RE: [leaf-user] VPN Through Dachstein and SSH problems
Thank you again all - I read this file: http://leaf.sourceforge.net/devel/guitarlynn/ipsec.txt And tried to follow these steps: snip To setup this type of connection: 1) open the protocols 50 and 51 on your firewall 2) open port 500 on your firewall 3) load the ip_masq_ipsec.o module and add it to /etc/modules 4) use the ipfwd utility to forward the port to the internal network. Ipmasq will not forward the necessary protocol. snip Here is what I have tried to enable pass through of my VPN connection. Added the following lines to the network.conf EXTERN_UDP_PORTS=0/0_domain 0/0_bootpc 0/0_500 EXTERN_TCP_PORT0=50 0/0 EXTERN_TCP_PORT151 0/0 made sure that the following line is in the loaded modules ip_masq_ipsec I am not sure on how to use the ipfwd utility Does it look like I am doing this right? I apoligize greatly for my lack of ability! Any help would be great. Thanks again, Eric From: Joey Officer [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: Eric Kubischta [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems Date: Tue, 25 Jun 2002 08:27:10 -0500 In addition to the response about editing hosts.allow, you should also change a few lines in the network.conf file, as well as the sh-httpd.conf file (all available through the lrp menu). Just do a search for 192.168.1. and you should find what you are looking for, change them all to 192.168.5. .. Joey -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eric Kubischta Sent: Monday, June 24, 2002 11:07 PM To: [EMAIL PROTECTED] Subject: [leaf-user] VPN Through Dachstein and SSH problems Hello all - any assistance you could provide would be great. I have been searching the FAQ's and archives for info to no avail. I have two big problems: 1. The Dachetein router is up and running great! Thank you for previous help. However, I cannot use Microsoft Dial-Up networking from a Windows box on my internal network to dial a VPN connection to a Windows NT server on the internet. (This works fine if I remove the router) Problem 2 - I cannot get SSH to Work!! I followed instructions that I found here: http://sourceforge.net/docman/display_doc.php?docid=1441group_id=13751 I followed each step to the T. However, when I try to connect (Using PuTTY from a Windows 2000 box on the internal network) the terminal screen comes up for about 1 second and then disappears completely) A couple of things I have different: I use MSN for my Broadband connection. The Arescom DSL modem I have gives a 192.168.1.2 IP to the Linux Router. I reconfigured eth1 to hand out and use 192.168.5.xxx to my internal network. All other networking functionality seems to work (browsing the Internet, etc.) Thanks for your help and let me know if you need any more info! Thanks, Eric _ Join the world's largest e-mail service with MSN Hotmail. http://www.hotmail.com --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html _ Send and receive Hotmail on your mobile device: http://mobile.msn.com --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] VPN Through Dachstein and SSH problems
On Wed, 26 Jun 2002, Eric Kubischta wrote: Thank you again all - I read this file: http://leaf.sourceforge.net/devel/guitarlynn/ipsec.txt And tried to follow these steps: snip To setup this type of connection: 1) open the protocols 50 and 51 on your firewall 2) open port 500 on your firewall 3) load the ip_masq_ipsec.o module and add it to /etc/modules 4) use the ipfwd utility to forward the port to the internal network. Ipmasq will not forward the necessary protocol. snip Here is what I have tried to enable pass through of my VPN connection. Added the following lines to the network.conf EXTERN_UDP_PORTS=0/0_domain 0/0_bootpc 0/0_500 Okay. EXTERN_TCP_PORT0=50 0/0 EXTERN_TCP_PORT151 0/0 Not okay. IP packets can be of the TCP protocol type (6), or UDP (17), or other. We can only talk about ports once we have agreed to use a protocol that includes them, like TCP or UDP. Protocols 50 and 50 are different from the ports defined in protocols 6 and 17 in much the same way apples are different from donut holes: without the donut, a donut hole doesn't have much meaning. I haven't done this myself, but I think you need to look for something more like: EXTERN_PROTO0=50 aaa.bbb.ccc.ddd/24 made sure that the following line is in the loaded modules ip_masq_ipsec I am not sure on how to use the ipfwd utility Does it look like I am doing this right? I apoligize greatly for my lack of ability! Any help would be great. Please don't apologize for lack of ability... if you must apologize, let it be for rudeness. Fortunately there seems little danger of that. :) --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] VPN Through Dachstein and SSH problems
