Re: [leaf-user] port forward for specific slients
Charles Steinkuehler wrote: Richard Minutillo wrote: I'm running an Eigerstein-based LRP with a (slightly) custom 2.2.19 kernel. I have several port forwarding rules set up and they all work well. I know this is probably a bad idea, but I'd like to forward port 3306 to a specific MASQ'd internal address, but only from a specific remote client IP address. I know I can set up the port forwarding in general using a line like this in ipfilter.conf: $IPMASQADM portfw -a -P tcp -L [ext address] 3306 -R [int server addr] But that rule forwards everyone hunting for port 3306 to my internal server. I know that is not a good thing. So I suppose that the indirect way to restrict this particular rule to a specific remote client is to put in another rule which allows port 3306 but only from the given address, maybe something like this at the top of ipfilter.conf: $IPCH -A $LIST -j ACCEPT -p 3306 -s [client addr] -d [ext addr] -l $* I'm wondering, however, if there's a better way to do this? Any suggestions or comments would be welcome. Personally, I'd do this with a VPN rather than port-forwarding. You could also use SSH to do the port-forwarding if you don't need a permanent connection (if you need the link up all the time, the overhead of setting up a VPN will pay for itself vs babysitting the ssh link, or writing a script to do it for you). If you want to stick with standard, unencrypted, unauthenticated traffic, I think you're headed the right direction with stacking IPChains rules and port-forwarding. Note that someone could still spoof an allowed source IP and send bogus traffic that would get through the firewall...while bi-directional communication would be tricky (maybe impossible, but I can think of a few tactics to try, so I wouldn't rule it out), specific OS's and services have been known to crash when recieving specific mal-formed packets, so you'd potentially be open to a DOS attack at the least... Personally, I'd bone up on FreeS/WAN or ssh. Charles, I believe you're correct that a VPN solution is the best for generalized remote access, but this is to be a (more or less) permanent connection between locations both under my control. But I'll take your advice and read up a bit. Richard --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ez-ipupdate dynamic DNS service providers
I have been using NO-IP.com for almost a year. They also provide full DNS service (including MX) and a web based configuration interface. However, they price the MX service seperate from the rest of their DNS service. Together runs me about $50US (a fortune to a Great White North Canadian like myself :-) per year. Great service though and support is very acceptable. Due to the nature of things, I use TinyDNS in private configuration only so I can resolve my domain internally. The need to do so came about when some of my web documents refered to 'mullan.ca' which is hosted on internal machine (not recommended by most listers). Without TinyDNS, this would not work and had necessitated dual sets pages (one refering to local IP, one refering to domain). What I also like about the external service: Both my brother and sister use the free NO-IP DNS. I actually make DNS entries for my domain that point to their free domain. IE: ladyofpool.no-ip.com - ladyofpool.mullan.ca mwmullan.no-ip.com - mike.mullan.ca While probably not amazing to most on the list, I still find this 'neat'. Just my 2cents. John === Work: http://www.olgclotteries.com [EMAIL PROTECTED] 888-345-7568 ext. 2205 Personal: http://www.mullan.ca [EMAIL PROTECTED] MSN:[EMAIL PROTECTED] === Brad Fritz [EMAIL PROTECTED] To: Greg Morgan [EMAIL PROTECTED] Sent by: cc: [EMAIL PROTECTED] [EMAIL PROTECTED]Subject: Re: [leaf-user] ez-ipupdate dynamic DNS service providers ceforge.net 01/04/2003 08:07 AM On Fri, 03 Jan 2003 22:02:55 MST Greg Morgan wrote: I own my very own domain name. I want to point it at my leaf box and have a dynamic IP. Can anyone provide feedback on their experiences with any of the dynamic DNS service providers listed here? http://leaf.sourceforge.net/devel/jnilo/ezipupd1.html I have used easyDNS[1] for the last 3 years or so. I have not used ez-ipupdate with my accounts though. In that time, I cannot remember having a single DNS problem. They charge $35 per year for ongoing domain registration (through opensrs.net), DNS service (fully configurable via a web interface), and use of an MTA as a secondary MX. I recommend them highly. Disclosure: I am not affiliated with easyDNS nor was I paid to recommend them. I am a very happy easyDNS customer. --Brad [1] http://easydns.com/ --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] WISP-Dist documentation released!
