Re: [Leaf-user] Dachstein-CD v1.0.2 as a router only (no firewall)
IPFILTER_SWITCH=router Does anyone have any thoughts on what I might have configured wrong? Change IPFILTER_SWITCH=none I'm guessing the my problems are related to some of the filter's too but unfortunately changing IPFILTER_SWITCH to none completely kills all traffic between 192.168.1.0 and 192.168.2.0 Worth a shot Um...did you try changing from: IPFWDING_KERNEL=FILTER_ON to: IPFWDING_KERNEL=YES This, combined with IPFILTER_SWITCH=none should get you a basic router... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
FIXED! Re: [Leaf-user] Dachstein-CD v1.0.2 as a router only (no firewall)
- Original Message - From: Charles Steinkuehler [EMAIL PROTECTED] To: Kenneth Hadley [EMAIL PROTECTED]; guitarlynn [EMAIL PROTECTED] Cc: LEAF-user [EMAIL PROTECTED] Sent: Monday, January 14, 2002 6:55 AM Subject: Re: [Leaf-user] Dachstein-CD v1.0.2 as a router only (no firewall) IPFILTER_SWITCH=router Does anyone have any thoughts on what I might have configured wrong? Change IPFILTER_SWITCH=none I'm guessing the my problems are related to some of the filter's too but unfortunately changing IPFILTER_SWITCH to none completely kills all traffic between 192.168.1.0 and 192.168.2.0 Worth a shot Um...did you try changing from: IPFWDING_KERNEL=FILTER_ON to: IPFWDING_KERNEL=YES This, combined with IPFILTER_SWITCH=none should get you a basic router... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) Have I tried those settings? Yes Have I tried those settings in that combination? Nope Does my problems go away with this combination? YES!! Thanks Charles! So if I understand it correctly: IPFWDING_KERNEL=YES IPFILTER_SWITCH=none sets your scripts to full routing of all traffic and IPFWDING_KERNEL=FILTER_ON IPFILTER_SWITCH=router sets your scripts to routing with filtering Is this correct? ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: FIXED! Re: [Leaf-user] Dachstein-CD v1.0.2 as a router only (no firewall)
So if I understand it correctly: IPFWDING_KERNEL=YES IPFILTER_SWITCH=none sets your scripts to full routing of all traffic and IPFWDING_KERNEL=FILTER_ON IPFILTER_SWITCH=router sets your scripts to routing with filtering Is this correct? Yes. The reason you were not routing packets previously: With IPFWDING_KERNEL=FILTER_ON, the scripts only enable packet forwarding once the firewall filter rules are fully configured...with IPFILTER_SWITCH=none, you're not running a firewall filter, so the scripts take the (safe) option of not forwarding any traffic, rather than assuming you bungled the config and routing packets anyway (never a safe assumption for a security device). Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dachstein-CD v1.0.2 as a router only (no firewall)
Kenneth, I've heard of Jet Direct problems before. Seems they were solved by allowing SNMP across the firewall. I realise you have router only, but see if SNMP is being blocked. Search the archives for Jet Direct. Just a suggestion. Keith Laidlaw Manager of Engineering Dakins Engineering Group Ltd. tel: (905) 814-6024 fax: (905) 814-6029 P.S. A MILLION thank yous to both you and Charles. I got DCD with PPPoE up and running very easily. Your one page note for PPPoE (especially the part about sympatico users!!!) was great as were your scripts. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dachstein-CD v1.0.2 as a router only (no firewall)
Nicolas Riendeau wrote: [snip] Good luck! Nicolas Riendeau PS: Please forgive my English as it's not my mother tongue. Thanks! PPS: Don't worry, I've rebooted my firewall after these tests (-; (-; (-; Ok, so are you from somewhere interesting where they write from right to left so that the smileys go right to left, ie (-: as versus left to right :-) ?? Just curious. Me ignorant american. :-o Matt ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dachstein-CD v1.0.2 as a router only (no firewall)