You need to remove the ip_masq_ipsec.o module line from modules.conf The lines should look like the following EXTERN_TCP_PORTS=66.101.59.22/32_ssh # this only allows a specific IP, I think the 0/0 would allow everything EXTERN_UDP_PORTS=66.101.59.22/32_500 # this is the port for IPSec (I believe) EXTERN_PROTO0=50 66.101.59.22/32 # this is part the SSH EXTERN_PROTO1=51 66.101.59.22/32 # same thing here, I believe 50 and 51 are required. Again - this is for specific IP Joey -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eric Kubischta Sent: Wednesday, June 26, 2002 11:39 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems Thank you again all - I read this file: http://leaf.sourceforge.net/devel/guitarlynn/ipsec.txt And tried to follow these steps: snip To setup this type of connection: 1) open the protocols 50 and 51 on your firewall 2) open port 500 on your firewall 3) load the ip_masq_ipsec.o module and add it to /etc/modules 4) use the ipfwd utility to forward the port to the internal network. Ipmasq will not forward the necessary protocol. snip Here is what I have tried to enable pass through of my VPN connection. Added the following lines to the network.conf EXTERN_UDP_PORTS=0/0_domain 0/0_bootpc 0/0_500 EXTERN_TCP_PORT0=50 0/0 EXTERN_TCP_PORT151 0/0 made sure that the following line is in the loaded modules ip_masq_ipsec I am not sure on how to use the ipfwd utility Does it look like I am doing this right? I apoligize greatly for my lack of ability! Any help would be great. Thanks again, Eric From: Joey Officer [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: Eric Kubischta [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems Date: Tue, 25 Jun 2002 08:27:10 -0500 In addition to the response about editing hosts.allow, you should also change a few lines in the network.conf file, as well as the sh-httpd.conf file (all available through the lrp menu). Just do a search for 192.168.1. and you should find what you are looking for, change them all to 192.168.5. .. Joey -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eric Kubischta Sent: Monday, June 24, 2002 11:07 PM To: [EMAIL PROTECTED] Subject: [leaf-user] VPN Through Dachstein and SSH problems Hello all - any assistance you could provide would be great. I have been searching the FAQ's and archives for info to no avail. I have two big problems: 1. The Dachetein router is up and running great! Thank you for previous help. However, I cannot use Microsoft Dial-Up networking from a Windows box on my internal network to dial a VPN connection to a Windows NT server on the internet. (This works fine if I remove the router) Problem 2 - I cannot get SSH to Work!! I followed instructions that I found here: http://sourceforge.net/docman/display_doc.php?docid=1441group_id=13751 I followed each step to the T. However, when I try to connect (Using PuTTY from a Windows 2000 box on the internal network) the terminal screen comes up for about 1 second and then disappears completely) A couple of things I have different: I use MSN for my Broadband connection. The Arescom DSL modem I have gives a 192.168.1.2 IP to the Linux Router. I reconfigured eth1 to hand out and use 192.168.5.xxx to my internal network. All other networking functionality seems to work (browsing the Internet, etc.) Thanks for your help and let me know if you need any more info! Thanks, Eric _ Join the world's largest e-mail service with MSN Hotmail. http://www.hotmail.com --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html _ Send and receive Hotmail on your mobile device: http://mobile.msn.com --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22,
Re:[leaf-user] Weblet
Lynn [EMAIL PROTECTED] wrote the following at 20:36 26.06.2002: Message: 6 From: guitarlynn [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [leaf-user] Weblet Date: Tue, 25 Jun 2002 17:14:05 -0500 On Tuesday 25 June 2002 16:57, Richard Amerman wrote: Has anyone made any modifications to weblet that displays configuration files? How about adding authentication to weblet? I'm starting some work on one for Dachstein, but I'm starting from scratch on it. I think someone had come up with something that worked with Bering in some form, but there was no link or email left to get it (that I know of). In any case, to do it securely there is a lot of additions and work to create one. Mosquito only uses web-configuration it might be worth a try. I am playing around with weblet to get some kind of a web based configuration. Authentication is certainly an issue there and I am very interested in anything that should come up in that aspect. Does anyone know why the cgi-bin/whatever.cgi?parameter1=value1parameter2=value2 passing in weblet is disabled? thanks Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] problem.with dcd and direct connect
