RE: [leaf-user] VPN Through Dachstein and SSH problems

2002-06-26 Thread Eric Kubischta 

Thank you again all -

I read this file:
http://leaf.sourceforge.net/devel/guitarlynn/ipsec.txt

And tried to follow these steps:
snip  To setup this type of connection:
1) open the protocols 50 and 51 on your firewall
2) open port 500 on your firewall
3) load the ip_masq_ipsec.o module and add it to /etc/modules
4) use the ipfwd utility to forward the port to the internal 
network. Ipmasq will not forward the necessary protocol.
snip

Here is what I have tried to enable pass through of my VPN connection.

Added the following lines to the network.conf


EXTERN_UDP_PORTS=0/0_domain 0/0_bootpc 0/0_500
EXTERN_TCP_PORT0=50 0/0
EXTERN_TCP_PORT151 0/0

made sure that the following line is in the loaded modules
ip_masq_ipsec

I am not sure on how to use the ipfwd utility

Does it look like I am doing this right?  I apoligize greatly for my lack of 
ability!  Any help would be great.

Thanks again,

Eric




From: Joey Officer [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Eric Kubischta [EMAIL PROTECTED], 
[EMAIL PROTECTED]
Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems
Date: Tue, 25 Jun 2002 08:27:10 -0500

In addition to the response about editing hosts.allow, you should also
change a few lines in the network.conf file, as well as the sh-httpd.conf
file (all available through the lrp menu).  Just do a search for 192.168.1.
and you should find what you are looking for, change them all to 192.168.5.
..

Joey


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Eric Kubischta
Sent: Monday, June 24, 2002 11:07 PM
To: [EMAIL PROTECTED]
Subject: [leaf-user] VPN Through Dachstein and SSH problems

Hello all - any assistance you could provide would be great.  I have been
searching the FAQ's and archives for info to no avail.

I have two big problems:

1.  The Dachetein router is up and running great!  Thank you for previous
help.  However, I cannot use Microsoft Dial-Up networking from a Windows box
on my internal network to dial a VPN connection to a Windows NT server on
the internet.  (This works fine if I remove the router)

Problem 2 - I cannot get SSH to Work!!  I followed instructions that I found
here:
http://sourceforge.net/docman/display_doc.php?docid=1441group_id=13751

I followed each step to the T.  However, when I try to connect (Using PuTTY
from a Windows 2000 box on the internal network) the terminal screen comes
up for about 1 second and then disappears completely)

A couple of things I have different:

I use MSN for my Broadband connection.  The Arescom DSL modem I have gives a
192.168.1.2 IP to the Linux Router.  I reconfigured eth1 to hand out and use
192.168.5.xxx to my internal network.

All other networking functionality seems to work (browsing the Internet,
etc.)

Thanks for your help and let me know if you need any more info!

Thanks,

Eric


_
Join the world's largest e-mail service with MSN Hotmail.
http://www.hotmail.com



---
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




_
Send and receive Hotmail on your mobile device: http://mobile.msn.com



---
This sf.net email is sponsored by: Jabber Inc.
Don't miss the IM event of the season | Special offer for OSDN members! 
JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] VPN Through Dachstein and SSH problems

2002-06-26 Thread Jeff Newmiller 

On Wed, 26 Jun 2002, Eric Kubischta wrote:

 Thank you again all -
 
 I read this file:
 http://leaf.sourceforge.net/devel/guitarlynn/ipsec.txt
 
 And tried to follow these steps:
 snip  To setup this type of connection:
   1) open the protocols 50 and 51 on your firewall
   2) open port 500 on your firewall
   3) load the ip_masq_ipsec.o module and add it to /etc/modules
 4) use the ipfwd utility to forward the port to the internal 
 network. Ipmasq will not forward the necessary protocol.
 snip
 
 Here is what I have tried to enable pass through of my VPN connection.
 
 Added the following lines to the network.conf
 
 
 EXTERN_UDP_PORTS=0/0_domain 0/0_bootpc 0/0_500

Okay.

 EXTERN_TCP_PORT0=50 0/0
 EXTERN_TCP_PORT151 0/0

Not okay.  IP packets can be of the TCP protocol type (6), or UDP (17), or
other. We can only talk about ports once we have agreed to use a
protocol that includes them, like TCP or UDP.  Protocols 50 and 50 are
different from the ports defined in protocols 6 and 17 in much the same
way apples are different from donut holes: without the donut, a donut hole
doesn't have much meaning.

I haven't done this myself, but I think you need to look for something
more like:

  EXTERN_PROTO0=50 aaa.bbb.ccc.ddd/24

 
 made sure that the following line is in the loaded modules
 ip_masq_ipsec
 
 I am not sure on how to use the ipfwd utility
 
 Does it look like I am doing this right?  I apoligize greatly for my lack of 
 ability!  Any help would be great.

