Re: [Leaf-user] Problem with INTERN_SERVERx (Indexed list) Dachstein

[barwals]

Dear Body, 

Please do not start with INTERN_SERVER0 instead start with INTERN_SERVER1. I hope 
you will not get any error. I was also getting the same error but after changing 0 
(zero) to 1. And I didnot got any error.

Thanks.

Sudhir
"Boyd Kelly" wrote:



Hello,

Making good progress on my Dachstein migration, but just had a hiccup
with forwarding. The uncommented line (well they all would) from below
gives me an error when starting the network: IP filters: portfw:
Invalid protocol specified.

The INTERN_SERVER section (not indexed) works ok, but I have too many
entries. Those shown below are just some of what I have to do.

As usual any help is very much appreciated. 

Boyd



# Advanced settings: parameters passed directly to portfw and autofw
# Indexed list: ""
#INTERN_SERVER0="-a -P PROTO -L LADDR LPORT -R RADDR RPORT [-p PREF]"
INTERN_SERVER0="-a -P tcp -L 208.x.x.233 110 -R 192.168.1.233 110"
#INTERN_SERVER1="-a -P tcp -L $PUB2_IP 143 -R $PRI2_IP 143"
#INTERN_SERVER2="-a -P tcp -L $PUB2_IP 80 -R $PRI2_IP 80"
#INTERN_SERVER3="-a -P tcp -L $PUB2_IP 443 -R $PRI2_IP 443"
#INTERN_SERVER4="-a -P tcp -L $PUB2_IP 110 -R $PRI2_IP 110"
#INTERN_SERVER5="-a -P tcp -L $PUB2_IP 5800 -R $PRI2_IP 5800"
#INTERN_SERVER6="-a -P tcp -L $PUB2_IP 5900 -R $PRI2_IP 5900"
#INTERN_SERVER7="-a -P tcp -L $PUB2_IP 110 -R $PRI2_IP 110"
#INTERN_SERVER8="-a -P tcp -L $PUB0_IP 53 -R $PRI0_IP 53"
#INTERN_SERVER9="-a -P udp -L $PUB0_IP 53 -R $PRI0_IP 53"

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user



Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com

 Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from 
http://www.planetm.co.in


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Problem with 3c59x.o on Dachstein disk

[Mark Plowman]

Boyd,

> From: "Boyd Kelly" <[EMAIL PROTECTED]>
> Date: Wed, 6 Mar 2002 18:36:39 -0800
> 

>
> Why does 3com have such a confusing numbering system for their
> products anyways?  905; 509; 59x?.

>From Doland Becker's site :

  Why do we use names like "Vortex"?

  These are the 3Com internal names for the implementations. The names
  make it clear which product we are talking about, and the product
  numbers are often mistyped -- even I've made the mistake of
  referring to the 3c509 when I meant 3c905. (3Com only purchased
  rights to the numbers '3' '5' and '9', Intel owns '4', '8', '6', and
  '2'. '0' and '1' are still in the public domain ;-)

;-)

> Cheers and have a good one.
> 
> BK

Greetings

Mark Plowman


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] Problem with INTERN_SERVERx (Indexed list) Dachstein

[Boyd Kelly]

Thanks Sudhir,

Started with INTERN_SERVER1 and sorks fine now.

BK

-Original Message-
From: barwals [mailto:[EMAIL PROTECTED]] 
Sent: March 7, 2002 12:18 AM
To: [EMAIL PROTECTED]
Subject: Re: [Leaf-user] Problem with INTERN_SERVERx (Indexed list)
Dachstein


Dear Body, 

Please do not start with INTERN_SERVER0 instead start with
INTERN_SERVER1. I hope you will not get any error. I was also getting
the same error but after changing 0 (zero) to 1. And I didnot got any
error.

Thanks.

Sudhir
"Boyd Kelly" wrote:



Hello,

Making good progress on my Dachstein migration, but just had a hiccup
with forwarding. The uncommented line (well they all would) from below
gives me an error when starting the network: IP filters: portfw: Invalid
protocol specified.