On Sun, 2002-12-29 at 15:43, Vladimir I. wrote: I took time to finally write and release documentation for WISP-Dist. You can find it on LEAF's website at http://leaf.sourceforge.net/devel/hzdrus/html/. Some of its parts (like wireless SNMP) describe an image which is not yet available, I'll release it sometime tomorrow. Vladimir, Did you commit this WISP-Dist User Guide to CVS? If this is done, it will auto-export to our pub/doc/guide tree on the shell server daily. Current: WISP-Dist User Guide http://leaf.sourceforge.net/devel/hzdrus/doc/html/ CVS tree: http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/doc/guide/user-wisp-dist/ Exported doc on SF shell: http://leaf-project.org/pub/doc/guide/user-wisp-dist/ -- Mike Noyes mhnoyes @ users.sourceforge.net http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ http://sitedocs.sf.net/ http://ffl.sf.net/ --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Blacklist in Shorewall (Bering)
Thank you Tom for the clarification. I thought that eth0 means the main IP for that interface, but I guess I am wrong. So if I want to block some IPs from all external IPs, then blocking from interface eth0 would do. Correct? - Original Message - From: Tom Eastep [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] To: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Sent: Sunday, January 05, 2003 5:37 PM Subject: Re: [leaf-user] Blacklist in Shorewall (Bering) --On Sunday, January 05, 2003 04:51:57 AM -0500 Binh Do [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Is it possible to black list some IPs on an alias interface, for example, eth0:0? Shorewall never has, doesn't and will never support the arcaic notion of alias devices (e.g., eth0:0) _in any context_. If you are asking Is it possible to black list some IPs only when they are trying to access a particular external IP address on my firewall? then the answer is also no. You must use rules for that. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Blacklist in Shorewall (Bering)
--On Monday, January 06, 2003 12:08:55 PM -0500 Binh Do [EMAIL PROTECTED] wrote: Thank you Tom for the clarification. I thought that eth0 means the main IP for that interface, but I guess I am wrong. So if I want to block some IPs from all external IPs, then blocking from interface eth0 would do. Correct? Binh -- the backlist is for INBOUND TRAFFIC ONLY! So you block traffic TO your external interface, not FROM it. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline,\ http://shorewall.sf.net Washington USA \ [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Blacklist in Shorewall (Bering)
Sorry, Tom. I meant blocking traffic from certain IP to my external interface. Actually I saw a person keep sending me junk mail constantly for several days. He/she uses YAHOO, HOTMAIL accounts but uses a mail-server not beloging to HOTMAIL/YAHOO. So I want to black-list that IP. Thanks. -Original Message- From: Tom Eastep [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 9:25 AM To: Binh Do Cc: '[EMAIL PROTECTED]' Subject: Re: [leaf-user] Blacklist in Shorewall (Bering) --On Monday, January 06, 2003 12:08:55 PM -0500 Binh Do [EMAIL PROTECTED] wrote: Thank you Tom for the clarification. I thought that eth0 means the main IP for that interface, but I guess I am wrong. So if I want to block some IPs from all external IPs, then blocking from interface eth0 would do. Correct? Binh -- the backlist is for INBOUND TRAFFIC ONLY! So you block traffic TO your external interface, not FROM it. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline,\ http://shorewall.sf.net Washington USA \ [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Blacklist in Shorewall (Bering)