Please don't apologize for lack of ability... if you must apologize, let
it be for rudeness.  Fortunately there seems little danger of that. :)

---
Jeff NewmillerThe .   .  Go Live...
DCN:[EMAIL PROTECTED]Basics: ##.#.   ##.#.  Live Go...
  Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/BatteriesO.O#.   #.O#.  with
/Software/Embedded Controllers)   .OO#.   .OO#.  rocks...2k
---




---
This sf.net email is sponsored by: Jabber Inc.
Don't miss the IM event of the season | Special offer for OSDN members! 
JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] VPN Through Dachstein and SSH problems

2002-06-26 Thread Joey Officer 

You need to remove the ip_masq_ipsec.o module line from modules.conf

The lines should look like the following

EXTERN_TCP_PORTS=66.101.59.22/32_ssh  # this only allows a specific IP, I
think the 0/0 would allow everything
EXTERN_UDP_PORTS=66.101.59.22/32_500  # this is the port for IPSec (I
believe)
EXTERN_PROTO0=50 66.101.59.22/32  # this is part the SSH
EXTERN_PROTO1=51 66.101.59.22/32  # same thing here, I believe 50 and 51
are required. Again - this is for specific IP


Joey

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Eric Kubischta
Sent: Wednesday, June 26, 2002 11:39 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems

Thank you again all -

I read this file:
http://leaf.sourceforge.net/devel/guitarlynn/ipsec.txt

And tried to follow these steps:
snip  To setup this type of connection:
1) open the protocols 50 and 51 on your firewall
2) open port 500 on your firewall
3) load the ip_masq_ipsec.o module and add it to /etc/modules
4) use the ipfwd utility to forward the port to the internal
network. Ipmasq will not forward the necessary protocol.
snip

Here is what I have tried to enable pass through of my VPN connection.

Added the following lines to the network.conf


EXTERN_UDP_PORTS=0/0_domain 0/0_bootpc 0/0_500
EXTERN_TCP_PORT0=50 0/0
EXTERN_TCP_PORT151 0/0

made sure that the following line is in the loaded modules
ip_masq_ipsec

I am not sure on how to use the ipfwd utility

Does it look like I am doing this right?  I apoligize greatly for my lack of
ability!  Any help would be great.

Thanks again,

Eric




From: Joey Officer [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Eric Kubischta [EMAIL PROTECTED],
[EMAIL PROTECTED]
Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems
Date: Tue, 25 Jun 2002 08:27:10 -0500

In addition to the response about editing hosts.allow, you should also
change a few lines in the network.conf file, as well as the sh-httpd.conf
file (all available through the lrp menu).  Just do a search for 192.168.1.
and you should find what you are looking for, change them all to 192.168.5.
..

Joey


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Eric Kubischta
Sent: Monday, June 24, 2002 11:07 PM
To: [EMAIL PROTECTED]
Subject: [leaf-user] VPN Through Dachstein and SSH problems

Hello all - any assistance you could provide would be great.  I have been
searching the FAQ's and archives for info to no avail.

I have two big problems:

1.  The Dachetein router is up and running great!  Thank you for previous
help.  However, I cannot use Microsoft Dial-Up networking from a Windows box
on my internal network to dial a VPN connection to a Windows NT server on
the internet.  (This works fine if I remove the router)

Problem 2 - I cannot get SSH to Work!!  I followed instructions that I found
here:
http://sourceforge.net/docman/display_doc.php?docid=1441group_id=13751

I followed each step to the T.  However, when I try to connect (Using PuTTY
from a Windows 2000 box on the internal network) the terminal screen comes
up for about 1 second and then disappears completely)

A couple of things I have different:

I use MSN for my Broadband connection.  The Arescom DSL modem I have gives a
192.168.1.2 IP to the Linux Router.  I reconfigured eth1 to hand out and use
192.168.5.xxx to my internal network.

All other networking functionality seems to work (browsing the Internet,
etc.)

Thanks for your help and let me know if you need any more info!

Thanks,

Eric


_
Join the world's largest e-mail service with MSN Hotmail.
http://www.hotmail.com



---
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




_
Send and receive Hotmail on your mobile device: http://mobile.msn.com



---
This sf.net email is sponsored by: Jabber Inc.
Don't miss the IM event of the season | Special offer for OSDN members!
JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This sf.net email is sponsored by: Jabber Inc.
Don't miss the IM event of the season | Special offer for OSDN members! 
JabberConf 2002, Aug. 20-22,

Re:[leaf-user] Weblet

2002-06-26 Thread Erich Titl 

Lynn

[EMAIL PROTECTED] wrote the following at 20:36 
26.06.2002:
Message: 6
From: guitarlynn [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Weblet
Date: Tue, 25 Jun 2002 17:14:05 -0500

On Tuesday 25 June 2002 16:57, Richard Amerman wrote:
  Has anyone made any modifications to weblet that displays
  configuration files?

  How about adding authentication to weblet?

I'm starting some work on one for Dachstein, but I'm starting from
scratch on it. I think someone had come up with something that
worked with Bering in some form, but there was no link or email
left to get it (that I know of).

In any case, to do it securely there is a lot of additions and work
to create one. Mosquito only uses web-configuration it might
be worth a try.

I am playing around with weblet to get some kind of a web based 
configuration. Authentication is certainly an issue there and I am very 
interested in anything that should come up in that aspect.

Does anyone know why the

cgi-bin/whatever.cgi?parameter1=value1parameter2=value2

passing in weblet is disabled?

thanks

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16



---
This sf.net email is sponsored by: Jabber Inc.
Don't miss the IM event of the season | Special offer for OSDN members!
JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] problem.with dcd and direct connect

2002-06-26 Thread Robin 

Ok ive got it working alright. Vut now when my connection dies (it does that
3 times a day not 40 times anymore) and i fill in the new ipnumber in the
direct connect box. I have to manually disconnect and reconnect my pppeo
connection

svi network reload

and then al thing function (search etc.)
I think the problem here is that the network.conf (or the forward rules)
arent ajusted to the new ipnumber i get.