The INTERN_SERVER section (not indexed) works ok, but I have too many
entries. Those shown below are just some of what I have to do.

As usual any help is very much appreciated. 

Boyd



# Advanced settings: parameters passed directly to portfw and autofw #
Indexed list: "" #INTERN_SERVER0="-a -P PROTO -L LADDR LPORT -R RADDR
RPORT [-p PREF]" INTERN_SERVER0="-a -P tcp -L 208.x.x.233 110 -R
192.168.1.233 110" #INTERN_SERVER1="-a -P tcp -L $PUB2_IP 143 -R
$PRI2_IP 143" #INTERN_SERVER2="-a -P tcp -L $PUB2_IP 80 -R $PRI2_IP 80"
#INTERN_SERVER3="-a -P tcp -L $PUB2_IP 443 -R $PRI2_IP 443"
#INTERN_SERVER4="-a -P tcp -L $PUB2_IP 110 -R $PRI2_IP 110"
#INTERN_SERVER5="-a -P tcp -L $PUB2_IP 5800 -R $PRI2_IP 5800"
#INTERN_SERVER6="-a -P tcp -L $PUB2_IP 5900 -R $PRI2_IP 5900"
#INTERN_SERVER7="-a -P tcp -L $PUB2_IP 110 -R $PRI2_IP 110"
#INTERN_SERVER8="-a -P tcp -L $PUB0_IP 53 -R $PRI0_IP 53"
#INTERN_SERVER9="-a -P udp -L $PUB0_IP 53 -R $PRI0_IP 53"

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user



Get Your Private, Free E-mail from Indiatimes at
http://email.indiatimes.com

 Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from
http://www.planetm.co.in


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] 4 NIC LRP -Dachstein CD- only one internal IP forwards to internet

[junkmail]

I have a Dachstien CD LRP

 I have configured 4 nic's eth0 - eth3

 Only eth1 works perfectly

Workstations connected to eth2 will ping only the LRP box, will not pass to
the internet.

Same problem with eth3


Ip route show =


192.168.2.0/24 dev eth3 proto kernel scope link src 192.168.2.254

192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254

10.10.10.0/24 dev eth2 proto kernel scope link src 10.10.10.254

12.254.188.0/24 dev eth0 proto kernel scope link src 12.254.188.16

default via 12.254.188.1 dev eth0



if this is enough information for someone to give me an idea where to look,
or what I may have missed.  it would be greatly appreciated..

thanks

Gary.





___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] 4 NIC LRP -Dachstein CD- only one internal IP forwards to internet

[Ray Olszewski]

Not even close to enough, Gary. Let us see:

output of "ip addr show"
output of "ipchains -nlV"

And describe EXACTLY how the pings fail (what you ping, what message
returns, and what OS the workstation is running).

And BTW, it is Dachstein, not "Dachstien", and LEAF, not "LRP".

At 10:37 AM 3/7/02 -0700, [EMAIL PROTECTED] wrote:
>I have a Dachstien CD LRP
>
> I have configured 4 nic's eth0 - eth3
>
> Only eth1 works perfectly
>
>Workstations connected to eth2 will ping only the LRP box, will not pass to
>the internet.
>
>Same problem with eth3
>
>
>Ip route show =
>
>
>192.168.2.0/24 dev eth3 proto kernel scope link src 192.168.2.254
>
>192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254
>
>10.10.10.0/24 dev eth2 proto kernel scope link src 10.10.10.254
>
>12.254.188.0/24 dev eth0 proto kernel scope link src 12.254.188.16
>
>default via 12.254.188.1 dev eth0
>
>
>
>if this is enough information for someone to give me an idea where to look,
>or what I may have missed.  it would be greatly appreciated..