--On Monday, January 06, 2003 12:38:29 PM -0500 Binh Do [EMAIL PROTECTED] wrote: Sorry, Tom. I meant blocking traffic from certain IP to my external interface. Actually I saw a person keep sending me junk mail constantly for several days. He/she uses YAHOO, HOTMAIL accounts but uses a mail-server not beloging to HOTMAIL/YAHOO. So I want to black-list that IP. If you specify 'blacklist' as an option for your external interface then you can place either just the offending IP address or the address followed by tcp 25 in the /etc/shorewall/blacklist file. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline,\ http://shorewall.sf.net Washington USA \ [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] VTun problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have been trying to setup WISP-dist with vtund to make it a remote network router.. I currently have 2 other machines (running debian) connected currently, and they work fine. I setup another vtund.conf on my WISP box and run vtund.. here's what I get in the messages. Jan 6 12:59:49 vinh-vtun vtund[2151]: VTun client ver 2.5 05/19/2002 started Jan 6 12:59:49 vinh-vtun vtund[2151]: Connecting to napalm Jan 6 12:59:49 vinh-vtun vtund[2151]: Session test[napalm] opened Jan 6 12:59:49 vinh-vtun vtund[2151]: Can't allocate tap device tap2. No such device(19) Jan 6 12:59:49 vinh-vtun vtund[2151]: Session test[napalm] closed Jan 6 12:59:49 vinh-vtun vtund[2151]: Exit I copied the vtund.conf over to my laptop (Debian/sarge 2.4.20) and it works fine.. WISP claims to have vtun support, but from my reading of the list.. I could not find anyone who is actualy using it. - -ben Unix is user friendly, Its just picky about its friends. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+GdSLflzKmtpiQEMRArfvAJwNEt45SjlbSutLukmx4JSui4hCpQCePFJD eCsrugk0g3aM4q5Y62i+nik= =mnXb -END PGP SIGNATURE- --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Mail Bug in multicron-p
Hello List. I just discovered a bug in the /etc/multicron-p script in Bering Stable 1 (probably also in Bering-uClibc ? ) This bug is not critical, just annoying. In the /var/log/syslog file you could find : Jan 5 22:00:01 firewall /USR/SBIN/CRON[26546]: (root) MAIL (mailed 12 bytes of output but got status 0x0001 ) every 15 minutes. The mail is sent to root@ and has as content multicron-p The reason is the rest of a debugging session that was forgotten to remove (shame on me ;) ) Remove the line: # echo $prog in routine main() around linenr 33. Allthough from the logic nothing should have happened the output was piped through mailadmin function. If you have set your mail-admin you could have received mails with multicron-p as content. No Subject. Sorry for the discomfort Regards Eric Wolzak member of the bering crew --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] adsl connection doesn't work
hi, i've got a problem with bering 1.0-stable. i followed the PPPoE configuration in the user's guide to get my dsl connection to work and i'm at the same provider as the one, whos written the user guide. (t-dsl from t-online in germany). but after configuring both, the ppp and pppoe package, the ppp deamon is unable to establish a connection. here is what the debug from pppd says: Jan 6 21:30:07 firewall pppd[4949]: Plugin /usr/lib/pppd/pppoe.so loaded. Jan 6 21:30:07 firewall pppd[4949]: PPPoE Plugin Initialized Jan 6 21:30:07 firewall pppd[4949]: pppd 2.4.1 started by root, uid 0 Jan 6 21:30:07 firewall pppd[4949]: Sending PADI Jan 6 21:30:07 firewall pppd[4949]: HOST_UNIQ successful match Jan 6 21:30:08 firewall pppd[4949]: HOST_UNIQ successful match Jan 6 21:30:08 firewall pppd[4949]: Got connection: 696 Jan 6 21:30:08 firewall pppd[4949]: Connecting PPPoE socket: 00:90:1a:10:14:fa 9606 eth0 0x807c260 Jan 6 21:30:08 firewall pppd[4949]: using channel 15 Jan 6 21:30:08 firewall pppd[4949]: Using interface ppp0 Jan 6 21:30:08 firewall pppd[4949]: Connect: ppp0 -- eth0 Jan 6 21:30:08 firewall pppd[4949]: Couldn't increase MTU to 1500. Jan 6 21:30:08 firewall pppd[4949]: Couldn't increase MRU to 1500 Jan 6 21:30:08 firewall pppd[4949]: sent [LCP ConfReq id=0x1 mru 1492 magic 0x3198d3b9] Jan 6 21:30:08 firewall pppd[4949]: rcvd [LCP