Ok ive got it working alright. Vut now when my connection dies (it does that 3 times a day not 40 times anymore) and i fill in the new ipnumber in the direct connect box. I have to manually disconnect and reconnect my pppeo connection svi network reload and then al thing function (search etc.) I think the problem here is that the network.conf (or the forward rules) arent ajusted to the new ipnumber i get. So how can i fix this. Maybe put a reload of network.conf and the ipfilters in my pppoe start script. And how do i do that. And where is the script located.. thanks in advance, Robin --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Error in bridge setup in Bering RC3
Hi, in Bering RC3 there is a bug in the bridge.lrp int the file /etc/network/if-pre-up.d/bridge the line brctl addif $IFACE $i ip set dev $i up should read brctl addif $IFACE $i ip link set dev $i up Jacques, sorry, my fault. I should know, it is better to use copy'n'paste. -- Manfred Schuler E_Mail: mailto:[EMAIL PROTECTED] --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] problem.with dcd and direct connect
On Wednesday 26 June 2002 16:12, Robin wrote: So how can i fix this. Maybe put a reload of network.conf and the ipfilters in my pppoe start script. And how do i do that. And where is the script located.. Ken Hadley's custom ppp/pppoe Dachstein image should have this all built-in. It should be located at: http://leaf.sourceforge.net/devel/khadley -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re:[leaf-user] Weblet
On Wednesday 26 June 2002 15:31, Erich Titl wrote: I am playing around with weblet to get some kind of a web based configuration. Authentication is certainly an issue there and I am very interested in anything that should come up in that aspect. Does anyone know why the cgi-bin/whatever.cgi?parameter1=value1parameter2=value2 passing in weblet is disabled? Erich, I can't say for sure, being that I'm breaking conf files that are generated via shell-scripts to allow for console configuration as well. However, being that weblet is run on sh-httpd, I would think that one or more of the reserved characters aren't being parsed correctly by sh-httpd. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ICQ configuration
Thank you for the suggestions. I took Charles' advice by installing socks5.lrp. Kim's IP_MASQ_ICQ module would work too but if the other end is behind the firewall it may not. I tried last night on my son's machine and ICQ is OK, I can receive files. I have one more questions: how can I tell socks5 to listen to 2 interfaces. My config file /etc/socks5.conf looks like that: ... set SOCKS5_BINDINTFC 192.168.1.254:1080 interface 192.168.1. - eth1 interface - - eth0 auth 192.168.1. - - permit - - 192.168.1. - - - I would like to add the support to 192.168.2. subnet too. If I omiss this, I think it would listen to all interfaces and I do not want to expose to eth0. But I do not know how o set SOCKS5_BINDINTFC so it can also bind to eth2, port 1080 Thank you. --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] VPN Through Dachstein and SSH problems
Thank you again. I have set up my network.conf file according to the settings below (using the external IP address of my companies VPN server). But still, when I try to connect with VPN from my Win2K Client machine through the firewall, doesn't work (hangs at Verifying User Name and Password) When I remove the Linux Router, it works. Any other ideas? Thanks, Eric From: Joey Officer [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: Eric Kubischta [EMAIL PROTECTED] CC: LRP Support [EMAIL PROTECTED] Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems Date: Wed, 26 Jun 2002 13:31:01 -0500 You need to remove the ip_masq_ipsec.o module line from modules.conf The lines should look like the following EXTERN_TCP_PORTS=66.101.59.22/32_ssh # this only allows a specific IP, I think the 0/0 would allow everything EXTERN_UDP_PORTS=66.101.59.22/32_500 # this is the port for IPSec (I believe) EXTERN_PROTO0=50 66.101.59.22/32 # this is part the SSH EXTERN_PROTO1=51 66.101.59.22/32 # same thing here, I believe 50 and 51 are required. Again - this is for specific IP Joey -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eric Kubischta Sent: Wednesday, June 26, 2002 11:39 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems Thank you again all - I read this file: http://leaf.sourceforge.net/devel/guitarlynn/ipsec.txt And tried to follow these steps: snip To setup this type of connection: 1) open the protocols 50 and 51 on your firewall 2) open port 500 on your firewall 3) load the ip_masq_ipsec.o module and add it to /etc/modules 4) use the ipfwd utility to forward the port to the internal network. Ipmasq will not forward the necessary protocol. snip Here is what I have tried to enable pass through of my VPN connection. Added the following lines to the network.conf EXTERN_UDP_PORTS=0/0_domain 0/0_bootpc 0/0_500 EXTERN_TCP_PORT0=50 0/0 EXTERN_TCP_PORT151 0/0 made sure that the following line is in the loaded modules ip_masq_ipsec I am not sure on how to use the ipfwd utility Does it look like I am doing this right? I apoligize greatly for my lack of ability! Any help would be great. Thanks again, Eric