So how can i fix this. Maybe put a reload of network.conf and the ipfilters
in my pppoe start script.

And how do i do that. And where is the script located..


thanks in advance,

Robin



---
This sf.net email is sponsored by: Jabber Inc.
Don't miss the IM event of the season | Special offer for OSDN members! 
JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Error in bridge setup in Bering RC3

2002-06-26 Thread Manfred Schuler 

Hi,

in Bering RC3 there is a bug in the bridge.lrp int the file
/etc/network/if-pre-up.d/bridge

the line
  brctl addif $IFACE $i  ip set dev $i up
should read
  brctl addif $IFACE $i  ip link set dev $i up

Jacques, sorry, my fault.
I should know, it is better to use copy'n'paste.

-- 
Manfred Schuler
E_Mail: mailto:[EMAIL PROTECTED]


---
This sf.net email is sponsored by: Jabber Inc.
Don't miss the IM event of the season | Special offer for OSDN members! 
JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] problem.with dcd and direct connect

2002-06-26 Thread guitarlynn 

On Wednesday 26 June 2002 16:12, Robin wrote:

 So how can i fix this. Maybe put a reload of network.conf and the
 ipfilters in my pppoe start script.

 And how do i do that. And where is the script located..

Ken Hadley's custom ppp/pppoe Dachstein image should have this
all built-in. It should be located at:

http://leaf.sourceforge.net/devel/khadley
-- 

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!


---
This sf.net email is sponsored by: Jabber Inc.
Don't miss the IM event of the season | Special offer for OSDN members! 
JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re:[leaf-user] Weblet

2002-06-26 Thread guitarlynn 

On Wednesday 26 June 2002 15:31, Erich Titl wrote:

 I am playing around with weblet to get some kind of a web based
 configuration. Authentication is certainly an issue there and I am
 very interested in anything that should come up in that aspect.

 Does anyone know why the

 cgi-bin/whatever.cgi?parameter1=value1parameter2=value2

 passing in weblet is disabled?

 Erich,
I can't say for sure, being that I'm breaking conf files that are
generated via shell-scripts to allow for console configuration 
as well. However, being that weblet is run on sh-httpd, I would
think that one or more of the reserved characters aren't being parsed 
correctly by sh-httpd.

-- 

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!


---
This sf.net email is sponsored by: Jabber Inc.
Don't miss the IM event of the season | Special offer for OSDN members! 
JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] ICQ configuration

2002-06-26 Thread M Lu 

Thank you for the suggestions.

I took Charles' advice by installing socks5.lrp. Kim's IP_MASQ_ICQ module
would work too but if the other end is behind the firewall it may not.

I tried last night on my son's machine and ICQ is OK, I can receive files. I
have one more questions: how can I tell socks5 to listen to 2 interfaces. My
config file /etc/socks5.conf looks like that:

...
set SOCKS5_BINDINTFC 192.168.1.254:1080


interface 192.168.1. - eth1
interface - - eth0
auth 192.168.1. - -
permit - - 192.168.1. - - -

I would like to add the support to 192.168.2. subnet too. If I omiss this, I
think it would listen to all interfaces and I do not want to expose to eth0.
But I do not know how o set SOCKS5_BINDINTFC so it can also bind to eth2,
port 1080

Thank you.








---
This sf.net email is sponsored by: Jabber Inc.
Don't miss the IM event of the season | Special offer for OSDN members! 
JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] VPN Through Dachstein and SSH problems

2002-06-26 Thread Eric Kubischta 

Thank you again.  I have set up my network.conf file according to the 
settings below (using the external IP address of my companies VPN server).

But still, when I try to connect with VPN from my Win2K Client machine 
through the firewall, doesn't work  (hangs at Verifying User Name and 
Password)  When I remove the Linux Router, it works.

Any other ideas?

Thanks,

Eric



From: Joey Officer [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Eric Kubischta [EMAIL PROTECTED]
CC: LRP Support [EMAIL PROTECTED]
Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems
Date: Wed, 26 Jun 2002 13:31:01 -0500

You need to remove the ip_masq_ipsec.o module line from modules.conf

The lines should look like the following

EXTERN_TCP_PORTS=66.101.59.22/32_ssh  # this only allows a specific IP, I
think the 0/0 would allow everything
EXTERN_UDP_PORTS=66.101.59.22/32_500  # this is the port for IPSec (I
believe)
EXTERN_PROTO0=50 66.101.59.22/32  # this is part the SSH
EXTERN_PROTO1=51 66.101.59.22/32  # same thing here, I believe 50 and 51
are required. Again - this is for specific IP


Joey

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Eric Kubischta
Sent: Wednesday, June 26, 2002 11:39 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems

Thank you again all -

I read this file:
http://leaf.sourceforge.net/devel/guitarlynn/ipsec.txt

And tried to follow these steps:
snip  To setup this type of connection:
 1) open the protocols 50 and 51 on your firewall
 2) open port 500 on your firewall
 3) load the ip_masq_ipsec.o module and add it to /etc/modules
 4) use the ipfwd utility to forward the port to the internal
network. Ipmasq will not forward the necessary protocol.
snip

Here is what I have tried to enable pass through of my VPN connection.