ConfReq id=0xb2 mru 1492 auth pap magic 0x6061cca1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jan 6 21:30:08 firewall pppd[4949]: sent [LCP ConfRej id=0xb2 auth pap] Jan 6 21:30:08 firewall pppd[4949]: rcvd [LCP ConfAck id=0x1 mru 1492 magic 0x3198d3b9] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jan 6 21:30:08 firewall pppd[4949]: rcvd [LCP ConfReq id=0xb3 mru 1492 magic 0x6061cca1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jan 6 21:30:08 firewall pppd[4949]: sent [LCP ConfAck id=0xb3 mru 1492 magic 0x6061cca1] Jan 6 21:30:08 firewall pppd[4949]: sent [LCP EchoReq id=0x0 magic=0x3198d3b9] Jan 6 21:30:08 firewall pppd[4949]: sent [IPCP ConfReq id=0x1 addr 0.0.0.0] Jan 6 21:30:08 firewall pppd[4949]: rcvd [LCP TermReq id=0xb4] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ... Jan 6 21:30:08 firewall pppd[4949]: LCP terminated by peer Jan 6 21:30:08 firewall pppd[4949]: Couldn't increase MTU to 1500. Jan 6 21:30:08 firewall pppd[4949]: Couldn't increase MRU to 1500 Jan 6 21:30:08 firewall pppd[4949]: sent [LCP TermAck id=0xb4] Jan 6 21:30:08 firewall pppd[4949]: Modem hangup Jan 6 21:30:08 firewall pppd[4949]: Connection terminated. Jan 6 21:30:08 firewall pppd[4949]: Doing disconnect Jan 6 21:30:09 firewall pppd[4949]: Terminating on signal 2. Jan 6 21:30:09 firewall pppd[4949]: Exit. does anybody know any solution to this problem ? thanks for any help mike --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Mail Bug in multicron-p
-Original Message- From: Eric Wolzak [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 2:00 PM Subject: [leaf-user] Mail Bug in multicron-p Hello List. I just discovered a bug in the /etc/multicron-p script in Bering Stable 1 (probably also in Bering-uClibc ? ) Thanks Eric -- I have been wondering what that log message entry was for months now. Steve Cowles --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
AW: [leaf-user] adsl connection doesn't work
Hi Jan 6 21:30:08 firewall pppd[4949]: rcvd [LCP ConfReq id=0xb2 mru 1492 auth pap magic 0x6061cca1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jan 6 21:30:08 firewall pppd[4949]: sent [LCP ConfRej id=0xb2 auth pap] My ADSL connections only worked with chap, so I had to add the password to the chap-secrets file, instead of the pap-secrets Why that file is not listed amongst the pppoe config files, I cannot say, though I reckon it should be there. (Sorry for the convoluted language, I'm just reading Lord of the Rings again :-) But as you seem to receive a pap authentication request, this might not solve your problem. HTH HAND - Alex --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] adsl connection doesn't work
Hello mike. i've got a problem with bering 1.0-stable. i followed the PPPoE configuration in the user's guide to get my dsl connection to work and i'm at the same provider as the one, whos written the user guide. (t-dsl from t-online in germany). That's me ;) but after configuring both, the ppp and pppoe package, the ppp deamon is unable to establish a connection. here is what the debug from pppd says: let's take a look . Jan 6 21:30:07 firewall pppd[4949]: Plugin /usr/lib/pppd/pppoe.so loaded. Jan 6 21:30:07 firewall pppd[4949]: PPPoE Plugin Initialized Jan 6 21:30:07 firewall pppd[4949]: pppd 2.4.1 started by root, uid 0 Jan 6 21:30:07 firewall pppd[4949]: Sending PADI Jan 6 21:30:07 firewall pppd[4949]: HOST_UNIQ successful match Jan 6 21:30:08 firewall pppd[4949]: HOST_UNIQ successful match you got an user setting and a corresponding pap Jan 6 21:30:08 firewall pppd[4949]: Got connection: 696 Jan 6 21:30:08 firewall pppd[4949]: Connecting PPPoE socket: 00:90:1a:10:14:fa 9606 eth0 0x807c260 Jan 6 21:30:08 firewall pppd[4949]: using channel 15 Jan 6 21:30:08 firewall pppd[4949]: Using interface ppp0 Jan 6 21:30:08 firewall pppd[4949]: Connect: ppp0 -- eth0 got a virtual ppp0 Jan 6 21:30:08 firewall pppd[4949]: Couldn't increase MTU to 1500. Jan 6 21:30:08 