[Leaf-user] PPTP performance.
Hello! I'm trying to set up a PPTP connection between two LEAF:s, it's as a backup for an existing direct router connection between two offices. The PPTP connection established between the LEAF:s and ping shows ok, but when doing high traffic the timeouts are BIG. If I try to do the same PPTP over our existing WAN it's work perfect. Could it bee a MTU, MRU problem which results in fragmented packets? Ping packets size way under the MTU works, but packet near MTU are dropped or times out. Please help!!! (I can't do IPSec) /Paul ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] vpn routing
Yessir, I finally found this in the online docs at freeswan over the weekend. Made the change to _updown and everythings cool. This such a nice elegant solution to multiple router/connections, I think I will write it up and send it to the group. It obviously has an application without a VPN. I wonder if there is much performance penalty for bidirectional masquerading? "Charles Steinkuehler" <[EMAIL PROTECTED]> on 03/09/2002 04:59:55 PM To: Phillip Watts/austin/Nlynx@Nlynx cc: [EMAIL PROTECTED] Subject: Re: [Leaf-user] vpn routing This is done by the _updown script. You can either customize the _updown script, or use [left|right]firewall=no in your ipsec.conf file, which will also prevent holes from being automatically created for the protocol 50 traffic, so you'll have to explicitly allow that as well. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] PPTP performance.
At 2002-03-11 12:40 +0100, [EMAIL PROTECTED] wrote: >I'm trying to set up a PPTP connection between two LEAF:s, it's as a >backup for an existing direct router connection between two offices. >The PPTP connection established between the LEAF:s and ping shows ok, >but when doing high traffic the timeouts are BIG. If I try to do the >same PPTP over our existing WAN it's work perfect. Could it bee a MTU, >MRU problem which results in fragmented packets? Ping packets size way >under the MTU works, but packet near MTU are dropped or times out. > >(I can't do IPSec) Paul, Please provided us with output from the following commands on both machines. # uname -a # ip addr show # ip route show Also, take a look at the *ping* FAQs, and let us know the failure responses. http://sourceforge.net/docman/display_doc.php?docid=4099&group_id=13751 Note: this is the minimum of information that is needed to resolve your problem. We may require additional information to help you. -- Mike Noyes <[EMAIL PROTECTED]> http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] PPTP performance.
> I'm trying to set up a PPTP connection between two LEAF:s, it's as a backup > for an existing direct router connection between two offices. > The PPTP connection established between the LEAF:s and ping shows ok, but > when doing high traffic the timeouts are BIG. > If I try to do the same PPTP over our existing WAN it's work perfect. > Could it bee a MTU, MRU problem which results in fragmented packets? > Ping packets size way under the MTU works, but packet near MTU are dropped > or times out. I've not run into these problems personally, but I've seen a lot of folks have MTU problems on the FreeS/WAN list. Even though you can't run IPSec, you might want to browse the list archives for MTU related problems... IIRC, some things you might want to check: - Make sure you're allowign ICMP through your firewalls. While it's OK to block re-direct messages, if you dump all ICMP, you'll be missing dropped packet notifications and MTU exceeded messages - You can sometimes fix things by forcing the MTU on the VPN Gateway. - Probably several other things I've forgotten, since I haven't run into MTU problems yet... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] routing more than 1 hop
>It's funny how the keys slip sometimes, huh :-) >There's definitely no "unsend" button :-) It wasn't until after my third or fourth time reading this e-mail that I figured out what you were talking about. Oops! >Ok. Be aware that you're going to want to check your >syslog a lot during this phase to see what's really going >on. Hopefully, all denied or rejected packets will be >logged and we can get somewhere. Even without Shorewall? >Yes, it looks complete, and it seems to make sense. >I don't see any lo, localhost routes. Why not? Did you >just omit them? I just didn't bother typing them out here, but they do exist. They are the same as what you have listed in your routing table. There's also an occasion or two where I'd think the gateway would simply be 0.0.0.0, but I'm