Added the following lines to the network.conf


EXTERN_UDP_PORTS=0/0_domain 0/0_bootpc 0/0_500
EXTERN_TCP_PORT0=50 0/0
EXTERN_TCP_PORT151 0/0

made sure that the following line is in the loaded modules
ip_masq_ipsec

I am not sure on how to use the ipfwd utility

Does it look like I am doing this right?  I apoligize greatly for my lack of
ability!  Any help would be great.

Thanks again,

Eric




From: Joey Officer [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Eric Kubischta [EMAIL PROTECTED],
[EMAIL PROTECTED]
Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems
Date: Tue, 25 Jun 2002 08:27:10 -0500

In addition to the response about editing hosts.allow, you should also
change a few lines in the network.conf file, as well as the sh-httpd.conf
file (all available through the lrp menu).  Just do a search for 192.168.1.
and you should find what you are looking for, change them all to 192.168.5.
..

Joey


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Eric Kubischta
Sent: Monday, June 24, 2002 11:07 PM
To: [EMAIL PROTECTED]
Subject: [leaf-user] VPN Through Dachstein and SSH problems

Hello all - any assistance you could provide would be great.  I have been
searching the FAQ's and archives for info to no avail.

I have two big problems:

1.  The Dachetein router is up and running great!  Thank you for previous
help.  However, I cannot use Microsoft Dial-Up networking from a Windows box
on my internal network to dial a VPN connection to a Windows NT server on
the internet.  (This works fine if I remove the router)

Problem 2 - I cannot get SSH to Work!!  I followed instructions that I found
here:
http://sourceforge.net/docman/display_doc.php?docid=1441group_id=13751

I followed each step to the T.  However, when I try to connect (Using PuTTY
from a Windows 2000 box on the internal network) the terminal screen comes
up for about 1 second and then disappears completely)

A couple of things I have different:

I use MSN for my Broadband connection.  The Arescom DSL modem I have gives a
192.168.1.2 IP to the Linux Router.  I reconfigured eth1 to hand out and use
192.168.5.xxx to my internal network.

All other networking functionality seems to work (browsing the Internet,
etc.)

Thanks for your help and let me know if you need any more info!

Thanks,

Eric


_
Join the world's largest e-mail service with MSN Hotmail.
http://www.hotmail.com



---
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




_
Send and receive Hotmail on your mobile device: http://mobile.msn.com



---
This sf.net email is

RE: [leaf-user] Weblet

2002-06-26 Thread Richard Amerman 

I currently have a modification that has a new list of all the configuration files on 
the left side.  I have included all the main networking files, modules file, ppp 
files, and all of shorewall.
 
I did this with a combination of index.html modification (including some cleanup, 
primarily with an added style entry above that took out all the remaining style info 
bellow) and some changes in the showlogsx cgi scripts.
 
I also made a change so that on the individual pages displaying either a config file 
or a log, the entire path is displayed at the top rather than just the file name.  I'm 
not sure if this is a change for the masses or not.  I will need feedback.
 
I also plan on adding a single link to do a configuration dump.  This would involve a 
new cgi file, more than I will be tackling today! :-)
 
I plan on setting up a demo box outside our firewall that everyone can access to check 
out these changes.  I will let the list know when I have this set up.
 
Richard Amerman
 

-Original Message- 
From: Erich Titl [mailto:[EMAIL PROTECTED]] 
Sent: Wed 6/26/2002 1:31 PM 
To: [EMAIL PROTECTED] 
Cc: 
Subject: Re:[leaf-user] Weblet



Lynn

[EMAIL PROTECTED] wrote the following at 20:36
26.06.2002:
Message: 6
From: guitarlynn [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Weblet
Date: Tue, 25 Jun 2002 17:14:05 -0500

On Tuesday 25 June 2002 16:57, Richard Amerman wrote:
  Has anyone made any modifications to weblet that displays
  configuration files?

  How about adding authentication to weblet?

I'm starting some work on one for Dachstein, but I'm starting from
scratch on it. I think someone had come up with something that
worked with Bering in some form, but there was no link or email
left to get it (that I know of).

In any case, to do it securely there is a lot of additions and work
to create one. Mosquito only uses web-configuration it might
be worth a try.

I am playing around with weblet to get some kind of a web based
configuration. Authentication is certainly an issue there and I am very
interested in anything that should come up in that aspect.

Does anyone know why the

cgi-bin/whatever.cgi?parameter1=value1parameter2=value2

passing in weblet is disabled?

thanks

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16



---
This sf.net email is sponsored by: Jabber Inc.
Don't miss the IM event of the season | Special offer for OSDN members!
JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


†+,~w­zf¢–+,¦‰ì¢·oZm·«w¢{fŠË-…âz÷§¶‡í…ëjÊ'J—œ‰©h}÷«~ŠÎH3fzfÞ®ÂZm·«
‰ßÛM6è6ÓmŠ{+-¢w‚:m§ÿðÃÚm·«r‰ßr‰¿¢Çg•æŸºÇ«™¨¥Šx%ŠËey§î±êåŠËl²‹«qç讧zØm¶›?þX¬¶Ë(º·~Šàzw­þX¬¶ÏåŠËbú?•æŸºÇ«I@Bm§ÿåy§é®ˆÞrÚ+ƒúno÷hs÷hrf§j«ýÚ‰Ý|÷Xmš

Re: [leaf-user] GuitarLynn's FreeS/WAN image problem

2002-06-26 Thread guitarlynn 

On Wednesday 26 June 2002 10:31, Ping Kwong wrote:
 When I get a chance again I'll take a look at it again.  But I did
 try using Charles' 2.2.19-small modules per your instructions with
 the link. That why I find it perplexing.  I have a bootable CD-R that
 I made with Eigerstein and I stick that back in and that works fine. 
 Go back to your floppy and I have that same problem.  I even went as
 far as finding the module on the CD-ROM and copying that over to see
 if that helps.  I believe I'm using the b version of the RTL8139 if
 I recall from the bootup messages.  The card is actually a D-Link
 530TX or + can't exactly remember as it came in a kit.