From: Joey Officer [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: Eric Kubischta [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems Date: Tue, 25 Jun 2002 08:27:10 -0500 In addition to the response about editing hosts.allow, you should also change a few lines in the network.conf file, as well as the sh-httpd.conf file (all available through the lrp menu). Just do a search for 192.168.1. and you should find what you are looking for, change them all to 192.168.5. .. Joey -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eric Kubischta Sent: Monday, June 24, 2002 11:07 PM To: [EMAIL PROTECTED] Subject: [leaf-user] VPN Through Dachstein and SSH problems Hello all - any assistance you could provide would be great. I have been searching the FAQ's and archives for info to no avail. I have two big problems: 1. The Dachetein router is up and running great! Thank you for previous help. However, I cannot use Microsoft Dial-Up networking from a Windows box on my internal network to dial a VPN connection to a Windows NT server on the internet. (This works fine if I remove the router) Problem 2 - I cannot get SSH to Work!! I followed instructions that I found here: http://sourceforge.net/docman/display_doc.php?docid=1441group_id=13751 I followed each step to the T. However, when I try to connect (Using PuTTY from a Windows 2000 box on the internal network) the terminal screen comes up for about 1 second and then disappears completely) A couple of things I have different: I use MSN for my Broadband connection. The Arescom DSL modem I have gives a 192.168.1.2 IP to the Linux Router. I reconfigured eth1 to hand out and use 192.168.5.xxx to my internal network. All other networking functionality seems to work (browsing the Internet, etc.) Thanks for your help and let me know if you need any more info! Thanks, Eric _ Join the world's largest e-mail service with MSN Hotmail. http://www.hotmail.com --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html _ Send and receive Hotmail on your mobile device: http://mobile.msn.com --- This sf.net email is
RE: [leaf-user] Weblet
I currently have a modification that has a new list of all the configuration files on the left side. I have included all the main networking files, modules file, ppp files, and all of shorewall. I did this with a combination of index.html modification (including some cleanup, primarily with an added style entry above that took out all the remaining style info bellow) and some changes in the showlogsx cgi scripts. I also made a change so that on the individual pages displaying either a config file or a log, the entire path is displayed at the top rather than just the file name. I'm not sure if this is a change for the masses or not. I will need feedback. I also plan on adding a single link to do a configuration dump. This would involve a new cgi file, more than I will be tackling today! :-) I plan on setting up a demo box outside our firewall that everyone can access to check out these changes. I will let the list know when I have this set up. Richard Amerman -Original Message- From: Erich Titl [mailto:[EMAIL PROTECTED]] Sent: Wed 6/26/2002 1:31 PM To: [EMAIL PROTECTED] Cc: Subject: Re:[leaf-user] Weblet Lynn [EMAIL PROTECTED] wrote the following at 20:36 26.06.2002: Message: 6 From: guitarlynn [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [leaf-user] Weblet Date: Tue, 25 Jun 2002 17:14:05 -0500 On Tuesday 25 June 2002 16:57, Richard Amerman wrote: Has anyone made any modifications to weblet that displays configuration files? How about adding authentication to weblet? I'm starting some work on one for Dachstein, but I'm starting from scratch on it. I think someone had come up with something that worked with Bering in some form, but there was no link or email left to get it (that I know of). In any case, to do it securely there is a lot of additions and work to create one. Mosquito only uses web-configuration it might be worth a try. I am playing around with weblet to get some kind of a web based configuration. Authentication is certainly an issue there and I am very interested in anything that should come up in that aspect. Does anyone know why the cgi-bin/whatever.cgi?parameter1=value1parameter2=value2 passing in weblet is disabled? thanks Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html +,~wzf¢+,¦ì¢·oZm·«w¢{fË- âz÷§¶í ëjÊ'J©h}÷«~ÎH3fzfÞ®ÂZm·« ßÛM6è6Óm{+-¢w:m§ÿðÃÚm·«rßr¿¢ÇgæºÇ«¨¥x%Ëey§î±êåËl²«qç讧zØm¶?þX¬¶Ë(º·~àzwþX¬¶ÏåËbú?æºÇ«I@Bm§ÿåy§é®ÞrÚ+úno÷hs÷hrf§j«ýÚÝ|÷Xm
Re: [leaf-user] GuitarLynn's FreeS/WAN image problem