not convinced that's an issue. The routes look logical. I point that out inllne. Most likely, we're at the point of traceroute and ping to bang our heads against any rules that are getting in the way. From a workstation at Site 1, I can ping the segment at Site 2 including all the interfaces in between, and the 10.10.12.253 interface (which is the router from Site 2b to Site 3, but I get unreachable messages for everything beyond. >> I did this because that router is connected via 100Mb fibre to another >> building where the rest of the routing happens. eth0 on Site 1 connects to a >> switch, and 10.10.1.254 (my main gateway router) connects to a different >> port on that same switch. >Ok. I get that now. As long as you're not using some really expensive >3COM switch or router that has traffic filtering/routing rules, we should >be in good shape. Didn't you mention this exact setup worked with a full >blown RH distro? >If that's the case, I'm leaning more toward "Shorewall," heh heh. It's a Nortel Accelar 1150R-B, but there's no filtering on it. And, yes it does work with a full blown RH distro. Since I haven't used the ip route tool before, I thought there might be more parameters that I need to be including when I build my routes. And I took Shorewall out to try and make things easier on myself, but it doesn't seem to make a difference. >Because you're not saying to the kernel that 192.168.1.254 is *another router*, >*another gateway* or "a thing that does routing", but rather you're just trying >to say, "put all that traffic out eth1." Although I know netstat and routing >in general, I've never set something up this complicated and can't be sure. >I just know how a routing table usually looks, and it does not specify the >external nic ip address for routes like this one. Here's mine, for example: >Destination Gateway Genmask Flags Iface >10.1.1.0 0.0.0.0255.255.255.0 U eth1 >63.194.213.0 0.0.0.0255.255.255.0 U eth0 >127.0.0.00.0.0.0255.0.0.0 U lo >0.0.0.0 63.194.213.254 0.0.0.0UG eth0 >Ok then. I'll leave it at this point until we find out about >the localhost route (127.0.0.0/8) sort of thing and the 0.0.0.0 >gateway issue. I'll give this a try, but at first glance it seems that it would direct all outbound traffic to the next hop, but what about traffic destined for hosts on the 63.194.213.0/24 segment? That's why I got specific with the gateway definitions. >Btw, how do you pronounce Pocius? Poe'-shuss? Poe'-she-us? It's Poe'-shuss..and I'm very impressed that you were able to guess that. No one ever pronounces it right! Bob Pocius ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] PPTP performance.
- Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, March 11, 2002 3:40 AM Subject: [Leaf-user] PPTP performance. > Hello! > > I'm trying to set up a PPTP connection between two LEAF:s, it's as a backup > for an existing direct router connection between two offices. > The PPTP connection established between the LEAF:s and ping shows ok, but > when doing high traffic the timeouts are BIG. > If I try to do the same PPTP over our existing WAN it's work perfect. > Could it bee a MTU, MRU problem which results in fragmented packets? > Ping packets size way under the MTU works, but packet near MTU are dropped > or times out. In addition to the issues raised by Mike and Charles, you might also look at the log on the PPTP client's side to see if you are seeing lots of out-of-order GRE packets. The Linux PPTP server performs rudimentry packet reordering but the client does not. This can cause poor performance in cases where there are multiple paths between the client and server and usually shows up when you are sending large messages. -Tom -- Tom Eastep\ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] routing more than 1 hop
Hello Bob, Matt You wrote about trouble routing to a second network useing a bering disk As far as I understood you post you can ping from one site to the next one but not beyond. your routing seems to be ok, Did you check cat /proc/sys/net/ipv4/ip_forward if this is set 0 then the kernel doesn't forward the ip-packets. even if you are able to reach them by route. You can change this with echo 1 >/proc/sys/net/ipv4/ip_forward. BTW this is also one of the things Shorewall does ;) look in /etc/network/options here is the line ip_forward=no you can change this to ip_forward=yes. good luck Eric Wolzak Bering_ http://leaf.sf.net/devel/ericw http://leaf.sf.net/devel/jnilo Original Message and answers below > I just didn't bother typing them out here, but they do > exist. They