firewall pppd[4949]: Couldn't increase MRU to 1500 never mind just ignore. you send mru 1492 request later confirmed Jan 6 21:30:08 firewall pppd[4949]: sent [LCP ConfReq id=0x1 mru 1492 magic 0x3198d3b9] here is the trouble .. you receive config request mru 1492 and authenticate with pap Jan 6 21:30:08 firewall pppd[4949]: rcvd [LCP ConfReq id=0xb2 mru 1492 auth pap magic 0x6061cca1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 you send reject authentication with pap !! Jan 6 21:30:08 firewall pppd[4949]: sent [LCP ConfRej id=0xb2 auth pap] do you have a correct pap user setting ? you receve confirmation mru1492 Jan 6 21:30:08 firewall pppd[4949]: rcvd [LCP ConfAck id=0x1 mru 1492 magic 0x3198d3b9] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jan 6 21:30:08 firewall pppd[4949]: rcvd [LCP ConfReq id=0xb3 mru 1492 magic 0x6061cca1] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Jan 6 21:30:08 firewall pppd[4949]: sent [LCP ConfAck id=0xb3 mru 1492 magic 0x6061cca1] Jan 6 21:30:08 firewall pppd[4949]: sent [LCP EchoReq id=0x0 magic=0x3198d3b9] Jan 6 21:30:08 firewall pppd[4949]: sent [IPCP ConfReq id=0x1 addr 0.0.0.0] As you didn't allow pap authentication the connection is brought down Jan 6 21:30:08 firewall pppd[4949]: rcvd [LCP TermReq id=0xb4] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ... Cut the rest as this is normal disconnecting What is the output of grep -v ^# /etc/ppp/peers/dsl-providers mine (with nined out user ident ) -- plugin /usr/lib/pppd/pppoe.so user [EMAIL PROTECTED] noipdefault defaultroute hide-password lcp-echo-interval 20 lcp-echo-failure 3 connect /bin/true noauth persist mtu 1492 - don't forget the @t-online.de in your user name does anybody know any solution to this problem ? I hope this solved it. The package worked out of the box for pppoe t-dsl thanks for any help bitte schön ;) mike Eric Wolzak --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] ulogd + bering 2.4.18 - not working ;/
Hello, I am using Bering 2.4.18 1.0-stable uclibc and I tried to use ULOG. I have shorewall 1.3.12, ipt_ULOG module is loaded also. But i get this error from shorewall if i change info to ULOG in anything i want to log: --- cut here --- Processing /etc/shorewall/policy... iptables: No chain/target/match by that name Processing /etc/shorewall/stop ... Processing /etc/shorewall/stopped ... Terminated --- cut here --- Any idea what's wrong ? Thanks, J.B. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] adsl connection doesn't work
Hi Eric, Jan 6 21:30:08 firewall pppd[4949]: Couldn't increase MTU to 1500. Jan 6 21:30:08 firewall pppd[4949]: Couldn't increase MRU to 1500 never mind just ignore. you send mru 1492 request later confirmed Is there a way to tell pppd to _not_ try to set the MTU to 1500 (from my rusty memory, this is never going to work over a PPPOE link anyway)? Obviously, its not a big deal, since it gets set to 1492 afterwards, but a little annoying nevertheless. I've messed with the settings in /etc/init.d/ppp and /etc/network/interfaces, but I haven't seemed to be able to find the right way to pass the mtu and mru options to pppd when it's started. don't forget the @t-online.de in your user name does anybody know any solution to this problem ? I hope this solved it. The package worked out of the box for pppoe t-dsl I can confirm that - worked like a charm, once I found the sheet with my userid and password ;-) Martin --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: Bering IPSEC - Almost there
--On Monday, January 06, 2003 04:19:03 PM -0700 Steve Fink [EMAIL PROTECTED] wrote: Tom, I gave up on the M$ bastardized IPSEC stuff and downloaded SSH Sentinel. I got everything configured and finally made a connection ( more info to come on exactly how, for others trying to do the same ). Now that the connection is made though I am getting REJECT messages from the all2all chain. I've tried several times to get the packets to pass but to no avail. Try some more -- this time look at http://shorewall.sf.net/troubleshoot.htm and the companion FAQ #17. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline,\ http://shorewall.sf.net Washington USA \ [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] RE: leaf-user digest, Vol 1 #1491 - 3 msgs