On Wednesday 26 June 2002 10:31, Ping Kwong wrote: When I get a chance again I'll take a look at it again. But I did try using Charles' 2.2.19-small modules per your instructions with the link. That why I find it perplexing. I have a bootable CD-R that I made with Eigerstein and I stick that back in and that works fine. Go back to your floppy and I have that same problem. I even went as far as finding the module on the CD-ROM and copying that over to see if that helps. I believe I'm using the b version of the RTL8139 if I recall from the bootup messages. The card is actually a D-Link 530TX or + can't exactly remember as it came in a kit. A. let's step back a minute. What you are doing will NOT work!!! You want ipsec pass-through and added the ip_masq_ipsec module with my ipsec image. This includes an IPSec-patched kernel that clashes with the ip_masq_ipsec.o module for pass-through operation. My image will not do pass-through because of the kernel, however the regular Dachstein image with the same changes that you have made WILL work. I will add a note indicating this in the IPSec document as well! Thanks! -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Bearing 1.0RC3 -- Traceroute
Hi guys... Using bearing 1.0rc3, Isn't there a traceroute included by default... thks --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] VPN Through Dachstein and SSH problems
On Wednesday 26 June 2002 13:31, Joey Officer wrote: You need to remove the ip_masq_ipsec.o module line from modules.conf Incorrect, you need the ip_masq_ipsec modules for pass-through operation with a 2.2.x kernel The lines should look like the following EXTERN_TCP_PORTS=66.101.59.22/32_ssh# this only allows a specific IP, I think the 0/0 would allow everything EXTERN_UDP_PORTS=66.101.59.22/32_500# this is the port for IPSec (I believe) EXTERN_PROTO0=50 66.101.59.22/32# this is part the SSH EXTERN_PROTO1=51 66.101.59.22/32# same thing here, I believe 50 and 51 are required. Again - this is for specific IP Protocol 51 is only needed for tunnel operation, not transport, ... pass-through is not a tunnel. 4) use the ipfwd utility to forward the port to the internal network. Ipmasq will not forward the necessary protocol. This is only needed if the remote computer is initiating the connection. If you are initiating the connection from behind the firewall, the ipfwd rule is not needed. I will make a note in the document. Thanks ;-) snip However, I cannot use Microsoft Dial-Up networking from a Windows box on my internal network to dial a VPN connection to a Windows NT server on the internet. (This works fine if I remove the router. Are you sure this is an IPSec connection??? I believe NT used PPTP, which is similar but uses a different module and ports for use. For PPTP pass-through, Charles suggested doing this: ## start snip ###3 If you're trying to simply masquerade a PPTP connection (ie if you directly connect your windows system to your internet connection and your VPN link works, and you want to be able to run the windows system and VPN link behind your firewall), you're on the right track. You need the ip_masq_pptp.o module loaded, which will do the dirty-work of masquerading the VPN link. You still, however, need to allow the PPTP packets through your firewall (only TCP/UDP/ICMP traffic is allowed by default). I believe this is protocol 47 (GRE), which you would allow into your Dachstein based firewall with the following: EXTERN_PROTO0=47 1.2.3.4/32 Where 1.2.3.4 is the IP of the remote VPN peer you're connecting to. If you're connecting to several VPN servers, you can either make an entry for each one (remember to increment the index number!), or use 0/0 for the IP range, which is the whole internet. end clip ### -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bearing 1.0RC3 -- Traceroute
On Thu, 27 Jun 2002, Reginald R. Richardson wrote: Hi guys... Using bearing 1.0rc3, Isn't there a traceroute included by default... No. --- Jeff NewmillerThe . . Go Live... DCN:[EMAIL PROTECTED]Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/BatteriesO.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --- --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] problem.with dcd and direct connect
On Wednesday 26 June 2002 17:13, Robin wrote: yeh maybe true.. but i used his instructions to get the dachstein CD work with pppoe.. OK, this should work I dunno why something like this doesn't appear to be included (and Ken has a version of DCD on his webpage). In /usr/sbin/adsl-connect, modify this section: case $FIREWALL in STANDALONE) . /etc/ppp/firewall-standalone ;; MASQUERADE) . /etc/ppp/firewall-masq ;; NONE) svi network ipfilter reload ;; esac Hopefully this works! -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re:[leaf-user] Weblet
At 10:31 PM 6/26/02 +0200, Erich Titl wrote: I am playing around with weblet to get some kind of a web based configuration. Authentication is certainly an issue there and I am very interested in anything that should come up in that aspect. Does anyone know why the cgi-bin/whatever.cgi?parameter1=value1parameter2=value2 passing in weblet is disabled? In reality, it's just not there. Weblet uses a shell script as the httpd server. I posted some code a while ago to handle POST requests but I don't know if it has been added to the general distribution. Parameter passing can be added but hasn't, yet. It's just a small matter of code... JamesS --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] VPN Through Dachstein and SSH problems