are the same as what you have listed in your routing table. > > > There's also an occasion or two where I'd think the gateway > would simply be 0.0.0.0, but I'm not convinced that's an > issue. > The routes look logical. I point that out inllne. > > Most likely, we're at the point of traceroute and ping > to bang our heads against any rules that are getting > in the way. > > From a workstation at Site 1, I can ping the segment at Site > 2 including all the interfaces in between, and the 10.10.12.253 interface > (which is the router from Site 2b to Site 3, but I get unreachable messages > for everything beyond. > > >> I did this because that router is connected via 100Mb > fibre to another > >> building where the rest of the routing happens. eth0 on > Site 1 connects to a > >> switch, and 10.10.1.254 (my main gateway router) connects > to a different > >> port on that same switch. > > >Ok. I get that now. As long as you're not using some > really expensive > >3COM switch or router that has traffic filtering/routing > rules, we should > >be in good shape. Didn't you mention this exact setup > worked with a full > >blown RH distro? > >If that's the case, I'm leaning more toward "Shorewall," > heh heh. > > It's a Nortel Accelar 1150R-B, but there's no filtering on > it. And, yes it does work with a full blown RH distro. Since I haven't used > the ip route tool before, I thought there might be more parameters that I > need to be including when I build my routes. And I took Shorewall out to try > and make things easier on myself, but it doesn't seem to make a difference. > > >Because you're not saying to the kernel that 192.168.1.254 > is *another router*, > >*another gateway* or "a thing that does routing", but > rather you're just trying > >to say, "put all that traffic out eth1." Although I know > netstat and routing > >in general, I've never set something up this complicated > and can't be sure. > >I just know how a routing table usually looks, and it does > not specify the > >external nic ip address for routes like this one. Here's > mine, for example: > > >Destination Gateway Genmask Flags > Iface > >10.1.1.0 0.0.0.0255.255.255.0 U > eth1 > >63.194.213.0 0.0.0.0255.255.255.0 U > eth0 > >127.0.0.00.0.0.0255.0.0.0 U > lo > >0.0.0.0 63.194.213.254 0.0.0.0UG > eth0 > > >Ok then. I'll leave it at this point until we find out > about > >the localhost route (127.0.0.0/8) sort of thing and the > 0.0.0.0 > >gateway issue. > > I'll give this a try, but at first glance it seems that it > would direct all outbound traffic to the next hop, but what about traffic > destined for hosts on the 63.194.213.0/24 segment? That's why I got specific > with the gateway definitions. > > > >Btw, how do you pronounce Pocius? Poe'-shuss? > Poe'-she-us? > > It's Poe'-shuss..and I'm very impressed that you were > able to guess that. No one ever pronounces it right! > > > Bob Pocius > > > ___ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] AOL vpn restricted??
We have a user trying to use our VPN (ipsec) thru a dialup AOL account and it dont work. Does anyone know for sure if AOL filters ipsec, protocol 50 & 51, udp port 500 ?? ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Bandwidth throttling
Hi, Is it possible to do IP address-based bandwidth throttling under LEAF? I want to limit download/upload bandwidth for individual IPs. I'm currently using DS 1.0.2 Thanks, Stephen ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Multicast Routing
Thanks I trying this lrp packages. Regards Ccntv1 >From: Dan Mønster <[EMAIL PROTECTED]> >To: cntv1 cntv1 <[EMAIL PROTECTED]> >CC: <[EMAIL PROTECTED]> >Subject: Re: [Leaf-user] Multicast Routing >Date: Sun, 10 Mar 2002 15:45:46 +0100 (MET) > >Hi, > > > I try to find mrouted becouse this support other protocols than PIM. > > I have others cisco router. The problem is: if this PIM sparse module >can > > interact with the router cisco serie 2500. > >No problem, I get my multicast feed from a Cisco 2600 series router. Just >configure each interface for pim-sm, like this: > >Cisco#configure terminal >Cisco(config)#ip pim sparse-mode >Cisco(config)#ip pim rp-address >Cisco(config)#interface ethernet 0/0 >Cisco(config-if)#ip pim sparse-mode >(Repeat this for other interfaces that run pim-sm). > > > If yes, I thanks to you if you can compile and make the lrp package >pimd.lrp > > for me. > >I'll send you my home grown pimd.lrp as well as an mrouted.lrp package I >downloaded somewhere, in private communication. I hope it works out for >you. >Use mrouted for DVMRP and pimd for PIM-SM. > >Regards, > > -Dan >_ >Dan Mønster, PhD E-mail: [EMAIL PROTECTED] >UNI·C, Research Phone: (+45) 8937 6621 >Olof Palmes Allé 38 Fax: (+45) 8937 6677 >DK-8200 Århus N, DenmarkWWW: http://www.uni-c.dk >_ > > _ MSN Photos es la manera más sencilla de compartir e imprimir sus fotos: http://photos.latam.msn.com/Support/WorldWide.aspx ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Bandwidth throttling