A. let's step back a minute. What you are doing will NOT work!!!
You want ipsec pass-through and added the ip_masq_ipsec module with
my ipsec image. This includes an IPSec-patched kernel that clashes with
the ip_masq_ipsec.o module for pass-through operation. My image will
not do pass-through because of the kernel, however the regular Dachstein
image with the same changes that you have made WILL work.

I will add a note indicating this in the IPSec document as well!
Thanks!
-- 

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!


---
This sf.net email is sponsored by: Jabber Inc.
Don't miss the IM event of the season | Special offer for OSDN members! 
JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] Bearing 1.0RC3 -- Traceroute

2002-06-26 Thread Reginald R. Richardson 


Hi guys...

Using bearing 1.0rc3,
Isn't there a traceroute included by default...

thks


---
This sf.net email is sponsored by: Jabber Inc.
Don't miss the IM event of the season | Special offer for OSDN members!
JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] VPN Through Dachstein and SSH problems

2002-06-26 Thread guitarlynn 

On Wednesday 26 June 2002 13:31, Joey Officer wrote:
 You need to remove the ip_masq_ipsec.o module line from modules.conf

Incorrect, you need the ip_masq_ipsec modules for pass-through operation
with a 2.2.x kernel


 The lines should look like the following

 EXTERN_TCP_PORTS=66.101.59.22/32_ssh# this only allows a specific
 IP, I think the 0/0 would allow everything
 EXTERN_UDP_PORTS=66.101.59.22/32_500# this is the port for IPSec
 (I believe)
 EXTERN_PROTO0=50 66.101.59.22/32# this is part the SSH
 EXTERN_PROTO1=51 66.101.59.22/32# same thing here, I believe 50
 and 51 are required. Again - this is for specific IP
Protocol 51 is only needed for tunnel operation, not transport, ... 
pass-through is not a tunnel.



 4) use the ipfwd utility to forward the port to the
 internal network. Ipmasq will not forward the necessary protocol.

This is only needed if the remote computer is initiating the connection.
If you are initiating the connection from behind the firewall, the ipfwd
rule is not needed. I will make a note in the document. Thanks  ;-)


 snip
  However, I cannot use Microsoft Dial-Up networking
 from a Windows box on my internal network to dial a VPN connection to
 a Windows NT server on the internet.  (This works fine if I remove
 the router.

Are you sure this is an IPSec connection???
I believe NT used PPTP, which is similar but uses a different module and
ports for use.

For PPTP pass-through, Charles suggested doing this:
##  start snip ###3
If you're trying to simply masquerade a PPTP connection (ie if you 
directly
connect your windows system to your internet connection and your VPN 
link
works, and you want to be able to run the windows system and VPN link 
behind
your firewall), you're on the right track.

You need the ip_masq_pptp.o module loaded, which will do the dirty-work 
of
masquerading the VPN link.  You still, however, need to allow the PPTP
packets through your firewall (only TCP/UDP/ICMP traffic is allowed by
default).  I believe this is protocol 47 (GRE), which you would allow 
into
your Dachstein based firewall with the following:

EXTERN_PROTO0=47 1.2.3.4/32

Where 1.2.3.4 is the IP of the remote VPN peer you're connecting to.  If
you're connecting to several VPN servers, you can either make an entry 
for
each one (remember to increment the index number!), or use 0/0 for the 
IP
range, which is the whole internet.
 end clip ###
-- 

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!


---
This sf.net email is sponsored by: Jabber Inc.
Don't miss the IM event of the season | Special offer for OSDN members! 
JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] Bearing 1.0RC3 -- Traceroute

2002-06-26 Thread Jeff Newmiller 

On Thu, 27 Jun 2002, Reginald R. Richardson wrote:

 
 Hi guys...
 
 Using bearing 1.0rc3,
 Isn't there a traceroute included by default...

No.

---
Jeff NewmillerThe .   .  Go Live...
DCN:[EMAIL PROTECTED]Basics: ##.#.   ##.#.  Live Go...
  Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/BatteriesO.O#.   #.O#.  with
/Software/Embedded Controllers)   .OO#.   .OO#.  rocks...2k
---



---
This sf.net email is sponsored by: Jabber Inc.
Don't miss the IM event of the season | Special offer for OSDN members! 
JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] problem.with dcd and direct connect

2002-06-26 Thread guitarlynn 

On Wednesday 26 June 2002 17:13, Robin wrote:
 yeh maybe true..
 but i used his instructions to get the dachstein CD work with pppoe..

OK, this should work I dunno why something like this doesn't appear
to be included (and Ken has a version of DCD on his webpage).

In /usr/sbin/adsl-connect, modify this section:

case $FIREWALL in
STANDALONE)
. /etc/ppp/firewall-standalone
;;
MASQUERADE)
. /etc/ppp/firewall-masq
;;
NONE)
svi network ipfilter reload
;;
esac


Hopefully this works!
-- 

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!