I think there have been a few discussions about Win2k, there is something within Win2k that creates some problems. I am using a Win2k pro box at home, and haven't had any trouble, but you might want to search the archives... Joey -Original Message- From: Eric Kubischta [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 26, 2002 5:23 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems Thank you again. I have set up my network.conf file according to the settings below (using the external IP address of my companies VPN server). But still, when I try to connect with VPN from my Win2K Client machine through the firewall, doesn't work (hangs at Verifying User Name and Password) When I remove the Linux Router, it works. Any other ideas? Thanks, Eric From: Joey Officer [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: Eric Kubischta [EMAIL PROTECTED] CC: LRP Support [EMAIL PROTECTED] Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems Date: Wed, 26 Jun 2002 13:31:01 -0500 You need to remove the ip_masq_ipsec.o module line from modules.conf The lines should look like the following EXTERN_TCP_PORTS=66.101.59.22/32_ssh # this only allows a specific IP, I think the 0/0 would allow everything EXTERN_UDP_PORTS=66.101.59.22/32_500 # this is the port for IPSec (I believe) EXTERN_PROTO0=50 66.101.59.22/32 # this is part the SSH EXTERN_PROTO1=51 66.101.59.22/32 # same thing here, I believe 50 and 51 are required. Again - this is for specific IP Joey -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eric Kubischta Sent: Wednesday, June 26, 2002 11:39 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems Thank you again all - I read this file: http://leaf.sourceforge.net/devel/guitarlynn/ipsec.txt And tried to follow these steps: snip To setup this type of connection: 1) open the protocols 50 and 51 on your firewall 2) open port 500 on your firewall 3) load the ip_masq_ipsec.o module and add it to /etc/modules 4) use the ipfwd utility to forward the port to the internal network. Ipmasq will not forward the necessary protocol. snip Here is what I have tried to enable pass through of my VPN connection. Added the following lines to the network.conf EXTERN_UDP_PORTS=0/0_domain 0/0_bootpc 0/0_500 EXTERN_TCP_PORT0=50 0/0 EXTERN_TCP_PORT151 0/0 made sure that the following line is in the loaded modules ip_masq_ipsec I am not sure on how to use the ipfwd utility Does it look like I am doing this right? I apoligize greatly for my lack of ability! Any help would be great. Thanks again, Eric From: Joey Officer [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: Eric Kubischta [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems Date: Tue, 25 Jun 2002 08:27:10 -0500 In addition to the response about editing hosts.allow, you should also change a few lines in the network.conf file, as well as the sh-httpd.conf file (all available through the lrp menu). Just do a search for 192.168.1. and you should find what you are looking for, change them all to 192.168.5. .. Joey -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eric Kubischta Sent: Monday, June 24, 2002 11:07 PM To: [EMAIL PROTECTED] Subject: [leaf-user] VPN Through Dachstein and SSH problems Hello all - any assistance you could provide would be great. I have been searching the FAQ's and archives for info to no avail. I have two big problems: 1. The Dachetein router is up and running great! Thank you for previous help. However, I cannot use Microsoft Dial-Up networking from a Windows box on my internal network to dial a VPN connection to a Windows NT server on the internet. (This works fine if I remove the router) Problem 2 - I cannot get SSH to Work!! I followed instructions that I found here: http://sourceforge.net/docman/display_doc.php?docid=1441group_id=13751 I followed each step to the T. However, when I try to connect (Using PuTTY from a Windows 2000 box on the internal network) the terminal screen comes up for about 1 second and then disappears completely) A couple of things I have different: I use MSN for my Broadband connection. The Arescom DSL modem I have gives a 192.168.1.2 IP to the Linux Router. I reconfigured eth1 to hand out and use 192.168.5.xxx to my internal network. All other networking functionality seems to work (browsing the Internet, etc.) Thanks for your help and let me know if you need any more info! Thanks, Eric _ Join the world's largest e-mail service with MSN Hotmail. http://www.hotmail.com --- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/
[leaf-user] comments about freesco ?
Anybody tried Freesco, any comments compared with lrp's like Daschtein ??? Thanks --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] comments about freesco ?