--
"Never tell me the odds!"---
Ray Olszewski-- Han Solo
Palo Alto, CA[EMAIL PROTECTED]



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] 4 NIC LRP -Dachstein CD- only one internal IP forwards to internet

[Charles Steinkuehler]

> I have a Dachstien CD LRP
>
>  I have configured 4 nic's eth0 - eth3
>
>  Only eth1 works perfectly
>
> Workstations connected to eth2 will ping only the LRP box, will not pass
to
> the internet.
>
> Same problem with eth3
>
> Ip route show =
>
> 192.168.2.0/24 dev eth3 proto kernel scope link src 192.168.2.254
> 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254
> 10.10.10.0/24 dev eth2 proto kernel scope link src 10.10.10.254
> 12.254.188.0/24 dev eth0 proto kernel scope link src 12.254.188.16
>
> default via 12.254.188.1 dev eth0

Make sure you've added all your internal networks to the INTERN_NET variable
in /etc/network.conf.  If that's not the problem, we'll need more
information about your firewall setup, including network.conf settings, and
the output of "net ipfilter list"

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] Problem with 3c59x.o on Dachstein disk

[George Metz]

On Wed, 6 Mar 2002, Boyd Kelly wrote:

> A quick look at the modules for dachstein, oxygen and lrp 2.9.8 don't
> have any 3c90x module available.  I remember finding one somewhere, but
> found that the 3c59x works.  Why does 3com have such a confusing
> numbering system for their products anyways?  905; 509; 59x?.
>
> Cheers and have a good one.
>
> BK

Having just installed Potato 2.2R5 on my workstation, I can say that the
2.2.19 kernels SHOULD support the 905C NICs with the 3c59x.o module. ALL
versions of 2.4.x after around -test7 have been changed so that the 3c59x
will work with it.

Personally, I think that the driver will work fine and the error is
somewhere else. Prior to the fixes to the 3c59x.o driver, it would load
with a 905C, was able to receive packets just fine, and was totally and
completely unable to respond.

Sounds to me like the module isn't the right one for the kernel you've got
running, actually.

--
George Metz
Commercial Routing Engineer
[EMAIL PROTECTED]

"We know what deterrence was with 'mutually assured destruction' during
the Cold War. But what is deterrence in information warfare?" -- Brigadier
General Douglas Richardson, USAF, Commander - Space Warfare Center


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] openssh security hole

[Joey Officer]

I don't know how much this affects LRP/Leaf distributions, but I thought
that I would at least make mention of it here.  There is a root hole in
OpenSSH, you can read about it here

http://www.pine.nl/advisories/pine-cert-20020301.txt

I am not sure if the SSH implementations being used by the current LRP
distros are affected, but I figured it would atleast be worth a read.  Also
check out slashdot.org for more discussion on this.

http://slashdot.org/article.pl?sid=02/03/07/1617211&mode=thread&tid=128


Joey Officer



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] Still Prob with INTERN_SERVERx (Indexed list) Dachstein

[Boyd Kelly]

Hi,
 
I take it back.
 
When starting with INTERN_SERVER1, if I do an ipmasqadm portfw -l -n, then the entries 
I expect are not there.  I suspect that starting at '1' just doesn't load anything at 
all.
 
Thanks,
 
BK

-Original Message- 
From: Boyd Kelly 
Sent: Thu 07/03/2002 7:27 AM 
To: barwals; [EMAIL PROTECTED] 
Cc: 
Subject: RE: [Leaf-user] Problem with INTERN_SERVERx (Indexed list) Dachstein



Thanks Sudhir,

Started with INTERN_SERVER1 and sorks fine now.

BK

-Original Message-
From: barwals [mailto:[EMAIL PROTECTED]]
Sent: March 7, 2002 12:18 AM
To: [EMAIL PROTECTED]
Subject: Re: [Leaf-user] Problem with INTERN_SERVERx (Indexed list)
Dachstein


Dear Body,

Please do not start with INTERN_SERVER0 instead start with
INTERN_SERVER1. I hope you will not get any error. I was also getting
the same error but after changing 0 (zero) to 1. And I didnot got any
error.

