RE: [leaf-user] IPSec WiFi vs. weblet
Hi Christopher, Happy New Year to you and the list. Yes, I use IPSec. Best Regards, Francois BERGERET, France. -Message d'origine- De : Christopher Harewood [mailto:[EMAIL PROTECTED] Envoye : vendredi 26 decembre 2003 17:20 A : Francois BERGERET Cc : [EMAIL PROTECTED] Objet : RE: [leaf-user] IPSec WiFi vs. weblet I already had a similar entry in my policy file: vpn fw ACCEPT fwvpn ACCEPT to no avail. Are you using IPSec, Francois? On Mon, 15 Dec 2003, Francois BERGERET wrote: Hi all, I use two wireless networks simultaneous in a Soekris embeded PC with Bering V1.2. + one normaly wired LAN. Weblet run fine from all subnets. I have not uncomment this in ssh.httpd.conf file : #Who can access the server? #CLIENT_ADDRS=192.168.1 In Shorewall policy file, I have this : fw loc ACCEPT loc fw ACCEPT and the same for all invoqued interfaces wlan0 and wlan1 zone aliases. I hope this could help. If not, let me know what you want more. Good Luck. Best Regards, Francois BERGERET, France. -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de Christopher Harewood Envoye : lundi 15 decembre 2003 07:10 Cc : [EMAIL PROTECTED] Objet : Re: [leaf-user] IPSec WiFi vs. weblet The 192.168.3.0 subnet is my IPSec vpn. Hence, in /etc/shorewall/rules: ACCEPTloc fw tcp 80 ACCEPTvpn fw tcp 80 No weblet over the vpn, and no hits in the firewall log, so I surmise that it's not a Shorewall issue. But I've been wrong before. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click -- -- leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] IPSec WiFi vs. weblet
Eureka! Determined to resolve this issue, I attempted to access the weblet over the VPN, and checked to see if any log file was touched. Just one. daemon.log. Which told me that I had failed to place a carriage return after the second entry in hosts.allow for my ipsec'd subnet. One carriage return later, all is well. Rejoice, etc. Thanks to one and all for their help. Perhaps Jacq^H^H^H^HEric can add this to the next round of documentation. Or are trailing carriare returns just *nix common sense? :Max --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] IPSec WiFi vs. weblet
At 06:20 PM 12/29/2003 +0100, Christopher Harewood wrote: Eureka! Determined to resolve this issue, I attempted to access the weblet over the VPN, and checked to see if any log file was touched. Just one. daemon.log. Which told me that I had failed to place a carriage return after the second entry in hosts.allow for my ipsec'd subnet. One carriage return later, all is well. Rejoice, etc. Thanks to one and all for their help. Perhaps Jacq^H^H^H^HEric can add this to the next round of documentation. Or are trailing carriare returns just *nix common sense? Not quite *nix comon sense, but a good bit more general than this specific file (/etc/hosts.allow). Some text files need a NEWLINE (0x0A or LineFeed, not a carriage return or 0x0D ... though properly configured Unix/Linux keyboard/text-processor combos do insert the correct character when the ENTER key is pressed, editing on a DOS/WIndows system and moving the file to a Unix/Linux system can introduce problems here) at the end of the last line of text. Some do not. As best as I can recall, adding one never hurts. Whether this means the docs for a specific package should mention it or not is unclear to me ... if it should, I suspect a lot of documentation needs this addition, not just this package. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] IPSec WiFi vs. weblet
Hi all, I use two wireless networks simultaneous in a Soekris embeded PC with Bering V1.2. + one normaly wired LAN. Weblet run fine from all subnets. I have not uncomment this in ssh.httpd.conf file : #Who can access the server? #CLIENT_ADDRS=192.168.1 In Shorewall policy file, I have this : fw loc ACCEPT loc fw ACCEPT and the same for all invoqued interfaces wlan0 and wlan1 zone aliases. I hope this could help. If not, let me know what you want more. Good Luck. Best Regards, Francois BERGERET, France. -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de Christopher Harewood Envoye : lundi 15 decembre 2003 07:10 Cc : [EMAIL PROTECTED] Objet : Re: [leaf-user] IPSec WiFi vs. weblet The 192.168.3.0 subnet is my IPSec vpn. Hence, in /etc/shorewall/rules: ACCEPTloc fw tcp 80 ACCEPTvpn fw tcp 80 No weblet over the vpn, and no hits in the firewall log, so I surmise that it's not a Shorewall issue. But I've been wrong before. --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click -- -- leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] IPSec WiFi vs. weblet
Tried both of these before posting. 192.168.1.0 is my wired subnet, 192.68.3.0 is my wireless subnet. hosts.allow: ALL: 192.168.1.0/255.255.255.0 ALL: 192.168.3.0/255.255.255.0 sh-httpd.conf (pertinent parts) # Who are we - used for CGI scripts SERVER_NAME=ice.rawdata.lab SERVER_ADDR=192.168.1.99 SERVER_PORT=80 # Who can access the server? CLIENT_ADDRS=192.168.1. 192.168.3. On Sat, 13 Dec 2003, Lynn Avants wrote: A declaration of the wireless host(s) in the /etc/host.allow file on the Bering machine and likely in /etc/sh-httpd.conf as well --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] IPSec WiFi vs. weblet
Christopher Harewood wrote: Tried both of these before posting. 192.168.1.0 is my wired subnet, 192.68.3.0 is my wireless subnet. hosts.allow: ALL: 192.168.1.0/255.255.255.0 ALL: 192.168.3.0/255.255.255.0 sh-httpd.conf (pertinent parts) # Who are we - used for CGI scripts SERVER_NAME=ice.rawdata.lab SERVER_ADDR=192.168.1.99 SERVER_PORT=80 # Who can access the server? CLIENT_ADDRS=192.168.1. 192.168.3. On Sat, 13 Dec 2003, Lynn Avants wrote: A declaration of the wireless host(s) in the /etc/host.allow file on the Bering machine and likely in /etc/sh-httpd.conf as well Did you open the port up on the firewall in the /etc/shorewall/rules for normal weblet access from the loc - which would appear to be 192.168.1 ACCEPT loc fwtcp 80 perhaps you need an whatever the name of your other 192.168.3 internal network is. ACCEPT ?? fwtcp 80 --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] IPSec WiFi vs. weblet
On Saturday 13 December 2003 12:25 am, Christopher Harewood wrote: I have finally (through the alignment of planets, presumably) set up IPSec on the wifi connection to my Bering box. All works well (browse Samba shares with no problems, net access, etc. The only thing that fails to load over the ipsec tunnel is the weblet. It works fine from any wired local machine. Any ideas? A declaration of the wireless host(s) in the /etc/host.allow file on the Bering machine and likely in /etc/sh-httpd.conf as well -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://guitarlynn.homelinux.org:81 --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html