Yeah I've tried freesco, its pretty easy to use, but 'I' found that the LRP projects: * are updated much more frequently (last update on freesco i think was in 2000) * have a much larger user base * have more configuration options I 'was' using freesco for around 6-8 months... I didn't have 'too' much dramas with it.. but i defintely feel more comfortable using bering-1.0rc3(for the above reasons) In my opinion, its pretty much the same as LRP but 'much' simpler... (They may have updated it from when i last used it, From memory the version i was using was FreeSCO 0.2.7, there was whispers of FreeSCO 0.3.0 but i don't know if it is released yet) Hope this helps Jay - Original Message - From: Jean-Roch Blais [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 27, 2002 12:33 PM Subject: [leaf-user] comments about freesco ? Anybody tried Freesco, any comments compared with lrp's like Daschtein ??? Thanks --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] VPN Through Dachstein and SSH problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Have you loaded the pptp Module? Have you set up protocol 47 to also port forward to your VPN server? On your Win2k box, go to the properties of the VPN Connection and in the properties setup box on the networking tab, set the Type of VPN server I am calling to PPTP. If you don't do this it will try to use L2TP which requires a different port and secure protocols and sometimes a certificate server. I have several Dachstien firewalls in place and can VPN out through any one and back in through any other to a VPN Server in the internal network. Andrew Gray System Administrator / Senior Technician Operations VQA Australasia Phone: (07) 3804 9822 Fax:(07) 3807 8633 Mob:0418 734 078 ___ NOTICE The information contained in this electronic mail message is privileged and confidential, and is intended only for use of the addressee. If you are not the intended recipient, any disclosure, reproduction, distribution or other use of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by reply transmission and delete the message without copying or disclosing it. - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Joey Officer Sent: Thu, 27 Jun 2002 10:48 To: Eric Kubischta Cc: [EMAIL PROTECTED] Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems I think there have been a few discussions about Win2k, there is something within Win2k that creates some problems. I am using a Win2k pro box at home, and haven't had any trouble, but you might want to search the archives... Joey - -Original Message- From: Eric Kubischta [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 26, 2002 5:23 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems Thank you again. I have set up my network.conf file according to the settings below (using the external IP address of my companies VPN server). But still, when I try to connect with VPN from my Win2K Client machine through the firewall, doesn't work (hangs at Verifying User Name and Password) When I remove the Linux Router, it works. Any other ideas? Thanks, Eric From: Joey Officer [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: Eric Kubischta [EMAIL PROTECTED] CC: LRP Support [EMAIL PROTECTED] Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems Date: Wed, 26 Jun 2002 13:31:01 -0500 You need to remove the ip_masq_ipsec.o module line from modules.conf The lines should look like the following EXTERN_TCP_PORTS=66.101.59.22/32_ssh # this only allows a specific IP, I think the 0/0 would allow everything EXTERN_UDP_PORTS=66.101.59.22/32_500 # this is the port for IPSec (I believe) EXTERN_PROTO0=50 66.101.59.22/32 # this is part the SSH EXTERN_PROTO1=51 66.101.59.22/32 # same thing here, I believe 50 and 51 are required. Again - this is for specific IP Joey - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eric Kubischta Sent: Wednesday, June 26, 2002 11:39 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems Thank you again all - I read this file: http://leaf.sourceforge.net/devel/guitarlynn/ipsec.txt And tried to follow these steps: snip To setup this type of connection: 1) open the protocols 50 and 51 on your firewall 2) open port 500 on your firewall 3) load the ip_masq_ipsec.o module and add it to /etc/modules 4) use the ipfwd utility to forward the port to the internal network. Ipmasq will not forward the necessary protocol. snip Here is what I have tried to enable pass through of my VPN connection. Added the following lines to the network.conf EXTERN_UDP_PORTS=0/0_domain 0/0_bootpc 0/0_500 EXTERN_TCP_PORT0=50 0/0 EXTERN_TCP_PORT151 0/0 made sure that the following line is in the loaded modules ip_masq_ipsec I am not sure on how to use the ipfwd utility Does it look like I am doing this right? I apoligize greatly for my lack of ability! Any help would be great. Thanks again, Eric From: Joey Officer [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: Eric Kubischta [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems Date: Tue, 25 Jun 2002 08:27:10 -0500 In addition to the response about editing hosts.allow, you should also change a few lines in the network.conf file, as well as the sh-httpd.conf file (all available through the lrp menu). Just do a search for 192.168.1. and you should find what you are looking for, change them all to 192.168.5. .. Joey - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eric Kubischta Sent: Monday, June 24, 2002 11:07 PM To: [EMAIL PROTECTED] Subject: [leaf-user] VPN