- Original Message - From: guitarlynn [EMAIL PROTECTED] To: Kenneth Hadley [EMAIL PROTECTED] Sent: Saturday, January 12, 2002 1:49 PM Subject: Re: [Leaf-user] Dachstein-CD v1.0.2 as a router only (no firewall) On Saturday 12 January 2002 14:52, Kenneth Hadley wrote: If having some limited success in getting Dachstein 1.02 to run as just a router between to private networks, 192.168.1.0 and 192.168.2.0, with 192.168.2.0 being a expansion to the 192.168.1.0 network which is just about full. Some of the options on my Dachstein box: IPFILTER_SWITCH=router Does anyone have any thoughts on what I might have configured wrong? Change IPFILTER_SWITCH=none The router option still has some ip spoofing and RFC blocking, but setting it to none leaves a straight-through router w/o any protection if I understand things right hopefully I do! -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! I'm guessing the my problems are related to some of the filter's too but unfortunately changing IPFILTER_SWITCH to none completely kills all traffic between 192.168.1.0 and 192.168.2.0 Worth a shot Thanks though! -Kenneth Hadley ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dachstein-CD v1.0.2 as a router only (no firewall)
eth0 on Dachstein will not route private IP addresses without the folloing change, quoted from a recent reply from Charles on a related question: [this behavior is controlled by]The stopMartians () procedure of /etc/ipfilter.conf. You can comment out the private IP blocks in this procedure if you want to send/recieve from reserved private IP addresses on your external interface. HTH, Dan Quoting Kenneth Hadley [EMAIL PROTECTED]: - Original Message - From: guitarlynn [EMAIL PROTECTED] To: Kenneth Hadley [EMAIL PROTECTED] Sent: Saturday, January 12, 2002 1:49 PM Subject: Re: [Leaf-user] Dachstein-CD v1.0.2 as a router only (no firewall) On Saturday 12 January 2002 14:52, Kenneth Hadley wrote: If having some limited success in getting Dachstein 1.02 to run as just a router between to private networks, 192.168.1.0 and 192.168.2.0, with 192.168.2.0 being a expansion to the 192.168.1.0 network which is just about full. Some of the options on my Dachstein box: IPFILTER_SWITCH=router Does anyone have any thoughts on what I might have configured wrong? Change IPFILTER_SWITCH=none The router option still has some ip spoofing and RFC blocking, but setting it to none leaves a straight-through router w/o any protection if I understand things right hopefully I do! -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! I'm guessing the my problems are related to some of the filter's too but unfortunately changing IPFILTER_SWITCH to none completely kills all traffic between 192.168.1.0 and 192.168.2.0 Worth a shot Thanks though! -Kenneth Hadley ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dachstein-CD v1.0.2 as a router only (no firewall)
hrmmmI see what you refering to...and it makes sense... I will give it a shot monday since ive no intention going to work anymore this weekend ;-) Thanks for the tipand I will bounce a message to this list if it works for me -Kenneth Hadley - Original Message - From: [EMAIL PROTECTED] To: Kenneth Hadley [EMAIL PROTECTED] Cc: guitarlynn [EMAIL PROTECTED]; LEAF-user [EMAIL PROTECTED] Sent: Saturday, January 12, 2002 2:57 PM Subject: Re: [Leaf-user] Dachstein-CD v1.0.2 as a router only (no firewall) eth0 on Dachstein will not route private IP addresses without the folloing change, quoted from a recent reply from Charles on a related question: [this behavior is controlled by]The stopMartians () procedure of /etc/ipfilter.conf. You can comment out the private IP blocks in this procedure if you want to send/recieve from reserved private IP addresses on your external interface. HTH, Dan Quoting Kenneth Hadley [EMAIL PROTECTED]: - Original Message - From: guitarlynn [EMAIL PROTECTED] To: Kenneth Hadley [EMAIL PROTECTED] Sent: Saturday, January 12, 2002 1:49 PM Subject: Re: [Leaf-user] Dachstein-CD v1.0.2 as a router only (no firewall) On Saturday 12 January 2002 14:52, Kenneth Hadley wrote: If having some limited success in getting Dachstein 1.02 to run as just a router between to private networks, 192.168.1.0 and 192.168.2.0, with 192.168.2.0 being a expansion to the 192.168.1.0 network which is just about full. Some of the options on my Dachstein box: IPFILTER_SWITCH=router Does anyone have any thoughts on what I might have configured wrong? Change IPFILTER_SWITCH=none The router option still has some ip spoofing and RFC blocking, but setting it to none leaves a straight-through router w/o any protection if I understand things right hopefully I do! -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! I'm guessing the my problems are related to some of the filter's too but unfortunately changing IPFILTER_SWITCH to none completely kills all traffic between 192.168.1.0 and 192.168.2.0 Worth a shot Thanks though! -Kenneth Hadley ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
