry was created during the Debian installation # (network, broadcast and gateway are optional) # eth0 goes to outside (Internet) auto eth0 iface eth0 inet static address 194.224.7.9 netmask 255.255.255.0 network 194.224.7.0 broadcast 194.224.7.255 # Default route to Internet via eth0 gateway 194.224.7.1 # Route to go to the Cisco 194.224.7.1 via eth0 up route add 194.224.7.1 dev eth0 # Route to go to Tunels Server 194.224.7.90 via eth0 up route add 194.224.7.90 dev eth0 # Route to go to internal firewall network card up route add 194.224.7.9 dev eth0 # eth1 goes to the internal network auto eth1 iface eth1 inet static address 194.224.7.10 netmask 255.255.255.0 network 194.224.7.0 broadcast 194.224.7.255 # gateway 194.224.7.1 # Route to 194.224.7.0/128 via eth1 up route add -net 194.224.7.0 netmask 255.255.255.128 dev eth1 # Route to Radius server via eth1 up route add 10.128.114.2 dev eth1 # Route to 'Telefonica Infovia' via eth1 up route add 10.128.114.4 dev eth1 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[interfaces + route] My new firewall doesn't forward packages
Hi there, We have an ISP: email, web, ftp, dns and radius servers. I'm trying to replace an old firewall (2.0.x kernel) with a new one (2.4.18 kernel). I am using the 'mimic' strategy, that is to say, getting the same routing table, ... etc. *The problem*: The current new firewall configuration can not forward any package. Note that iptables is stopped and all policy (INPUT, OUTPUT FORWARD) are set to ACCEPT. I think it is because of the routing table. I have eth0 and eth1. With the below /etc/network/interfaces' file I get two lines in the router table. Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 194.224.7.0 0.0.0.0 255.255.255.0 U 0 00 eth0 194.224.7.0 0.0.0.0 255.255.255.0 U 0 00 eth1 # /etc/network/interfaces -- configuration file for ifup(8), ifdown(8) # The loopback interface auto lo iface lo inet loopback # The first network card - this entry was created during the Debian installation # (network, broadcast and gateway are optional) auto eth0 iface eth0 inet static address 194.224.7.9 netmask 255.255.255.0 network 194.224.7.0 broadcast 194.224.7.255 gateway 194.224.7.1 auto eth1 iface eth1 inet static address 194.224.7.10 netmask 255.255.255.0 network 194.224.7.0 broadcast 194.224.7.255 Adding some routing rules to the previous 'interfaces' file (see attached file), to mimic the old firewall routing table I get the below: Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 10.128.114.20.0.0.0 255.255.255.255 UH0 00 eth1 194.224.7.1 0.0.0.0 255.255.255.255 UH0 00 eth0 10.128.114.40.0.0.0 255.255.255.255 UH0 00 eth1 194.224.7.9 0.0.0.0 255.255.255.255 UH0 00 eth0 194.224.7.900.0.0.0 255.255.255.255 UH0 00 eth0 127.0.0.1 0.0.0.0 255.255.255.255 UH0 00 lo 194.224.7.0 0.0.0.0 255.255.255.128 U 0 00 eth1 194.224.7.0 0.0.0.0 255.255.255.0 U 000 eth0 --- 194.224.7.0 0.0.0.0 255.255.255.0 U 000 eth1 --- 0.0.0.0 194.224.7.1 0.0.0.0 UG0 00 eth0 In the old system I have the same but without these two lines below. Is this the cause of the system not forwarding any package?. How could modigy the 'interfaces' file to remove these two lines?. See attached the '/etc/network/interfaces '. 