On Mon, 2002-03-11 at 14:20, Stephen Lee wrote: > Hi, > > Is it possible to do IP address-based bandwidth throttling under LEAF? I > want to limit download/upload bandwidth for individual IPs. I'm > currently using DS 1.0.2 > > Thanks, > Stephen To answer my own question, I guess I need the bwidth22.lrp package right? Any tips? Thanks, Stephen ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Bandwidth throttling
I haven't used the bwidth22.lrp package, but am playing around with HTB queuing (which requires kernel and iproute2 patches). If you are willing to try a 2.4 kernel, you should consider the Bering distribution. It includes Shorewall, which has some support for traffic control (http://www.shorewall.net/traffic_shaping.htm). The schedulers and classifiers that tc needs can be compiled as modules (I don't know whether these come with Bering). One big gotcha is that it is easier to shape outgoing traffic than to police incoming traffic, since we can't directly control how fast the Internet sends us data. Check out Cookbook, currently found at http://lartc.org/docbook-html/x1847.html. -Richard > On Mon, 2002-03-11 at 14:20, Stephen Lee wrote: > > Hi, > > > > Is it possible to do IP address-based bandwidth throttling > > under LEAF? I > > want to limit download/upload bandwidth for individual IPs. I'm > > currently using DS 1.0.2 > > > > Thanks, > > Stephen > To answer my own question, I guess I need the bwidth22.lrp package > right? Any tips? > > Thanks, > Stephen > ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Bandwidth throttling
Thanks Richard. I will try bwidth22 first as I already have a production DCD to work from. Does anyone know if there is a more recent version of Jack Coates LRP-QoS-HOWTO than the one at: http://leaf.sourceforge.net/pub/doc/howto/LRP-QoS-HOWTO.html ? Thanks, Stephen On Mon, 2002-03-11 at 17:12, Richard Doyle wrote: > I haven't used the bwidth22.lrp package, but am playing around with HTB > queuing (which requires kernel and iproute2 patches). If you are > willing to try a 2.4 kernel, you should consider the Bering > distribution. It includes Shorewall, which has some support for traffic > control (http://www.shorewall.net/traffic_shaping.htm). The schedulers > and classifiers that tc needs can be compiled as modules (I don't know > whether these come with Bering). > > One big gotcha is that it is easier to shape outgoing traffic than to > police incoming traffic, since we can't directly control how fast the > Internet sends us data. Check out Cookbook, currently found at > http://lartc.org/docbook-html/x1847.html. > > -Richard > > > On Mon, 2002-03-11 at 14:20, Stephen Lee wrote: > > > Hi, > > > > > > Is it possible to do IP address-based bandwidth throttling > > > under LEAF? I > > > want to limit download/upload bandwidth for individual IPs. I'm > > > currently using DS 1.0.2 > > > > > > Thanks, > > > Stephen > > To answer my own question, I guess I need the bwidth22.lrp package > > right? Any tips? > > > > Thanks, > > Stephen > > ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] (no subject)
I want to put together a LEAF system for a small nonprofit office. The system is a 486DX-100, 16MB memory with ppp and a network card, booting from a floppy. I have that much running now using Bering. I want to add an email service to this machine with a 500MB disk for storage. I will be making pakages for fetchmail and procmail to retrieve the email from the ISP, but I need suggestions for smtp and pop3 services. What programs would be best to use given the space issues of typical LEAF systems? JamesS ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] DCD Port forwarding not working