Thanks.

Sudhir
"Boyd Kelly" wrote:



Hello,

Making good progress on my Dachstein migration, but just had a hiccup
with forwarding. The uncommented line (well they all would) from below
gives me an error when starting the network: IP filters: portfw: Invalid
protocol specified.

The INTERN_SERVER section (not indexed) works ok, but I have too many
entries. Those shown below are just some of what I have to do.

As usual any help is very much appreciated.

Boyd



# Advanced settings: parameters passed directly to portfw and autofw #
Indexed list: "" #INTERN_SERVER0="-a -P PROTO -L LADDR LPORT -R RADDR
RPORT [-p PREF]" INTERN_SERVER0="-a -P tcp -L 208.x.x.233 110 -R
192.168.1.233 110" #INTERN_SERVER1="-a -P tcp -L $PUB2_IP 143 -R
$PRI2_IP 143" #INTERN_SERVER2="-a -P tcp -L $PUB2_IP 80 -R $PRI2_IP 80"
#INTERN_SERVER3="-a -P tcp -L $PUB2_IP 443 -R $PRI2_IP 443"
#INTERN_SERVER4="-a -P tcp -L $PUB2_IP 110 -R $PRI2_IP 110"
#INTERN_SERVER5="-a -P tcp -L $PUB2_IP 5800 -R $PRI2_IP 5800"
#INTERN_SERVER6="-a -P tcp -L $PUB2_IP 5900 -R $PRI2_IP 5900"
#INTERN_SERVER7="-a -P tcp -L $PUB2_IP 110 -R $PRI2_IP 110"
#INTERN_SERVER8="-a -P tcp -L $PUB0_IP 53 -R $PRI0_IP 53"
#INTERN_SERVER9="-a -P udp -L $PUB0_IP 53 -R $PRI0_IP 53"

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user



Get Your Private, Free E-mail from Indiatimes at
http://email.indiatimes.com

 Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from
http://www.planetm.co.in


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user


Þiû¬z¹šŠX§‚X¬´·š~ë®X¬¶Ë(º·~Šàzw­†Ûi³ÿåŠËl²‹«qç讧zßåŠËlþX¬¶)ߣù^iû¬z

Re: [Leaf-user] openssh security hole

[George Metz]

On Thu, 7 Mar 2002, Joey Officer wrote:

> I don't know how much this affects LRP/Leaf distributions, but I thought
> that I would at least make mention of it here.  There is a root hole in
> OpenSSH, you can read about it here
>
> http://www.pine.nl/advisories/pine-cert-20020301.txt
>
> I am not sure if the SSH implementations being used by the current LRP
> distros are affected, but I figured it would atleast be worth a read.  Also
> check out slashdot.org for more discussion on this.
>
> http://slashdot.org/article.pl?sid=02/03/07/1617211&mode=thread&tid=128

Note that at present, this is a local root hole, with a possibility for it
to be a remote root exploit - think they're still digging on that.

--
George Metz
Commercial Routing Engineer
[EMAIL PROTECTED]

"We know what deterrence was with 'mutually assured destruction' during
the Cold War. But what is deterrence in information warfare?" -- Brigadier
General Douglas Richardson, USAF, Commander - Space Warfare Center


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Still Prob with INTERN_SERVERx (Indexed list) Dachstein

[Charles Steinkuehler]

> I take it back.
>
> When starting with INTERN_SERVER1, if I do an ipmasqadm portfw -l -n, then
the entries I expect are not there.  I suspect that starting at '1' just
doesn't load anything at all.

This is what I would expect to happen...indexed lists start with zero, and
continue to the first missing number.  If the zero entry is missing, no
other variables will be processes.