Hi Tom, On DMZ I run SMTP server on port 25 and Check-Virus on port 2500 So I portforward firewall port 25 to DMZ:2500, and 2500 to DMZ:25. If I just blacklist IP tcp 25 it does not work. If I do IP tcp 2500 it works. To be safe I did both IP tcp 25,2500, but could you explain me why? I think that IP tcp 25 on firewall should be enough because that where Shorewall should have checked. Or maybe the order of my settings in /etc/shorewall/rules Thank you. -Original Message- Date: Mon, 06 Jan 2003 09:41:00 -0800 From: Tom Eastep [EMAIL PROTECTED] Cc: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: RE: [leaf-user] Blacklist in Shorewall (Bering) --On Monday, January 06, 2003 12:38:29 PM -0500 Binh Do [EMAIL PROTECTED] wrote: Sorry, Tom. I meant blocking traffic from certain IP to my external interface. Actually I saw a person keep sending me junk mail constantly for several days. He/she uses YAHOO, HOTMAIL accounts but uses a mail-server not beloging to HOTMAIL/YAHOO. So I want to black-list that IP. If you specify 'blacklist' as an option for your external interface then you can place either just the offending IP address or the address followed by tcp 25 in the /etc/shorewall/blacklist file. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline,\ http://shorewall.sf.net Washington USA \ [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Some time off
Until further notice, I will not be involved in Shorewall development or support. I'm simply burned out and have no more to give... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline,\ http://shorewall.sf.net Washington USA \ [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Re: Bering IPSEC - Almost there
Dear Steve: As regards IPSec, I was feeling the same way as you do now using M$'s IPSec client. I was in touch with Chad and he helped me out. I've tried Nate Carlson's Howto and Marcus Muller's utility yesterday after 2 frustrating weeks - a period when I understood M$'s client much better. The howto works well for both certificates and preshared key options. Just as Chad lent me a helping hand, I'm willing to do the same for offlist if you need it. Mohan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom Eastep Sent: Tuesday, January 07, 2003 4:58 AM To: leaf-user Subject: [leaf-user] Re: Bering IPSEC - Almost there --On Monday, January 06, 2003 04:19:03 PM -0700 Steve Fink [EMAIL PROTECTED] wrote: Tom, I gave up on the M$ bastardized IPSEC stuff and downloaded SSH Sentinel. I got everything configured and finally made a connection ( more info to come on exactly how, for others trying to do the same ). Now that the connection is made though I am getting REJECT messages from the all2all chain. I've tried several times to get the packets to pass but to no avail. Try some more -- this time look at http://shorewall.sf.net/troubleshoot.htm and the companion FAQ #17. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline,\ http://shorewall.sf.net Washington USA \ [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Some time off
Thanks a million! On Mon, 2003-01-06 at 17:21, Tom Eastep wrote: Until further notice, I will not be involved in Shorewall development or support. I'm simply burned out and have no more to give... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline,\ http://shorewall.sf.net Washington USA \ [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Some time off