194.224.7.0 0.0.0.0 255.255.255.0 U 0 00 eth0 194.224.7.0 0.0.0.0 255.255.255.0 U 0 00 eth1 Regards, Davi Leal -- # /etc/network/interfaces -- configuration file for ifup(8), ifdown(8) # The loopback interface auto lo iface lo inet loopback up route add 127.0.0.1 dev lo # The first network card - this entry was created during the Debian installation # (network, broadcast and gateway are optional) # eth0 goes to outside (Internet) auto eth0 iface eth0 inet static address 194.224.7.9 netmask 255.255.255.0 network 194.224.7.0 broadcast 194.224.7.255 # Default route to Internet via eth0 gateway 194.224.7.1 # Route to go to the Cisco 194.224.7.1 via eth0 up route add 194.224.7.1 dev eth0 # Route to go to Tunels Server 194.224.7.90 via eth0 up route add 194.224.7.90 dev eth0 # Route to go to internal firewall network card up route add 194.224.7.9 dev eth0 # eth1 goes to the internal network auto eth1 iface eth1 inet static address 194.224.7.10 netmask 255.255.255.0 network 194.224.7.0 broadcast 194.224.7.255 # gateway 194.224.7.1 # Route to 194.224.7.0/128 via eth1 up route add -net 194.224.7.0 netmask 255.255.255.128 dev eth1 # Route to Radius server via eth1 up route add 10.128.114.2 dev eth1 # Route to 'Telefonica Infovia' via eth1 up route add 10.128.114.4 dev eth1 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [interfaces + route] My new firewall doesn't forward packages
On Tue, Jun 04, 2002 at 03:46:42PM +0200, Davi Leal wrote: iface eth0 inet static address 194.224.7.9 iface eth1 inet static address 194.224.7.10 I dont think it is a particular good idea to do it like this with the ip address. But if you do not have a transit network from your provider, you can delete the both automatically added routed. I guess at least for eth0 you must use an netmask of 255.255.255.128? Perhaps you should describe how your network is layed out. Greetings Bernd -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
kernel quota control with LDAP
I want to use kernel level quotas with LDAP to simplify adminstration of my
mailserver.
Can this be done ?
Currently, I am keeping track of uids in both an /etc/passwd on the
filesystem and an LDAP database.
What would allow me to simplify this ?
I have 2021 users on a new mail system with Courier IMAP server, with Postfix,
Squirrel Mail, and LDAP.
My account looks like this in LDAP:
dn: uid=tknab2,ou=mailaccounts,dc=mycoll,dc=edu
uid: tknab2
cn: Theodore Knab
mail: [EMAIL PROTECTED]
mail: [EMAIL PROTECTED]
mail: [EMAIL PROTECTED]
mail: [EMAIL PROTECTED]
mail: [EMAIL PROTECTED]
mail: [EMAIL PROTECTED]
mail: [EMAIL PROTECTED]
mail: [EMAIL PROTECTED]
mail: [EMAIL PROTECTED]
uidNumber: 1100
gidNumber: 1001
mailHost: imap.mycoll.edu
homeDirectory: /var/imap/mycoll/tknab2
mailMessageStore: /var/imap/mycoll/tknab2/Maildir
mailQuota: 2S, 2C
mailbox: tknab2/Maildir/
objectClass: qmailuser
objectClass: couriermailaccount
userPassword: {cyrpt} notreal
accountStatus: active
mailForwardingAddress: [EMAIL PROTECTED]
On the IMAP server my account looks like this:
imap:/var/imap# cat /etc/passwd | grep -i knab
tknab2:x:1100:1001::/var/imap/mycoll/tknab2:/bin/false
imap:/var/imap# repquota -a | grep -i tknab
tknab2-- 60692 8 9 11699 0 0
I think that the schema I choose allows for:
loginshell: /bin/false
--
-
Ted Knab
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Xeon on Linux
Seem to work fine here. I am running three Xeon Netfinity Servers X250 series. 2 have the 2.4.18 kernel running with ext3 while one is just an almost default install of Redhat. None of them had any problems so far. But, for the price/performance the dual P-III 1G would be better. How does Linux support Xeon CPU currently? I am considering to use dual P-III 1G or single Xeon 2.2G architecture. Any suggestions appreciated. - Looking forward to the Open-Source version of the Oxford English Dictionary ? - Ted Knab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