---
This sf.net email is sponsored by: Jabber Inc.
Don't miss the IM event of the season | Special offer for OSDN members! 
JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re:[leaf-user] Weblet

2002-06-26 Thread JamesSturdevant 

At 10:31 PM 6/26/02 +0200, Erich Titl wrote:
I am playing around with weblet to get some kind of a web based 
configuration. Authentication is certainly an issue there and I am very 
interested in anything that should come up in that aspect.

Does anyone know why the

cgi-bin/whatever.cgi?parameter1=value1parameter2=value2

passing in weblet is disabled?


In reality, it's just not there. Weblet uses a shell script as the httpd
server. I posted some code a while ago to handle POST requests but I don't
know if it has been added to the general distribution. Parameter passing
can be added but hasn't, yet. It's just a small matter of code...

JamesS



---
This sf.net email is sponsored by: Jabber Inc.
Don't miss the IM event of the season | Special offer for OSDN members! 
JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] VPN Through Dachstein and SSH problems

2002-06-26 Thread Joey Officer 

I think there have been a few discussions about Win2k, there is something
within Win2k that creates some problems.  I am using a Win2k pro box at
home, and haven't had any trouble, but you might want to search the
archives...

Joey


-Original Message-
From: Eric Kubischta [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 26, 2002 5:23 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems

Thank you again.  I have set up my network.conf file according to the
settings below (using the external IP address of my companies VPN server).

But still, when I try to connect with VPN from my Win2K Client machine
through the firewall, doesn't work  (hangs at Verifying User Name and
Password)  When I remove the Linux Router, it works.

Any other ideas?

Thanks,

Eric



From: Joey Officer [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Eric Kubischta [EMAIL PROTECTED]
CC: LRP Support [EMAIL PROTECTED]
Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems
Date: Wed, 26 Jun 2002 13:31:01 -0500

You need to remove the ip_masq_ipsec.o module line from modules.conf

The lines should look like the following

EXTERN_TCP_PORTS=66.101.59.22/32_ssh  # this only allows a specific IP, I
think the 0/0 would allow everything
EXTERN_UDP_PORTS=66.101.59.22/32_500  # this is the port for IPSec (I
believe)
EXTERN_PROTO0=50 66.101.59.22/32  # this is part the SSH
EXTERN_PROTO1=51 66.101.59.22/32  # same thing here, I believe
50 and 51
are required. Again - this is for specific IP


Joey

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Eric Kubischta
Sent: Wednesday, June 26, 2002 11:39 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems

Thank you again all -

I read this file:
http://leaf.sourceforge.net/devel/guitarlynn/ipsec.txt

And tried to follow these steps:
snip  To setup this type of connection:
 1) open the protocols 50 and 51 on your firewall
 2) open port 500 on your firewall
 3) load the ip_masq_ipsec.o module and add it to /etc/modules
 4) use the ipfwd utility to forward the port to the internal
network. Ipmasq will not forward the necessary protocol.
snip

Here is what I have tried to enable pass through of my VPN connection.

Added the following lines to the network.conf


EXTERN_UDP_PORTS=0/0_domain 0/0_bootpc 0/0_500
EXTERN_TCP_PORT0=50 0/0
EXTERN_TCP_PORT151 0/0

made sure that the following line is in the loaded modules
ip_masq_ipsec

I am not sure on how to use the ipfwd utility

Does it look like I am doing this right?  I apoligize greatly for my lack of
ability!  Any help would be great.

Thanks again,

Eric




From: Joey Officer [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Eric Kubischta [EMAIL PROTECTED],
[EMAIL PROTECTED]
Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems
Date: Tue, 25 Jun 2002 08:27:10 -0500

In addition to the response about editing hosts.allow, you should also
change a few lines in the network.conf file, as well as the sh-httpd.conf
file (all available through the lrp menu).  Just do a search for 192.168.1.
and you should find what you are looking for, change them all to 192.168.5.
..

Joey


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Eric Kubischta
Sent: Monday, June 24, 2002 11:07 PM
To: [EMAIL PROTECTED]
Subject: [leaf-user] VPN Through Dachstein and SSH problems

Hello all - any assistance you could provide would be great.  I have been
searching the FAQ's and archives for info to no avail.

I have two big problems:

1.  The Dachetein router is up and running great!  Thank you for previous
help.  However, I cannot use Microsoft Dial-Up networking from a Windows box
on my internal network to dial a VPN connection to a Windows NT server on
the internet.  (This works fine if I remove the router)

Problem 2 - I cannot get SSH to Work!!  I followed instructions that I found
here:
http://sourceforge.net/docman/display_doc.php?docid=1441group_id=13751

I followed each step to the T.  However, when I try to connect (Using PuTTY
from a Windows 2000 box on the internal network) the terminal screen comes
up for about 1 second and then disappears completely)

A couple of things I have different:

I use MSN for my Broadband connection.  The Arescom DSL modem I have gives a
192.168.1.2 IP to the Linux Router.  I reconfigured eth1 to hand out and use
192.168.5.xxx to my internal network.

All other networking functionality seems to work (browsing the Internet,
etc.)

Thanks for your help and let me know if you need any more info!

Thanks,

Eric


_
Join the world's largest e-mail service with MSN Hotmail.
http://www.hotmail.com



---
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/

[leaf-user] comments about freesco ?