> Making good progress on my Dachstein migration, but just had a hiccup
> with forwarding. The uncommented line (well they all would) from below
> gives me an error when starting the network: IP filters: portfw: Invalid
> protocol specified.
>
> The INTERN_SERVER section (not indexed) works ok, but I have too many
> entries. Those shown below are just some of what I have to do.
>
> # Advanced settings: parameters passed directly to portfw and autofw #
> Indexed list: "" #INTERN_SERVER0="-a -P PROTO -L LADDR LPORT -R RADDR
> RPORT [-p PREF]" INTERN_SERVER0="-a -P tcp -L 208.x.x.233 110 -R
> 192.168.1.233 110" #INTERN_SERVER1="-a -P tcp -L $PUB2_IP 143 -R
> $PRI2_IP 143" #INTERN_SERVER2="-a -P tcp -L $PUB2_IP 80 -R $PRI2_IP 80"
> #INTERN_SERVER3="-a -P tcp -L $PUB2_IP 443 -R $PRI2_IP 443"
> #INTERN_SERVER4="-a -P tcp -L $PUB2_IP 110 -R $PRI2_IP 110"
> #INTERN_SERVER5="-a -P tcp -L $PUB2_IP 5800 -R $PRI2_IP 5800"
> #INTERN_SERVER6="-a -P tcp -L $PUB2_IP 5900 -R $PRI2_IP 5900"
> #INTERN_SERVER7="-a -P tcp -L $PUB2_IP 110 -R $PRI2_IP 110"
> #INTERN_SERVER8="-a -P tcp -L $PUB0_IP 53 -R $PRI0_IP 53"
> #INTERN_SERVER9="-a -P udp -L $PUB0_IP 53 -R $PRI0_IP 53"

Looking through the scripts, the comments above are incorrect.  From the
actual procedure doing the port-forwarding:

# A function to portforward services, setup to be called by walk_list
# $1 = Name of environment variable to use for arguments
# Arguments as they should appear in the environment variable:
# protocol Laddr Lport Raddr [ Rport [ preference ] ]
port_forward () {

So...Remove the -a, -P, -L, and -R fields from your INTERN_SERVER entries,
start with INTERN_SERVER0, and everything should work properly.

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] openssh security hole

[Joey Officer]

That is correct, I apologize for not making that clearer earlier.  As
mentioned, currently this is a local only root, exploit. However, this was
talked about on the slashdot.org list, and I individual believed that he had
been remotely root exploited, however he could not confirm that this was
done through the same root hole.

Joey Officer

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of George Metz
Sent: Thursday, March 07, 2002 1:52 PM
To: LRP Support
Subject: Re: [Leaf-user] openssh security hole

On Thu, 7 Mar 2002, Joey Officer wrote:

> I don't know how much this affects LRP/Leaf distributions, but I thought
> that I would at least make mention of it here.  There is a root hole in
> OpenSSH, you can read about it here
>
> http://www.pine.nl/advisories/pine-cert-20020301.txt
>
> I am not sure if the SSH implementations being used by the current LRP
> distros are affected, but I figured it would atleast be worth a read.
Also
> check out slashdot.org for more discussion on this.
>
> http://slashdot.org/article.pl?sid=02/03/07/1617211&mode=thread&tid=128

Note that at present, this is a local root hole, with a possibility for it
to be a remote root exploit - think they're still digging on that.

--
George Metz
Commercial Routing Engineer
[EMAIL PROTECTED]

"We know what deterrence was with 'mutually assured destruction' during
the Cold War. But what is deterrence in information warfare?" -- Brigadier
General Douglas Richardson, USAF, Commander - Space Warfare Center


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] Still Prob with INTERN_SERVERx (Indexed list) Dachstein

[Boyd Kelly]

Thanks Charles.
 
I am probably missing something, but as per below this is what happens if I start at 
zero.
 
The uncommented line (well they all would) from below
gives me an error when starting the network: IP filters: portfw: Invalid
protocol specified.

I do realize I can use the non indexed section as well.  
Thanks for any help.