Yes, that would be a big help! I'm extremely frustrated by the fact there doesn't seem to be a hole opened at port 8080... Or is it there and I didn't see it? Here's the content of network.conf: ## # # Extended firewall configuration scripts # By Charles Steinkuehler # Version 1.3.2 # September 29, 2001 ## # # Brief instructions for this file ## # # # VERBOSE=(YES/NO) Default: Yes # Be verbose about settings. # # MAX_LOOP=(int)Default: 10 # Maximum number of incrementable entries to search for. # IE: If you create a DNS7=, and MAX_LOOP=7, it will not be reached. # (DNS0 - DNS7 == 8 entires) # Setting this value too high will decrease the speed of the configuration # system. # # IPFWDING_KERNEL=(YES/NO/FILTER_ON)Default: NO # Enable IP forwarding in the kernel. FILTER_ON means forwarding will # only happen when IP filtering rules are loaded # # IPALWAYSDEFRAG_KERNEL=(YES/NO)Default: NO # Enable IP Global defragmentation in the kernel. # # **WARNING** - If this was turned on everywhere in a network of routers, # it can result in TCP connections failing and TCP connection resets. # # ONLY turn this on if the box is a firewall or the single point of # entry for a network, or an endpoint for port forwarding or a load # balancer for a WWW server farm. DO NOT turn this on if the box is a # conventional router as it breaks the TCP/IP RFCes. This option is # needed when using IP NAT, IP masquerading, IP autofw, IP portfw, # transparent proxying or other kernel operations that intercept a # packet flow and redirect it. # # It is a useful tool when using a packet filtering router to protect # directly attached ethernet networks of servers as it stops fragment # attacks on the servers in behind the router. Another use is packet # filtering router to protect dial-in Internet users on NASes # (Portmasters, TC racks etc) from various SMB and fragment attacks # and to redirect all WWW connections into a WWW proxy-caching server. # # CONFIG_HOSTNAME=(YES/NO) Default: NO # Create /etc/hostname file using HOSTNAME entry. # Any current hostname file will be **OVERWRITTEN** # # CONFIG_HOSTSFILE=(YES/NO) Default: NO # Create /etc/hosts file using HOSTSx entries. # Any current hosts file will be **OVERWRITTEN** # # CONFIG_DNS=(YES/NO) Default: NO # Create /etc/resolv.conf file using DOMAINS and DNSx entries. # Any current resolv.conf file will be **OVERWRITTEN** # # IF_LIST Default: "$IF_AUTO" # A space seperated list of interfaces that can be ACTIVE on this machine # This controls which interfaces can be brought up and down manually. # # IF_AUTO Default: "eth0" # A space separated list of interfaces that get started on boot. Tunneling # interfaces like CIPE should be after the raw interfaces they depend on. # The interfaces are started in the order they occur on the list, and are # shutdown in the reverse order of IF_LIST. # # IPFILTER_SWITCH=(none|router|firewall)Default: "none" # Selects the basic IP filtering/firewalling setup of the router. "None" # is used for a straight through router, "router" for a filtering router with # IP spoof protection and Martian protection and "firewall" for a basic IP # masquerading/NAT firewall. The basic filter types are provided in # /etc/ipfilter.conf. If you want more than what is provided read the man # pages for ipchains or ipfwadm and BE CAREFUL when you edit this! # ## # # General Settings ## # VERBOSE=YES MAX_LOOP=10 IPFWDING_KERNEL=FILTER_ON IPALWAYSDEFRAG_KERNEL=YES CONFIG_HOSTNAME=YES CONFIG_HOSTSFILE=NO CONFIG_DNS=NO ## # # Interfaces ## # # Start pppd PPP interfaces first as pppd's use of DNS can delay startup. # # Interfaces to start on boot go here - ie "ppp0 eth0" # Do NOT include interfaces configured by dhcp! IF_AUTO="eth1" # List of all configured interfaces, manual start and boot start IF_LIST="$IF_AUTO" # Accept ICMP Redirects on ALL interfaces, also depends on /proc # per interface IP forwarding flag. - YES/NO ALLIF_ACCEPT_REDIRECTS=NO # Need these both for interfaces run by daemons - ie PPP, CIPE, some # WAN interfaces # IP spoofing protection by default for interfaces - YES/NO DEF_IP_SPOOF=YES # Kernel logging of spoofed packets by default for interfaces - YES/NO DEF_IP_KRNL_LOGMARTIANS=YES # Bridge Setup - Global stuff # # Enable bridging - YES/NO BR
Re: [Leaf-user] Oxygen + FreeS/WAN
On 3/7/02 at 3:54 PM, GR <[EMAIL PROTECTED]> wrote: > Anyone out there manage to compile a kernel for Oxygen 1.9 > with FreeS/WAN compiled in? The Oxygen 1.9 kernel is the standard Linux kernel; you should be able to add the appropriate (non-LRP) patches to a standard kernel and go. OpenWall may conflict; I don't know FreeS/WAN. I do know Oxygen though :) and since no one spoke up -- David Douthitt UNIX Systems Administrator HP-UX, Unixware, Linux [EMAIL PROTECTED] ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] DCD Port forwarding not working
On Monday 11 March 2002 22:53, Doug Sampson wrote:
> Yes, that would be a big help! I'm extremely frustrated by the fact
> there doesn't seem to be a hole opened at port 8080... Or is it
> there and I didn't see it?