2002-06-26 Thread Jean-Roch Blais 

Anybody tried Freesco, any comments compared with lrp's like Daschtein ???
Thanks 



---
This sf.net email is sponsored by: Jabber Inc.
Don't miss the IM event of the season | Special offer for OSDN members! 
JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] comments about freesco ?

2002-06-26 Thread Jay 

Yeah I've tried freesco, its pretty easy to use, but 'I' found that the LRP
projects:
* are updated much more frequently (last update on freesco i think was in
2000)
* have a much larger user base
* have more configuration options

I 'was' using freesco for around 6-8 months... I didn't have 'too' much
dramas with it.. but i defintely feel more comfortable using
bering-1.0rc3(for the above reasons)

In my opinion, its pretty much the same as LRP but 'much' simpler...

(They may have updated it from when i last used it, From memory the version
i was using was FreeSCO 0.2.7, there was whispers of FreeSCO 0.3.0 but i
don't know if it is released yet)

Hope this helps


Jay


- Original Message -
From: Jean-Roch Blais [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, June 27, 2002 12:33 PM
Subject: [leaf-user] comments about freesco ?


 Anybody tried Freesco, any comments compared with lrp's like Daschtein ???
 Thanks



 ---
 This sf.net email is sponsored by: Jabber Inc.
 Don't miss the IM event of the season | Special offer for OSDN members!
 JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn
 
 leaf-user mailing list: [EMAIL PROTECTED]
 https://lists.sourceforge.net/lists/listinfo/leaf-user
 SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html




---
This sf.net email is sponsored by: Jabber Inc.
Don't miss the IM event of the season | Special offer for OSDN members! 
JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] VPN Through Dachstein and SSH problems

2002-06-26 Thread Andrew GRAY 


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Have you loaded the pptp Module?  
Have you set up protocol 47 to also port forward to your VPN server?

On your Win2k box, go to the properties of the VPN Connection and in the
properties setup box on the networking tab, set the Type of VPN server
I am calling to PPTP.   If you don't do this it will try to use L2TP
which requires a different port and secure protocols and sometimes a
certificate server.

I have several Dachstien firewalls in place and can VPN out through
any one and back in through any other to a VPN Server in the internal
network.

Andrew Gray
System Administrator / Senior Technician
Operations
VQA Australasia

Phone:  (07) 3804 9822
Fax:(07) 3807 8633
Mob:0418 734 078
___
NOTICE
The information contained in this electronic mail message is privileged and
confidential, and is intended only for use of the addressee.  If you are not
the intended recipient, any disclosure, reproduction, distribution or other
use of this communication is strictly prohibited.  If you have received this
communication in error, please notify the sender by reply transmission and
delete the message without copying or disclosing it.




- -Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Joey Officer
Sent: Thu, 27 Jun 2002 10:48
To: Eric Kubischta
Cc: [EMAIL PROTECTED]
Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems


I think there have been a few discussions about Win2k, there is something
within Win2k that creates some problems.  I am using a Win2k pro box at
home, and haven't had any trouble, but you might want to search the
archives...

Joey


- -Original Message-
From: Eric Kubischta [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 26, 2002 5:23 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems

Thank you again.  I have set up my network.conf file according to the
settings below (using the external IP address of my companies VPN server).

But still, when I try to connect with VPN from my Win2K Client machine
through the firewall, doesn't work  (hangs at Verifying User Name and
Password)  When I remove the Linux Router, it works.

Any other ideas?

Thanks,

Eric



From: Joey Officer [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Eric Kubischta [EMAIL PROTECTED]
CC: LRP Support [EMAIL PROTECTED]
Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems
Date: Wed, 26 Jun 2002 13:31:01 -0500

You need to remove the ip_masq_ipsec.o module line from modules.conf

The lines should look like the following

EXTERN_TCP_PORTS=66.101.59.22/32_ssh  # this only allows a specific IP, I
think the 0/0 would allow everything
EXTERN_UDP_PORTS=66.101.59.22/32_500  # this is the port for IPSec (I
believe)
EXTERN_PROTO0=50 66.101.59.22/32  # this is part the SSH
EXTERN_PROTO1=51 66.101.59.22/32  # same thing here, I believe
50 and 51
are required. Again - this is for specific IP


Joey

- -Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Eric Kubischta
Sent: Wednesday, June 26, 2002 11:39 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems

Thank you again all -

I read this file:
http://leaf.sourceforge.net/devel/guitarlynn/ipsec.txt

And tried to follow these steps:
snip  To setup this type of connection:
 1) open the protocols 50 and 51 on your firewall
 2) open port 500 on your firewall
 3) load the ip_masq_ipsec.o module and add it to /etc/modules
 4) use the ipfwd utility to forward the port to the internal
network. Ipmasq will not forward the necessary protocol.
snip

Here is what I have tried to enable pass through of my VPN connection.

Added the following lines to the network.conf


EXTERN_UDP_PORTS=0/0_domain 0/0_bootpc 0/0_500
EXTERN_TCP_PORT0=50 0/0
EXTERN_TCP_PORT151 0/0

made sure that the following line is in the loaded modules
ip_masq_ipsec

I am not sure on how to use the ipfwd utility

Does it look like I am doing this right?  I apoligize greatly for my lack of
ability!  Any help would be great.