-Original Message- 
From: Charles Steinkuehler [mailto:[EMAIL PROTECTED]] 
Sent: Thu 07/03/2002 11:37 AM 
To: Boyd Kelly; barwals; [EMAIL PROTECTED] 
Cc: 
Subject: Re: [Leaf-user] Still Prob with INTERN_SERVERx (Indexed list) 
Dachstein



> I take it back.
>
> When starting with INTERN_SERVER1, if I do an ipmasqadm portfw -l -n, then
the entries I expect are not there.  I suspect that starting at '1' just
doesn't load anything at all.

This is what I would expect to happen...indexed lists start with zero, and
continue to the first missing number.  If the zero entry is missing, no
other variables will be processes.



> Making good progress on my Dachstein migration, but just had a hiccup
> with forwarding. The uncommented line (well they all would) from below
> gives me an error when starting the network: IP filters: portfw: Invalid
> protocol specified.
>
> The INTERN_SERVER section (not indexed) works ok, but I have too many
> entries. Those shown below are just some of what I have to do.
>
> # Advanced settings: parameters passed directly to portfw and autofw #
> Indexed list: "" #INTERN_SERVER0="-a -P PROTO -L LADDR LPORT -R RADDR
> RPORT [-p PREF]" INTERN_SERVER0="-a -P tcp -L 208.x.x.233 110 -R
> 192.168.1.233 110" #INTERN_SERVER1="-a -P tcp -L $PUB2_IP 143 -R
> $PRI2_IP 143" #INTERN_SERVER2="-a -P tcp -L $PUB2_IP 80 -R $PRI2_IP 80"
> #INTERN_SERVER3="-a -P tcp -L $PUB2_IP 443 -R $PRI2_IP 443"
> #INTERN_SERVER4="-a -P tcp -L $PUB2_IP 110 -R $PRI2_IP 110"
> #INTERN_SERVER5="-a -P tcp -L $PUB2_IP 5800 -R $PRI2_IP 5800"
> #INTERN_SERVER6="-a -P tcp -L $PUB2_IP 5900 -R $PRI2_IP 5900"
> #INTERN_SERVER7="-a -P tcp -L $PUB2_IP 110 -R $PRI2_IP 110"
> #INTERN_SERVER8="-a -P tcp -L $PUB0_IP 53 -R $PRI0_IP 53"
> #INTERN_SERVER9="-a -P udp -L $PUB0_IP 53 -R $PRI0_IP 53"

Looking through the scripts, the comments above are incorrect.  From the
actual procedure doing the port-forwarding:

# A function to portforward services, setup to be called by walk_list
# $1 = Name of environment variable to use for arguments
# Arguments as they should appear in the environment variable:
# protocol Laddr Lport Raddr [ Rport [ preference ] ]
port_forward () {

So...Remove the -a, -P, -L, and -R fields from your INTERN_SERVER entries,
start with INTERN_SERVER0, and everything should work properly.

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)



Þiû¬z¹šŠX§‚X¬´·š~ë®X¬¶Ë(º·~Šàzw­†Ûi³ÿåŠËl²‹«qç讧zßåŠËlþX¬¶)ߣù^iû¬z

Re: [Leaf-user] Still Prob with INTERN_SERVERx (Indexed list) Dachstein

[Charles Steinkuehler]

> I am probably missing something, but as per below this is what happens if
I start at zero.
>
> The uncommented line (well they all would) from below
> gives me an error when starting the network: IP filters: portfw: Invalid
> protocol specified.
>
> I do realize I can use the non indexed section as well.
> Thanks for any help.

As mentioned...



Looking through the scripts, the comments above are incorrect.



So...Remove the -a, -P, -L, and -R fields from your INTERN_SERVER entries,
start with INTERN_SERVER0, and everything should work properly.



Did you try this?  What happened?  To be completely clear, use:

INTERN_SERVER0="tcp 208.x.x.233 110 192.168.1.233 110"

Instead of:
INTERN_SERVER0="-a -P tcp -L 208.x.x.233 110 -R 192.168.1.233 110"

...and see what happens.