Re: [leaf-user] problem.with dcd and direct connect
On Wednesday 26 June 2002 16:12, Robin wrote: I think the problem here is that the network.conf (or the forward rules) arent ajusted to the new ipnumber i get. I just had a thought. You do have this option set in network.conf? This is the option for a dynamic ppp/pppoe connection to update the ipfilter rules. # Set EXTERN_IP to DYNAMIC if you need the rules to read the IP from # interface, but you arn't using DHCP (ie PPPoE and dialup users) EXTERN_IP=DYNAMIC This is better than the script hack I posted before. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] VPN Through Dachstein and SSH problems
Thank you very much for the Reply! It is now working! This has been a great group of people to work with. Although some of the Linux Ease of Use may be lacking, the support community has any MS based one beat hands down. I imagine that, over time, the group if developers working on the LRP project will produce a final, great product and I look forward to it with great anticipation...(ahhemanyone thought of building a manufactured LRP based box for sale???) Thanks again, Eric From: Andrew GRAY [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED],'Eric Kubischta' [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems Date: Thu, 27 Jun 2002 13:37:52 +1000 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Have you loaded the pptp Module? Have you set up protocol 47 to also port forward to your VPN server? On your Win2k box, go to the properties of the VPN Connection and in the properties setup box on the networking tab, set the Type of VPN server I am calling to PPTP. If you don't do this it will try to use L2TP which requires a different port and secure protocols and sometimes a certificate server. I have several Dachstien firewalls in place and can VPN out through any one and back in through any other to a VPN Server in the internal network. Andrew Gray System Administrator / Senior Technician Operations VQA Australasia Phone: (07) 3804 9822 Fax:(07) 3807 8633 Mob:0418 734 078 ___ NOTICE The information contained in this electronic mail message is privileged and confidential, and is intended only for use of the addressee. If you are not the intended recipient, any disclosure, reproduction, distribution or other use of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by reply transmission and delete the message without copying or disclosing it. - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Joey Officer Sent: Thu, 27 Jun 2002 10:48 To: Eric Kubischta Cc: [EMAIL PROTECTED] Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems I think there have been a few discussions about Win2k, there is something within Win2k that creates some problems. I am using a Win2k pro box at home, and haven't had any trouble, but you might want to search the archives... Joey - -Original Message- From: Eric Kubischta [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 26, 2002 5:23 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems Thank you again. I have set up my network.conf file according to the settings below (using the external IP address of my companies VPN server). But still, when I try to connect with VPN from my Win2K Client machine through the firewall, doesn't work (hangs at Verifying User Name and Password) When I remove the Linux Router, it works. Any other ideas? Thanks, Eric From: Joey Officer [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: Eric Kubischta [EMAIL PROTECTED] CC: LRP Support [EMAIL PROTECTED] Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems Date: Wed, 26 Jun 2002 13:31:01 -0500 You need to remove the ip_masq_ipsec.o module line from modules.conf The lines should look like the following EXTERN_TCP_PORTS=66.101.59.22/32_ssh # this only allows a specific IP, I think the 0/0 would allow everything EXTERN_UDP_PORTS=66.101.59.22/32_500 # this is the port for IPSec (I believe) EXTERN_PROTO0=50 66.101.59.22/32 # this is part the SSH EXTERN_PROTO1=51 66.101.59.22/32 # same thing here, I believe 50 and 51 are required. Again - this is for specific IP Joey - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Eric Kubischta Sent: Wednesday, June 26, 2002 11:39 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [leaf-user] VPN Through Dachstein and SSH problems Thank you again all - I read this file: http://leaf.sourceforge.net/devel/guitarlynn/ipsec.txt And tried to follow these steps: snip To setup this type of connection: 1) open the protocols 50 and 51 on your firewall 2) open port 500 on your firewall 3) load the ip_masq_ipsec.o module and add it to /etc/modules 4) use the ipfwd utility to forward the port to the internal network. Ipmasq will not forward the necessary protocol. snip Here is what I have tried to enable pass through of my VPN connection. Added the following lines to the network.conf EXTERN_UDP_PORTS=0/0_domain 0/0_bootpc 0/0_500 EXTERN_TCP_PORT0=50 0/0 EXTERN_TCP_PORT151 0/0 made sure that the following line is in the loaded modules ip_masq_ipsec I am not sure on how to use the ipfwd utility Does it look like I am doing this right? I apoligize greatly for my lack of ability! Any help would be