Thanks again,

Eric




From: Joey Officer [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Eric Kubischta [EMAIL PROTECTED],
[EMAIL PROTECTED]
Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems
Date: Tue, 25 Jun 2002 08:27:10 -0500

In addition to the response about editing hosts.allow, you should also
change a few lines in the network.conf file, as well as the sh-httpd.conf
file (all available through the lrp menu).  Just do a search for 192.168.1.
and you should find what you are looking for, change them all to 192.168.5.
..

Joey


- -Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Eric Kubischta
Sent: Monday, June 24, 2002 11:07 PM
To: [EMAIL PROTECTED]
Subject: [leaf-user] VPN

Re: [leaf-user] problem.with dcd and direct connect

2002-06-26 Thread guitarlynn 

On Wednesday 26 June 2002 16:12, Robin wrote:

 I think the problem here is that the network.conf (or the forward
 rules) arent ajusted to the new ipnumber i get.

I just had a thought. You do have this option set in network.conf?
This is the option for a dynamic ppp/pppoe connection to update
the ipfilter rules.


# Set EXTERN_IP to DYNAMIC if you need the rules to read the IP from
# interface, but you arn't using DHCP (ie PPPoE and dialup users)
EXTERN_IP=DYNAMIC

This is better than the script hack I posted before.
-- 

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!


---
This sf.net email is sponsored by: Jabber Inc.
Don't miss the IM event of the season | Special offer for OSDN members! 
JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] VPN Through Dachstein and SSH problems

2002-06-26 Thread Eric Kubischta 

Thank you very much for the Reply! It is now working!

This has been a great group of people to work with.  Although some of the 
Linux Ease of Use may be lacking, the support community has any MS based 
one beat hands down.

I imagine that, over time, the group if developers working on the LRP 
project will produce a final, great product and I look forward to it with 
great anticipation...(ahhemanyone thought of building a manufactured LRP 
based box for sale???)

Thanks again,

Eric





From: Andrew GRAY [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED],'Eric Kubischta' 
[EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems
Date: Thu, 27 Jun 2002 13:37:52 +1000


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Have you loaded the pptp Module?  
Have you set up protocol 47 to also port forward to your VPN server?

On your Win2k box, go to the properties of the VPN Connection and in the
properties setup box on the networking tab, set the Type of VPN server
I am calling to PPTP.   If you don't do this it will try to use L2TP
which requires a different port and secure protocols and sometimes a
certificate server.

I have several Dachstien firewalls in place and can VPN out through
any one and back in through any other to a VPN Server in the internal
network.

Andrew Gray
System Administrator / Senior Technician
Operations
VQA Australasia

Phone:  (07) 3804 9822
Fax:(07) 3807 8633
Mob:0418 734 078
___
NOTICE
The information contained in this electronic mail message is privileged and
confidential, and is intended only for use of the addressee.  If you are not
the intended recipient, any disclosure, reproduction, distribution or other
use of this communication is strictly prohibited.  If you have received this
communication in error, please notify the sender by reply transmission and
delete the message without copying or disclosing it.




- -Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Joey Officer
Sent: Thu, 27 Jun 2002 10:48
To: Eric Kubischta
Cc: [EMAIL PROTECTED]
Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems


I think there have been a few discussions about Win2k, there is something
within Win2k that creates some problems.  I am using a Win2k pro box at
home, and haven't had any trouble, but you might want to search the
archives...

Joey


- -Original Message-
From: Eric Kubischta [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 26, 2002 5:23 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems

Thank you again.  I have set up my network.conf file according to the
settings below (using the external IP address of my companies VPN server).

But still, when I try to connect with VPN from my Win2K Client machine
through the firewall, doesn't work  (hangs at Verifying User Name and
Password)  When I remove the Linux Router, it works.

Any other ideas?

Thanks,

Eric



From: Joey Officer [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Eric Kubischta [EMAIL PROTECTED]
CC: LRP Support [EMAIL PROTECTED]
Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems
Date: Wed, 26 Jun 2002 13:31:01 -0500

You need to remove the ip_masq_ipsec.o module line from modules.conf

The lines should look like the following

EXTERN_TCP_PORTS=66.101.59.22/32_ssh  # this only allows a specific IP, I
think the 0/0 would allow everything
EXTERN_UDP_PORTS=66.101.59.22/32_500  # this is the port for IPSec (I
believe)
EXTERN_PROTO0=50 66.101.59.22/32  # this is part the SSH
EXTERN_PROTO1=51 66.101.59.22/32  # same thing here, I believe
50 and 51
are required. Again - this is for specific IP


Joey

- -Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Eric Kubischta
Sent: Wednesday, June 26, 2002 11:39 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems

Thank you again all -

I read this file:
http://leaf.sourceforge.net/devel/guitarlynn/ipsec.txt

And tried to follow these steps:
snip  To setup this type of connection:
  1) open the protocols 50 and 51 on your firewall
  2) open port 500 on your firewall
  3) load the ip_masq_ipsec.o module and add it to /etc/modules
  4) use the ipfwd utility to forward the port to the internal
network. Ipmasq will not forward the necessary protocol.
snip

Here is what I have tried to enable pass through of my VPN connection.

Added the following lines to the network.conf


EXTERN_UDP_PORTS=0/0_domain 0/0_bootpc 0/0_500
EXTERN_TCP_PORT0=50 0/0
EXTERN_TCP_PORT151 0/0

made sure that the following line is in the loaded modules
ip_masq_ipsec

I am not sure on how to use the ipfwd utility

Does it look like I am doing this right?  I apoligize greatly for my lack of
ability!  Any help would be