On Mon, 2003-01-06 at 16:21, Tom Eastep wrote: Until further notice, I will not be involved in Shorewall development or support. Everyone, The best assistance we can render Tom is to help his users while he is away. If you have time and knowledge of Shorewall, please join his shorewall-user list. I'm sure he and his users will appreciate any help we're able to provide. Thanks. https://mail.shorewall.net/mailman/listinfo/shorewall-users -- Mike Noyes mhnoyes @ users.sourceforge.net http://sourceforge.net/users/mhnoyes/ http://leaf-project.org/ http://sitedocs.sf.net/ http://ffl.sf.net/ --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Some time off
If you don't get your problem solved, let me know -- I don't want to leave you hanging... -Tom --On Monday, January 06, 2003 7:02 PM -0700 Steve Fink [EMAIL PROTECTED] wrote: Thanks a million! On Mon, 2003-01-06 at 17:21, Tom Eastep wrote: Until further notice, I will not be involved in Shorewall development or support. I'm simply burned out and have no more to give... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline,\ http://shorewall.sf.net Washington USA \ [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html -- Tom Eastep\ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Some time off
Until further notice, I will not be involved in Shorewall development or support. I'm simply burned out and have no more to give... I'm fairly certain I speak for many of us here when I say Thanks, Tom, for all of your hard work. That Shorewall is a cornerstone of many of our firewalls out there shows the amount of effort you have put into this project. Now go out, take a lot of time off, and enjoy yourself. You've earned it. :) Wyatt -- Wyatt Draggoo --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Some time off
Tom, I'll bang my head on it for a while, twitch my mustache a few million times and drink alot of Dr. Pepper. Mohan has offered his assistance also. I've been where you are and slowly coming back. Enjoy yourself and let us know if there is anything we can do for you! Take care and thanks again! Best, Steve On Mon, 2003-01-06 at 19:32, Tom Eastep wrote: If you don't get your problem solved, let me know -- I don't want to leave you hanging... -Tom --On Monday, January 06, 2003 7:02 PM -0700 Steve Fink [EMAIL PROTECTED] wrote: Thanks a million! On Mon, 2003-01-06 at 17:21, Tom Eastep wrote: Until further notice, I will not be involved in Shorewall development or support. I'm simply burned out and have no more to give... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline,\ http://shorewall.sf.net Washington USA \ [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html -- Tom Eastep\ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] bering 1.0 stable pcmcia-orinoco.lrp : hcf failure - need help
Greetings, I am using Bering 1.0 stable with pcmcia-orinoco.lrp package. After /etc/init.d/pcmcia start, I got the the following message: ORiNOCO: HCF failure : Primary functions are not compatible. What does it mean ? Does it mean that the driver is not compatible with the firmware in the PC card ? I search through various sites e.g. Google, but still couldn't locate any hint on this error. Please help. Thanks. Wing. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Some time off
Tom, Thank you so much for all you have done. You did so much for thousands of people everywhere, and their networks are secure because of you. Thanks, -Christopher ( I got 50 says he's bored shitless after 3 weeks, and he's got a whole new version in 6! ) ;^) On Mon, 2003-01-06 at 21:32, Tom Eastep wrote: If you don't get your problem solved, let me know -- I don't want to leave you hanging... -Tom --On Monday, January 06, 2003 7:02 PM -0700 Steve Fink [EMAIL PROTECTED] wrote: Thanks a million! On Mon, 2003-01-06 at 17:21, Tom Eastep wrote: Until further notice, I will not be involved in Shorewall development or support. I'm simply burned out and have no more to give... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline,\ http://shorewall.sf.net Washington USA \ [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html -- Tom Eastep\ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