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] lrp format and filter config

[Dave Anderson]

Hi,

I have a few questions -

I get a lot of denys for windows machines on ports 137 and 138 (netbios) I
realise that the default Dachstein denies these, but it doesn't appear to
have a -l option in the config, so I'm a bit surprised they're in my logs.
Anyone else seen that? Also, what are these windows machines trying to do,
and can they be reconfigured to not do it?

Also, if I want to specify source ports for incoming traffic, do I have to
hard code that in the filter file?

Also, is it possible to extract the lrp files into a normal directory
structure from floppy on a running linux system?

I'm using Dachstein 1.0.2

Finally, as a constructive suggestion, does anyone think it would be useful
if all ipchains rules where built up in one place in the config, and it was
all done in a more 'tabular' fashion, so that rules could be added easily,
and options such as logging for some of the defaults could be easily
switched off.

Many thanks
Dave



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] lrp format and filter config

[Charles Steinkuehler]

> I get a lot of denys for windows machines on ports 137 and 138 (netbios) I
> realise that the default Dachstein denies these, but it doesn't appear to
> have a -l option in the config, so I'm a bit surprised they're in my logs.
> Anyone else seen that? Also, what are these windows machines trying to do,
> and can they be reconfigured to not do it?

Take a close look at your logs...sounds like you might be on a cable-mode
(or other shared-network setup).  The denied packets are probably being
generated by one of your 'neighbors', and are coming in your external
interface, otherwise they wouldn't be getting logged...

> Also, if I want to specify source ports for incoming traffic, do I have to
> hard code that in the filter file?

Probably, although you don't mention what you're trying to specify source
ports for.  If you need to make custom rules, that's what the
ipchains.input, ipchains.output, and ipchains.forward files are for in /etc.

> Also, is it possible to extract the lrp files into a normal directory
> structure from floppy on a running linux system?

Yes...simply cd to the directory you want the package extracted to, and run:

zcat  | tar -x

Or any one of the several equivelant methods to un-tar-gz a file...

> Finally, as a constructive suggestion, does anyone think it would be
useful
> if all ipchains rules where built up in one place in the config, and it
was
> all done in a more 'tabular' fashion, so that rules could be added easily,
> and options such as logging for some of the defaults could be easily
> switched off.

Probably, but it would take a lot of work.  Are you volunteering?

Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] a message to NTL customers in the uk

[Ant Ken]

hello,

if you use the NTL broadband in the UK you will have problems setting you 
router up, heres what you have to do:
when a new network card  ( ie your new router ) is switched on for the 
first time your cable box gives you an ip address of something like 
10.xxx.xxx.xxx, via DHCP  Because of the ip filters setup on the box you 
will not be able to immediately browse the web, you have to either install 
a version of linux with X and netscape on or install M$ windows then try 
and access the web you will be presented with the ntl account 
administration page.
enter your account PID and password, login and click the add button. type a 
name in for your router ( any thing does not matter ( letters, numbers, - 
and _ only ))
when you have done this either restart your network interface's or restart 
windows
when you have done all that then you can start configuring your router to 
do what ever you want!

if any one has any queries email me and just ask

antken



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] Oxygen + FreeS/WAN

[GR]

Hello all, 

Anyone out there manage to compile a kernel for Oxygen 1.9 with
FreeS/WAN  compiled in? 

I am looking to enable my Oxygen router to act as an IPSec VPN gateway.

Greg R

__
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] lrp format and filter config

[Dave Anderson]

Thanks for the reply.

>
> Take a close look at your logs...sounds like you might be on a cable-mode
> (or other shared-network setup).  The denied packets are probably being
> generated by one of your 'neighbors', and are coming in your external
> interface, otherwise they wouldn't be getting logged...
>

I am on a shared network of windows machines. The denied packets come from
various machines, source and destination are both internal. If these
shouldn't be logged, then I need to have a very close look at the ipchains
generated.

