[leaf-user] TCP wrappers
Hi, I am moving from Bering uClibc 2.23 to 2.3 rc1 and most things are going well. The problem I am having is accessing www and ssh from the local network. If I leave the default settings in hosts.allow and hosts.deny I cannot access the www and ssh on the firewall, but if I comment out everything ( which I assume effectively disables tcp wrappers) I have no problem, except of course that I don't have the protection of wrappers. Shouldn't the default ( ALL: 192.168.1.0/255.255.255.0) allow everything including ssh and www from the local network. I had the same problem with 2.23 but just commented everything and ignored it, but this time I would like to get it right from the start. Regards Richard Saunders --- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] TCP wrappers
On Wed, 2005-09-28 at 10:36 +1000, Richard Saunders wrote: Hi, Hi Richard, I am moving from Bering uClibc 2.23 to 2.3 rc1 and most things are going well. The problem I am having is accessing www and ssh from the local network. If I leave the default settings in hosts.allow and hosts.deny I cannot access the www and ssh on the firewall, but if I comment out everything ( which I assume effectively disables tcp wrappers) I have no problem, except of course that I don't have the protection of wrappers. Shouldn't the default ( ALL: 192.168.1.0/255.255.255.0) allow everything including ssh and www from the local network. that is correct. Is 192.168.1.0 the address of your local network ? I had the same problem with 2.23 but just commented everything and ignored it, but this time I would like to get it right from the start. Regards Richard Saunders --arne -- Arne Bernin [EMAIL PROTECTED] http://www.ucBering.de --- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] ipsec %defaultroute in Bering 2.3 rc1
Hi I am setting up uClibc 2.3rc1. I have copied the ipsec.conf file from my uClibc 2.23 box which has always worked ok. When starting up I get the following errors in auth.log: Sep 28 13:57:09 firewall pluto[21197]: no public interfaces found in daemon.log: Sep 28 13:57:07 firewall ipsec_setup: no default route, %defaultroute cannot cope!!! Sep 28 13:57:08 firewall ipsec_setup: ...Openswan IPsec started Sep 28 13:57:09 firewall ipsec__plutorun: ipsec_auto: fatal error in w2k: %defaultroute requested but not known Sep 28 13:57:09 firewall ipsec__plutorun: ipsec_auto: fatal error in net-net: %defaultroute requested but not known When the box finishes starting if I type ipsec setup restart it runs fine. Sep 28 14:26:50 firewall ipsec_setup: Stopping Openswan IPsec... Sep 28 14:26:50 firewall ipsec_setup: stop ordered, but IPsec does not appear to be running! Sep 28 14:26:50 firewall ipsec_setup: doing cleanup anyway... Sep 28 14:26:51 firewall ipsec_setup: ...Openswan IPsec stopped Sep 28 14:26:51 firewall ipsec_setup: Starting Openswan IPsec 1.0.9... Sep 28 14:26:51 firewall ipsec_setup: Using /lib/modules/ipsec.o Sep 28 14:26:51 firewall ipsec_setup: KLIPS debug `none' Sep 28 14:26:52 firewall ipsec_setup: KLIPS ipsec0 on ppp0 220.245.99.4 peer 202.7.162.162/32 Sep 28 14:26:52 firewall ipsec_setup: WARNING: ppp0 has route filtering turned on, KLIPS may not work Sep 28 14:26:52 firewall ipsec_setup: (/proc/sys/net/ipv4/conf/ppp0/rp_filter = `1', should be 0) Sep 28 14:26:52 firewall ipsec_setup: ...Openswan IPsec started Here is my setup: # basic configuration config setup interfaces=%defaultroute klipsdebug=none plutodebug=none plutoload=%search plutostart=%search uniqueids=yes # defaults for subsequent connection descriptions conn %default keyingtries=0 conn net-net authby=rsasig left=220.245.99.4 leftsubnet=192.168.1.0/24 leftrsasigkey=[keyid AQON] leftnexthop=%defaultroute right=220.244.10.142 rightsubnet=192.168.0.0/27 rightrsasigkey=[keyid AQN7] rightnexthop=%defaultroute pfs=yes auto=add conn w2k authby=rsasig left=220.245.99.4 leftsubnet=192.168.1.0/24 leftnexthop=%defaultroute leftrsasigkey=%cert leftcert=fwCert.pem right=%any rightrsasigkey=%cert leftid=CN=fw pfs=yes auto=add # Any ideas on what might be happening? --- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