It's there, but I think you've got the port forwarding somewhat
confused. Details inline.
> Here's the content of network.conf:
>
> # TCP services open to outside world
> # Space seperated list: srcip/mask_dstport
> #EXTERN_TCP_PORTS="216.70.236.234/29_ssh 0/0_www 0/0_1023 0/0_8080"
>
> # -or-
> # Indexed list: "SrcAddr/Mask port [ DestAddr[/DestMask] ]"
> #EXTERN_TCP_PORT0="5.6.7.8 domain 1.1.1.12"
> #EXTERN_TCP_PORT1="0/0 www"
> EXTERN_TCP_PORT0="216.70.236.236/29 ssh"
> EXTERN_TCP_PORT1="0/0 www"
> EXTERN_TCP_PORT2="0/0 8080"
Good!
> # Uncomment following for port-forwarded internal services.
> # The following is an example of what should be put here.
> # Tuples are as follows:
> #
> #INTERN_SERVERS="tcp_${EXTERN_IP}_ftp_192.168.1.200_ftp
> tcp_${EXTERN_IP}_smtp_192.168.1.200_smtp"
> INTERN_SERVERS="tcp_${EXTERN_IP}_8080_192.168.1.200_80"
This is all you need to port forward. Good!
> # Advanced settings: parameters passed directly to portfw and autofw
> # Indexed list: ""
> #INTERN_SERVER0="-a -P PROTO -L LADDR LPORT -R RADDR RPORT [-p PREF]"
> INTERN_SERVER0="tcp ${EXTERN_IP} 8080 192.168.1.200 80"
> # Indexed list: ""
> #INTERN_AUTOFW0="-A -r tcp 2 20050 -h 192.168.1.1"
> #INTERN_AUTOFW0="-A -r tcp 8080 -h 192.168.1.200"
Bad this is probably messing things up. Remove the line in this
section. You did this in the section above.
> lsmod.txt contents:
> ip_masq_portfw 2416 2
Good, this should be all you need.
I don't know exactly how eth0 is supposed to come up and be
configured when running PPPoE, which is what I am assuming
you using with this config. If your not running PPPoE, you need
to fix the general config before it will work.
> Thanks!!!
>
No problem!
--
~Lynn Avants
aka Guitarlynn
guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net
If linux isn't the answer, you've probably got the wrong question!
___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] MSN MESSENGER FT
Im using xp and I don't have firewall in xp activated. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Upnet Joe Sent: Saturday, March 09, 2002 9:50 AM To: Jim Van Eeckhoutte; , Subject: Re: [Leaf-user] MSN MESSENGER FT need more info about your network...and What is your Client PC xp or w2k, 98 ... I notice on XP if you have Firewall protection enable...you can't send files... I know ManyNetwork use Hardware Router/Firewalls, users having problems with UP/down Loads files... however Hackers got no problem nadda... Upnet Joe - Original Message - From: "Jim Van Eeckhoutte" <[EMAIL PROTECTED]> To: "," <[EMAIL PROTECTED]> Sent: Saturday, March 09, 2002 2:06 AM Subject: [Leaf-user] MSN MESSENGER FT > I know this is a non leaf question but you guys might be my only hope. > Im using MikroTik RouterOS which is usin input , forward, and output > chains with src-nat and dest-nat. I have it set up usint masq and nat > for internal services . Heres my question: I have tried everything to > get file transfer (msmessenger) to work, I can receive files but cant > send them. Can you guys shed some light on how this process could work. > MikroTik response is somewhat limited. > > > ___ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] (no subject)
Hi all, Just installed the snort IDS package and it seems to be working. (Seems to be because I don't know anything about writing the preprocessors or filter rules yet). What I would like to do next is log to a mysql Database. And I was wondering if anyone already made a mysql.lrp. I know this is going to take quite some diskspace, but I am hoping That my 64 MB ramdisk will cope. Thanks in advance Kim ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