> > Also, if I want to specify source ports for incoming traffic, do I have
to
> > hard code that in the filter file?
>
> Probably, although you don't mention what you're trying to specify source
> ports for.  If you need to make custom rules, that's what the
> ipchains.input, ipchains.output, and ipchains.forward files are for in
/etc.

I want local users to be able to ssh into external machines, and (being
fairly pedantic about firewalls) I only want to specify port 22 for external
machines. If I edit those files, how do they relate to the config files (No
2 on the network config menu)

> zcat  | tar -x

Thanks, that worked fine.
> > Finally, as a constructive suggestion, does anyone think it would be
> useful
> > if all ipchains rules where built up in one place in the config, and it
> was
> > all done in a more 'tabular' fashion, so that rules could be added
easily,
> > and options such as logging for some of the defaults could be easily
> > switched off.
>
> Probably, but it would take a lot of work.  Are you volunteering?

Unfortunately I don't think I've got the time at the moment. I might have in
a few months though.

Thanks for a great product by the way.

regards
Dave



___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] Dachstein migration successful! - General routing question.

[Boyd Kelly]

Got my ip aliasing/forwarding and all working on dachstein.  Very happy
about that.  Great piece of work!

Now for an interesting problem:

One guy behind my leaf firewall needs a securemote (Checkpoint)
connection to company b.  He has a Win2k workstation.  As I understand
from searching the newsgroups, this isn't possible with Linux, although
I would love to be corrected on that one.

So I am looking for some opinions on a solution.  Could I just do some
routing magic on the win2k workstation to bypass the leaf router only
for that securemote ip address?  For something like that to work would
the workstation need a second nic?  Or can I just plug all the
Internet/Leaf wires into the same switch, and then give computer 3 a
default gateway of 208.x.x.1 for the address in question?

Any security issues?



  [Internet]
  |
 eth0  208.x.x.13
  |
  LEAF Box (DF 208.x.x.1) |
  |
 eth1  192.168.1.254
  |
  ---
  | |
  Computer 2Computer 3  (needs to use
securemote client)
(192.168.1.2)  (192.168.1.3)


Thanks very much,

Boyd

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] mrouted

[cntv1 cntv1]

Where i can find the mrouted.lr?
I have LRP 2.9.7  and i need routing multicast.



_
MSN Photos es la manera más sencilla de compartir e imprimir sus fotos: 
http://photos.latam.msn.com/Support/WorldWide.aspx


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

RE: [Leaf-user] Dachstein migration successful! - General routing question.

[Richard Doyle]

FWIW, a quick check on google for "securemote linux nat" turned up
http://www.phoneboy.com/faq/0372.html and
http://www.phoneboy.com/faq/0141.html.

-Richard

> Got my ip aliasing/forwarding and all working on dachstein.
> Very happy
> about that.  Great piece of work!
>
> Now for an interesting problem:
>
> One guy behind my leaf firewall needs a securemote (Checkpoint)
> connection to company b.  He has a Win2k workstation.  As I understand
> from searching the newsgroups, this isn't possible with
> Linux, although
> I would love to be corrected on that one.
>
> So I am looking for some opinions on a solution.  Could I just do some
> routing magic on the win2k workstation to bypass the leaf router only
> for that securemote ip address?  For something like that to work would
> the workstation need a second nic?  Or can I just plug all the
> Internet/Leaf wires into the same switch, and then give computer 3 a
> default gateway of 208.x.x.1 for the address in question?
>
> Any security issues?
>
>
>
>   [Internet]
>   |
>  eth0  208.x.x.13
>   |
>   LEAF Box (DF 208.x.x.1) |
>   |
>  eth1  192.168.1.254
>   |
>   ---
>   | |
>   Computer 2Computer 3  (needs to use
> securemote client)
> (192.168.1.2)  (192.168.1.3)
>
>
> Thanks very much,
>
> Boyd
>
> ___
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
>


___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user